Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antivirus / Malware removal and computer health status


  • Please log in to reply

#1
mosteror12

mosteror12

    New Member

  • Member
  • Pip
  • 9 posts

Hi there.

 

My computer was infected by at least  one malware (.gerosan extension). I immediately closed all open Chrome pages as they were created and also my wi-fi connection. I tried to scan with Windows Defender, but to no avail. also not with TOTAL AV. I had to shut down. My laptop would only restart in safe mode with disc check but could not fix the errors. I had the option to restore to earlier versions, also that did not work. Only other option available to me at that stage was "Reset my PC" that did the trick, but from there on my machine is very slow. (Relatively ok to boot, byt after logging in I have a black screen for about 5 mins. before the screen "wakees up"

 

I installed Malwarbytes via USB, scanned, and got rid of: akafjuo, dakafjjuqz and rococo to name but 3. I also scanned with Hitman 3 to make sure there was nothing left.

After another reboot I scanned again with Malwarebytes and cleaned another 1 hit.

 

From there on the system seems to be clean, but is still sluggish.Windows Defender still does not start up. and the little "thinking" cirdle next to the mouse pointer keeps on flashing. 

 

Therefore if you can please assist in analizing my system to verify whether there any remaining hidden threats, I would appreciate it greatly,

 

Regards

 

