View Full Version : Adware.Tracking Cookie, Trojan.Gen-Turkojan, Trojan.Gen-Foreign. What I need to do?
tienchien1
2018-05-28, 15:36
When I scan with Anti Spyware, it detects these infections. I ordered to delete and reboot the system. Is there anything I need to do? I fear it will get infected again as it always is.
It also says that I have an infection with something related to firefox and nvidia, but I do not install firefox on my C drive, only the gtx 1080ti driver on my system, always auto install set when i start a new windows completely!!!
This is logs file. Thanks soo much.
tienchien1
2018-05-28, 16:05
This is OTL log files. From the log file of the OTL, it seems I am confronted with a ZeroAccess!!!???
Hello tienchien1,
So that everyone is on the same track please see the FAQ which includes guidelines for this forum and instructions in post #2 on how to provide the preliminary Farbar Recovery Scan Tool and aswMBR logs used for analysis.
http://forums.spybot.info/showthread.php?t=288
A volunteer analyst may respond beforehand. :)
Have you posted this issue at any other site?
Best regards.
tienchien1
2018-05-29, 12:41
Hello tienchien1,
So that everyone is on the same track please see the FAQ which includes guidelines for this forum and instructions in post #2 on how to provide the preliminary Farbar Recovery Scan Tool and aswMBR logs used for analysis.
http://forums.spybot.info/showthread.php?t=288
A volunteer analyst may respond beforehand. :)
Have you posted this issue at any other site?
Best regards.
Only in this forum. When I run aswMBR, in the first window, if I select "yes", the blue screen appears with an error related to aswvmm.sys.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by su (29-05-2018 17:39:41)
Running from C:\Users\su\Desktop\ap
Windows 10 Pro Version 1803 17134.81 (X64) (2018-05-26 09:22:21)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3166309138-43010382-2060014392-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3166309138-43010382-2060014392-503 - Limited - Disabled)
Guest (S-1-5-21-3166309138-43010382-2060014392-501 - Limited - Disabled)
su (S-1-5-21-3166309138-43010382-2060014392-1001 - Administrator - Enabled) => C:\Users\su
WDAGUtilityAccount (S-1-5-21-3166309138-43010382-2060014392-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1Password 6 (HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\{507707B9-C68C-4986-A4AD-F25B24C152FA}_is1) (Version: 6.8.534 - AgileBits Inc.)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.54.32003 - Electronic Arts)
BWMeter (HKLM-x32\...\BWMeter) (Version: 7.4.0 - DeskSoft)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 397.93 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
LastPass (chỉ gỡ bỏ) (HKLM-x32\...\LastPass) (Version: - LastPass)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
NiceHash Miner 2 0.2.3 (only current user) (HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\08059810-bc78-5c10-942c-2092eebb5ec8) (Version: 0.2.3 - NiceHash d.o.o)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA Graphics Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 397.93 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.19.61985 - Electronic Arts, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\su\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\su\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\su\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-05-12] (Tonec Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-05-23] (NVIDIA Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {074CD0D1-85FA-439D-8E5A-C0C81F0DC031} - System32\Tasks\SUPERAntiSpyware Scheduled Task 2cf00a8c-2837-487b-807f-aa69fc5d012f => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: {0909468B-6D79-4FA4-8312-D01D077ADEAE} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-23] (NVIDIA Corporation)
Task: {361A2663-8BA2-4071-B0FD-424DD0CBFF3D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-26] (Microsoft Corporation)
Task: {3D31182C-FD42-44FC-8E51-08ED92D5E877} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-26] (Microsoft Corporation)
Task: {45E2AB1D-5664-431C-A3EC-444C57E16C48} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-23] (NVIDIA Corporation)
Task: {46E21CC1-D28E-40D4-9237-F37B82BAD8E6} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-05-23] (NVIDIA Corporation)
Task: {5AD898CE-6787-4449-B45B-2E6E7FF26953} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-27] (Google Inc.)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {751244C8-F459-47AE-A6C4-7BE7C0F8E9BD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-26] (Microsoft Corporation)
Task: {8406E52B-85B1-4C0D-8BC2-5721C1E7BC16} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-26] (Microsoft Corporation)
Task: {936B5146-4343-4333-AED4-AF8B9905A4F8} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-23] (NVIDIA Corporation)
Task: {AB47D005-3CBC-41F7-AB34-8B8B65843D7C} - System32\Tasks\SUPERAntiSpyware Scheduled Task b2dd9028-24c0-418f-8675-2689c82b31b5 => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: {AEA9B189-DC03-4B46-BA00-E86D417D9247} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-23] (NVIDIA Corporation)
Task: {B4DE0CB0-D3FC-4D98-992F-6DD529B99B37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-27] (Google Inc.)
Task: {C1E362E5-5D58-4C7C-95CC-943402E0352C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-23] (NVIDIA Corporation)
Task: {D7EFF0CD-2A80-4581-81A5-F86607560B19} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-23] (NVIDIA Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2cf00a8c-2837-487b-807f-aa69fc5d012f.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\9f75c804-936d-4f9b-b404-852d4a23c58d.com
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b2dd9028-24c0-418f-8675-2689c82b31b5.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-05-28 18:59 - 2018-05-28 18:59 - 000125440 _____ () C:\Program Files (x86)\BWMeter\BWMeterConSvc.exe
2018-04-12 06:34 - 2018-04-12 06:34 - 000491744 _____ () C:\Windows\SYSTEM32\inputhost.dll
2018-04-12 06:34 - 2018-04-12 06:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 06:34 - 2018-04-12 06:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 06:34 - 2018-04-12 06:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-12 06:35 - 2018-04-12 16:20 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-26 16:45 - 2018-05-26 16:46 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-26 16:45 - 2018-05-26 16:46 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-26 16:45 - 2018-05-26 16:46 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-26 16:45 - 2018-05-26 16:46 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2018-05-27 07:33 - 2018-05-15 10:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll
2018-05-27 07:33 - 2018-05-15 10:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll
2018-05-27 07:36 - 2018-05-27 07:36 - 000021824 _____ () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
2018-05-27 07:36 - 2018-05-27 07:36 - 000015360 _____ () C:\Program Files (x86)\Origin\libEGL.DLL
2018-05-27 07:36 - 2018-05-27 07:36 - 003090944 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
==================== Alternate Data Streams (Whitelisted) =========
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-04-12 06:38 - 2018-05-27 09:59 - 000019738 _____ C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 ars.smartscreen.microsoft.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 blob.weather.microsoft.com
0.0.0.0 candycrushsoda.king.com
0.0.0.0 cdn.content.prod.cms.msn.com
0.0.0.0 cdn.onenote.net
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 client.wns.windows.com
0.0.0.0 client-s.gateway.messenger.live.com
0.0.0.0 clientconfig.passport.net
0.0.0.0 deploy.static.akamaitechnologies.com
0.0.0.0 device.auth.xboxlive.com
0.0.0.0 dmd.metaservices.microsoft.com
0.0.0.0 dns.msftncsi.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 feedback.windows.com
0.0.0.0 img-s-msn-com.akamaized.net
0.0.0.0 insiderppe.cloudapp.net
0.0.0.0 licensing.mp.microsoft.com
0.0.0.0 mediaredirect.microsoft.com
0.0.0.0 msftncsi.com
0.0.0.0 officeclient.microsoft.com
0.0.0.0 oneclient.sfx.ms
0.0.0.0 pti.store.microsoft.com
0.0.0.0 query.prod.cms.rt.microsoft.com
0.0.0.0 register.cdpcs.microsoft.com
0.0.0.0 s0.2mdn.net
There are 457 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3166309138-43010382-2060014392-1001\Control Panel\Desktop\\Wallpaper -> D:\PM\Wall nvidia\nvidia-gtx-4k-5l-2560x1440.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{FDB8D584-DD53-41D9-A845-DBC9D1AED2B9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3030A960-5C5C-433F-BA3F-9DEAD4127B06}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{6FAC97B4-08BB-4CBC-A7FC-E83DDE5455F7}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{2D90EBA7-6D44-44B7-9369-AF1B30977BD5}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{58055FDC-2834-4271-A573-0652351054EA}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe
FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
FirewallRules: [{7B0A0916-E6E7-4727-94CB-52A349164DA9}] => (Block) C:\Windows\explorer.exe
FirewallRules: [TCP Query User{3A60E526-4745-445C-BA06-1E3C6B4D0C9D}C:\users\su\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\su\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{4D48AF23-55D3-446E-AC37-14E3C0B2BDC6}C:\users\su\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\su\appdata\local\akamai\netsession_win.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/29/2018 05:39:13 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <8, 0x8007000f, Failed to find Gather Application: Windows>.
Error: (05/29/2018 05:38:56 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: Recovery phase failed.
Context: Windows Application, SystemIndex Catalog
Details:
The gatherer is shutting down. (HRESULT : 0x80040d23) (0x80040d23)
Error: (05/29/2018 05:38:56 PM) (Source: Windows Search Service) (EventID: 3602) (User: )
Description: Error ID 1 happened in Windows Search recovery stage, please restart the service. If this error persists, please recreate the index.
Context: Windows Application, SystemIndex Catalog
Details:
The gatherer is shutting down. (HRESULT : 0x80040d23) (0x80040d23)
Error: (05/29/2018 05:38:55 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <8, 0x8007000f, Failed to find Gather Application: Windows>.
Error: (05/29/2018 05:38:24 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <8, 0x8007000f, Failed to find Gather Application: Windows>.
Error: (05/29/2018 05:37:32 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: Recovery phase failed.
Context: Windows Application, SystemIndex Catalog
Details:
The gatherer is shutting down. (HRESULT : 0x80040d23) (0x80040d23)
Error: (05/29/2018 05:37:32 PM) (Source: Windows Search Service) (EventID: 3602) (User: )
Description: Error ID 1 happened in Windows Search recovery stage, please restart the service. If this error persists, please recreate the index.
Context: Windows Application, SystemIndex Catalog
Details:
The gatherer is shutting down. (HRESULT : 0x80040d23) (0x80040d23)
Error: (05/29/2018 05:37:32 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <8, 0x8007000f, Failed to find Gather Application: Windows>.
System errors:
=============
Error: (05/29/2018 05:39:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 7 time(s).
Error: (05/29/2018 05:39:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
The system cannot find the drive specified.
Error: (05/29/2018 05:38:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 6 time(s).
Error: (05/29/2018 05:38:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
The system cannot find the drive specified.
Error: (05/29/2018 05:38:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (05/29/2018 05:38:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
The system cannot find the drive specified.
Error: (05/29/2018 05:38:02 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.
Error: (05/29/2018 05:38:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2018-05-29 03:57:21.811
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3FEF6413-E874-4D63-96F9-42D1F465834D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-05-29 02:24:08.874
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C8605222-A384-41AF-AF64-AD9FFFF4DC51}
Scan Type: Antimalware
Scan Parameters: Full Scan
Date: 2018-05-29 02:23:47.497
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A3BB711C-1207-413D-83D3-B6FBB91A2AA3}
Scan Type: Antimalware
Scan Parameters: Full Scan
Date: 2018-05-28 23:33:57.281
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0A657FCE-D3FF-4F20-BC7E-47E3053FE6C5}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-05-27 22:55:42.681
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3D2C8B7F-5B62-4AE2-89FB-0170DE35F7AA}
Scan Type: Antimalware
Scan Parameters: Quick Scan
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 17%
Total physical RAM: 16322.48 MB
Available physical RAM: 13481.5 MB
Total Virtual: 18754.48 MB
Available Virtual: 14198.89 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:476.34 GB) (Free:257.29 GB) NTFS
Drive d: (Data) (Fixed) (Total:3725.9 GB) (Free:2739.71 GB) NTFS
\\?\Volume{4192b70e-9890-486e-8592-8781fb3a2028}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.13 GB) NTFS
\\?\Volume{dbda1aa8-8242-44c5-9852-bc0b812d7d73}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 3726 GB) (Disk ID: 078C078C)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: BC46E3C2)
========================================================
Disk: 2 (Size: 476.9 GB) (Disk ID: 9CE9E907)
Partition: GPT.
==================== End of Addition.txt ============================
tienchien1
2018-05-29, 12:41
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by su (administrator) on DESKTOP-DJNK2QJ (29-05-2018 17:39:19)
Running from C:\Users\su\Desktop\ap
Loaded Profiles: su (Available Profiles: su)
Platform: Windows 10 Pro Version 1803 17134.81 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files (x86)\BWMeter\BWMeterConSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MsMpEng.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(AgileBits Inc.) C:\Users\su\AppData\Local\1password\app\6\1Password.NativeMessagingHost.exe
(AgileBits Inc.) C:\Users\su\AppData\Local\1password\app\6\AgileBits.OnePassword.Desktop.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(AVAST Software) C:\Users\su\Desktop\aswMBR.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-06-29] (Realtek Semiconductor)
HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4113520 2018-05-16] (Tonec Inc.)
HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3106600 2018-05-27] (Electronic Arts)
HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\su\AppData\Local\Akamai\netsession_win.exe"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{bdf511b5-4f08-47e5-89c6-2de410c037f2}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3166309138-43010382-2060014392-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
SearchScopes: HKU\S-1-5-21-3166309138-43010382-2060014392-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3166309138-43010382-2060014392-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2018-05-15] (Internet Download Manager, Tonec Inc.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2018-05-27] (LastPass)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2018-05-15] (Internet Download Manager, Tonec Inc.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2018-05-27] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2018-05-27] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2018-05-27] (LastPass)
FireFox:
========
FF HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\su\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\su\AppData\Roaming\IDM\idmmzcc5 [2018-05-27] [Legacy] [not signed]
FF HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-05-27] (LastPass)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-05-27] (LastPass)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
Chrome:
=======
CHR DefaultSearchKeyword: Default -> hxxps://google.com.vn
CHR Profile: C:\Users\su\AppData\Local\Google\Chrome\User Data\Default [2018-05-29]
CHR Extension: (1Password extension (desktop app required)) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2018-05-29]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-05-29]
CHR Extension: (Ddict Translate: Translator - Dictionary) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpggmmljdiliancllaapiggllnkbjocb [2018-05-29]
CHR Extension: (Adblock Plus) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-29]
CHR Extension: (VTchromizer) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2018-05-29]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-05-29]
CHR Extension: (Violentmonkey) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\jinjaccalgkegednnccohejagnlnfdag [2018-05-29]
CHR Extension: (IDM Integration Module) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-05-29]
CHR Extension: (Thanh toán trên cửa hàng Chrome trực tuyến) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-29]
CHR Extension: (Userscript+ for Tampermonkey) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\okiocdganiomklllkfkmhneoibegifch [2018-05-29]
CHR Extension: (AVIM - Bộ Gõ Tiếng Việt) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\opgbbffpdglhkpglnlkiclakjlpiedoh [2018-05-29]
CHR Extension: (Chrome Media Router) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-29]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-05-16]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-05-16]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BWMeterConSvc; C:\Program Files (x86)\BWMeter\BWMeterConSvc.exe [125440 2018-05-28] () [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2201920 2018-05-27] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3072328 2018-05-27] (Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-05-26] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-05-26] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\Windows\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-12] (Microsoft Corporation)
R1 MpKslb21181f7; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{75F8F955-A970-4DC8-AB85-34F5BA442488}\MpKslb21181f7.sys [58120 2018-05-29] (Microsoft Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys [17194584 2018-05-24] (NVIDIA Corporation)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [152064 2018-04-12] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46072 2018-05-26] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [313888 2018-05-26] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [61472 2018-05-26] (Microsoft Corporation)
U3 aswMBR; C:\Users\su\AppData\Local\Temp\aswMBR.sys [62728 2018-05-29] () [File not signed] <==== ATTENTION
U3 aswVmm; C:\Users\su\AppData\Local\Temp\aswVmm.sys [224896 2018-05-29] () <==== ATTENTION
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-05-29 17:31 - 2018-05-29 17:31 - 886695832 _____ C:\Windows\MEMORY.DMP
2018-05-29 17:31 - 2018-05-29 17:31 - 000783300 _____ C:\Windows\Minidump\052918-11046-01.dmp
2018-05-29 17:31 - 2018-05-29 17:31 - 000000000 ____D C:\Windows\Minidump
2018-05-29 17:29 - 2018-05-29 17:30 - 005198336 _____ (AVAST Software) C:\Users\su\Desktop\aswMBR.exe
2018-05-29 17:27 - 2018-05-29 17:39 - 000000000 ____D C:\FRST
2018-05-29 05:16 - 2018-05-29 05:20 - 000000000 ____D C:\ProgramData\HitmanPro
2018-05-29 04:49 - 2018-05-29 04:49 - 000000000 ____D C:\Users\su\AppData\Roaming\Macromedia
2018-05-29 04:13 - 2018-05-29 06:25 - 000000000 ____D C:\Users\su\AppData\Local\NVIDIA Corporation
2018-05-29 04:00 - 2018-05-29 04:00 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-29 04:00 - 2018-05-29 04:00 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-29 04:00 - 2018-05-29 04:00 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-29 04:00 - 2018-05-29 04:00 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-29 04:00 - 2018-05-29 04:00 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-29 04:00 - 2018-05-29 04:00 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-29 04:00 - 2018-05-29 04:00 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-29 04:00 - 2018-05-29 04:00 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-05-29 04:00 - 2018-05-29 04:00 - 000000000 ____D C:\Windows\LastGood.Tmp
2018-05-29 04:00 - 2018-05-29 04:00 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-05-29 04:00 - 2018-05-23 05:00 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2018-05-29 03:58 - 2018-05-24 01:21 - 040347168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 035250536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 031278392 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 025991448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 013727792 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 011273120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 004350392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 003760672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 002013784 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439793.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 001563584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 001467808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439793.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 001419296 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 001357000 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 001347480 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 001216952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 001157208 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 001092184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 001069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 001063400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 000904896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 000814424 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 000749472 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 000652344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 000634576 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 000627232 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 000608160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 000518072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-05-29 03:58 - 2018-05-24 01:20 - 017784432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-05-29 03:58 - 2018-05-24 01:20 - 015195248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-05-29 03:58 - 2018-05-24 01:20 - 004855208 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-05-29 03:58 - 2018-05-24 01:20 - 004125048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-05-29 03:51 - 2018-05-29 03:51 - 000000000 ____D C:\NVIDIA
2018-05-29 03:46 - 2018-05-29 04:20 - 000000000 ____D C:\Users\su\Desktop\TMRBLog
2018-05-29 03:46 - 2018-05-29 03:46 - 000000000 ____D C:\Users\su\Desktop\log
2018-05-29 03:42 - 2018-05-29 03:42 - 000000020 ___SH C:\Users\su\ntuser.ini
2018-05-29 03:42 - 2018-05-29 03:42 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-05-29 02:01 - 2018-05-29 03:42 - 000000576 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2cf00a8c-2837-487b-807f-aa69fc5d012f.job
2018-05-29 02:01 - 2018-05-29 02:01 - 000003814 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 2cf00a8c-2837-487b-807f-aa69fc5d012f
2018-05-29 01:45 - 2018-05-29 01:46 - 000000000 ____D C:\KVRT_Data
2018-05-29 01:00 - 2018-05-29 01:00 - 000000000 ____D C:\ProgramData\YaraEditor
2018-05-28 23:02 - 2018-05-28 23:02 - 000000000 ____D C:\Users\su\AppData\Roaming\Adobe
2018-05-28 21:42 - 2018-05-28 21:44 - 000000000 ____D C:\AdwCleaner
2018-05-28 21:16 - 2018-05-28 21:16 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-05-28 20:45 - 2018-05-29 17:39 - 000000000 ____D C:\Users\su\Desktop\ap
2018-05-28 20:35 - 2018-05-28 20:35 - 000007569 _____ C:\Users\su\Desktop\SUPERAntiSpyware Scan Log.txt
2018-05-28 20:29 - 2018-05-28 20:29 - 000000000 ____D C:\Users\su\AppData\Roaming\Google
2018-05-28 20:00 - 2018-05-28 20:00 - 000000000 ____D C:\SUPERDelete
2018-05-28 19:58 - 2018-05-28 20:20 - 000000536 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b2dd9028-24c0-418f-8675-2689c82b31b5.job
2018-05-28 19:58 - 2018-05-28 19:58 - 000003688 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task b2dd9028-24c0-418f-8675-2689c82b31b5
2018-05-28 19:58 - 2018-05-28 19:58 - 000000000 ____D C:\Users\su\AppData\Roaming\SUPERAntiSpyware.com
2018-05-28 19:57 - 2018-05-29 04:53 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-05-28 19:57 - 2018-05-28 19:57 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-05-28 18:59 - 2018-05-28 18:59 - 000047152 _____ (DeskSoft) C:\Windows\system32\Drivers\dsnpfd.sys
2018-05-28 18:59 - 2018-05-28 18:59 - 000001884 _____ C:\Users\su\Desktop\BWMeter.lnk
2018-05-28 18:59 - 2018-05-28 18:59 - 000000000 ____D C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BWMeter
2018-05-28 18:59 - 2018-05-28 18:59 - 000000000 ____D C:\Users\su\AppData\Roaming\DeskSoft
2018-05-28 18:59 - 2018-05-28 18:59 - 000000000 ____D C:\Program Files (x86)\BWMeter
2018-05-27 18:55 - 2018-05-27 18:55 - 000000000 ____D C:\Users\su\AppData\Roaming\MPC-HC
2018-05-27 18:53 - 2018-05-27 18:58 - 000000000 ____D C:\Program Files\MPC-HC
2018-05-27 18:53 - 2018-05-27 18:53 - 000001745 _____ C:\Users\Public\Desktop\MPC-HC x64.lnk
2018-05-27 18:53 - 2018-05-27 18:53 - 000001745 _____ C:\ProgramData\Desktop\MPC-HC x64.lnk
2018-05-27 18:53 - 2018-05-27 18:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2018-05-27 13:06 - 2018-05-27 13:06 - 000000000 ____D C:\Users\su\AppData\Local\DBG
2018-05-27 09:55 - 2018-05-27 09:55 - 000000000 ____D C:\Users\su\AppData\Local\PeerDistRepub
2018-05-27 09:18 - 2018-05-27 09:18 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-05-27 09:18 - 2018-05-27 09:18 - 000000000 ____D C:\Program Files\MSBuild
2018-05-27 09:18 - 2018-05-27 09:18 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-05-27 09:18 - 2018-05-27 09:18 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-05-27 09:17 - 2018-03-05 16:07 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2018-05-27 09:17 - 2018-03-05 16:07 - 000103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-27 09:17 - 2018-03-05 16:07 - 000035456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2018-05-27 09:17 - 2018-02-14 16:21 - 001166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2018-05-27 09:17 - 2018-02-14 16:21 - 000124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-27 09:17 - 2018-02-14 16:21 - 000035456 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2018-05-27 09:16 - 2018-05-27 09:16 - 000000000 ____D C:\Users\su\Documents\Battlefield 1
2018-05-27 09:14 - 2018-05-27 09:14 - 000000824 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraISOPortable.lnk
2018-05-27 09:14 - 2018-05-27 09:14 - 000000756 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2018-05-27 09:13 - 2018-05-27 09:13 - 000000936 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\qBittorrentPortable.lnk
2018-05-27 09:13 - 2018-05-27 09:13 - 000000919 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RevoUPort.lnk
2018-05-27 09:13 - 2018-05-27 09:13 - 000000860 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mkvtoolnix-gui.lnk
2018-05-27 09:13 - 2018-05-27 09:13 - 000000825 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SubRip.lnk
2018-05-27 09:13 - 2018-05-27 09:13 - 000000777 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HWiNFO64.lnk
2018-05-27 09:13 - 2018-05-27 09:13 - 000000768 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tcpview.lnk
2018-05-27 09:12 - 2018-05-27 09:12 - 000000959 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CustomDesktopLogo.lnk
2018-05-27 09:12 - 2018-05-27 09:12 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-05-27 09:12 - 2018-05-27 09:12 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2018-05-27 09:12 - 2018-05-27 09:12 - 000000000 ____D C:\Program Files\Realtek
2018-05-27 09:12 - 2017-06-29 18:55 - 013122576 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 012988336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 006410088 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV3apo.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 005938904 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 005593608 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 003509256 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 003507688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 003410832 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 003299816 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 003122656 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 003092336 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 002190976 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 001435136 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 001382232 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 001347136 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 001337640 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 001016928 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000984912 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000965024 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000923736 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000877424 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000873456 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000868176 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000866640 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000852128 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000737960 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000691680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000677664 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000604792 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000532376 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000525768 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000467152 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000447712 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000387312 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000381408 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000343704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000341144 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000341144 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000231912 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000221960 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000214832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000209528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000192976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000166200 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000158696 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000151784 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000134200 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000110976 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000090912 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000088344 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000088312 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000084608 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000083624 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000075536 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 010536152 _____ (Intel Corporation) C:\Windows\system32\IntelSSTAPO.