Ockert

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2019
Ran by Jana_Mostert (administrator) on DESKTOP-J7HTNHM (Dell Inc. Latitude E6400) (15-06-2019 18:07:47)
Running from C:\Users\Surgery\Desktop
Loaded Profiles: Jana_Mostert (Available Profiles: Jana_Mostert)
Platform: Windows 10 Pro Version 1803 17134.829 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Windows -> ) C:\Windows\System32\Windows.WARP.JITService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_e085d3cd5b474ba6\AESTSr64.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_e085d3cd5b474ba6\stacsv64.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.80\Installer\chrmstp.exe [2019-06-12] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1B1DF012-CABC-4E11-87F8-45AE688A9648} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {4273051C-8B9F-4EC7-BA69-B48440F9C9D6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4BE49111-F682-4F4C-B496-A334F94FFBED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-12] (Google Inc -> Google LLC)
Task: {70908ABD-5746-4D49-8986-622971C9863C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {BF3B02EA-F668-4D41-90E4-B491690067D6} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [791232 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
Task: {CC257C8F-A667-4A47-9FD6-756B0D8B9DE4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {DA35F8D8-1FF5-4856-A51F-239F22C68AE3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-12] (Google Inc -> Google LLC)
Task: {E33BD8C5-35D0-471D-A7FC-D4B0A089EA65} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [393728 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{087c3745-a810-41f9-b83b-5c7bae162fd4}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-09-20] (Microsoft Corporation -> Microsoft Corporation)
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-09-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-06-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-09-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-06-12] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-06-12] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Surgery\AppData\Local\Google\Chrome\User Data\Default [2019-06-15]
CHR Extension: (Slides) - C:\Users\Surgery\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-06-12]
CHR Extension: (Kaspersky Protection) - C:\Users\Surgery\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2019-06-15]
CHR Extension: (YouTube) - C:\Users\Surgery\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-12]
CHR Extension: (Adobe Acrobat) - C:\Users\Surgery\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-12]
CHR Extension: (Sheets) - C:\Users\Surgery\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-06-12]
CHR Extension: (Google Docs Offline) - C:\Users\Surgery\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-06-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Surgery\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-06-12]
CHR Extension: (Gmail) - C:\Users\Surgery\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-12]
CHR Extension: (Chrome Media Router) - C:\Users\Surgery\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-12]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R4 AESTFilters; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_e085d3cd5b474ba6\AESTSr64.exe [89600 2009-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [139504 2019-06-14] (SurfRight B.V. -> SurfRight B.V.)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\vssbridge64.exe [414352 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074120 2019-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 STacSV; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_e085d3cd5b474ba6\STacSV64.exe [244736 2010-03-09] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 HitmanPro38CrusaderBoot; "E:\HitmanPro_x64.exe" /crusader:boot [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 BrSerIb; C:\WINDOWS\System32\drivers\BrSerIb.sys [95344 2013-11-20] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 BrUsbSIb; C:\WINDOWS\System32\drivers\BrUsbSIb.sys [21872 2013-11-20] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [40824 2019-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131904 2018-12-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [73416 2019-02-18] (Kaspersky Lab -> AO Kaspersky Lab)
S1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [123152 2019-02-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [89168 2019-02-18] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [219744 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLHK; C:\WINDOWS\System32\drivers\klhk.sys [1214752 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [197464 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1113696 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-02-12] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (Kaspersky Lab -> AO Kaspersky Lab)
R4 klkbdflt2; C:\WINDOWS\system32\DRIVERS\klkbdflt2.sys [48320 2018-01-14] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50648 2017-05-30] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [45768 2019-02-18] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [48080 2018-02-12] (AnchorFree Inc -> The OpenVPN Project)
S0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [245272 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_arkmon_C0AFDEE6A6307CA44878EDCF7153D5BE; C:\Users\Surgery\AppData\Local\Temp\{E982BA24-5913-4094-A80C-FE6EE4A09F8B}\C0AFDEE6A6307CA44878EDCF7153D5BE.sys [245272 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab) <==== ATTENTION
U3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [99152 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
U3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [302368 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
U0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [116104 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
U3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [198768 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [176976 2019-02-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [203968 2018-02-24] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-06-14] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-06-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-06-15] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-06-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [117344 2019-06-14] (Malwarebytes Corporation -> Malwarebytes)
R2 rimmptsk; C:\WINDOWS\System32\drivers\rimmpx64.sys [52224 2006-11-17] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64832 2018-12-12] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [505856 2010-03-09] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [47496 2019-06-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [337632 2019-06-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-13] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-06-15 18:07 - 2019-06-15 18:13 - 000020154 _____ C:\Users\Surgery\Desktop\FRST.txt
2019-06-15 16:14 - 2019-06-15 18:07 - 000000000 ____D C:\FRST
2019-06-15 16:13 - 2019-06-15 16:10 - 002418688 _____ (Farbar) C:\Users\Surgery\Desktop\FRST64.exe
2019-06-15 16:10 - 2019-06-15 16:10 - 002418688 _____ (Farbar) C:\Users\Surgery\Downloads\FRST64.exe
2019-06-15 14:53 - 2019-06-15 14:54 - 000000780 __RSH C:\ProgramData\ntuser.pol
2019-06-15 14:41 - 2019-06-15 14:41 - 000302368 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2019-06-15 14:32 - 2019-06-15 14:32 - 000003392 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2019-06-15 14:32 - 2019-06-15 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2019-06-15 14:32 - 2019-06-15 14:32 - 000000000 ____D C:\Program Files\Common Files\AV
2019-06-15 14:31 - 2019-06-15 14:31 - 000245272 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2019-06-15 14:31 - 2019-06-15 14:31 - 000198768 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2019-06-15 14:31 - 2019-06-15 14:31 - 000116104 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2019-06-15 14:31 - 2019-06-15 14:31 - 000099152 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2019-06-15 14:29 - 2019-06-15 14:29 - 000002108 _____ C:\Users\Public\Desktop\Kaspersky Free.lnk
2019-06-15 14:29 - 2019-06-15 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Free
2019-06-15 14:28 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2019-06-15 14:27 - 2019-06-15 16:13 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-06-15 14:27 - 2019-06-15 14:31 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2019-06-15 14:26 - 2019-06-15 14:26 - 001214752 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2019-06-15 14:26 - 2019-06-15 14:26 - 001113696 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2019-06-15 14:26 - 2019-06-15 14:26 - 000219744 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2019-06-15 14:26 - 2019-06-15 14:26 - 000152960 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\klhkum.dll
2019-06-15 14:14 - 2019-06-15 14:16 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2019-06-15 14:13 - 2019-06-15 14:14 - 002623360 _____ (Kaspersky Lab) C:\Users\Surgery\Downloads\startup_14441.exe
2019-06-15 14:02 - 2019-06-15 14:07 - 158361496 _____ (Microsoft Corporation) C:\Users\Surgery\Downloads\msert Microsoft Security Scanner.exe
2019-06-15 13:53 - 2019-06-15 13:54 - 046683168 _____ (Microsoft Corporation) C:\Users\Surgery\Downloads\Windows-KB890830-x64-V5.73 Windows Malicious Software Removal Tool.exe
2019-06-14 13:53 - 2019-06-15 18:09 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-06-14 13:53 - 2019-06-14 13:53 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-06-14 13:53 - 2019-06-14 13:53 - 000117344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-06-14 13:52 - 2019-06-14 13:52 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-06-14 11:35 - 2019-06-14 11:56 - 000000000 ____D C:\Program Files\Recuva
2019-06-14 11:35 - 2019-06-14 11:35 - 000001699 _____ C:\Users\Public\Desktop\Recuva.lnk
2019-06-14 11:35 - 2019-06-14 11:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2019-06-14 11:25 - 2019-06-14 11:29 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-06-14 11:24 - 2019-06-15 14:44 - 135349160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-06-14 10:49 - 2019-06-14 10:52 - 000000000 ____D C:\AdwCleaner
2019-06-14 10:49 - 2019-06-14 10:51 - 000073232 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\NTAgent.exe
2019-06-14 10:47 - 2019-06-14 10:49 - 063765280 _____ (Malwarebytes ) C:\Users\Surgery\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.586-1.0.11017.exe
2019-06-14 10:47 - 2019-06-14 10:48 - 007025360 _____ (Malwarebytes) C:\Users\Surgery\Downloads\adwcleaner_7.3.exe
2019-06-14 09:01 - 2019-06-14 09:01 - 000000000 ____D C:\Users\Surgery\AppData\Local\PeerDistRepub
2019-06-14 06:58 - 2019-06-14 06:58 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2019-06-14 06:58 - 2019-06-14 06:58 - 000000318 _____ C:\WINDOWS\system32\.crusader
2019-06-14 06:50 - 2019-06-14 17:34 - 000001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2019-06-14 06:50 - 2019-06-14 06:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2019-06-14 06:50 - 2019-06-14 06:50 - 000000000 ____D C:\Program Files\HitmanPro
2019-06-14 06:49 - 2019-06-14 06:58 - 000000000 ____D C:\ProgramData\HitmanPro
2019-06-14 06:41 - 2019-06-14 06:41 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-06-13 22:52 - 2019-06-13 22:52 - 000000000 ____D C:\Users\Surgery\AppData\Local\DBG
2019-06-13 22:17 - 2019-06-13 22:17 - 000000000 ____D C:\Users\Surgery\AppData\Roaming\www.shadowexplorer.com
2019-06-13 15:13 - 2019-06-13 15:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-06-13 15:04 - 2019-06-13 15:04 - 000002668 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype для бизнеса 2016.lnk
2019-06-13 15:03 - 2019-06-13 15:04 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Средства Microsoft Office 2016
2019-06-13 14:57 - 2019-06-13 14:58 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2019-06-13 14:57 - 2019-06-13 14:57 - 000000000 ____D C:\WINDOWS\PCHEALTH
2019-06-13 14:36 - 2019-06-13 15:02 - 000000000 ____D C:\WINDOWS\SHELLNEW
2019-06-13 14:32 - 2019-06-13 14:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2019-06-13 14:31 - 2019-06-13 14:31 - 000000000 ____D C:\Users\Surgery\AppData\Local\Microsoft Help
2019-06-13 14:30 - 2019-06-13 14:58 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-06-13 14:29 - 2019-06-13 14:29 - 000000000 ____D C:\Program Files\Microsoft Office
2019-06-13 14:04 - 2019-06-13 14:04 - 000000000 ____D C:\Users\Surgery\AppData\Local\D3DSCache
2019-06-13 10:12 - 2019-06-13 10:13 - 005208720 _____ (Krzysztof Kowalczyk) C:\Users\Surgery\Downloads\SumatraPDF-3.1.2-64-install.exe
2019-06-13 09:47 - 2019-06-13 10:15 - 000000000 ____D C:\Users\Surgery\Desktop\Studiegidse
2019-06-13 09:04 - 2019-06-13 09:01 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-06-13 09:03 - 2019-06-13 09:03 - 000000000 ____D C:\Program Files\rempl
2019-06-13 07:20 - 2019-06-15 12:44 - 000000000 ____D C:\Windows.old
2019-06-13 07:20 - 2019-06-13 07:20 - 000000000 ____D C:\WINDOWS\InfusedApps
2019-06-13 07:20 - 2019-06-12 21:42 - 000000000 ____D C:\WINDOWS\Panther
2019-06-13 07:19 - 2019-06-13 07:19 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2019-06-13 07:17 - 2019-06-13 07:17 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2019-06-13 07:16 - 2019-06-13 07:16 - 000000000 ____D C:\WINDOWS\Setup
2019-06-13 07:15 - 2019-06-13 07:20 - 000000000 ____D C:\WINDOWS\containers
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\te-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\or-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\km-KH
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\is-IS
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\id-ID
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\be-BY
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\as-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\Program Files\Reference Assemblies
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\Program Files\MSBuild
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-06-13 07:10 - 2019-06-12 22:03 - 000000000 ____D C:\WINDOWS\OCR
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\system32\winrm
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\system32\WCN
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\system32\slmgr
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\system32\0409
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\DigitalLocker
2019-06-13 07:05 - 2019-05-31 03:57 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-06-13 07:05 - 2019-05-31 03:57 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-06-13 07:02 - 2019-06-13 07:20 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2019-06-13 07:02 - 2019-06-13 06:58 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2019-06-13 07:02 - 2019-06-13 06:58 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2019-06-13 07:02 - 2019-06-13 06:58 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2019-06-13 07:02 - 2019-06-13 06:58 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2019-06-13 07:02 - 2019-06-13 06:58 - 000027136 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2019-06-13 07:02 - 2019-06-13 06:58 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2019-06-13 07:02 - 2019-06-13 06:58 - 000017346 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2019-06-13 07:02 - 2019-06-13 06:58 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2019-06-13 07:02 - 2019-06-13 06:58 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2019-06-13 07:02 - 2019-06-13 06:58 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2019-06-13 07:02 - 2019-06-13 06:58 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2019-06-13 07:02 - 2019-06-13 06:58 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2019-06-13 07:01 - 2019-06-15 14:27 - 000000000 ___RD C:\Program Files (x86)
2019-06-13 07:01 - 2019-06-15 14:27 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-06-13 07:01 - 2019-06-15 14:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-06-13 07:01 - 2019-06-15 12:23 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-06-13 07:01 - 2019-06-14 18:05 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-13 07:01 - 2019-06-14 18:05 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-06-13 07:01 - 2019-06-13 14:40 - 000000167 _____ C:\WINDOWS\win.ini
2019-06-13 07:01 - 2019-06-13 14:30 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-06-13 07:01 - 2019-06-13 09:04 - 000000000 ____D C:\Program Files\Windows Defender
2019-06-13 07:01 - 2019-06-13 08:58 - 000000000 ____D C:\WINDOWS\appcompat
2019-06-13 07:01 - 2019-06-13 07:20 - 000000000 __RHD C:\Users\Public\Libraries
2019-06-13 07:01 - 2019-06-13 07:20 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2019-06-13 07:01 - 2019-06-13 07:20 - 000000000 ____D C:\WINDOWS\CSC
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\TextInput
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ta-in
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\si-lk
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\setup
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\am-et
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\Provisioning
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-06-13 07:01 - 2019-06-13 07:09 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2019-06-13 07:01 - 2019-06-13 07:09 - 000000000 ___SD C:\WINDOWS\system32\dsc
2019-06-13 07:01 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2019-06-13 07:01 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2019-06-13 07:01 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2019-06-13 07:01 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\system32\MUI
2019-06-13 07:01 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-06-13 07:01 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\system32\com
2019-06-13 07:01 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\IME
2019-06-13 07:01 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\Help
2019-06-13 07:01 - 2019-06-13 07:09 - 000000000 ____D C:\Program Files\Common Files\system
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ___SD C:\WINDOWS\system32\Nui
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ___SD C:\WINDOWS\system32\AppV
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\system32\my-mm
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\system32\icsxml
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\system32\ias
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\system32\downlevel
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\system32\DDFs
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 __SHD C:\Program Files\Windows Sidebar
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 __RSD C:\WINDOWS\media
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\Web
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\WaaS
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\Vss
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\tracing
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\TAPI
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SystemResources
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SystemApps
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\winevt
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\ras
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\IME
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\DriverState
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\System
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SKB
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\ServiceState
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\security
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\schemas
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SchCache
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\Resources
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\rescache
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\RemotePackages
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\Registration
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\PLA
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\Performance
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\ModemLogs
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\L2Schemas
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\InputMethod
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\IdentityCRL
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\Globalization
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\Cursors
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\Branding
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\addins
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\Program Files\Windows Security
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\Program Files\Windows Portable Devices
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\Program Files\windows nt
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\Program Files\Common Files\Services
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\Program Files (x86)\windows nt
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2019-06-13 07:01 - 2019-06-13 06:58 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2019-06-13 07:01 - 2019-06-13 06:58 - 000000219 _____ C:\WINDOWS\system.ini
2019-06-13 07:01 - 2019-06-12 21:39 - 000000000 ____D C:\WINDOWS\system32\spool
2019-06-13 07:01 - 2019-06-12 21:39 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-06-13 07:01 - 2019-06-12 21:29 - 000000000 ___RD C:\WINDOWS\PrintDialog
2019-06-13 07:01 - 2019-06-12 21:29 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-06-13 07:01 - 2019-06-12 21:26 - 000000000 ____D C:\ProgramData\USOPrivate
2019-06-13 06:59 - 2019-06-15 14:32 - 000000000 ____D C:\WINDOWS\INF
2019-06-13 06:50 - 2019-06-13 09:33 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-06-13 06:41 - 2019-06-15 14:29 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-06-13 06:41 - 2019-06-14 13:50 - 085458944 _____ C:\WINDOWS\system32\config\SOFTWARE
2019-06-13 06:41 - 2019-06-14 13:50 - 014680064 _____ C:\WINDOWS\system32\config\SYSTEM
2019-06-13 06:41 - 2019-06-14 13:50 - 000524288 _____ C:\WINDOWS\system32\config\DEFAULT
2019-06-13 06:41 - 2019-06-14 13:50 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2019-06-13 06:41 - 2019-06-14 13:50 - 000049152 _____ C:\WINDOWS\system32\config\SECURITY
2019-06-13 06:41 - 2019-06-14 13:50 - 000032768 _____ C:\WINDOWS\system32\config\SAM
2019-06-13 06:41 - 2019-06-13 07:21 - 000000000 ___HD C:\$SysReset
2019-06-13 06:41 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\servicing
2019-06-13 06:41 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\SMI
2019-06-12 22:58 - 2019-06-12 22:58 - 000000000 ____D C:\Users\Surgery\AppData\Roaming\vlc
2019-06-12 22:56 - 2019-06-12 22:56 - 000000000 ____D C:\Program Files\VideoLAN
2019-06-12 22:54 - 2019-06-12 22:55 - 041846888 _____ C:\Users\Surgery\Downloads\vlc-3.0.6-win64.exe
2019-06-12 22:44 - 2019-06-12 22:44 - 000000000 ____D C:\Users\Surgery\AppData\Local\Publishers