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 004059960 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 002291304 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 001780616 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 001591056 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 001422920 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 001334376 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 001213656 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 001166152 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000999848 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000727432 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000708312 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000680544 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000678176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000618184 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000514520 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000500552 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000428224 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000406448 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2APIPCLL.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000366120 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000360344 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000330552 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000203840 _____ (Harman) C:\Windows\system32\HMHVS.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000190928 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000190928 _____ (Harman) C:\Windows\system32\HMEQ.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000179592 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 005346992 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 002444680 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 001965808 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 001959600 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 001616680 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 001554600 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOProp.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 001529136 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64Proxy.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 001508928 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 001326424 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOv251.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 001170872 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOvlldp.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 000743960 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 000504304 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 000445392 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 000441264 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 000362048 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 000327448 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 000310416 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 000272712 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 000253896 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 000253864 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 000252872 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2018-05-27 09:12 - 2017-06-29 18:52 - 005826560 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2018-05-27 09:12 - 2017-06-29 18:52 - 003677160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2018-05-27 09:12 - 2017-06-29 18:52 - 003205120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2018-05-27 09:12 - 2017-06-29 18:52 - 002110592 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2018-05-27 09:12 - 2017-06-29 18:52 - 000574752 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2018-05-27 09:12 - 2017-06-29 18:52 - 000258856 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2018-05-27 09:12 - 2017-06-29 18:52 - 000118592 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 072520712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2018-05-27 09:12 - 2017-06-29 18:51 - 014057248 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 007172912 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 007096184 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 006264632 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 002210304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 002050176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 001186832 _____ (Intel Corporation) C:\Windows\system32\IntelSstCApoPropPage.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 001133064 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 001003856 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 000931616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 000416504 _____ (Harman) C:\Windows\system32\HMUI.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 000378384 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 000154360 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 000023688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2018-05-27 09:12 - 2017-06-29 18:50 - 000122320 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2018-05-27 09:12 - 2017-06-29 18:50 - 000118584 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2018-05-27 09:12 - 2017-06-29 18:50 - 000105304 _____ C:\Windows\system32\audioLibVc.dll
2018-05-27 09:12 - 2017-06-29 03:05 - 012334923 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2018-05-27 09:12 - 2017-06-29 03:05 - 005804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2018-05-27 09:12 - 2017-06-29 03:05 - 001920870 _____ C:\Windows\system32\Drivers\rtkSSTsetting.dat
2018-05-27 09:10 - 2018-05-27 09:10 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-05-27 09:05 - 2018-05-27 09:05 - 000000000 ____D C:\ProgramData\Electronic Arts
2018-05-27 08:59 - 2018-05-29 03:42 - 000000000 ____D C:\Users\su\AppData\Local\IsolatedStorage
2018-05-27 08:59 - 2018-05-27 08:59 - 000001402 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\1Password 6.lnk
2018-05-27 08:59 - 2018-05-27 08:59 - 000000000 ____D C:\Users\su\AppData\Local\1password
2018-05-27 07:58 - 2018-05-27 07:58 - 000001243 _____ C:\Users\Public\Desktop\Battlefield 1.lnk
2018-05-27 07:58 - 2018-05-27 07:58 - 000001243 _____ C:\ProgramData\Desktop\Battlefield 1.lnk
2018-05-27 07:58 - 2018-05-27 07:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1
2018-05-27 07:47 - 2018-05-27 09:13 - 000000000 ____D C:\Windows\system32\DAX3
2018-05-27 07:47 - 2018-05-27 09:13 - 000000000 ____D C:\Windows\system32\DAX2
2018-05-27 07:47 - 2018-05-27 07:47 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2018-05-27 07:47 - 2016-09-22 14:55 - 002839520 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2018-05-27 07:40 - 2018-05-27 07:40 - 000000000 ____D C:\Program Files (x86)\Origin Games
2018-05-27 07:39 - 2018-05-27 07:39 - 000001142 _____ C:\Users\Public\Desktop\My LastPass Vault.lnk
2018-05-27 07:39 - 2018-05-27 07:39 - 000001142 _____ C:\ProgramData\Desktop\My LastPass Vault.lnk
2018-05-27 07:39 - 2018-05-27 07:39 - 000000000 ____D C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2018-05-27 07:39 - 2018-05-27 07:39 - 000000000 ____D C:\Users\su\AppData\LocalLow\LastPass
2018-05-27 07:39 - 2018-05-27 07:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2018-05-27 07:39 - 2018-05-27 07:39 - 000000000 ____D C:\Program Files (x86)\LastPass
2018-05-27 07:36 - 2018-05-29 04:43 - 000000000 ____D C:\Users\su\AppData\Local\D3DSCache
2018-05-27 07:36 - 2018-05-27 07:36 - 000001062 _____ C:\Users\Public\Desktop\Origin.lnk
2018-05-27 07:36 - 2018-05-27 07:36 - 000001062 _____ C:\ProgramData\Desktop\Origin.lnk
2018-05-27 07:36 - 2018-05-27 07:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2018-05-27 07:36 - 2018-05-27 07:36 - 000000000 ____D C:\Program Files (x86)\Origin
2018-05-27 07:35 - 2018-05-29 17:29 - 000000000 ____D C:\Users\su\AppData\Roaming\IDM
2018-05-27 07:35 - 2018-05-29 04:54 - 000000000 ____D C:\Users\su\AppData\Roaming\DMCache
2018-05-27 07:35 - 2018-05-29 04:41 - 000000000 ____D C:\Users\su\Downloads\Compressed
2018-05-27 07:35 - 2018-05-28 19:42 - 000000000 ____D C:\Users\su\Downloads\Video
2018-05-27 07:35 - 2018-05-27 07:35 - 000001078 _____ C:\Users\su\Desktop\Internet Download Manager.lnk
2018-05-27 07:35 - 2018-05-27 07:35 - 000000000 ____D C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-05-27 07:35 - 2018-05-27 07:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-05-27 07:35 - 2018-05-27 07:35 - 000000000 ____D C:\ProgramData\IDM
2018-05-27 07:35 - 2018-05-27 07:35 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2018-05-27 07:34 - 2018-05-29 17:36 - 000000000 ____D C:\Users\su\AppData\Roaming\Origin
2018-05-27 07:34 - 2018-05-29 17:36 - 000000000 ____D C:\ProgramData\Origin
2018-05-27 07:34 - 2018-05-27 07:40 - 000000000 ____D C:\Users\su\AppData\Local\Origin
2018-05-27 07:34 - 2018-05-27 07:34 - 000000000 ____D C:\Users\su\.QtWebEngineProcess
2018-05-27 07:34 - 2018-05-27 07:34 - 000000000 ____D C:\Users\su\.Origin
2018-05-27 07:33 - 2018-05-29 04:18 - 000000000 ____D C:\Users\su\Desktop\User Data
2018-05-27 07:33 - 2018-05-28 19:56 - 000002292 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-27 07:33 - 2018-05-28 19:56 - 000002292 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2018-05-27 07:33 - 2018-05-27 09:41 - 000000000 ____D C:\Users\su\AppData\Local\Google
2018-05-27 07:33 - 2018-05-27 07:33 - 000003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-27 07:33 - 2018-05-27 07:33 - 000003382 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-27 07:33 - 2018-05-27 07:33 - 000002369 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-27 07:33 - 2018-05-27 07:33 - 000000000 ____D C:\Program Files (x86)\Google
2018-05-26 17:16 - 2018-05-26 16:20 - 000000000 ____D C:\Windows\Panther
2018-05-26 16:44 - 2018-05-26 16:44 - 000000000 ____D C:\Users\su\AppData\Local\Comms
2018-05-26 16:34 - 2018-05-21 02:45 - 000308408 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-05-26 16:34 - 2018-05-21 02:45 - 000094104 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2018-05-26 16:34 - 2018-05-21 02:43 - 021389360 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-05-26 16:34 - 2018-05-21 02:42 - 001649760 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2018-05-26 16:34 - 2018-05-21 02:42 - 001634808 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2018-05-26 16:34 - 2018-05-21 02:42 - 000759192 _____ (Microsoft Corporation) C:\Windows\system32\LicensingWinRT.dll
2018-05-26 16:34 - 2018-05-21 02:27 - 012712960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-05-26 16:34 - 2018-05-21 02:27 - 000584192 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2018-05-26 16:34 - 2018-05-21 02:26 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\rasplap.dll
2018-05-26 16:34 - 2018-05-21 02:24 - 002084864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-05-26 16:34 - 2018-05-21 02:24 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\rdpshell.exe
2018-05-26 16:34 - 2018-05-21 02:23 - 004070400 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-05-26 16:34 - 2018-05-21 02:23 - 003655168 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2018-05-26 16:34 - 2018-05-21 02:23 - 000947712 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2018-05-26 16:34 - 2018-05-21 02:23 - 000899072 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2018-05-26 16:34 - 2018-05-21 02:23 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\rdpinit.exe
2018-05-26 16:34 - 2018-05-21 02:22 - 001665024 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2018-05-26 16:34 - 2018-05-21 02:22 - 001292288 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe
2018-05-26 16:34 - 2018-05-21 02:22 - 000941056 _____ (Microsoft Corporation) C:\Windows\system32\rasdlg.dll
2018-05-26 16:34 - 2018-05-21 02:22 - 000804352 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2018-05-26 16:34 - 2018-05-21 01:20 - 000022936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hvsicontainerservice.dll
2018-05-26 16:34 - 2018-05-21 01:17 - 001454024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2018-05-26 16:34 - 2018-05-21 01:15 - 000653208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicensingWinRT.dll
2018-05-26 16:34 - 2018-05-21 01:14 - 020383712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-05-26 16:34 - 2018-05-21 01:14 - 001490144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2018-05-26 16:34 - 2018-05-21 01:03 - 011903488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-05-26 16:34 - 2018-05-21 01:02 - 000461312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasplap.dll
2018-05-26 16:34 - 2018-05-21 01:00 - 002896896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-05-26 16:34 - 2018-05-21 01:00 - 000864768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2018-05-26 16:34 - 2018-05-21 00:59 - 002016256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-05-26 16:34 - 2018-05-21 00:59 - 000863232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdlg.dll
2018-05-26 16:34 - 2018-05-21 00:59 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2018-05-26 16:34 - 2018-05-20 23:59 - 023862784 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2018-05-26 16:34 - 2018-05-20 23:45 - 001271296 _____ (Microsoft Corporation) C:\Windows\system32\HoloSI.PCShell.dll
2018-05-26 16:34 - 2018-05-20 23:39 - 000944640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Mirage.Internal.dll
2018-05-26 16:34 - 2018-05-20 23:39 - 000788480 _____ (Microsoft Corporation) C:\Windows\system32\DHolographicDisplay.dll
2018-05-26 16:34 - 2018-05-20 23:35 - 000677376 _____ (Microsoft Corporation) C:\Windows\system32\HeadTrackerStorage.dll
2018-05-26 16:34 - 2018-05-20 23:34 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\HoloShellRuntime.dll
2018-05-26 16:34 - 2018-05-20 22:04 - 000658432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2018-05-26 16:34 - 2018-05-20 21:54 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\HoloShellRuntime.dll
2018-05-26 16:34 - 2018-05-20 19:36 - 000613144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2018-05-26 16:34 - 2018-05-20 19:33 - 000748504 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2018-05-26 16:34 - 2018-05-20 19:33 - 000707480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2018-05-26 16:34 - 2018-05-20 19:33 - 000105368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2018-05-26 16:34 - 2018-05-20 19:01 - 001140576 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-05-26 16:34 - 2018-05-20 19:01 - 000983008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-05-26 16:34 - 2018-05-20 18:59 - 000269224 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave_secure.dll
2018-05-26 16:34 - 2018-05-20 18:58 - 000272288 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave.dll
2018-05-26 16:34 - 2018-05-20 18:55 - 001456616 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-05-26 16:34 - 2018-05-20 18:55 - 001174424 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2018-05-26 16:34 - 2018-05-20 18:55 - 001063320 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2018-05-26 16:34 - 2018-05-20 18:55 - 000567176 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2018-05-26 16:34 - 2018-05-20 18:55 - 000193936 _____ (Microsoft Corporation) C:\Windows\system32\skci.dll
2018-05-26 16:34 - 2018-05-20 18:54 - 002564984 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2018-05-26 16:34 - 2018-05-20 18:54 - 001800080 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2018-05-26 16:34 - 2018-05-20 18:54 - 001017056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2018-05-26 16:34 - 2018-05-20 18:54 - 001012120 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2018-05-26 16:34 - 2018-05-20 18:54 - 000722288 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-05-26 16:34 - 2018-05-20 18:54 - 000170904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-05-26 16:34 - 2018-05-20 18:53 - 006816848 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2018-05-26 16:34 - 2018-05-20 18:53 - 004402768 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2018-05-26 16:34 - 2018-05-20 18:53 - 002836376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-05-26 16:34 - 2018-05-20 18:53 - 002371392 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2018-05-26 16:34 - 2018-05-20 18:53 - 002178136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2018-05-26 16:34 - 2018-05-20 18:53 - 001947808 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2018-05-26 16:34 - 2018-05-20 18:53 - 001258280 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-05-26 16:34 - 2018-05-20 18:53 - 001017088 _____ (Microsoft Corporation) C:\Windows\system32\DolbyDecMFT.dll
2018-05-26 16:34 - 2018-05-20 18:53 - 001012408 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2018-05-26 16:34 - 2018-05-20 18:53 - 000792984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2018-05-26 16:34 - 2018-05-20 18:53 - 000709824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-05-26 16:34 - 2018-05-20 18:53 - 000131232 _____ (Microsoft Corporation) C:\Windows\system32\rmclient.dll
2018-05-26 16:34 - 2018-05-20 18:53 - 000088472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2018-05-26 16:34 - 2018-05-20 18:52 - 009159064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-05-26 16:34 - 2018-05-20 18:52 - 007519992 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 007436632 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 003283400 _____ (Microsoft Corporation) C:\Windows\system32\CoreUIComponents.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 002753040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 001209792 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 001148800 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 001097648 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 000885848 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 000735560 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 000713368 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 000416120 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 000413080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-05-26 16:34 - 2018-05-20 18:52 - 000347704 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 000130456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvsocket.sys
2018-05-26 16:34 - 2018-05-20 18:52 - 000089984 _____ (Microsoft Corporation) C:\Windows\system32\CompPkgSup.dll
2018-05-26 16:34 - 2018-05-20 18:35 - 025844224 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2018-05-26 16:34 - 2018-05-20 18:35 - 000861608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2018-05-26 16:34 - 2018-05-20 18:34 - 016592384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2018-05-26 16:34 - 2018-05-20 18:34 - 001462288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2018-05-26 16:34 - 2018-05-20 18:34 - 000861096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DolbyDecMFT.dll
2018-05-26 16:34 - 2018-05-20 18:33 - 002331576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2018-05-26 16:34 - 2018-05-20 18:33 - 001665920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2018-05-26 16:34 - 2018-05-20 18:33 - 001011968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2018-05-26 16:34 - 2018-05-20 18:33 - 000457144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2018-05-26 16:34 - 2018-05-20 18:33 - 000101288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rmclient.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 006567904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 006527568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 006044104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 004787960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 002536056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 002486984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreUIComponents.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 002242208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 001559368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 001034096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 000988128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 000567144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 000560488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 000286200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 000077040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CompPkgSup.dll
2018-05-26 16:34 - 2018-05-20 18:31 - 001456640 _____ (Microsoft Corporation) C:\Windows\system32\WpcDesktopMonSvc.dll
2018-05-26 16:34 - 2018-05-20 18:30 - 022709248 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-05-26 16:34 - 2018-05-20 18:30 - 008188928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2018-05-26 16:34 - 2018-05-20 18:29 - 000185344 _____ (Microsoft Corporation) C:\Windows\system32\InstallServiceTasks.dll
2018-05-26 16:34 - 2018-05-20 18:28 - 004706816 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2018-05-26 16:34 - 2018-05-20 18:28 - 004372480 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2018-05-26 16:34 - 2018-05-20 18:28 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2018-05-26 16:34 - 2018-05-20 18:28 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\AppHostRegistrationVerifier.exe
2018-05-26 16:34 - 2018-05-20 18:28 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-05-26 16:34 - 2018-05-20 18:27 - 000344576 _____ (Microsoft Corporation) C:\Windows\system32\RasMediaManager.dll
2018-05-26 16:34 - 2018-05-20 18:27 - 000295424 _____ (Microsoft Corporation) C:\Windows\system32\FSClient.dll
2018-05-26 16:34 - 2018-05-20 18:27 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\ApiSetHost.AppExecutionAlias.dll
2018-05-26 16:34 - 2018-05-20 18:26 - 003392512 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-05-26 16:34 - 2018-05-20 18:26 - 003389952 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2018-05-26 16:34 - 2018-05-20 18:26 - 001307648 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2018-05-26 16:34 - 2018-05-20 18:26 - 000356352 _____ (Microsoft Corporation) C:\Windows\system32\dafWfdProvider.dll
2018-05-26 16:34 - 2018-05-20 18:26 - 000266752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-05-26 16:34 - 2018-05-20 18:26 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\wevtutil.exe
2018-05-26 16:34 - 2018-05-20 18:26 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2018-05-26 16:34 - 2018-05-20 18:26 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\TelephonyInteractiveUser.dll
2018-05-26 16:34 - 2018-05-20 18:26 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\MSHEIF.dll
2018-05-26 16:34 - 2018-05-20 18:25 - 022001664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-05-26 16:34 - 2018-05-20 18:25 - 004867072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-05-26 16:34 - 2018-05-20 18:25 - 004563968 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2018-05-26 16:34 - 2018-05-20 18:25 - 000835584 _____ (Microsoft Corporation) C:\Windows\system32\PhoneService.dll
2018-05-26 16:34 - 2018-05-20 18:25 - 000384000 _____ (Microsoft Corporation) C:\Windows\system32\Phoneutil.dll
2018-05-26 16:34 - 2018-05-20 18:24 - 007582720 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2018-05-26 16:34 - 2018-05-20 18:24 - 003320320 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2018-05-26 16:34 - 2018-05-20 18:24 - 001767936 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2018-05-26 16:34 - 2018-05-20 18:24 - 001485312 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2018-05-26 16:34 - 2018-05-20 18:24 - 000898560 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2018-05-26 16:34 - 2018-05-20 18:24 - 000894464 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2018-05-26 16:34 - 2018-05-20 18:24 - 000813568 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2018-05-26 16:34 - 2018-05-20 18:24 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-05-26 16:34 - 2018-05-20 18:24 - 000625152 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2018-05-26 16:34 - 2018-05-20 18:24 - 000234496 _____ (Microsoft Corporation) C:\Windows\system32\DolbyMATEnc.dll
2018-05-26 16:34 - 2018-05-20 18:23 - 013873152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2018-05-26 16:34 - 2018-05-20 18:23 - 005951488 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2018-05-26 16:34 - 2018-05-20 18:23 - 002366976 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2018-05-26 16:34 - 2018-05-20 18:23 - 002364928 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2018-05-26 16:34 - 2018-05-20 18:23 - 001318400 _____ (Microsoft Corporation) C:\Windows\system32\ISM.dll
2018-05-26 16:34 - 2018-05-20 18:23 - 000933376 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2018-05-26 16:34 - 2018-05-20 18:23 - 000932352 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2018-05-26 16:34 - 2018-05-20 18:23 - 000847360 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2018-05-26 16:34 - 2018-05-20 18:22 - 003440640 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-05-26 16:34 - 2018-05-20 18:22 - 001817088 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-05-26 16:34 - 2018-05-20 18:22 - 000871424 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-05-26 16:34 - 2018-05-20 18:22 - 000869376 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-05-26 16:34 - 2018-05-20 18:22 - 000684544 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2018-05-26 16:34 - 2018-05-20 18:21 - 002236928 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2018-05-26 16:34 - 2018-05-20 18:21 - 001371136 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2018-05-26 16:34 - 2018-05-20 18:21 - 001303040 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
2018-05-26 16:34 - 2018-05-20 18:21 - 001210880 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2018-05-26 16:34 - 2018-05-20 18:21 - 001033728 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2018-05-26 16:34 - 2018-05-20 18:21 - 000960512 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2018-05-26 16:34 - 2018-05-20 18:21 - 000849408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Playback.MediaPlayer.dll
2018-05-26 16:34 - 2018-05-20 18:21 - 000783360 _____ (Microsoft Corporation) C:\Windows\system32\DolbyHrtfEnc.dll
2018-05-26 16:34 - 2018-05-20 18:21 - 000775680 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-05-26 16:34 - 2018-05-20 18:21 - 000652800 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
2018-05-26 16:34 - 2018-05-20 18:21 - 000505344 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2018-05-26 16:34 - 2018-05-20 18:21 - 000401920 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2018-05-26 16:34 - 2018-05-20 18:18 - 019399168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-05-26 16:34 - 2018-05-20 18:17 - 002961408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2018-05-26 16:34 - 2018-05-20 18:17 - 002699776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-05-26 16:34 - 2018-05-20 18:16 - 006661120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2018-05-26 16:34 - 2018-05-20 18:16 - 000239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FSClient.dll
2018-05-26 16:34 - 2018-05-20 18:16 - 000094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2018-05-26 16:34 - 2018-05-20 18:16 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2018-05-26 16:34 - 2018-05-20 18:16 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-05-26 16:34 - 2018-05-20 18:15 - 004336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2018-05-26 16:34 - 2018-05-20 18:15 - 003712000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-05-26 16:34 - 2018-05-20 18:15 - 002900480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-05-26 16:34 - 2018-05-20 18:15 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallServiceTasks.dll
2018-05-26 16:34 - 2018-05-20 18:15 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSHEIF.dll
2018-05-26 16:34 - 2018-05-20 18:14 - 005782528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-05-26 16:34 - 2018-05-20 18:14 - 001295360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2018-05-26 16:34 - 2018-05-20 18:14 - 000331264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2018-05-26 16:34 - 2018-05-20 18:14 - 000167936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtutil.exe
2018-05-26 16:34 - 2018-05-20 18:13 - 004929024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2018-05-26 16:34 - 2018-05-20 18:13 - 000646656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-05-26 16:34 - 2018-05-20 18:13 - 000630784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-05-26 16:34 - 2018-05-20 18:13 - 000615424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2018-05-26 16:34 - 2018-05-20 18:13 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-05-26 16:34 - 2018-05-20 18:13 - 000317440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Phoneutil.dll
2018-05-26 16:34 - 2018-05-20 18:12 - 003014656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-05-26 16:34 - 2018-05-20 18:12 - 001636352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-05-26 16:34 - 2018-05-20 18:12 - 001348096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2018-05-26 16:34 - 2018-05-20 18:12 - 000992768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Vpn.dll
2018-05-26 16:34 - 2018-05-20 18:12 - 000860160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2018-05-26 16:34 - 2018-05-20 18:12 - 000619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2018-05-26 16:34 - 2018-05-20 18:11 - 001108992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2018-05-26 16:34 - 2018-05-20 18:11 - 001036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2018-05-26 16:34 - 2018-05-20 18:11 - 001005568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2018-05-26 16:34 - 2018-05-20 18:11 - 000669184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-05-26 16:34 - 2018-05-20 18:11 - 000648192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-05-26 16:34 - 2018-05-20 18:11 - 000528384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActivationManager.dll
2018-05-26 16:34 - 2018-05-20 17:07 - 000001310 _____ C:\Windows\system32\tcbres.wim
2018-05-26 16:34 - 2018-05-20 15:26 - 000018716 _____ C:\Windows\system32\srms-apr.dat
2018-05-26 16:34 - 2018-05-19 00:08 - 000018716 _____ C:\Windows\SysWOW64\srms-apr.dat
2018-05-26 16:34 - 2018-04-28 21:25 - 000652184 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2018-05-26 16:34 - 2018-04-28 21:24 - 000749976 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2018-05-26 16:34 - 2018-04-28 21:23 - 000826776 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe
2018-05-26 16:34 - 2018-04-28 21:23 - 000399768 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
2018-05-26 16:34 - 2018-04-28 21:03 - 013570560 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-05-26 16:34 - 2018-04-28 21:03 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-05-26 16:34 - 2018-04-28 21:03 - 000150528 _____ (Microsoft Corporation) C:\Windows\system32\SharedPCCSP.dll
2018-05-26 16:34 - 2018-04-28 21:02 - 008623104 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2018-05-26 16:34 - 2018-04-28 21:01 - 000256000 _____ (Microsoft Corporation) C:\Windows\system32\MixedReality.Broker.dll
2018-05-26 16:34 - 2018-04-28 21:00 - 000695296 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2018-05-26 16:34 - 2018-04-28 20:59 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-05-26 16:34 - 2018-04-28 20:58 - 001855488 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-05-26 16:34 - 2018-04-28 20:58 - 000758272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-05-26 16:34 - 2018-04-28 20:18 - 000150016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-05-26 16:34 - 2018-04-28 20:17 - 012500992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-05-26 16:34 - 2018-04-28 20:16 - 007987712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2018-05-26 16:34 - 2018-04-28 20:14 - 000668672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-05-26 16:34 - 2018-04-28 20:14 - 000581120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2018-05-26 16:34 - 2018-04-28 20:14 - 000344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-05-26 16:34 - 2018-04-28 20:13 - 001585664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-05-26 16:34 - 2018-04-28 20:12 - 001380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2018-05-26 16:34 - 2018-04-28 18:17 - 019525120 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2018-05-26 16:34 - 2018-04-28 17:58 - 000976384 _____ (Microsoft Corporation) C:\Windows\system32\Spectrum.exe
2018-05-26 16:34 - 2018-04-28 17:58 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.Analog.dll
2018-05-26 16:34 - 2018-04-28 11:37 - 001034624 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2018-05-26 16:34 - 2018-04-28 11:31 - 000473496 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2018-05-26 16:34 - 2018-04-28 11:29 - 001565592 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2018-05-26 16:34 - 2018-04-28 11:29 - 000788216 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-05-26 16:34 - 2018-04-28 11:29 - 000776880 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2018-05-26 16:34 - 2018-04-28 11:29 - 000494488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2018-05-26 16:34 - 2018-04-28 11:29 - 000382872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2018-05-26 16:34 - 2018-04-28 11:29 - 000134552 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2018-05-26 16:34 - 2018-04-28 11:27 - 002422168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-05-26 16:34 - 2018-04-28 11:27 - 001191168 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-05-26 16:34 - 2018-04-28 11:27 - 000604568 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2018-05-26 16:34 - 2018-04-28 11:14 - 000434584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2018-05-26 16:34 - 2018-04-28 11:13 - 001426328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2018-05-26 16:34 - 2018-04-28 11:13 - 000786168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-05-26 16:34 - 2018-04-28 11:13 - 000665320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2018-05-26 16:34 - 2018-04-28 11:12 - 000606448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2018-05-26 16:34 - 2018-04-28 11:03 - 000585728 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-26 16:34 - 2018-04-28 11:03 - 000444416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-26 16:34 - 2018-04-28 11:03 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-26 16:34 - 2018-04-28 11:03 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-26 16:34 - 2018-04-28 11:02 - 000613376 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-26 16:34 - 2018-04-28 11:02 - 000474624 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-26 16:34 - 2018-04-28 11:02 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-05-26 16:34 - 2018-04-28 11:02 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-26 16:34 - 2018-04-28 11:02 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\wcimage.dll
2018-05-26 16:34 - 2018-04-28 11:01 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-05-26 16:34 - 2018-04-28 11:00 - 000143360 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-05-26 16:34 - 2018-04-28 10:59 - 000553984 _____ (Microsoft Corporation) C:\Windows\system32\PerceptionSimulationExtensions.dll