2019-06-12 22:36 - 2019-06-12 22:36 - 000000000 ____D C:\Program Files\7-Zip
2019-06-12 22:35 - 2019-06-12 22:36 - 001447178 _____ (Igor Pavlov) C:\Users\Surgery\Downloads\7z1900-x64 (1).exe
2019-06-12 22:31 - 2019-06-13 10:03 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-06-12 22:31 - 2019-06-12 22:32 - 001447178 _____ (Igor Pavlov) C:\Users\Surgery\Downloads\7z1900-x64.exe
2019-06-12 22:30 - 2019-06-12 22:30 - 007411912 _____ (VS Revo Group ) C:\Users\Surgery\Downloads\revosetup (1).exe
2019-06-12 22:30 - 2019-06-12 22:30 - 000000000 ____D C:\Program Files\VS Revo Group
2019-06-12 22:27 - 2019-06-12 22:28 - 007411912 _____ (VS Revo Group ) C:\Users\Surgery\Downloads\revosetup.exe
2019-06-12 22:26 - 2019-06-12 22:26 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-06-12 22:24 - 2019-06-12 22:34 - 000000000 ____D C:\ProgramData\Adobe
2019-06-12 22:20 - 2019-06-12 22:20 - 000000000 ____D C:\ProgramData\Packages
2019-06-12 22:16 - 2019-06-12 22:32 - 000000000 ____D C:\Users\Surgery\AppData\Local\Adobe
2019-06-12 22:04 - 2019-06-13 09:43 - 000000000 ____D C:\Users\Surgery\AppData\Local\Google
2019-06-12 22:04 - 2019-06-12 22:07 - 000000000 ____D C:\Program Files (x86)\Google
2019-06-12 22:04 - 2019-06-12 22:04 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-06-12 22:04 - 2019-06-12 22:04 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-06-12 21:56 - 2019-06-12 21:56 - 000000000 ____D C:\Users\Surgery\AppData\Local\mbamtray
2019-06-12 21:56 - 2019-06-12 21:56 - 000000000 ____D C:\Users\Surgery\AppData\Local\mbam
2019-06-12 21:55 - 2019-06-12 21:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-06-12 21:55 - 2019-06-12 21:55 - 000000000 ____D C:\Program Files\Malwarebytes
2019-06-12 21:55 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-06-12 21:55 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-06-12 21:53 - 2019-06-12 21:53 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2019-06-12 21:50 - 2019-06-12 22:46 - 000000000 ____D C:\Users\Surgery\AppData\Local\PlaceholderTileLogoFolder
2019-06-12 21:49 - 2019-06-12 21:49 - 000003392 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-107219719-2777607667-2193668656-1001
2019-06-12 21:47 - 2019-06-12 22:00 - 000000000 ____D C:\Users\Surgery\AppData\Local\MicrosoftEdge
2019-06-12 21:47 - 2019-06-12 21:47 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2019-06-12 21:45 - 2019-06-13 06:29 - 000000000 ____D C:\Users\Surgery\AppData\Local\Packages
2019-06-12 21:45 - 2019-06-12 22:32 - 000000000 ____D C:\Users\Surgery\AppData\Roaming\Adobe
2019-06-12 21:45 - 2019-06-12 21:45 - 000000000 ____D C:\Users\Surgery\AppData\Local\VirtualStore
2019-06-12 21:44 - 2019-06-13 06:29 - 000000000 ____D C:\Users\Surgery\AppData\Local\ConnectedDevicesPlatform
2019-06-12 21:44 - 2019-06-12 21:44 - 000000020 ___SH C:\Users\Surgery\ntuser.ini
2019-06-12 21:43 - 2019-06-13 13:50 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-06-12 21:41 - 2019-06-12 21:41 - 000000000 _SHDL C:\Users\Default User
2019-06-12 21:41 - 2019-06-12 21:41 - 000000000 _SHDL C:\Users\All Users
2019-06-12 21:40 - 2019-06-14 13:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-06-12 21:40 - 2019-06-13 09:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-06-12 21:40 - 2019-06-12 21:40 - 000011516 _____ C:\Users\Surgery\Desktop\Removed Apps.html
2019-06-12 21:34 - 2019-06-15 14:01 - 000000000 ____D C:\Users\Surgery
2019-06-12 21:34 - 2019-06-12 21:49 - 000002369 _____ C:\Users\Surgery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-06-12 21:27 - 2019-06-12 21:27 - 000000000 ____D C:\ProgramData\USOShared
2019-06-12 21:27 - 2019-06-12 21:27 - 000000000 ____D C:\Program Files\IDT
2019-06-12 21:27 - 2018-04-12 01:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2019-06-12 21:27 - 2010-01-26 18:30 - 000162816 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTAC64.dll
2019-06-12 21:27 - 2009-10-09 16:45 - 000442368 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTEC64.dll
2019-06-12 21:27 - 2009-03-02 17:58 - 000068608 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTAR64.dll
2019-06-12 21:26 - 2019-06-12 21:26 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2019-06-12 21:26 - 2010-03-09 15:56 - 012772352 _____ (IDT, Inc.) C:\WINDOWS\system32\idtcpl64.cpl
2019-06-12 21:26 - 2010-03-09 15:56 - 003348480 _____ (IDT, Inc.) C:\WINDOWS\system32\stlang64.dll
2019-06-12 21:26 - 2009-03-02 17:47 - 000090624 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTCo64.dll
2019-06-12 21:24 - 2019-06-14 11:05 - 000017408 _____ C:\WINDOWS\SysWOW64\rpcnetp.dll
2019-06-12 21:23 - 2019-06-15 18:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-06-12 21:22 - 2019-06-14 11:06 - 000017408 _____ C:\WINDOWS\SysWOW64\rpcnetp.exe
2019-06-12 21:22 - 2019-06-14 11:04 - 000017408 _____ C:\WINDOWS\system32\rpcnetp.exe
2019-06-12 21:22 - 2019-06-13 15:58 - 000403008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-06-12 19:03 - 2019-06-12 21:55 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-06-12 19:03 - 2019-06-12 21:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-06-12 16:42 - 2019-06-12 16:42 - 000001146 _____ C:\Users\Surgery\_readme.txt
2019-06-12 16:42 - 2019-06-12 16:42 - 000001146 _____ C:\_readme.txt
2019-06-12 16:41 - 2019-06-12 16:41 - 000000000 ____D C:\SystemID
2019-06-12 12:47 - 2019-06-07 13:04 - 021388752 ____N (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-06-12 12:47 - 2019-06-07 12:45 - 012756480 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-06-12 12:47 - 2019-06-07 12:42 - 003613696 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-06-12 12:47 - 2019-06-07 12:19 - 020383832 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-06-12 12:47 - 2019-06-07 12:07 - 011942400 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-06-12 12:47 - 2019-06-07 12:04 - 002881536 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-06-12 12:47 - 2019-06-07 08:01 - 001035040 ____N (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-06-12 12:47 - 2019-06-07 07:57 - 007519896 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-06-12 12:47 - 2019-06-07 07:57 - 007436536 ____N (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-06-12 12:47 - 2019-06-07 07:57 - 002811192 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-06-12 12:47 - 2019-06-07 07:56 - 009084216 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-06-12 12:47 - 2019-06-07 07:46 - 006569344 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-06-12 12:47 - 2019-06-07 07:46 - 006043496 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-06-12 12:47 - 2019-06-07 07:38 - 025857536 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-06-12 12:47 - 2019-06-07 07:37 - 022019584 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-06-12 12:47 - 2019-06-07 07:31 - 019372544 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-06-12 12:47 - 2019-06-07 07:27 - 022718976 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-06-12 12:47 - 2019-06-07 07:24 - 005784064 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-06-12 12:47 - 2019-06-07 07:24 - 003400704 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-06-12 12:47 - 2019-06-07 07:21 - 007588864 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-06-12 12:47 - 2019-06-07 07:21 - 004866048 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-06-12 12:47 - 2019-06-07 07:21 - 001778688 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-06-12 12:47 - 2019-05-17 14:27 - 006586880 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-06-12 12:47 - 2019-05-17 14:26 - 004393984 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-06-12 12:47 - 2019-05-17 14:25 - 004718080 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-06-12 12:47 - 2019-05-17 14:00 - 005658112 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-06-12 12:47 - 2019-05-17 08:42 - 005625160 ____N (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-06-12 12:47 - 2019-05-17 08:42 - 004789944 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-06-12 12:47 - 2019-05-17 08:30 - 013878784 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-06-12 12:47 - 2019-05-17 08:19 - 004515840 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-06-12 12:47 - 2019-05-17 08:07 - 004404720 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-06-12 12:47 - 2019-05-17 08:07 - 002768960 ____N (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-06-12 12:47 - 2019-05-17 08:04 - 001826816 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-06-12 12:47 - 2019-05-17 07:44 - 016597504 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-06-12 12:47 - 2019-05-17 07:38 - 004709376 ____N (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-06-12 12:47 - 2019-05-17 07:37 - 004385280 ____N (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-06-12 12:47 - 2019-05-17 07:33 - 003091456 ____N (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-06-12 12:47 - 2019-05-17 07:31 - 004937216 ____N (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-06-12 12:47 - 2019-05-17 07:31 - 003376640 ____N (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2019-06-12 12:46 - 2019-06-07 13:04 - 001633136 ____N (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-06-12 12:46 - 2019-06-07 12:47 - 000059904 ____N (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-06-12 12:46 - 2019-06-07 12:41 - 004055552 ____N (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-06-12 12:46 - 2019-06-07 12:40 - 001663488 ____N (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-06-12 12:46 - 2019-06-07 12:40 - 001364992 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-06-12 12:46 - 2019-06-07 12:23 - 001453920 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-06-12 12:46 - 2019-06-07 12:10 - 000046080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-06-12 12:46 - 2019-06-07 12:04 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-06-12 12:46 - 2019-06-07 12:04 - 001471488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-06-12 12:46 - 2019-06-07 08:07 - 000707384 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-06-12 12:46 - 2019-06-07 07:58 - 001220112 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-06-12 12:46 - 2019-06-07 07:58 - 001027384 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-06-12 12:46 - 2019-06-07 07:58 - 000568320 ____N (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-06-12 12:46 - 2019-06-07 07:58 - 000422416 ____N (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
2019-06-12 12:46 - 2019-06-07 07:58 - 000135176 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-06-12 12:46 - 2019-06-07 07:58 - 000076304 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-06-12 12:46 - 2019-06-07 07:57 - 002719032 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-06-12 12:46 - 2019-06-07 07:57 - 001934808 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-06-12 12:46 - 2019-06-07 07:57 - 001209696 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-06-12 12:46 - 2019-06-07 07:57 - 000792888 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-06-12 12:46 - 2019-06-07 07:57 - 000709728 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-06-12 12:46 - 2019-06-07 07:57 - 000594024 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-06-12 12:46 - 2019-06-07 07:57 - 000435000 ____N (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-06-12 12:46 - 2019-06-07 07:57 - 000413720 ____N (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-06-12 12:46 - 2019-06-07 07:57 - 000412984 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-06-12 12:46 - 2019-06-07 07:57 - 000383504 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-06-12 12:46 - 2019-06-07 07:57 - 000170296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-06-12 12:46 - 2019-06-07 07:57 - 000148280 ____N (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2019-06-12 12:46 - 2019-06-07 07:56 - 000713272 ____N (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-06-12 12:46 - 2019-06-07 07:47 - 000380432 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-06-12 12:46 - 2019-06-07 07:46 - 001805656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-06-12 12:46 - 2019-06-07 07:46 - 001011872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-06-12 12:46 - 2019-06-07 07:46 - 000581048 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-06-12 12:46 - 2019-06-07 07:46 - 000128792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2019-06-12 12:46 - 2019-06-07 07:23 - 000608768 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-06-12 12:46 - 2019-06-07 07:23 - 000561152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-06-12 12:46 - 2019-06-07 07:22 - 005307392 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-06-12 12:46 - 2019-06-07 07:22 - 003710976 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-06-12 12:46 - 2019-06-07 07:21 - 000808448 ____N (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-06-12 12:46 - 2019-06-07 07:21 - 000473600 ____N (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-06-12 12:46 - 2019-06-07 07:20 - 002610688 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-06-12 12:46 - 2019-06-07 07:20 - 000894464 ____N (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-06-12 12:46 - 2019-06-07 07:19 - 003212288 ____N (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-06-12 12:46 - 2019-06-07 07:19 - 002175488 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-06-12 12:46 - 2019-06-07 07:19 - 001560576 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-06-12 12:46 - 2019-06-07 07:19 - 001549824 ____N (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-06-12 12:46 - 2019-06-07 07:19 - 000778240 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-06-12 12:46 - 2019-06-07 07:18 - 002166784 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-06-12 12:46 - 2019-06-07 07:18 - 000686592 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-06-12 12:46 - 2019-06-07 07:18 - 000531968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-06-12 12:46 - 2019-06-07 07:17 - 001920000 ____N (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-06-12 12:46 - 2019-06-07 07:17 - 000961024 ____N (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-06-12 12:46 - 2019-06-07 07:17 - 000889344 ____N (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-06-12 12:46 - 2019-06-07 07:16 - 000900096 ____N (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-06-12 12:46 - 2019-06-07 07:16 - 000544768 ____N (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-06-12 12:46 - 2019-06-07 07:16 - 000478720 ____N (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2019-06-12 12:46 - 2019-05-19 00:12 - 000353280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-06-12 12:46 - 2019-05-19 00:12 - 000341504 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-06-12 12:46 - 2019-05-17 14:44 - 000348160 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-06-12 12:46 - 2019-05-17 14:40 - 002394960 ____N (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2019-06-12 12:46 - 2019-05-17 14:40 - 000280888 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-06-12 12:46 - 2019-05-17 14:25 - 004491264 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2019-06-12 12:46 - 2019-05-17 14:23 - 000182272 ____N (Microsoft Corporation) C:\WINDOWS\system32\PeerDistWSDDiscoProv.dll
2019-06-12 12:46 - 2019-05-17 14:22 - 000392192 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-06-12 12:46 - 2019-05-17 14:22 - 000182784 ____N (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2019-06-12 12:46 - 2019-05-17 14:21 - 001180672 ____N (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-06-12 12:46 - 2019-05-17 14:21 - 000878592 ____N (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-06-12 12:46 - 2019-05-17 14:21 - 000274944 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3gpui.dll
2019-06-12 12:46 - 2019-05-17 14:20 - 002084864 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-06-12 12:46 - 2019-05-17 14:20 - 001970688 ____N (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2019-06-12 12:46 - 2019-05-17 14:20 - 000725504 ____N (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCacheProvider.dll
2019-06-12 12:46 - 2019-05-17 14:20 - 000424448 ____N (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSh.dll
2019-06-12 12:46 - 2019-05-17 14:20 - 000224256 ____N (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCleaner.dll
2019-06-12 12:46 - 2019-05-17 14:19 - 000757248 ____N (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-06-12 12:46 - 2019-05-17 14:07 - 002206424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2019-06-12 12:46 - 2019-05-17 13:58 - 003397632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2019-06-12 12:46 - 2019-05-17 13:55 - 000704000 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-06-12 12:46 - 2019-05-17 13:55 - 000668160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-06-12 12:46 - 2019-05-17 13:55 - 000352256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDistSh.dll
2019-06-12 12:46 - 2019-05-17 09:07 - 000105272 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-06-12 12:46 - 2019-05-17 08:44 - 000829960 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2019-06-12 12:46 - 2019-05-17 08:44 - 000550520 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2019-06-12 12:46 - 2019-05-17 08:43 - 000297688 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2019-06-12 12:46 - 2019-05-17 08:42 - 002256560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-06-12 12:46 - 2019-05-17 08:42 - 001989552 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-06-12 12:46 - 2019-05-17 08:42 - 001980256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-06-12 12:46 - 2019-05-17 08:42 - 001620264 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-06-12 12:46 - 2019-05-17 08:42 - 001380096 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-06-12 12:46 - 2019-05-17 08:42 - 001130568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-06-12 12:46 - 2019-05-17 08:42 - 000129088 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-06-12 12:46 - 2019-05-17 08:26 - 002969600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-06-12 12:46 - 2019-05-17 08:21 - 000333824 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-06-12 12:46 - 2019-05-17 08:19 - 001630720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-06-12 12:46 - 2019-05-17 08:19 - 001110528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-06-12 12:46 - 2019-05-17 08:19 - 000835584 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-06-12 12:46 - 2019-05-17 08:18 - 002796032 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2019-06-12 12:46 - 2019-05-17 08:18 - 001006592 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-06-12 12:46 - 2019-05-17 08:08 - 001063224 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-06-12 12:46 - 2019-05-17 08:08 - 000723432 ____N (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-06-12 12:46 - 2019-05-17 08:08 - 000491200 ____N (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-06-12 12:46 - 2019-05-17 08:08 - 000401328 ____N (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2019-06-12 12:46 - 2019-05-17 08:07 - 002571640 ____N (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-06-12 12:46 - 2019-05-17 08:07 - 002467320 ____N (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-06-12 12:46 - 2019-05-17 08:07 - 001459120 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-06-12 12:46 - 2019-05-17 08:07 - 001288712 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-06-12 12:46 - 2019-05-17 08:07 - 001260272 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-06-12 12:46 - 2019-05-17 08:07 - 000930616 ____N (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2019-06-12 12:46 - 2019-05-17 08:07 - 000275768 ____N (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-06-12 12:46 - 2019-05-17 08:07 - 000260800 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-06-12 12:46 - 2019-05-17 08:06 - 001943136 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-06-12 12:46 - 2019-05-17 08:06 - 001784696 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-06-12 12:46 - 2019-05-17 08:06 - 001307648 ____N (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-06-12 12:46 - 2019-05-17 08:06 - 001140992 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-06-12 12:46 - 2019-05-17 08:06 - 001098056 ____N (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-06-12 12:46 - 2019-05-17 08:06 - 000983424 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-06-12 12:46 - 2019-05-17 08:06 - 000151888 ____N (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-06-12 12:46 - 2019-05-17 08:00 - 001295360 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-06-12 12:46 - 2019-05-17 07:36 - 000096768 ____N (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-06-12 12:46 - 2019-05-17 07:35 - 000433152 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-06-12 12:46 - 2019-05-17 07:35 - 000362496 ____N (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2019-06-12 12:46 - 2019-05-17 07:35 - 000322560 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-06-12 12:46 - 2019-05-17 07:34 - 001804288 ____N (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-06-12 12:46 - 2019-05-17 07:34 - 000916480 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-06-12 12:46 - 2019-05-17 07:34 - 000671744 ____N (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2019-06-12 12:46 - 2019-05-17 07:34 - 000141312 ____N (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-06-12 12:46 - 2019-05-17 07:33 - 002912256 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-06-12 12:46 - 2019-05-17 07:33 - 002370560 ____N (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-06-12 12:46 - 2019-05-17 07:33 - 001487360 ____N (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2019-06-12 12:46 - 2019-05-17 07:33 - 001214464 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-06-12 12:46 - 2019-05-17 07:33 - 000787968 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-06-12 12:46 - 2019-05-17 07:32 - 001070080 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2019-06-12 12:46 - 2019-05-17 07:32 - 000815104 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-06-12 12:46 - 2019-05-17 07:31 - 003293184 ____N (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2019-06-12 12:46 - 2019-05-17 07:31 - 001854976 ____N (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-06-12 12:46 - 2019-05-17 07:31 - 001805312 ____N (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-06-12 12:46 - 2019-05-17 07:31 - 001383424 ____N (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-06-12 12:46 - 2019-05-17 07:31 - 001215488 ____N (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-06-12 12:46 - 2019-05-17 07:31 - 001211904 ____N (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-06-12 12:46 - 2019-05-17 07:31 - 001027584 ____N (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2019-06-12 12:46 - 2019-05-17 07:31 - 000620032 ____N (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-06-12 12:46 - 2019-05-17 07:31 - 000466432 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-06-12 12:46 - 2019-05-17 07:30 - 000917504 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-06-12 12:46 - 2019-05-17 07:30 - 000507392 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-06-12 12:46 - 2019-05-17 07:30 - 000276992 ____N (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2019-06-12 12:45 - 2019-06-07 12:48 - 000064000 ____N (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-06-12 12:45 - 2019-06-07 07:57 - 000494304 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-06-12 12:45 - 2019-06-07 07:57 - 000137448 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-06-12 12:45 - 2019-06-07 07:47 - 000097272 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-06-12 12:45 - 2019-06-07 07:46 - 000357072 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-06-12 12:45 - 2019-06-07 07:24 - 001361408 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-06-12 12:45 - 2019-06-07 07:23 - 000209408 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-06-12 12:45 - 2019-06-07 07:22 - 000578560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-06-12 12:45 - 2019-06-07 07:22 - 000233984 ____N (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2019-06-12 12:45 - 2019-06-07 07:22 - 000216064 ____N (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2019-06-12 12:45 - 2019-06-07 07:21 - 000154112 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-06-12 12:45 - 2019-06-07 07:20 - 001708544 ____N (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-06-12 12:45 - 2019-06-07 07:20 - 000726528 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-06-12 12:45 - 2019-06-07 07:19 - 000369664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2019-06-12 12:45 - 2019-06-07 06:00 - 000001308 ____N C:\WINDOWS\system32\tcbres.wim