2018-05-26 16:34 - 2018-04-28 10:58 - 003086336 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-05-26 16:34 - 2018-04-28 10:57 - 002170368 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2018-05-26 16:34 - 2018-04-28 10:57 - 001534976 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-05-26 16:34 - 2018-04-28 10:57 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-05-26 16:34 - 2018-04-28 10:56 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-05-26 16:34 - 2018-04-28 10:56 - 001550848 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2018-05-26 16:34 - 2018-04-28 10:56 - 000917504 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-05-26 16:34 - 2018-04-28 10:55 - 001586176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-05-26 16:34 - 2018-04-28 10:55 - 001421312 _____ (Microsoft Corporation) C:\Windows\system32\rdpbase.dll
2018-05-26 16:34 - 2018-04-28 10:55 - 001160192 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-05-26 16:34 - 2018-04-28 10:55 - 000596480 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2018-05-26 16:34 - 2018-04-28 10:55 - 000543744 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-05-26 16:34 - 2018-04-28 10:54 - 000561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-05-26 16:34 - 2018-04-28 10:53 - 001235968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpbase.dll
2018-05-26 16:34 - 2018-04-28 10:53 - 000117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-05-26 16:34 - 2018-04-28 10:52 - 000836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-05-26 16:34 - 2018-04-28 10:51 - 001466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-05-26 16:34 - 2018-04-28 10:51 - 000524800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-05-26 16:34 - 2018-04-28 09:43 - 001953280 _____ C:\Windows\system32\rdpnano.dll
2018-05-26 16:33 - 2018-05-26 16:33 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-05-26 16:33 - 2018-05-26 16:33 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-05-26 16:33 - 2018-05-26 16:33 - 000000000 ____D C:\Windows\system32\MRT
2018-05-26 16:33 - 2018-05-26 16:33 - 000000000 ____D C:\Users\su\AppData\Roaming\NVIDIA
2018-05-26 16:33 - 2018-05-26 16:32 - 000548000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-05-26 16:30 - 2018-05-29 17:35 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-26 16:30 - 2018-05-29 09:20 - 000000000 ____D C:\Users\su\AppData\Roaming\nhm2
2018-05-26 16:30 - 2018-05-29 04:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-05-26 16:30 - 2018-05-29 04:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-05-26 16:30 - 2018-05-29 03:59 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-05-26 16:30 - 2018-05-27 07:36 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-26 16:30 - 2018-05-26 16:30 - 000002452 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NiceHash Miner 2.lnk
2018-05-26 16:30 - 2018-05-26 16:30 - 000002444 _____ C:\Users\su\Desktop\NiceHash Miner 2.lnk
2018-05-26 16:30 - 2018-05-26 16:30 - 000000000 ____D C:\Users\su\AppData\Roaming\NiceHash Miner 2
2018-05-26 16:30 - 2018-05-24 01:22 - 000552480 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-05-26 16:30 - 2018-05-23 02:58 - 002612520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-05-26 16:30 - 2018-05-23 02:57 - 005947328 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-05-26 16:30 - 2018-05-23 02:57 - 001767360 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-05-26 16:30 - 2018-05-23 02:57 - 000633984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-05-26 16:30 - 2018-05-23 02:57 - 000450960 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-05-26 16:30 - 2018-05-23 02:57 - 000124200 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-05-26 16:30 - 2018-05-23 02:57 - 000083240 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-05-26 16:30 - 2018-05-22 13:43 - 008186102 _____ C:\Windows\system32\nvcoproc.bin
2018-05-26 16:30 - 2018-05-14 23:01 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-05-26 16:28 - 2018-05-29 02:22 - 000000000 ____D C:\Users\su\AppData\Local\PlaceholderTileLogoFolder
2018-05-26 16:28 - 2018-05-26 16:28 - 000001417 _____ C:\Users\su\Desktop\Microsoft Edge.lnk
2018-05-26 16:28 - 2018-05-26 16:28 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-05-26 16:27 - 2018-05-29 17:31 - 000000000 ____D C:\Users\su
2018-05-26 16:27 - 2018-05-29 16:54 - 000000000 ____D C:\Users\su\AppData\Local\Packages
2018-05-26 16:27 - 2018-05-29 04:35 - 000000000 ____D C:\Users\su\AppData\Local\ConnectedDevicesPlatform
2018-05-26 16:27 - 2018-05-29 02:21 - 000000000 ____D C:\Users\su\AppData\Local\Publishers
2018-05-26 16:27 - 2018-05-29 00:43 - 000000000 ____D C:\Users\su\AppData\Local\VirtualStore
2018-05-26 16:27 - 2018-05-27 07:29 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-26 16:27 - 2018-05-27 07:29 - 000000000 ___RD C:\Users\su\3D Objects
2018-05-26 16:27 - 2018-05-26 16:27 - 000000000 ____D C:\Users\su\AppData\Local\MicrosoftEdge
2018-05-26 16:26 - 2018-05-26 16:26 - 000000000 ____D C:\ProgramData\Razer
2018-05-26 16:26 - 2018-05-26 16:26 - 000000000 ____D C:\Program Files (x86)\Razer
2018-05-26 16:25 - 2018-05-29 04:40 - 000838560 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-26 16:23 - 2018-05-26 16:23 - 000000000 ____D C:\Windows\CSC
2018-05-26 16:23 - 2018-05-26 16:23 - 000000000 ____D C:\ProgramData\USOShared
2018-05-26 16:23 - 2018-04-12 06:33 - 002752000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2018-05-26 16:19 - 2018-05-29 17:35 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-26 16:19 - 2018-05-29 17:35 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-05-26 16:19 - 2018-05-27 07:28 - 000233856 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-26 16:19 - 2018-05-26 18:31 - 000000000 ____D C:\Windows\system32\Drivers\wd
2018-05-26 16:19 - 2018-05-26 16:19 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-05-26 16:19 - 2018-05-26 16:19 - 000000000 ____D C:\Windows\ServiceProfiles
2018-05-16 23:43 - 2018-03-01 21:36 - 000226032 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-05-29 18:39 - 2018-04-12 06:38 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-05-29 17:31 - 2018-04-12 06:36 - 000000000 ____D C:\Windows\INF
2018-05-29 16:59 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\AppReadiness
2018-05-29 05:13 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\NDF
2018-05-29 05:05 - 2018-04-12 06:38 - 000000000 ___HD C:\Windows\ELAMBKUP
2018-05-29 04:35 - 2018-04-12 04:04 - 000524288 _____ C:\Windows\system32\config\BBI
2018-05-29 02:12 - 2018-04-12 16:20 - 000000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2018-05-28 20:29 - 2018-04-12 06:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-27 20:16 - 2018-04-12 06:30 - 000000000 ____D C:\Windows\CbsTemp
2018-05-27 07:28 - 2018-04-12 16:37 - 000000000 ____D C:\Windows\Containers
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\zu-ZA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\yo-NG
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\xh-ZA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\wo-SN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\vi-VN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\uz-Latn-UZ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ur-PK
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ug-CN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\tt-RU
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\tn-ZA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\tk-TM
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ti-ET
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\tg-Cyrl-TJ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\te-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ta-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\sw-KE
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-RS
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-BA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\sq-AL
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\si-LK
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\sd-Arab-PK
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\rw-RW
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\quz-PE
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\quc-Latn-GT
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\prs-AF
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\pa-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\pa-Arab-PK
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\or-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\nso-ZA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\nn-NO
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ne-NP
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\mt-MT
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\mr-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\mn-MN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ml-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\mk-MK
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\mi-NZ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\lo-LA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\lb-LU
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ky-KG
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ku-Arab-IQ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\kok-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\kn-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\km-KH
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\kk-KZ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ka-GE
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\is-IS
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ig-NG
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\id-ID
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\hy-AM
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ha-Latn-NG
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\gu-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\gd-GB
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ga-IE
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\fil-PH
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\fa-IR
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\chr-CHER-US
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\cy-GB
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ca-ES-valencia
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\bs-Latn-BA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\bn-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\bn-BD
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\be-BY
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\az-Latn-AZ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\as-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\am-ET
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\af-ZA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\zu-ZA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\yo-NG
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\xh-ZA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\wo-SN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\vi-VN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\uz-Latn-UZ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ur-PK
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ug-CN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\tt-RU
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\tn-ZA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\tk-TM
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ti-ET
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\tg-Cyrl-TJ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\te-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\sw-KE
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\sr-Cyrl-RS
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\sr-Cyrl-BA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\sq-AL
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\sd-Arab-PK
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\rw-RW
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\quz-PE
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\quc-Latn-GT
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\prs-AF
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\pa-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\pa-Arab-PK
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\or-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\nso-ZA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\nn-NO
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ne-NP
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\mt-MT
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\mr-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\mn-MN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ml-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\mk-MK
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\mi-NZ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\lo-LA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\lb-LU
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ky-KG
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ku-Arab-IQ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\kok-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\kn-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\km-KH
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\kk-KZ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ka-GE
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\is-IS
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ig-NG
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\id-ID
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\hy-AM
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ha-Latn-NG
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\gu-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\gd-GB
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ga-IE
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\fil-PH
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\fa-IR
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\chr-CHER-US
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\cy-GB
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ca-ES-valencia
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\bs-Latn-BA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\bn-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\bn-BD
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\be-BY
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\az-Latn-AZ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\as-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\af-ZA
2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\TextInput
2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\SysWOW64\setup
2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\ta-in
2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\si-lk
2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\setup
2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\oobe
2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\appraiser
2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\am-et
2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\Provisioning
2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\bcastdvr
2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-05-27 04:14 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\appcompat
2018-05-26 18:31 - 2018-04-12 06:38 - 000000000 ____D C:\Program Files\Windows Defender
2018-05-26 17:16 - 2018-04-12 06:38 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2018-05-26 16:30 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\Help
2018-05-26 16:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2018-05-26 16:23 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\spool
2018-05-26 16:23 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-05-26 16:23 - 2018-04-12 06:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-05-26 16:19 - 2018-04-12 04:04 - 000032768 _____ C:\Windows\system32\config\ELAM
2018-05-24 01:22 - 2018-04-12 16:20 - 000456608 _____ (Khronos Group) C:\Windows\SysWOW64\opencl.dll
2018-05-23 05:00 - 2017-11-09 03:57 - 000044277 _____ C:\Windows\system32\nvinfo.pb
2018-05-02 04:22 - 2018-04-12 06:41 - 000835064 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-05-02 04:22 - 2018-04-12 06:41 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Some files in TEMP:
====================
2018-05-29 17:25 - 2018-05-29 05:16 - 011605440 _____ (SurfRight B.V.) C:\Users\su\AppData\Local\Temp\HitmanPro.exe
2018-05-29 03:59 - 2017-10-27 23:06 - 000370296 _____ (NVIDIA Corporation) C:\Users\su\AppData\Local\Temp\nvStInst.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-26 16:19
==================== End of FRST.txt ============================
Whats located in this drive
Trojan.Agent/Gen-Turkojan
D:\PM\DLCD.UTILITIES\HBCD\PROGRAMS\ANTIDEEPFREEZE4.EXE
Advanced recovery CD solution similar to Hiren's Boot DVD? - and how long have you had this program on your computer?
Trojan.Agent/Gen-Foreign
D:\PM\DLCD.UTILITIES\HBCD\PROGRAMS\EDITHOSTS.EXE
D:\PM\DLCD.UTILITIES\HBCD\PROGRAMS\TOTALCOMMANDER.EXE
Trojan.Agent/Gen-Siggen
D:\PM\DLCD.UTILITIES\HBCD\PROGRAMS\SOFTPERFECTNETWORKSCANNER.EXE
D:\PM\DLCD.UTILITIES\HBCD\PROGRAMS\TFTPD32.EXE
Whats been found above are the executable files to run the above program you downloaded to D: drive.