2019-06-12 12:45 - 2019-05-19 00:12 - 001311744 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-06-12 12:45 - 2019-05-19 00:12 - 000241152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-06-12 12:45 - 2019-05-17 14:25 - 000039424 ____N (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-06-12 12:45 - 2019-05-17 14:24 - 000122368 ____N (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-06-12 12:45 - 2019-05-17 14:23 - 000223744 ____N (Microsoft Corporation) C:\WINDOWS\system32\PeerDist.dll
2019-06-12 12:45 - 2019-05-17 14:23 - 000110080 ____N (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2019-06-12 12:45 - 2019-05-17 14:21 - 001121792 ____N (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-06-12 12:45 - 2019-05-17 14:21 - 000221184 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2019-06-12 12:45 - 2019-05-17 13:58 - 000184320 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDist.dll
2019-06-12 12:45 - 2019-05-17 13:56 - 000344576 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2019-06-12 12:45 - 2019-05-17 13:56 - 000240640 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3gpui.dll
2019-06-12 12:45 - 2019-05-17 13:55 - 000470528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2019-06-12 12:45 - 2019-05-17 13:54 - 002016768 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-06-12 12:45 - 2019-05-17 13:54 - 000908288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-06-12 12:45 - 2019-05-17 11:33 - 001008640 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-06-12 12:45 - 2019-05-17 10:52 - 000868864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-06-12 12:45 - 2019-05-17 08:42 - 000125504 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-06-12 12:45 - 2019-05-17 08:23 - 000074240 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-06-12 12:45 - 2019-05-17 08:23 - 000068096 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-06-12 12:45 - 2019-05-17 08:23 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-06-12 12:45 - 2019-05-17 08:22 - 000142848 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2019-06-12 12:45 - 2019-05-17 08:22 - 000031232 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2019-06-12 12:45 - 2019-05-17 08:21 - 000326144 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2019-06-12 12:45 - 2019-05-17 08:21 - 000224768 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2019-06-12 12:45 - 2019-05-17 08:20 - 000366080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-06-12 12:45 - 2019-05-17 08:20 - 000118272 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-06-12 12:45 - 2019-05-17 08:19 - 001073664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-06-12 12:45 - 2019-05-17 08:19 - 000873472 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2019-06-12 12:45 - 2019-05-17 08:18 - 000251904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-06-12 12:45 - 2019-05-17 07:37 - 000185344 ____N (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2019-06-12 12:45 - 2019-05-17 07:37 - 000108544 ____N (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2019-06-12 12:45 - 2019-05-17 07:36 - 000228864 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-06-12 12:45 - 2019-05-17 07:36 - 000115200 ____N (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-06-12 12:45 - 2019-05-17 07:36 - 000067584 ____N (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2019-06-12 12:45 - 2019-05-17 07:36 - 000040960 ____N (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-06-12 12:45 - 2019-05-17 07:36 - 000034816 ____N (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-06-12 12:45 - 2019-05-17 07:36 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-06-12 12:45 - 2019-05-17 07:34 - 000275456 ____N (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2019-06-12 12:45 - 2019-05-17 07:34 - 000270336 ____N (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2019-06-12 12:45 - 2019-05-17 07:34 - 000175104 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-06-12 12:45 - 2019-05-17 07:34 - 000047616 ____N (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2019-06-12 12:45 - 2019-05-17 07:33 - 000270336 ____N (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2019-06-09 22:03 - 2019-06-12 16:42 - 000000238 _____ C:\Users\Surgery\Documents\debug.log.gerosan
2019-06-06 17:47 - 2019-06-12 16:42 - 000022074 _____ C:\Users\Surgery\Desktop\LO OPSOMMINGS.docx.gerosan
2019-06-06 10:54 - 2019-06-13 07:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-06-04 18:03 - 2019-06-04 18:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2019-06-03 11:47 - 2019-06-12 16:42 - 003480552 _____ C:\Users\Surgery\Desktop\Geografie-Gr11-Studiegids.pdf.gerosan
2019-05-31 14:37 - 2019-06-12 16:42 - 000000000 ____D C:\Users\Surgery\Desktop\High.School.Musical.3-Senior.Year[2008]DvDrip-aXXo
2019-05-28 21:59 - 2019-06-12 16:42 - 000000000 ___RD C:\Users\Surgery\Documents\Scanned Documents
2019-05-28 21:59 - 2019-05-28 21:59 - 000000000 ____D C:\Users\Surgery\Documents\Fax
2019-05-27 17:59 - 2019-06-12 16:42 - 000000000 ____D C:\Users\Surgery\Desktop\RTTgr10T4MostertWian
2019-05-26 16:47 - 2019-06-12 16:42 - 000014731 _____ C:\Users\Surgery\Desktop\RTT Opsomming.xlsx.gerosan
2019-05-26 12:51 - 2019-06-12 16:42 - 000039889 _____ C:\Users\Surgery\Documents\OM PERSONAL MONTHLY BUDGET.xlsx.gerosan
2019-05-18 14:07 - 2019-06-13 07:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Shaper Free
2019-05-18 14:07 - 2019-05-18 14:07 - 000001130 _____ C:\Users\Public\Desktop\PDF Shaper Free.lnk
2019-05-16 22:12 - 2019-02-13 07:47 - 001909560 ____N (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-05-16 18:26 - 2019-05-16 18:26 - 000081744 _____ C:\Users\Surgery\Desktop\Classic.pdf
2019-05-16 17:12 - 2019-05-03 08:01 - 008189440 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-16 17:12 - 2019-05-03 08:00 - 006661632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-16 17:12 - 2019-04-19 06:35 - 001458688 ____N (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-05-16 17:12 - 2019-04-19 06:35 - 001175552 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-05-16 17:11 - 2019-05-03 14:14 - 000790208 ____N (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-05-16 17:11 - 2019-05-03 14:14 - 000304144 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-05-16 17:11 - 2019-05-03 14:13 - 001376472 ____N (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-16 17:11 - 2019-05-03 14:13 - 000396088 ____N (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2019-05-16 17:11 - 2019-05-03 13:55 - 000123392 ____N (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-16 17:11 - 2019-05-03 13:54 - 000177664 ____N (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-16 17:11 - 2019-05-03 13:52 - 000119808 ____N (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-16 17:11 - 2019-05-03 13:49 - 001288704 ____N (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-16 17:11 - 2019-05-03 13:49 - 000488448 ____N (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-16 17:11 - 2019-05-03 13:49 - 000210944 ____N (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-16 17:11 - 2019-05-03 13:43 - 001027008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-16 17:11 - 2019-05-03 13:43 - 000662328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-05-16 17:11 - 2019-05-03 13:30 - 000138752 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-16 17:11 - 2019-05-03 13:30 - 000098304 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-16 17:11 - 2019-05-03 13:28 - 000089600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-16 17:11 - 2019-05-03 13:27 - 000176640 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-16 17:11 - 2019-05-03 13:26 - 000425472 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-16 17:11 - 2019-05-03 08:43 - 000177128 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-16 17:11 - 2019-05-03 08:34 - 000159864 ____N (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-16 17:11 - 2019-05-03 08:33 - 000063072 ____N (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-16 17:11 - 2019-05-03 08:32 - 000776784 ____N (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-16 17:11 - 2019-05-03 08:32 - 000493880 ____N (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-16 17:11 - 2019-05-03 08:32 - 000438984 ____N (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-16 17:11 - 2019-05-03 08:32 - 000209208 ____N (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-16 17:11 - 2019-05-03 08:32 - 000164664 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-16 17:11 - 2019-05-03 08:31 - 000545808 ____N (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-16 17:11 - 2019-05-03 08:31 - 000115728 ____N (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-05-16 17:11 - 2019-05-03 08:20 - 000434704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-16 17:11 - 2019-05-03 08:20 - 000384976 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-16 17:11 - 2019-05-03 08:20 - 000192016 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-16 17:11 - 2019-05-03 08:20 - 000146920 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-05-16 17:11 - 2019-05-03 08:19 - 000665224 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-16 17:11 - 2019-05-03 08:19 - 000056288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-16 17:11 - 2019-05-03 08:00 - 000120832 ____N (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-16 17:11 - 2019-05-03 08:00 - 000099328 ____N (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2019-05-16 17:11 - 2019-05-03 07:59 - 000514560 ____N (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-16 17:11 - 2019-05-03 07:59 - 000204288 ____N (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-16 17:11 - 2019-05-03 07:58 - 000462336 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-05-16 17:11 - 2019-05-03 07:56 - 000773632 ____N (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-16 17:11 - 2019-05-03 07:55 - 000659968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-16 17:11 - 2019-05-03 07:54 - 000845824 ____N (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-05-16 17:11 - 2019-05-03 07:54 - 000778752 ____N (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-05-16 17:11 - 2019-05-03 07:54 - 000776192 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-16 17:11 - 2019-05-03 07:54 - 000669184 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-16 17:11 - 2019-05-03 07:54 - 000667136 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-05-16 17:11 - 2019-05-03 07:53 - 000204800 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-16 17:11 - 2019-05-03 07:53 - 000186880 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-16 17:11 - 2019-05-03 07:53 - 000184320 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-16 17:11 - 2019-05-03 07:53 - 000181760 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-16 17:11 - 2019-04-19 12:54 - 000720200 ____N (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-16 17:11 - 2019-04-19 12:38 - 000058368 ____N (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2019-05-16 17:11 - 2019-04-19 12:38 - 000040960 ____N (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll
2019-05-16 17:11 - 2019-04-19 12:36 - 000346112 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-16 17:11 - 2019-04-19 12:34 - 000522240 ____N (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-05-16 17:11 - 2019-04-19 11:37 - 000607960 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-16 17:11 - 2019-04-19 11:30 - 000036864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll
2019-05-16 17:11 - 2019-04-19 11:26 - 002405888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-16 17:11 - 2019-04-19 11:25 - 000423936 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-05-16 17:11 - 2019-04-19 07:07 - 000985400 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-05-16 17:11 - 2019-04-19 07:06 - 000798520 ____N (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-05-16 17:11 - 2019-04-19 07:02 - 000831800 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-05-16 17:11 - 2019-04-19 07:01 - 000576016 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-05-16 17:11 - 2019-04-19 06:43 - 000150016 ____N (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-16 17:11 - 2019-04-19 06:41 - 000140288 ____N (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-05-16 17:11 - 2019-04-19 06:41 - 000095232 ____N (Microsoft Corporation) C:\WINDOWS\system32\EduPrintProv.exe
2019-05-16 17:11 - 2019-04-19 06:40 - 000342528 ____N (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-05-16 17:11 - 2019-04-19 06:40 - 000243712 ____N (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-16 17:11 - 2019-04-19 06:40 - 000172544 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-05-16 17:11 - 2019-04-19 06:40 - 000167936 ____N (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2019-05-16 17:11 - 2019-04-19 06:40 - 000081408 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-05-16 17:11 - 2019-04-19 06:39 - 000567296 ____N (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-16 17:11 - 2019-04-19 06:39 - 000425472 ____N (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-16 17:11 - 2019-04-19 06:39 - 000374784 ____N (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll
2019-05-16 17:11 - 2019-04-19 06:39 - 000361472 ____N (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-16 17:11 - 2019-04-19 06:39 - 000204288 ____N (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-05-16 17:11 - 2019-04-19 06:38 - 000593408 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-16 17:11 - 2019-04-19 06:38 - 000391680 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-16 17:11 - 2019-04-19 06:38 - 000304128 ____N (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-05-16 17:11 - 2019-04-19 06:38 - 000300544 ____N (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-16 17:11 - 2019-04-19 06:37 - 000953856 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-05-16 17:11 - 2019-04-19 06:37 - 000445952 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-16 17:11 - 2019-04-19 06:37 - 000397312 ____N (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-16 17:11 - 2019-04-19 06:37 - 000381952 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-05-16 17:11 - 2019-04-19 06:37 - 000221184 ____N (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-16 17:11 - 2019-04-19 06:36 - 001300992 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2019-05-16 17:11 - 2019-04-19 06:36 - 000827392 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-16 17:11 - 2019-04-19 06:36 - 000546816 ____N (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-05-16 17:11 - 2019-04-19 06:36 - 000357888 ____N (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-05-16 17:11 - 2019-04-19 06:36 - 000186368 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-16 17:11 - 2019-04-19 06:35 - 001938944 ____N (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2019-05-16 17:11 - 2019-04-19 06:35 - 001156608 ____N (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-05-16 17:11 - 2019-04-19 06:35 - 000784896 ____N (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-16 17:11 - 2019-04-19 06:35 - 000535040 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2019-05-16 17:11 - 2019-04-19 06:35 - 000523776 ____N (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-16 17:11 - 2019-04-19 06:35 - 000312320 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-05-16 17:11 - 2019-04-19 06:34 - 000935936 ____N (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-05-16 17:11 - 2019-04-19 06:34 - 000885760 ____N (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-05-16 17:11 - 2019-04-19 06:34 - 000653312 ____N (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2019-05-16 17:11 - 2019-04-19 05:18 - 000806360 ____N C:\WINDOWS\SysWOW64\locale.nls
2019-05-16 17:11 - 2019-04-19 05:18 - 000806360 ____N C:\WINDOWS\system32\locale.nls
2019-05-16 17:11 - 2019-04-09 03:48 - 000376320 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-06-14 13:30 - 2019-01-12 14:25 - 000001260 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2019-06-13 15:04 - 2018-07-14 08:29 - 000002741 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2019-06-13 15:04 - 2018-07-14 08:29 - 000002668 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2019-06-13 15:04 - 2018-07-14 08:29 - 000002668 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2019-06-13 15:04 - 2018-07-14 08:29 - 000002660 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-06-13 15:04 - 2018-07-14 08:29 - 000002660 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2019-06-13 15:04 - 2018-07-14 08:29 - 000002654 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2019-06-13 15:04 - 2018-07-14 08:29 - 000002640 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2019-06-13 10:02 - 2018-07-13 18:57 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-06-13 10:02 - 2018-07-13 18:57 - 000002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2019-06-13 07:20 - 2019-01-13 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reallusion
2019-06-13 07:20 - 2019-01-13 15:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2019-06-13 07:20 - 2019-01-12 13:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-06-13 07:20 - 2018-07-14 08:29 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2019-06-13 07:20 - 2018-07-13 18:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-06-13 07:20 - 2018-07-13 18:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2019-06-12 22:57 - 2018-07-13 18:56 - 000000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-06-12 22:30 - 2019-01-12 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-06-12 22:07 - 2018-07-13 18:58 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-12 22:07 - 2018-07-13 18:58 - 000002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-06-12 21:50 - 2018-07-13 18:50 - 000000000 ___RD C:\Users\Surgery\OneDrive
2019-06-12 21:46 - 2019-01-19 19:21 - 000001417 _____ C:\Users\Surgery\Desktop\Microsoft Edge.lnk
2019-06-12 21:45 - 2019-01-19 19:18 - 000000000 ___RD C:\Users\Surgery\3D Objects
2019-06-12 21:45 - 2018-07-13 18:47 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-06-12 21:39 - 2019-01-28 21:24 - 000000000 ____D C:\Users\Surgery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WonderFox Soft
2019-06-12 16:42 - 2019-05-14 19:00 - 000000000 ____D C:\Users\Surgery\Documents\PPL
2019-06-12 16:42 - 2019-05-13 17:29 - 000111425 _____ C:\Users\Surgery\Desktop\TOERISME VOORBLAD TAAK.docx.gerosan
2019-06-12 16:42 - 2019-05-12 14:24 - 029701843 _____ C:\Users\Surgery\Desktop\Geografie-G10-studyguide.pdf.gerosan
2019-06-12 16:42 - 2019-05-12 14:01 - 036976146 _____ C:\Users\Surgery\Desktop\osoon.pdf.gerosan
2019-06-12 16:42 - 2019-05-08 16:17 - 000019402 ____T C:\Users\Surgery\Documents\Hulp met lit opstel (2) (002).docx.gerosan
2019-06-12 16:42 - 2019-05-01 16:32 - 000010932 _____ C:\Users\Surgery\Documents\Book1.xlsx.gerosan
2019-06-12 16:42 - 2019-04-03 23:01 - 000106867 _____ C:\Users\Surgery\Desktop\system scan log file.docx.gerosan
2019-06-12 16:42 - 2019-03-11 15:54 - 000013957 _____ C:\Users\Surgery\Documents\Geografie toet1.docx.gerosan
2019-06-12 16:42 - 2019-03-11 15:10 - 000017609 _____ C:\Users\Surgery\Documents\Geografie toets.docx.gerosan
2019-06-12 16:42 - 2019-03-06 15:07 - 000015971 _____ C:\Users\Surgery\Documents\Maart Engels toets.docx.gerosan
2019-06-12 16:42 - 2019-02-25 07:49 - 000270955 _____ C:\Users\Surgery\Desktop\kaartwerk maart gr 10.pdf.gerosan
2019-06-12 16:42 - 2019-02-25 07:28 - 000311852 _____ C:\Users\Surgery\Desktop\Geografie Gr10 Afbakening kwartaal1 2019.pdf.gerosan
2019-06-12 16:42 - 2019-02-11 21:52 - 000022581 _____ C:\Users\Surgery\Desktop\Toerisme opsommings Les 2.docx.gerosan
2019-06-12 16:42 - 2019-01-28 12:19 - 000013049 _____ C:\Users\Surgery\Documents\Gloria se maklike quiz.docx.gerosan
2019-06-12 16:42 - 2019-01-22 21:52 - 000000000 ____D C:\Users\Surgery\Documents\RTT
2019-06-12 16:42 - 2019-01-20 12:30 - 000354962 _____ C:\Users\Surgery\Desktop\Viva-Afr-Gr-7-Werkkaarte-CD.pdf.gerosan
2019-06-12 16:42 - 2019-01-20 12:25 - 002477323 _____ C:\Users\Surgery\Desktop\afrikaans-huistaal-graad-10-eksamenhersieningsboek.pdf.gerosan
2019-06-12 16:42 - 2019-01-19 12:03 - 000000000 ____D C:\Users\Surgery\Downloads\KP Typing Tutor.zip_files
2019-06-12 16:42 - 2019-01-19 11:49 - 000015631 _____ C:\Users\Surgery\Desktop\Toepassingprogrammatuur_Test.docx.gerosan
2019-06-12 16:42 - 2019-01-19 10:18 - 000000000 ___RD C:\Users\Surgery\Dropbox
2019-06-12 16:42 - 2019-01-16 17:58 - 000909145 _____ C:\Users\Surgery\Desktop\Google Classroom.pdf.gerosan
2019-06-12 16:42 - 2019-01-15 16:19 - 000881617 _____ C:\Users\Surgery\Desktop\woordsoorte1.pptx.gerosan
2019-06-12 16:42 - 2019-01-15 10:45 - 000016844 _____ C:\Users\Surgery\Documents\WOORDSOORTE1.docx.gerosan
2019-06-12 16:42 - 2019-01-14 09:23 - 000013549 _____ C:\Users\Surgery\Documents\HOEKOM HOU EK NIE VAN HOMESCHOOLING   BY DIE HUIS NIE.docx.gerosan
2019-06-12 16:42 - 2019-01-13 21:53 - 000074608 _____ C:\Users\Surgery\Documents\saa.docx.gerosan
2019-06-12 16:42 - 2019-01-13 18:32 - 000011577 _____ C:\Users\Surgery\Documents\Hello its is going to rain very hard In Randfontein South Africa.docx.gerosan
2019-06-12 16:42 - 2019-01-13 15:23 - 000000000 ____D C:\Brother
 