Couple of things
It's a false positive or, you downloaded this item from a site that also allowed malware to enter at the same time. But whats strange is, you haven't stated anything wrong with your computer.
In the scans you ran previously, were there any items found?
~~~~~~~~~~~~~~~~~~~~
Enabling System Restore in Windows 10 and Creating System Restore Point
--------------------
Press the Windows Key + R at the same time
Type sysdm.cpl and hit Enter
Click System Protection
Under Protection Settings left click on Local Disk C: (System) to highlight the entry
Click Configure
Select Turn on system protection
Click Apply, then OK
On the System Properties window Click Create...
Type SpyBot Help Restore Point then click Create.
~~~~~~~~~~~~~~~~`
Highlight the entire content of the quote box below and select Copy.
Start::
CloseProcesses:
CreateRestorePoint:
CustomCLSID: HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\su\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\su\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\su\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3166309138-43010382-2060014392-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3166309138-43010382-2060014392-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]
U3 aswMBR; C:\Users\su\AppData\Local\Temp\aswMBR.sys [62728 2018-05-29] () [File not signed] <==== ATTENTION
U3 aswVmm; C:\Users\su\AppData\Local\Temp\aswVmm.sys [224896 2018-05-29] () <==== ATTENTION
2018-05-29 17:25 - 2018-05-29 05:16 - 011605440 _____ (SurfRight B.V.) C:\Users\su\AppData\Local\Temp\HitmanPro.exe
2018-05-29 03:59 - 2017-10-27 23:06 - 000370296 _____ (NVIDIA Corporation) C:\Users\su\AppData\Local\Temp\nvStInst.exe
Emptytemp:
End::
Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://i.imgur.com/RQKuhw1.pngRogueKiller
Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply
In your next reply post
Fixlog.txt
RogueKiller
tienchien1
2018-05-29, 20:04
My system seems to behave incorrectly at some point in time, which is hard to tell, but it always repeats an infection process including the new operating system reinstallation format. And there are always malicious ips connecting to my system, I monitor which ip is connected, and check it in totalvirus, many of which are malicious ip.
D:\PM\DLCD.UTILITIES\HBCD\PROGRAMS\ANTIDEEPFREEZE4.EXE It was downloaded and saved to disk D :, which is my data disk. It is a rescue .iso file. I have not run this .iso file since the last operating system reinstall. I had it few months ago.
but it always repeats an infection process including the new operating system reinstallation format.
Are you reloading it from D:\PM\DLCD.UTILITIES\HBCD rescue disk you created?
If your asking SuperAntiSpyware to remove this and it doesn't or does it return?
malicious ips connecting to my system, I monitor which ip is connected, and check it in totalvirus, many of which are malicious ip.
What tool are you using to investigate malicious-ips?
Something I think that would be good to do now, is to reboot your router.
Did you run the scans Fixlog.txt -RogueKiller
tienchien1
2018-05-30, 06:29
Are you reloading it from D:\PM\DLCD.UTILITIES\HBCD rescue disk you created?
If your asking SuperAntiSpyware to remove this and it doesn't or does it return?
What tool are you using to investigate malicious-ips?
Something I think that would be good to do now, is to reboot your router.
Did you run the scans Fixlog.txt -RogueKiller
Sorry. this log files. The infection was cleared, and it did not come back. As mentioned, I use virustotal.com to check ip.
Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by su (30-05-2018 01:24:28) Run:1
Running from C:\Users\su\Desktop\ap
Loaded Profiles: su (Available Profiles: su)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
CustomCLSID: HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\su\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\su\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\su\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3166309138-43010382-2060014392-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3166309138-43010382-2060014392-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]
U3 aswMBR; C:\Users\su\AppData\Local\Temp\aswMBR.sys [62728 2018-05-29] () [File not signed] <==== ATTENTION
U3 aswVmm; C:\Users\su\AppData\Local\Temp\aswVmm.sys [224896 2018-05-29] () <==== ATTENTION
2018-05-29 17:25 - 2018-05-29 05:16 - 011605440 _____ (SurfRight B.V.) C:\Users\su\AppData\Local\Temp\HitmanPro.exe
2018-05-29 03:59 - 2017-10-27 23:06 - 000370296 _____ (NVIDIA Corporation) C:\Users\su\AppData\Local\Temp\nvStInst.exe
Emptytemp:
*****************
Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}" => removed successfully
"HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}" => removed successfully
"HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}" => removed successfully
"HKLM\SOFTWARE\Policies\Google" => removed successfully
"HKU\S-1-5-21-3166309138-43010382-2060014392-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-3166309138-43010382-2060014392-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKLM\System\CurrentControlSet\Services\NVHDA" => removed successfully
NVHDA => service removed successfully
aswMBR => service removed successfully
aswVmm => service removed successfully
"C:\Users\su\AppData\Local\Temp\HitmanPro.exe" => not found
"C:\Users\su\AppData\Local\Temp\nvStInst.exe" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39847115 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 475529 B
Edge => 14664270 B
Chrome => 138532076 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 6288 B
LocalService => 0 B
NetworkService => 32038 B
NetworkService => 0 B
su => 264737939 B
RecycleBin => 1874946063 B
EmptyTemp: => 2.2 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 01:24:47 ====
tienchien1
2018-05-30, 06:29
Roguekill log. Thanks!!!
RogueKiller V12.12.19.0 (x64) [May 28 2018] (Premium) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.17134) 64 bits version
Started in : Normal mode
User : su [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 05/30/2018 01:29:27 (Duration : 00:13:59)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 4 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3166309138-43010382-2060014392-1001\Software\Microsoft\Windows\CurrentVersion\Run | 1Password : "C:\Users\su\AppData\Local\1password\app\7\1Password.exe" /silent [7] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3166309138-43010382-2060014392-1001\Software\Microsoft\Windows\CurrentVersion\Run | 1Password : "C:\Users\su\AppData\Local\1password\app\7\1Password.exe" /silent [7] -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3166309138-43010382-2060014392-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3166309138-43010382-2060014392-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [https://google.com.vn] -> Found
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST4000DM000-1F2168 +++++
--- User ---
[MBR] bdbf642f7815e1d104249319214743bd
[BSP] 32468b9bbceed235b53e6e1f43cc2026 : Windows Vista/7/8 MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 264192 | Size: 3815318 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD10EZEX-07M2NA1 +++++
--- User ---
[MBR] 6f55a60693a1c7accad56a8e9314b89e
[BSP] e98a4e0a9d09745e7e06b13ce90d9b34 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: SAMSUNG MZVKW512HMJP-00000 +++++
--- User ---
[MBR] d842b42cf92bc1b7bc9065473ec2a0d4
[BSP] 402ae62735247d720795bdd9d76ad31c : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 499 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1024000 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1228800 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1261568 | Size: 487770 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
Did you allow RogueKiller to delete what it found?
What problems are you having now?
tienchien1
2018-05-31, 18:32
Did you allow RogueKiller to delete what it found?
What problems are you having now?
Very sorry did not reply soon.
I was scanned a program called "Adware Removal Tool". And here is the log file.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Adware Removal Tool 5.1
Time: 2018_05_30_22_08_00
OS: Windows 10 Enterprise - x64 Bit
Account Name: su
Adware Definition: 05302018
Elapsed time: 21:21
Scan Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\\\\\\\\\\\\
Browser: Chrome Found : PUP.taboola : C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Preferences
tienchien1
2018-05-31, 18:37
I have also been asked to repair this file, and I did. And continue the program suggested I should reset IE and chrome, and I did. And my system is currently working fine, but I still fear the infection will return.
And continue the program suggested I should reset IE and chrome, and I did. And my system is currently working fine, but I still fear the infection will return.
Sounds good.
And you rebooted your router?
Let's check for remnants
http://i.imgur.com/G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on http://i.imgur.com/G0tu5D9.pngstart emergency kit scanner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;
created by Aura
tienchien1
2018-06-01, 20:49
The Emsisoft Emergency Department does not detect any infection. But my browser seem to be under attack, now. With chrome, in the search, automatically add vn.yahoo.com, bing.com, ask.com, aol.com.
Let's try this
Export-Bookmarks-from-Chrome
https://www.wikihow.com/Export-Bookmarks-from-Chrome
Please download and install Revo Uninstaller Free (http://www.revouninstaller.com/)
Double click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove ==> Chrome
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.
Then, it can be reinstalled from
http://www.google.com/chrome/
+++++++++++++++
http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode
Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
https://i.imgur.com/V7SD4El.png
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
~~~~~~~~~~~~~~~~~~~~``
I'd like to see a fresh scan from Farbar Recovery Scan Tool (FRST)
Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
tienchien1
2018-06-02, 11:31
After deleting chrome, i can not reinstall, the message says unknown error during reinstall.
Also, while I use IE to post this article, Mbytes has already displayed a warning, and this is the content of that alert!!!!???
[QUOTE][/Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 6/2/18
Protection Event Time: 4:25 PM
Log File: dc17b9ca-6646-11e8-8784-2c4d544e0a6f.json
Administrator: Yes
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.5338
License: Trial
-System Information-
OS: Windows 10 (Build 17134.81)
CPU: x64
File System: NTFS
User: System
-Exploit Details-
File: 0
(No malicious items detected)
Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0
-Exploit Data-
Affected Application: Internet Explorer (and add-ons)
Protection Layer: Application Hardening
Protection Technique: Attempt to execute VBScript blocked
File Name: C:\Windows\SysWOW64\vbscript.dll
URL:
(end)QUOTE]
tienchien1
2018-06-02, 11:46
This is FRST file logs. Thanks!!!
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by su (02-06-2018 16:32:08)
Running from C:\Users\su\Desktop
Windows 10 Pro Version 1803 17134.81 (X64) (2018-05-26 09:22:21)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3166309138-43010382-2060014392-500 - Administrator - Enabled)
DefaultAccount (S-1-5-21-3166309138-43010382-2060014392-503 - Limited - Disabled)
Guest (S-1-5-21-3166309138-43010382-2060014392-501 - Limited - Enabled)
su (S-1-5-21-3166309138-43010382-2060014392-1001 - Administrator - Enabled) => C:\Users\su
WDAGUtilityAccount (S-1-5-21-3166309138-43010382-2060014392-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1Password (HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\{507707B9-C68C-4986-A4AD-F25B24C152FA}_is1) (Version: 7.0.558 - AgileBits Inc.)
7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.54.32003 - Electronic Arts)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BWMeter (HKLM-x32\...\BWMeter) (Version: 7.4.0 - DeskSoft)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 397.93 - NVIDIA Corporation) Hidden
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Hỗ trợ Ứng dụng Apple (32 bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
Hỗ trợ Ứng dụng Apple (64 bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.)
Imaging And Configuration Designer (HKLM-x32\...\{E0F2B4CC-8551-9304-84E0-73535C1AA953}) (Version: 10.1.17134.1 - Microsoft) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{640DF567-A929-4B53-A730-CC6B012B16E4}) (Version: 12.7.5.9 - Apple Inc.)
Kits Configuration Installer (HKLM-x32\...\{C690B2D9-0AA8-8CDA-965D-FED648C3EF9C}) (Version: 10.1.17134.1 - Microsoft) Hidden
LastPass (chỉ gỡ bỏ) (HKLM-x32\...\LastPass) (Version: - LastPass)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
NiceHash Miner 2 0.2.4 (only current user) (HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\08059810-bc78-5c10-942c-2092eebb5ec8) (Version: 0.2.4 - NiceHash d.o.o)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA Graphics Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 397.93 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.19.61985 - Electronic Arts, Inc.)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.3.0531.053017 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Samsung NVM Express Driver (HKLM-x32\...\{bfb0503a-76b9-415a-b0a3-dd55d2a01ebe}) (Version: 3.0.0.1802 - Samsung Electronics)
Samsung NVM Express Driver 3.0.0.1802 (HKLM\...\{03FE2BA9-9538-4195-83E3-09B43901141E}) (Version: 3.0.0.1802 - Samsung Electronics Co., Ltd) Hidden
Toolkit Documentation (HKLM-x32\...\{563689A6-D95B-EA6D-665F-97959643E0DB}) (Version: 10.1.17134.1 - Microsoft) Hidden
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.12 - Ghisler Software GmbH)
VietPN 1.3 (HKLM-x32\...\VietPN) (Version: 1.3 - )
VMware Workstation (HKLM\...\{E374BA09-9CD0-4F58-90EE-F8C1488BC81E}) (Version: 14.0.0 - VMware, Inc.)
Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{d794748d-72e9-45d7-9ab7-83d6c4c80f7f}) (Version: 10.1.17134.1 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-05-12] (Tonec Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2017-09-18] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2017-09-18] (VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-05-23] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0909468B-6D79-4FA4-8312-D01D077ADEAE} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-23] (NVIDIA Corporation)
Task: {0C639D82-FF21-4296-A972-D75D6828A80F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-02] (Google Inc.)