==================== SigCheck ===============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2019
Ran by Jana_Mostert (15-06-2019 18:24:17)
Running from C:\Users\Surgery\Desktop
Windows 10 Pro Version 1803 17134.829 (X64) (2019-06-12 19:42:19)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-107219719-2777607667-2193668656-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-107219719-2777607667-2193668656-503 - Limited - Disabled)
Guest (S-1-5-21-107219719-2777607667-2193668656-501 - Limited - Disabled)
Jana_Mostert (S-1-5-21-107219719-2777607667-2193668656-1001 - Administrator - Enabled) => C:\Users\Surgery
WDAGUtilityAccount (S-1-5-21-107219719-2777607667-2193668656-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Kaspersky Free (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Free (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20034 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.80 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.14.304 - SurfRight B.V.)
Kaspersky Free (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Free (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-107219719-2777607667-2193668656-1001\...\OneDriveSetup.exe) (Version: 19.070.0410.0007 - Microsoft Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Засоби перевірки правопису Microsoft Office 2016 – українська (HKLM-x32\...\{90160000-001F-0422-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2016 — русский (HKLM-x32\...\{90160000-001F-0419-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
 
Packages:
=========
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.14.17.0_x86__kgqvnymyfvs32 [2019-06-14] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1530.2.0_x86__kgqvnymyfvs32 [2019-06-14] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.520.0_x64__rz1tebttyb220 [2019-06-12] (Dolby Laboratories)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-06-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-06-12] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-06-12] (Microsoft Corporation) [MS Ad]
Photo Editor | Polarr -> C:\Program Files\WindowsApps\613EBCEA.PolarrPhotoEditorAcademicEdition_5.5.4.0_x64__jb41c8remg0x2 [2019-06-14] (Polarr)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype для бизнеса 2016.lnk -> C:\Windows\Installer\{90160000-0011-0000-0000-0000000FF1CE}\lyncicon.exe () <==== Cyrillic
 