Task: {3DEF727F-AD79-41D9-A3A0-1A05A4251C42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-02] (Google Inc.)
Task: {45E2AB1D-5664-431C-A3EC-444C57E16C48} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-23] (NVIDIA Corporation)
Task: {46E21CC1-D28E-40D4-9237-F37B82BAD8E6} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-05-23] (NVIDIA Corporation)
Task: {528D1B22-C808-4368-B275-AC15054E6F82} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {584097E1-44C4-4D0C-A6C0-C319A4D1AA7E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {936B5146-4343-4333-AED4-AF8B9905A4F8} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-23] (NVIDIA Corporation)
Task: {AEA9B189-DC03-4B46-BA00-E86D417D9247} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-23] (NVIDIA Corporation)
Task: {BA82B92C-E6E2-495A-AF08-9BA61CF44888} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {C1E362E5-5D58-4C7C-95CC-943402E0352C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-23] (NVIDIA Corporation)
Task: {D7EFF0CD-2A80-4581-81A5-F86607560B19} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-23] (NVIDIA Corporation)
Task: {EAE43702-3393-4273-A484-0196DDFB92A8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {F25945CE-0E36-497E-8D92-526AD813981E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-05-26 16:30 - 2018-05-23 02:58 - 000137856 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-04-12 06:34 - 2018-04-12 06:34 - 000444416 _____ () c:\windows\system32\SSDM.dll
2018-05-15 18:59 - 2018-05-15 18:59 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-05-15 18:58 - 2018-05-15 18:58 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-05-28 18:59 - 2018-05-28 18:59 - 000125440 _____ () C:\Program Files (x86)\BWMeter\BWMeterConSvc.exe
2018-05-30 22:04 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-05-30 22:04 - 2018-04-30 12:54 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-12 06:34 - 2018-04-12 06:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 06:34 - 2018-04-12 06:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 06:34 - 2018-04-12 06:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-12 06:34 - 2018-04-12 06:34 - 000491744 _____ () C:\Windows\SYSTEM32\inputhost.dll
2017-09-18 06:33 - 2017-09-18 06:33 - 014344168 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2018-05-30 15:32 - 2018-05-30 15:32 - 000283888 _____ () C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
2018-04-12 06:35 - 2018-04-12 16:20 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-06-01 01:48 - 2018-06-01 01:48 - 027118080 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-05-26 16:44 - 2018-05-26 16:44 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-05-26 16:44 - 2018-05-26 16:44 - 006748672 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-04-12 16:23 - 2018-04-12 16:23 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-26 16:44 - 2018-05-26 16:44 - 009358848 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-05-22 22:09 - 2018-05-22 22:09 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-05-22 22:08 - 2018-05-22 22:08 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-05-30 15:32 - 2018-05-30 15:32 - 000292080 _____ () C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service Process.exe
2018-05-30 16:18 - 2018-05-30 16:18 - 000428272 _____ () C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
2018-05-27 07:36 - 2018-05-27 07:36 - 000021824 _____ () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
2018-05-26 16:45 - 2018-05-26 16:45 - 000084992 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-05-26 16:45 - 2018-05-26 16:45 - 001873120 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-30 22:57 - 2018-06-01 01:48 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-05-30 22:57 - 2018-06-01 01:48 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-05-26 16:45 - 2018-05-26 16:47 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-05-30 22:57 - 2018-06-01 01:48 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-05-30 22:57 - 2018-05-30 22:57 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-05-26 16:45 - 2018-05-26 16:47 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-05-30 22:57 - 2018-06-01 01:48 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-05-26 16:45 - 2018-05-26 16:47 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-05-30 22:57 - 2018-06-01 01:48 - 014850560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-05-30 22:57 - 2018-05-30 22:57 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-05-30 22:57 - 2018-05-30 22:57 - 003265536 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-05-30 22:57 - 2018-06-01 01:48 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-05-30 22:57 - 2018-06-01 01:48 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-30 22:57 - 2018-05-30 22:57 - 000103424 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\BendRealityNode.dll
2018-05-30 22:57 - 2018-06-01 01:48 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-04-12 16:24 - 2018-04-12 16:24 - 000043008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2018-05-30 22:57 - 2018-06-01 01:48 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\SKU.dll
2018-06-02 16:22 - 2014-08-23 16:24 - 000521216 _____ () C:\Users\su\AppData\Local\Temp\7zOC9DCF40A\UniKeyNT.exe
2017-09-18 06:24 - 2017-09-18 06:24 - 000084456 _____ () C:\Program Files (x86)\VMware\VMware Workstation\zlib1.dll
2017-09-18 06:33 - 2017-09-18 06:33 - 000126952 _____ () C:\Program Files (x86)\VMware\VMware Workstation\expat.dll
2018-06-02 01:18 - 2018-05-30 15:29 - 000150768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.ChromaSDKWrapper.dll
2018-06-02 01:18 - 2018-05-30 15:29 - 000179440 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.NativeDeviceDetectionWrapper.dll
2018-06-02 01:18 - 2018-05-30 15:29 - 000202480 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.PowerPlan.dll
2018-06-02 01:18 - 2018-05-30 15:55 - 000081648 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_AccelWinM.dll
2018-06-02 01:18 - 2018-05-30 15:29 - 000129776 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_KeyboardKeysWrapper.dll
2018-06-02 01:18 - 2018-05-30 15:55 - 000086256 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedCommon.dll
2018-06-02 01:18 - 2018-05-30 15:55 - 000299760 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedMacros.dll
2018-06-02 01:18 - 2018-05-30 15:55 - 000257264 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_MappingTypesM.dll
2018-06-02 01:18 - 2018-05-30 15:29 - 002278128 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_PowerSwitchWrapper.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000288496 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_Battery.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000581872 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_DeviceStatus.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000288496 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_DriverMode.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000150256 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_Mapping.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000572144 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_MappingBaseM.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000537840 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_OnboardMem.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000313584 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_PollingRate.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000327408 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_PowerManagement.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000334576 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_Sensitivity.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000408304 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_SurfaceCalBaseM.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000086768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_SurfaceCalPixart.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000291056 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_SwapMouseButtons.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000288496 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_Battery.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000581872 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_DeviceStatus.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000288496 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_DriverMode.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000150256 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_Mapping.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000572144 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_MappingBaseM.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000537840 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_OnboardMem.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000313584 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_PollingRate.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000327408 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_PowerManagement.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000334576 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_Sensitivity.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000408304 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_SurfaceCalBaseM.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000086768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_SurfaceCalPixart.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000291056 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_SwapMouseButtons.dll
2018-06-02 01:18 - 2018-05-18 17:54 - 000056048 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_KeyboardKeys.dll
2018-05-27 07:36 - 2018-05-27 07:36 - 000015360 _____ () C:\Program Files (x86)\Origin\libEGL.DLL
2018-05-27 07:36 - 2018-05-27 07:36 - 003090944 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2017-09-18 06:16 - 2017-09-18 06:16 - 000360424 _____ () C:\Program Files (x86)\VMware\VMware Workstation\pcre.dll
2018-05-19 06:58 - 2018-05-19 07:00 - 001005408 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.Core.dll
2018-05-19 06:58 - 2018-05-19 07:00 - 053444984 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libcef.dll
2018-05-30 16:16 - 2018-05-30 16:16 - 000135408 _____ () C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Common.Dependencies\RSy3_KeyboardKeysWrapper.dll
2018-05-19 06:58 - 2018-05-19 07:00 - 000691056 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.Core.dll
2018-05-19 06:58 - 2018-05-19 07:00 - 001984392 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libglesv2.dll
2018-05-19 06:58 - 2018-05-19 07:00 - 000082824 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libegl.dll
2018-05-30 01:00 - 2018-05-27 12:43 - 001022864 _____ () C:\Users\su\AppData\Local\1password\app\7\x86\opw.dll
2018-05-30 01:00 - 2018-05-27 12:43 - 000806288 _____ () C:\Users\su\AppData\Local\1password\app\7\x86\e_sqlite3.dll
==================== Alternate Data Streams (Whitelisted) =========
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7865 more sites.
IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\123simsen.com -> www.123simsen.com
There are 7865 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-06-01 02:29 - 2018-05-30 00:31 - 000469086 ____R C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 ars.smartscreen.microsoft.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 blob.weather.microsoft.com
0.0.0.0 candycrushsoda.king.com
0.0.0.0 cdn.content.prod.cms.msn.com
0.0.0.0 cdn.onenote.net
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 client.wns.windows.com
0.0.0.0 client-s.gateway.messenger.live.com
0.0.0.0 clientconfig.passport.net
0.0.0.0 deploy.static.akamaitechnologies.com
0.0.0.0 device.auth.xboxlive.com
0.0.0.0 dmd.metaservices.microsoft.com
0.0.0.0 dns.msftncsi.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 feedback.windows.com
0.0.0.0 img-s-msn-com.akamaized.net
0.0.0.0 insiderppe.cloudapp.net
0.0.0.0 licensing.mp.microsoft.com
0.0.0.0 mediaredirect.microsoft.com
0.0.0.0 msftncsi.com
0.0.0.0 officeclient.microsoft.com
0.0.0.0 oneclient.sfx.ms
0.0.0.0 pti.store.microsoft.com
0.0.0.0 query.prod.cms.rt.microsoft.com
0.0.0.0 register.cdpcs.microsoft.com
0.0.0.0 s0.2mdn.net
There are 15947 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3166309138-43010382-2060014392-1001\Control Panel\Desktop\\Wallpaper -> c:\users\su\appdata\roaming\microsoft\windows photo viewer\windows photo viewer wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{3030A960-5C5C-433F-BA3F-9DEAD4127B06}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{6FAC97B4-08BB-4CBC-A7FC-E83DDE5455F7}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{2D90EBA7-6D44-44B7-9369-AF1B30977BD5}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{58055FDC-2834-4271-A573-0652351054EA}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe
FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
FirewallRules: [{7B0A0916-E6E7-4727-94CB-52A349164DA9}] => (Block) C:\Windows\explorer.exe
FirewallRules: [TCP Query User{3A60E526-4745-445C-BA06-1E3C6B4D0C9D}C:\users\su\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\su\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{4D48AF23-55D3-446E-AC37-14E3C0B2BDC6}C:\users\su\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\su\appdata\local\akamai\netsession_win.exe
FirewallRules: [{1639C557-AAA0-4E7E-A943-AF5834D4C87A}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{0EA16C29-FF6B-417F-926E-6579F27DBF0A}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{F3FDA53D-90E1-4B1C-B71A-2610AADCD916}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{016C0DD8-D7F8-4458-A66A-71FE57AFE91C}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [TCP Query User{E4E9AA75-89DF-4517-8BEB-3A744BD6BD83}D:\pm\mpc-hcportable\app\mpc-hc\mpc-hc.exe] => (Allow) D:\pm\mpc-hcportable\app\mpc-hc\mpc-hc.exe
FirewallRules: [UDP Query User{33A96792-5BCC-468B-83BD-246764F95AF0}D:\pm\mpc-hcportable\app\mpc-hc\mpc-hc.exe] => (Allow) D:\pm\mpc-hcportable\app\mpc-hc\mpc-hc.exe
FirewallRules: [TCP Query User{130D2313-C5C1-439E-9478-BDF608B6B7F6}C:\program files (x86)\origin games\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\origin games\battlefield 1\bf1.exe
FirewallRules: [UDP Query User{4BB9A111-3CDB-4D62-B181-3DC66639C599}C:\program files (x86)\origin games\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\origin games\battlefield 1\bf1.exe
FirewallRules: [{42A4F09F-5AAD-4ED8-873C-B28362F4C2CB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{EEC26354-739E-40E5-8E87-93F80C69122D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4E29F2E9-9264-4D36-BB65-5ADA322C7651}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{72A54139-3A7D-47C0-8C55-556EFE14F1D3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FDCA43CF-844D-49B7-9EB8-B9390ED8CC83}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7DB0EBEA-73DA-4BC8-BA42-F3D5DF54CEC7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{77B9B086-3BFB-4985-AE8E-A1D34D8A808D}C:\program files (x86)\vietpn\vietpnd.exe] => (Allow) C:\program files (x86)\vietpn\vietpnd.exe
FirewallRules: [UDP Query User{7A79921D-A370-4B2E-A3AC-094569CC8890}C:\program files (x86)\vietpn\vietpnd.exe] => (Allow) C:\program files (x86)\vietpn\vietpnd.exe
FirewallRules: [{DB06422A-34ED-451E-B301-3F39E9DFB8BB}] => (Block) C:\program files (x86)\vietpn\vietpnd.exe
FirewallRules: [{E30B4256-35A2-46B0-AC68-737341F38B22}] => (Block) C:\program files (x86)\vietpn\vietpnd.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/01/2018 11:50:06 PM) (Source: MsiInstaller) (EventID: 10005) (User: DESKTOP-DJNK2QJ)
Description: Product: Tweakui Powertoy for Windows XP -- The powertoys require Windows XP or a service pack. They will not function on a version of Windows earlier or later than Windows XP.
Error: (06/01/2018 04:34:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CustomDesktopLogo.exe, version: 2.2.0.0, time stamp: 0x48fd123e
Faulting module name: KERNELBASE.dll, version: 6.2.17134.1, time stamp: 0x149ab0fd
Exception code: 0xc0020001
Fault offset: 0x0010d722
Faulting process id: 0x%9
Faulting application start time: 0xCustomDesktopLogo.exe0
Faulting application path: CustomDesktopLogo.exe1
Faulting module path: CustomDesktopLogo.exe2
Report Id: CustomDesktopLogo.exe3
Faulting package full name: CustomDesktopLogo.exe4
Faulting package-relative application ID: CustomDesktopLogo.exe5
Error: (06/01/2018 03:06:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Razer Synapse Service Process.exe, version: 1.0.0.0, time stamp: 0x5b0e60c4
Faulting module name: KERNELBASE.dll, version: 10.0.17134.1, time stamp: 0x149ab0fd
Exception code: 0xe0434352
Fault offset: 0x0010d722
Faulting process id: 0x2b48
Faulting application start time: 0x01d3f97d85034db8
Faulting application path: C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service Process.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: d5914b41-bc38-4fbc-b4f0-6c17203ba132
Faulting package full name:
Faulting package-relative application ID:
Error: (06/01/2018 03:06:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Razer Synapse Service Process.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
at System.Diagnostics.Process.EnsureState(State)
at System.Diagnostics.Process.get_ProcessName()
at Synapse3.UserInteractive.ForegroundWindowMonitor.ProcessExecutablePath(System.Diagnostics.Process, IntPtr)
at Synapse3.UserInteractive.ForegroundWindowMonitor.EventCallback(IntPtr, Int32, IntPtr, Int32, Int32, Int32, Int32)
Error: (06/01/2018 02:04:45 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetVolumeComponents. hr = 0x80073bc3, The requested system device cannot be found.
.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {fa75aa4d-6dda-4343-8087-260c79df12d6}
Error: (06/01/2018 01:35:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Razer Synapse Service Process.exe, version: 1.0.0.0, time stamp: 0x5b0e60c4
Faulting module name: KERNELBASE.dll, version: 10.0.17134.1, time stamp: 0x149ab0fd
Exception code: 0xe0434352
Fault offset: 0x0010d722
Faulting process id: 0x26b8
Faulting application start time: 0x01d3f95692c36b99
Faulting application path: C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service Process.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: bee87be1-d052-4bfa-bc31-3cf686897740
Faulting package full name:
Faulting package-relative application ID:
Error: (06/01/2018 01:35:25 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Razer Synapse Service Process.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentException
at System.Diagnostics.Process.GetProcessById(Int32, System.String)
at System.Diagnostics.Process.GetProcessById(Int32)
at Synapse3.UserInteractive.ForegroundWindowMonitor.EventCallback(IntPtr, Int32, IntPtr, Int32, Int32, Int32, Int32)
Error: (06/01/2018 02:31:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CustomDesktopLogo.exe, version: 2.2.0.0, time stamp: 0x48fd123e
Faulting module name: KERNELBASE.dll, version: 6.2.17134.1, time stamp: 0x149ab0fd
Exception code: 0xc0020001
Fault offset: 0x0010d722
Faulting process id: 0x%9
Faulting application start time: 0xCustomDesktopLogo.exe0
Faulting application path: CustomDesktopLogo.exe1
Faulting module path: CustomDesktopLogo.exe2
Report Id: CustomDesktopLogo.exe3
Faulting package full name: CustomDesktopLogo.exe4
Faulting package-relative application ID: CustomDesktopLogo.exe5
System errors:
=============
Error: (06/02/2018 04:18:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (06/02/2018 04:18:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.
Error: (06/02/2018 04:18:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (06/02/2018 04:18:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.
Error: (06/02/2018 04:18:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (06/02/2018 04:18:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.
Error: (06/02/2018 04:18:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (06/02/2018 04:18:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.
Windows Defender:
===================================
Date: 2018-06-02 15:59:15.566
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8B0B0FFB-24B9-4254-8B98-10051DE06DD7}
Scan Type: Antimalware
Scan Parameters: Full Scan
Date: 2018-06-02 00:00:13.368
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3F3A1C73-5B11-49CC-B34E-6EC77F722EAF}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-05-30 13:55:34.360
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {7DCF50F0-C2C1-4CD3-90E6-6AC54C11CCE3}
Scan Type: Antimalware
Scan Parameters: Full Scan
Date: 2018-05-30 13:37:27.878
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {CF285581-C7E5-40F4-8ADC-9FB7A34862DA}
Scan Type: Antimalware
Scan Parameters: Full Scan
Date: 2018-05-29 03:57:21.811
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3FEF6413-E874-4D63-96F9-42D1F465834D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-06-01 14:51:28.949
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.269.448.0
Previous Signature Version: 1.269.435.0
Update Source: User
Signature Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.14901.4
Previous Engine Version: 1.1.14901.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2018-06-01 14:51:28.948
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.269.448.0
Previous Signature Version: 1.269.435.0
Update Source: User
Signature Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.14901.4
Previous Engine Version: 1.1.14901.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2018-06-02 16:01:31.289
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-06-02 16:01:31.289
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-06-02 03:15:47.478
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-06-02 03:15:47.477
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-06-02 00:19:09.382
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-06-02 00:19:09.382
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-06-01 18:49:14.875
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-06-01 18:49:14.853
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 23%
Total physical RAM: 16322.48 MB
Available physical RAM: 12550.19 MB
Total Virtual: 19246.59 MB
Available Virtual: 12904.53 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:476.34 GB) (Free:100.5 GB) NTFS
Drive d: (Data) (Fixed) (Total:3725.9 GB) (Free:2464.14 GB) NTFS
\\?\Volume{4192b70e-9890-486e-8592-8781fb3a2028}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.13 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 3726 GB) (Disk ID: 078C078C)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: BC46E3C2)
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: 9CE9E907)
Partition: GPT.
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by su (administrator) on DESKTOP-DJNK2QJ (02-06-2018 16:31:46)
Running from C:\Users\su\Desktop
Loaded Profiles: su (Available Profiles: su)
Platform: Windows 10 Pro Version 1803 17134.81 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\BWMeter\BWMeterConSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\MsMpEng.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
() C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Inside Core) C:\Users\su\Desktop\AutoRunExterminator.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
() C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service Process.exe
() C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AgileBits Inc.) C:\Users\su\AppData\Local\1password\app\7\1Password.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Eric Wong) D:\PM\Custom_Desktop_Logo_V2.1\CustomDesktopLogo.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Users\su\AppData\Local\Temp\7zOC9DCF40A\UniKeyNT.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-06-29] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc.)
HKLM\...\Run: [AutoRunExterminator] => C:\Users\su\Desktop\AutoRunExterminator.exe [47104 2010-05-13] (Inside Core)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [115688 2017-09-18] (VMware, Inc.)
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <==== ATTENTION
HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4113520 2018-05-16] (Tonec Inc.)
HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3106600 2018-05-27] (Electronic Arts)
HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Policies\Explorer: [NoViewContextMenu] 0
Startup: C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe Tray Agent.lnk [2018-06-01]
ShortcutTarget: Wipe Tray Agent.lnk -> C:\Program Files\Wipe\Wipe.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{bdf511b5-4f08-47e5-89c6-2de410c037f2}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-21-3166309138-43010382-2060014392-1001\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\
HKU\S-1-5-21-3166309138-43010382-2060014392-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://google.com.vn/
SearchScopes: HKU\S-1-5-21-3166309138-43010382-2060014392-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2018-05-15] (Internet Download Manager, Tonec Inc.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2018-05-27] (LastPass)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2018-05-15] (Internet Download Manager, Tonec Inc.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2018-05-27] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2018-05-27] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2018-05-27] (LastPass)
FireFox:
========
FF HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\su\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\su\AppData\Roaming\IDM\idmmzcc5 [2018-05-27] [Legacy] [not signed]
FF HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-05-27] (LastPass)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-05-27] (LastPass)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-02] (Google Inc.)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-05-16]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-05-16]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc.)
R2 BWMeterConSvc; C:\Program Files (x86)\BWMeter\BWMeterConSvc.exe [125440 2018-05-28] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2201920 2018-05-27] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3072328 2018-05-27] (Electronic Arts)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [147792 2017-08-12] (Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [283888 2018-05-30] ()
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533376 2018-05-19] (Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14344168 2017-09-18] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-05-31] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-05-31] (Microsoft Corporation)
S3 Browser; %SystemRoot%\System32\browser.dll [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-06-01] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-06-02] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [44768 2018-06-02] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-02] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [103648 2018-06-02] (Malwarebytes)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\Windows\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-12] (Microsoft Corporation)
R1 MpKsl88eb1f5a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6DA36CB5-DE8E-418F-8A55-4130435DD19C}\MpKsl88eb1f5a.sys [58120 2018-06-02] (Microsoft Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys [17194584 2018-05-24] (NVIDIA Corporation)
R3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [49136 2018-04-16] (Razer Inc)
R3 RzDev_0062; C:\Windows\System32\drivers\RzDev_0062.sys [51696 2018-04-23] (Razer Inc)
R0 secnvme; C:\Windows\System32\drivers\secnvme.sys [134120 2018-02-13] (Samsung Electronics Co., Ltd)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [152064 2018-04-12] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-05-30] ()
R1 vmkbd3; C:\Windows\system32\DRIVERS\vmkbd.sys [52288 2017-09-18] (VMware, Inc.)
R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2017-09-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [38376 2017-05-05] (VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46072 2018-05-31] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [313384 2018-05-31] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [61992 2018-05-31] (Microsoft Corporation)
S3 WIMMount; C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [35744 2018-04-10] (Microsoft Corporation)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-06-01] (Zemana Ltd.)
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-06-02 16:31 - 2018-06-02 16:31 - 000015928 _____ C:\Users\su\Desktop\FRST.txt
2018-06-02 16:31 - 2018-06-02 16:31 - 000000000 ____D C:\FRST
2018-06-02 16:25 - 2018-06-02 16:25 - 002413056 _____ (Farbar) C:\Users\su\Desktop\FRST64.exe
2018-06-02 16:25 - 2018-06-02 16:25 - 000000789 _____ C:\Users\su\Desktop\New Text Document (5).txt
2018-06-02 16:22 - 2018-06-02 16:22 - 000001316 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnikeyNT.lnk
2018-06-02 16:21 - 2018-06-02 16:21 - 000000000 ____D C:\Users\su\AppData\LocalLow\Temp
2018-06-02 16:20 - 2018-06-02 16:20 - 000000000 ____D C:\AdwCleaner
2018-06-02 15:45 - 2018-06-02 15:50 - 000000000 ____D C:\Users\su\AppData\Local\Deployment
2018-06-02 15:45 - 2018-06-02 15:45 - 000003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-06-02 15:45 - 2018-06-02 15:45 - 000003382 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-06-02 15:45 - 2018-06-02 15:45 - 000000000 ____D C:\Users\su\AppData\Roaming\Adobe
2018-06-02 15:45 - 2018-06-02 15:45 - 000000000 ____D C:\Users\su\AppData\Local\Apps\2.0
2018-06-02 15:42 - 2018-06-02 15:42 - 000000000 _____ C:\Users\su\Desktop\New Text Document (4).txt
2018-06-02 15:40 - 2018-06-02 15:42 - 000001365 _____ C:\Users\su\Desktop\New Text Document (3).txt
2018-06-02 15:40 - 2018-06-02 15:40 - 000008813 _____ C:\Users\su\Desktop\bookmarks_02_06_2018.html
2018-06-02 08:14 - 2018-06-02 08:14 - 009215439 _____ C:\Users\su\AppData\Roaming\ICARE.LOG.OLD
2018-06-02 01:51 - 2018-06-02 13:09 - 000000000 ____D C:\Users\su\Desktop\New folder
2018-06-02 00:54 - 2018-06-02 00:54 - 000000099 _____ C:\Users\su\Desktop\New Text Document (2).txt
2018-06-02 00:05 - 2018-06-02 00:05 - 000000000 ____D C:\Program Files\Samsung
2018-06-01 23:50 - 2018-06-01 23:50 - 000000000 ____D C:\Windows\Downloaded Installations
2018-06-01 22:20 - 2018-06-01 22:20 - 000000000 ____D C:\Users\su\.QtWebEngineProcess
2018-06-01 22:20 - 2018-06-01 22:20 - 000000000 ____D C:\Users\su\.Origin
2018-06-01 15:06 - 2018-06-01 15:06 - 000000000 ____D C:\Users\su\AppData\Local\CrashDumps
2018-06-01 14:32 - 2018-06-01 14:32 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2018-06-01 13:18 - 2018-06-02 16:31 - 000237612 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-06-01 13:18 - 2018