==================== Loaded Modules (Whitelisted) ==============
 
2019-06-12 22:36 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-06-13 07:02 - 2019-06-13 06:58 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-107219719-2777607667-2193668656-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F1B3979C-61DC-43A2-94BB-43FFA8AEF237}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{22F4D57F-16D0-4717-A3AF-F2CF98469BF0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8DB960B9-FCBD-4264-8A9C-D02431220A15}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{103228BC-8EF1-46B7-9F5E-C6AB4A0978E6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E4E75A19-7FCC-4396-88D6-9A290BB64603}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
13-06-2019 09:02:08 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom USH w/swipe sensor
Description: Broadcom USH w/swipe sensor
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/15/2019 06:06:58 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (06/15/2019 04:09:44 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkQuarantineRetry
 
Error: (06/15/2019 04:05:13 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (06/15/2019 03:14:19 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (06/15/2019 03:13:10 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
 
Error: (06/15/2019 02:51:33 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Kaspersky Free - Update 'KIS 2019 MP0 family (Patch e)' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\MSIce703.LOG.
 
Error: (06/15/2019 02:16:50 PM) (Source: MsiInstaller) (EventID: 1013) (User: DESKTOP-J7HTNHM)
Description: Product: SuspendedBypass -- <<29017>>
 
Error: (06/15/2019 01:21:02 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
 
 
System errors:
=============
Error: (06/15/2019 06:18:07 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-J7HTNHM)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user DESKTOP-J7HTNHM\Jana_Mostert SID (S-1-5-21-107219719-2777607667-2193668656-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/15/2019 06:16:46 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-J7HTNHM)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user DESKTOP-J7HTNHM\Jana_Mostert SID (S-1-5-21-107219719-2777607667-2193668656-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/15/2019 06:09:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 7 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (06/15/2019 06:08:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 6 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (06/15/2019 06:08:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 5 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (06/15/2019 06:07:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 4 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (06/15/2019 06:05:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 3 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (06/15/2019 06:03:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2019-06-14 11:33:26.398
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {CC2A931B-EE67-42C5-917E-FEEE14936F55}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-06-13 09:19:22.183
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:MSIL/AutoKMS
ID: 2147711767
Severity: High
Category: Tool
Path: containerfile:_E:\Office Collection {2003,2007,2010,2013,2016} - [CrackzSoft]\Office\KMSpico Active.exe; file:_E:\Office Collection {2003,2007,2010,2013,2016} - [CrackzSoft]\Office\KMSpico Active.exe->(VFS:AutoPico.$$A)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.295.571.0, AS: 1.295.571.0, NIS: 1.295.571.0
Engine Version: AM: 1.1.16000.6, NIS: 1.1.16000.6
 
Date: 2019-06-13 09:18:57.601
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:MSIL/AutoKMS
ID: 2147711767
Severity: High
Category: Tool
Path: containerfile:_E:\Office Collection {2003,2007,2010,2013,2016} - [CrackzSoft]\Office\KMSpico Active.exe; file:_E:\Office Collection {2003,2007,2010,2013,2016} - [CrackzSoft]\Office\KMSpico Active.exe->(VFS:AutoPico.$$A)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.295.571.0, AS: 1.295.571.0, NIS: 1.295.571.0
Engine Version: AM: 1.1.16000.6, NIS: 1.1.16000.6
 
Date: 2019-06-13 09:18:50.659
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:MSIL/AutoKMS
ID: 2147711767
Severity: High
Category: Tool
Path: file:_E:\Office Collection {2003,2007,2010,2013,2016} - [CrackzSoft]\Office\KMSpico Active.exe->(VFS:AutoPico.$$A)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.295.571.0, AS: 1.295.571.0, NIS: 1.295.571.0
Engine Version: AM: 1.1.16000.6, NIS: 1.1.16000.6
 
Date: 2019-06-13 07:26:07.090
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: TrojanDownloader:Win32/Socelar
ID: 2147734469
Severity: Severe
Category: Trojan Downloader
Path: file:_C:\Windows.old\Users\Surgery\AppData\Local\Temp\853078\ic-0.89f1aa3117e1e.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\TotalAV\SecurityService.exe
Signature Version: AV: 1.295.571.0, AS: 1.295.571.0, NIS: 1.295.571.0
Engine Version: AM: 1.1.16000.6, NIS: 1.1.16000.6
 
Date: 2019-06-14 14:02:32.322
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.295.686.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16000.6
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2019-06-14 11:15:52.712
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.295.686.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16000.6
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2019-06-14 07:10:47.812
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.295.619.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16000.6
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2019-06-13 16:08:37.277
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.295.619.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16000.6
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2019-06-13 13:56:59.615
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.295.619.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16000.6
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. A11 12/17/2008
Motherboard: Dell Inc. 0RX493
Processor: Intel® Core™2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 68%
Total physical RAM: 4047.9 MB
Available physical RAM: 1256.66 MB
Total Virtual: 5455.9 MB
Available Virtual: 2227.36 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:297.15 GB) (Free:249.38 GB) NTFS
 
\\?\Volume{ff9d08ff-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{ff9d08ff-0000-0000-0000-a0684a000000}\ () (Fixed) (Total:0.45 GB) (Free:0.08 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: FF9D08FF)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=464 MB) - (Type=27)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,655 posts
  • MVP

You have Kaspersky installed and it disables Windows Defender.  Most anti-viruses will do that.

 

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 

Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 6.70 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply. 

 


  • 0

#3
mosteror12

mosteror12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hi Guys I'm sorry if I seem a bit unsure about everything here. This is the first time that I actually post on any forum, so please bear with me.

 

I have replied to RKinners's reply via e-mail (but will also repost here in case it is an unattended? mailbox). 

 

SO here goes...


  • 0

#4
mosteror12

mosteror12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
On Mon, Jun 17, 2019 at 11:38 AM Ockert Mostert <[email protected]> wrote:
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 58.19 52 K 8 K 0
procexp64.exe 17.00 38 904 K 72 968 K 10776 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
avp.exe 10.41 219 216 K 111 804 K 4028 Kaspersky Anti-Virus AO Kaspersky Lab (Verified) Kaspersky Lab
dwm.exe 6.08 70 420 K 60 692 K 12736 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 9.93 0 K 0 K n/a Hardware Interrupts and DPCs
svchost.exe 2.30 8 332 K 16 724 K 1188 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe 1.91 2 456 K 5 072 K 9564 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
System 1.45 204 K 8 048 K 4
avpui.exe 1.39 73 796 K 12 892 K 12272 Kaspersky Anti-Virus AO Kaspersky Lab (Verified) Kaspersky Lab
MBAMService.exe 1.07 226 796 K 228 492 K 3032 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Corporation
explorer.exe 0.28 42 984 K 112 860 K 8416 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.16 5 744 K 15 932 K 2352 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.11 4 556 K 10 052 K 1904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.08 5 068 K 12 952 K 2676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.07 2 308 K 7 160 K 1696 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.03 3 328 K 9 124 K 2088 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.03 8 020 K 12 952 K 644 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.03 15 448 K 16 444 K 1416 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 8 532 K 17 516 K 2696 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
mbamtray.exe 0.02 23 920 K 35 180 K 7160 Malwarebytes Tray Application Malwarebytes (Verified) Malwarebytes Corporation
ksde.exe 0.02 23 848 K 7 888 K 6076 Kaspersky Secure Connection AO Kaspersky Lab (Verified) Kaspersky Lab
chrome.exe 0.02 30 408 K 51 348 K 8444 Google Chrome Google LLC (Verified) Google LLC
svchost.exe 0.02 3 444 K 11 480 K 2344 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.02 46 520 K 97 932 K 10988 Google Chrome Google LLC (Verified) Google LLC
RuntimeBroker.exe 0.02 7 412 K 26 856 K 9992 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 2 344 K 8 080 K 3960 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
RuntimeBroker.exe 0.01 6 996 K 20 776 K 9940 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 9 792 K 24 000 K 384 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.01 77 172 K 63 968 K 8896 Google Chrome Google LLC (Verified) Google LLC
svchost.exe 0.01 4 608 K 19 604 K 2796 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.01 47 440 K 75 556 K 11344 Google Chrome Google LLC (Verified) Google LLC
svchost.exe 0.01 4 196 K 7 892 K 1548 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 59 136 K 61 552 K 1920 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
stacsv64.exe < 0.01 2 164 K 6 376 K 1156 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
WUDFHost.exe 1 648 K 6 884 K 5256 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2 620 K 8 556 K 2204 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2 344 K 7 896 K 6124 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3 952 K 9 044 K 6840 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3 788 K 8 968 K 8304 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2 348 K 8 484 K 8008 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1 428 K 6 044 K 740 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
Windows.WARP.JITService.exe 1 148 K 4 852 K 8980 (Verified) Microsoft Windows
taskhostw.exe 4 928 K 12 992 K 1940 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SystemSettings.exe Suspended 17 236 K 51 816 K 12300 Settings Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3 660 K 11 532 K 2716 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 19 448 K 29 212 K 3004 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2 088 K 7 104 K 2576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5 480 K 14 848 K 2980 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1 932 K 7 404 K 2884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 20 984 K 32 188 K 2364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9 016 K 21 540 K 2996 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2 796 K 7 648 K 2328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4 160 K 19 312 K 4692 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2 032 K 10 968 K 1288 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2 128 K 5 692 K 1912 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2 592 K 9 344 K 6572 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5 396 K 13 124 K 2268 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2 380 K 8 004 K 3024 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2 916 K 7 660 K 1028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3 328 K 15 400 K 2140 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3 188 K 11 752 K 5016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2 520 K 8 988 K 1612 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6 412 K 14 596 K 1336 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1 744 K 6 072 K 2336 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3 972 K 16 960 K 5912 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1 432 K 6 164 K 2372 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4 204 K 15 640 K 4916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2 064 K 10 832 K 3040 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1 544 K 5 860 K 9244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 992 K 3 628 K 916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2 052 K 8 980 K 1276 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1 900 K 6 956 K 1408 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2 692 K 10 172 K 1468 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1 592 K 5 672 K 1504 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1 356 K 3 408 K 1928 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2 168 K 6 960 K 2032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1 808 K 4 916 K 1244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1 956 K 4 968 K 1268 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2 644 K 12 856 K 2728 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1 600 K 5 884 K 3060 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1 312 K 5 304 K 2512 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1 352 K 5 116 K 3296 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3 284 K 10 916 K 3372 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1 772 K 7 288 K 4644 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2 080 K 7 048 K 5924 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2 576 K 10 132 K 9040 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3 584 K 8 080 K 7880 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5 068 K 19 460 K 7240 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5 880 K 25 600 K 7532 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2 736 K 10 396 K 9156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1 644 K 6 364 K 13268 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1 612 K 6 432 K 3448 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1 940 K 8 432 K 1772 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6 132 K 9 772 K 4024 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2 104 K 7 564 K 6372 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 5 136 K 11 416 K 2788 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 508 K 1 048 K 488 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
sihost.exe 5 592 K 23 080 K 7224 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 29 120 K 62 504 K 9896 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SgrmBroker.exe 2 392 K 4 612 K 6420 System Guard Runtime Monitor Broker Service Microsoft Corporation (Verified) Microsoft Windows Publisher
services.exe 4 912 K 9 504 K 796 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
sedsvc.exe 4 116 K 13 020 K 6388 sedsvc Microsoft Corporation (Verified) Microsoft Windows
SecurityHealthService.exe 4 004 K 13 584 K 1972 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchUI.exe Suspended 52 676 K 115 804 K 10084 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 20 768 K 26 256 K 11816 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 7 276 K 26 004 K 4572 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 4 472 K 21 656 K 9792 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 1 808 K 6 564 K 12940 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
rpcnet.exe 4 812 K 9 396 K 5952 rpcnet Absolute Software Corp. (Verified) Absolute Software Corp.
Registry 2 180 K 59 784 K 88
procexp.exe 3 688 K 11 208 K 10888 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
MSASCuiL.exe 1 896 K 8 352 K 10956 Windows Defender notification icon Microsoft Corporation (Verified) Microsoft Windows
MicrosoftEdgeCP.exe Suspended 6 052 K 21 268 K 8208 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
MicrosoftEdgeCP.exe Suspended 5 224 K 18 972 K 12728 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
MicrosoftEdge.exe Suspended 21 448 K 47 556 K 12576 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
Memory Compression 388 K 112 808 K 2016
lsass.exe 6 296 K 17 036 K 804
LockApp.exe Suspended 12 192 K 37 544 K 13196 LockApp.exe Microsoft Corporation (Verified) Microsoft Windows
ksdeui.exe 6 796 K 3 860 K 8384 Kaspersky Secure Connection AO Kaspersky Lab (Verified) Kaspersky Lab
hmpsched.exe 1 384 K 5 128 K 2280 HitmanPro Scheduler SurfRight B.V. (Verified) SurfRight B.V.
fontdrvhost.exe 7 208 K 9 676 K 12628 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 1 564 K 3 136 K 908 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 1 428 K 6 092 K 9448 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
ctfmon.exe 3 804 K 13 284 K 5728 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1 872 K 5 404 K 640 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 10 940 K 26 380 K 10896 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 23 928 K 34 660 K 10816 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 24 432 K 33 116 K 6916 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 13 016 K 23 120 K 7964 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 2 044 K 7 004 K 11192 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 1 980 K 7 552 K 11140 Google Chrome Google LLC (Verified) Google LLC
browser_broker.exe 1 892 K 8 316 K 8728 Browser_Broker Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 3 112 K 13 400 K 2972 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems, Incorporated
ApplicationFrameHost.exe 12 712 K 29 008 K 1000 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows

 

  • 0

#5
mosteror12

mosteror12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

TASKLIST /SVC  > \junk.txt
notepad \junk.txt  


  • 0

#6
mosteror12

mosteror12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be having trouble handling real-time audio and other tasks. You are likely to experience buffer underruns appearing as drop outs, clicks or pops. One or more DPC routines that belong to a driver running in your system appear to be executing for too long. One problem may be related to power management, disable CPU throttling settings in Control Panel and BIOS setup. Check for BIOS updates. 
LatencyMon has been analyzing your system for  0:00:23  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        DESKTOP-J7HTNHM
OS version:                                           Windows 10 , 10.0, version 1803, build: 17134 (x64)
Hardware:                                             Latitude E6400                  , Dell Inc., 0RX493
CPU:                                                  GenuineIntel Intel® Core™2 Duo CPU P8400 @ 2.26GHz
Logical processors:                                   2
Processor groups:                                     1
RAM:                                                  4047 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   2261 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   541.665440
Average measured interrupt to process latency (µs):   6.674835
 
Highest measured interrupt to DPC latency (µs):       312.046395
Average measured interrupt to DPC latency (µs):       2.375472
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              20.518797
Driver with highest ISR routine execution time:       USBPORT.SYS - USB 1.1 & 2.0 Port Driver, Microsoft Corporation
 
Highest reported total ISR routine time (%):          0.013540
Driver with highest ISR total time:                   USBPORT.SYS - USB 1.1 & 2.0 Port Driver, Microsoft Corporation
 
Total time spent in ISRs (%)                          0.013540
 
ISR count (execution time <250 µs):                   966
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-999 µs):                0
ISR count (execution time 1000-1999 µs):              0
ISR count (execution time 2000-3999 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              101427.454666
Driver with highest DPC routine execution time:       storport.sys - Microsoft Storage Port Driver, Microsoft Corporation
 
Highest reported total DPC routine time (%):          1.242591
Driver with highest DPC total execution time:         storport.sys - Microsoft Storage Port Driver, Microsoft Corporation
 
Total time spent in DPCs (%)                          2.152692
 
DPC count (execution time <250 µs):                   62408
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-999 µs):                39
DPC count (execution time 1000-1999 µs):              1
DPC count (execution time 2000-3999 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 avp.exe
 
Total number of hard pagefaults                       129
Hard pagefault count of hardest hit process:          60
Number of processes hit:                              10
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       1.677777
CPU 0 ISR highest execution time (µs):                20.518797
CPU 0 ISR total execution time (s):                   0.006237
CPU 0 ISR count:                                      966
CPU 0 DPC highest execution time (µs):                101427.454666
CPU 0 DPC total execution time (s):                   0.977337
CPU 0 DPC count:                                      61478
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.247376
CPU 1 ISR highest execution time (µs):                0.0
CPU 1 ISR total execution time (s):                   0.0
CPU 1 ISR count:                                      0
CPU 1 DPC highest execution time (µs):                225.939850
CPU 1 DPC total execution time (s):                   0.014236
CPU 1 DPC count:                                      977
_________________________________________________________________________________________________________

  • 0

#7
mosteror12

mosteror12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

OK. I hope this is everything as per instructions

 

Thanx again


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,655 posts
  • MVP

Do not reply to the email you get telling you that you have a Reply in the forum.  It is unmonitored.  Replying to the forum as you did here is the correct procedure.

 

Something went wrong here on my end.  Sorry:

 

Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.

I do not see the Speccy log I asked for.   Posting an attachment takes several steps

 

 

 

This should have said:

 

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type:

 

 DISM  /Online  /Cleanup-Image  /RestoreHealth

 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):

 

sfc  /scannow



This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt

Hit Enter.  Then type::
 

notepad %UserProfile%\desktop\junk.txt

Hit Enter.

 Copy the text from notepad and paste it into a reply.

 

Please try again with the above instructions.  Then rerun Process Explorer to see if things have improved.

 

 

Also I do not see the Speccy log.  Posting an attachment is a bit tricky.  Follow the instructions exactly.

 

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 

From what I can see so far you do not have an  obvious infection but your system is running at a snail's pace. 

 

This line in Process Explorer:

 

Interrupts 9.93 0 K 0 K n/a Hardware Interrupts and DPCs

 

 

usually indicates a bad driver.  The number after Interrupts should be less than 1.5

 

In Latency Monitor we see:

 

Highest DPC routine execution time (µs):              101427.454666
Driver with highest DPC routine execution time:       storport.sys - Microsoft Storage Port Driver, Microsoft Corporation
 

 

Storport.sys is a Microsoft driver that talks to the hard drives.  If it is corrupt then running DISM and SFC should fix it.  However if the hard drive is slow responding for some reason then storport.sys may be innocent.  The Speccy log will give me an indication of the general health of the drive.


  • 0

#9
mosteror12

mosteror12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
Registry                        88 N/A                                         
smss.exe                       464 N/A                                         
csrss.exe                      620 N/A                                         
wininit.exe                    696 N/A                                         
csrss.exe                      728 N/A                                         
services.exe                   776 N/A                                         
lsass.exe                      784 KeyIso, SamSs, VaultSvc                     
fontdrvhost.exe                864 N/A                                         
svchost.exe                    880 PlugPlay                                    
svchost.exe                    936 BrokerInfrastructure, DcomLaunch, Power,    
                                   SystemEventsBroker                          
winlogon.exe                   988 N/A                                         
WUDFHost.exe                    64 N/A                                         
fontdrvhost.exe                508 N/A                                         
svchost.exe                    844 RpcEptMapper, RpcSs                         
svchost.exe                    952 LSM                                         
dwm.exe                       1096 N/A                                         
svchost.exe                   1152 DsmSvc                                      
svchost.exe                   1224 TimeBrokerSvc                               
svchost.exe                   1232 NcbService                                  
svchost.exe                   1292 Schedule                                    
svchost.exe                   1324 EventLog                                    
svchost.exe                   1340 CertPropSvc                                 
svchost.exe                   1380 hidserv                                     
svchost.exe                   1420 ProfSvc                                     
svchost.exe                   1436 nsi                                         
svchost.exe                   1488 SCardSvr                                    
svchost.exe                   1508 Dhcp                                        
svchost.exe                   1560 UserManager                                 
svchost.exe                   1676 NlaSvc                                      
svchost.exe                   1820 netprofm                                    
svchost.exe                   1888 SysMain                                     
svchost.exe                   1896 Themes                                      
svchost.exe                   1904 EventSystem                                 
Memory Compression            1980 N/A                                         
svchost.exe                   2000 SENS                                        
svchost.exe                   2024 AudioEndpointBuilder                        
svchost.exe                   2040 FontCache                                   
svchost.exe                   2020 Audiosrv                                    
hmpsched.exe                  2116 HitmanProScheduler                          
svchost.exe                   2140 Dnscache                                    
svchost.exe                   2148 DusmSvc                                     
svchost.exe                   2156 Wcmsvc                                      
svchost.exe                   2268 BFE, CoreMessagingRegistrar, mpssvc         
svchost.exe                   2276 DoSvc                                       
svchost.exe                   2332 UsoSvc, wuauserv                            
svchost.exe                   2380 WinHttpAutoProxySvc                         
svchost.exe                   2456 WlanSvc                                     
svchost.exe                   2496 Winmgmt                                     
svchost.exe                   2508 ShellHWDetection                            
svchost.exe                   2552 iphlpsvc                                    
spoolsv.exe                   2600 Spooler                                     
svchost.exe                   2840 LanmanWorkstation                           
armsvc.exe                    2924 AdobeARMservice                             
svchost.exe                   2932 DiagTrack                                   
svchost.exe                   2944 CryptSvc                                    
svchost.exe                   2952 DPS                                         
MBAMService.exe               2992 MBAMService                                 
svchost.exe                   3000 LanmanServer                                
svchost.exe                   3016 TapiSrv                                     
SecurityHealthService.exe     3044 SecurityHealthService                       
svchost.exe                   2072 TrkWks                                      
svchost.exe                   1884 WpnService                                  
svchost.exe                   1808 SstpSvc                                     
svchost.exe                   2964 WdiServiceHost                              
svchost.exe                   3556 RasMan                                      
svchost.exe                   3632 WdiSystemHost                               
avp.exe                       3664 AVP19.0.0                                   
WmiPrvSE.exe                  2824 N/A                                         
svchost.exe                   4112 StateRepository                             
sihost.exe                    1688 N/A                                         
avpui.exe                     2316 N/A                                         
svchost.exe                   2528 CDPUserSvc_5456a                            
svchost.exe                   3068 WpnUserService_5456a                        
taskhostw.exe                 2892 N/A                                         
svchost.exe                   2468 TabletInputService                          
ctfmon.exe                    5184 N/A                                         
mbamtray.exe                  5244 N/A                                         
svchost.exe                   5424 CDPSvc                                      
svchost.exe                   5656 TokenBroker                                 
svchost.exe                   5756 SSDPSRV                                     
explorer.exe                  6064 N/A                                         
svchost.exe                   3228 LicenseManager                              
svchost.exe                   6148 ClipSVC                                     
SearchIndexer.exe             6224 WSearch                                     
svchost.exe                   6512 PcaSvc                                      
dllhost.exe                   6744 N/A                                         
ShellExperienceHost.exe       6964 N/A                                         
SearchUI.exe                  7072 N/A                                         
RuntimeBroker.exe             7104 N/A                                         
RuntimeBroker.exe             6908 N/A                                         
RuntimeBroker.exe             5164 N/A                                         
MSASCuiL.exe                  7952 N/A                                         
svchost.exe                   5668 wscsvc                                      
DDVRulesProcessor.exe         4548 DDVRulesProcessor                           
DSAPI.exe                     2548 Dell Hardware Support                       
ksde.exe                      6796 KSDE3.0.0                                   
svchost.exe                   5872 OneSyncSvc_5456a,                           
                                   PimIndexMaintenanceSvc_5456a,               
                                   UnistoreSvc_5456a, UserDataSvc_5456a        
pcdrwi.exe                    8040 N/A                                         
conhost.exe                   5504 N/A                                         
ksdeui.exe                    6120 N/A                                         
sedsvc.exe                    8688 sedsvc                                      
SgrmBroker.exe                8616 SgrmBroker                                  
svchost.exe                   8468 camsvc                                      
SupportAssistAgent.exe        8716 SupportAssistAgent                          
DDVDataCollector.exe          8848 DDVDataCollector                            
DDVCollectorSvcApi.exe        6680 DDVCollectorSvcApi                          
WmiPrvSE.exe                  8000 N/A                                         
SystemSettingsBroker.exe      8960 N/A                                         
svchost.exe                   5260 lfsvc                                       
svchost.exe                   8900 RmSvc                                       
svchost.exe                   9092 gpsvc                                       
svchost.exe                   8712 StorSvc                                     
Microsoft.Photos.exe          9120 N/A                                         
RuntimeBroker.exe             8016 N/A                                         
svchost.exe                   3848 SEMgrSvc                                    
WmiPrvSE.exe                  3368 N/A                                         
WmiPrvSE.exe                  6396 N/A                                         
svchost.exe                    216 PhoneSvc                                    
svchost.exe                   8832 swprv                                       
ApplicationFrameHost.exe      8824 N/A                                         
SystemSettings.exe            7196 N/A                                         
audiodg.exe                   8972 N/A                                         
svchost.exe                   5388 lmhosts                                     
sppsvc.exe                    9788 sppsvc                                      
avp.exe                       9976 N/A                                         
smartscreen.exe               2240 N/A                                         
SppExtComObj.Exe              8336 N/A                                         
chrome.exe                    7828 N/A                                         
chrome.exe                    8344 N/A                                         
chrome.exe                   10204 N/A                                         
chrome.exe                   10268 N/A                                         
chrome.exe                   10296 N/A                                         
chrome.exe                   10856 N/A                                         
chrome.exe                   10864 N/A                                         
chrome.exe                   10988 N/A                                         
chrome.exe                   11168 N/A                                         
VSSVC.exe                     9656 VSS                                         
chrome.exe                   10932 N/A                                         
chrome.exe                   10936 N/A                                         
chrome.exe                    8776 N/A                                         
SearchProtocolHost.exe       10892 N/A                                         
SrTasks.exe                   9640 N/A                                         
SearchFilterHost.exe         10832 N/A                                         
conhost.exe                   4124 N/A                                         
svchost.exe                  10608 DeviceInstall                               
backgroundTaskHost.exe       10652 N/A                                         
svchost.exe                    536 wisvc                                       
AESTSr64.exe                  4460 AESTFilters                                 
stacsv64.exe                 11032 STacSV                                      
dllhost.exe                   5928 N/A                                         
backgroundTaskHost.exe        8588 N/A                                         
RuntimeBroker.exe             7084 N/A                                         
svchost.exe                   9116 Appinfo                                     
cmd.exe                      10672 N/A                                         
conhost.exe                   7468 N/A                                         
svchost.exe                   6360 AppXSvc                                     
slui.exe                     10696 N/A                                         
tasklist.exe                 10012 N/A                                         
WmiPrvSE.exe                  9212 N/A                                         

  • 0

#10
mosteror12

mosteror12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Ok the DISM has been started 8 mins ago and is now only sitting at  20.4 %. This machine was a freebee from a large corporation as end of life stock(as far as my knowledge goes) but now I receive a message that this copy of Windows will expire soon... When I re-enter the Product Key I get a Message stating it can't reach the Organisations Activation server.


  • 0

#11
mosteror12

mosteror12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I have posted the result of the Windows Resource Protection, but could not retrieve the log file. (See error log pasted below)

 

Beginning verification phase of system scan.
Verification 100% complete.
 
Windows Resource Protection found corrupt files and successfully repaired them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.
 
The system file repair changes will take effect after the next reboot.
 
C:\WINDOWS\system32>findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt
 
C:\WINDOWS\system32>\notepad %UserProfile%\desktop\junk.txt
'\notepad' is not recognized as an internal or external command,
operable program or batch file.
 
C:\WINDOWS\system32>::notepad %UserProfile%\desktop\junk.txt
C:\WINDOWS\system32>:
C:\WINDOWS\system32>

  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP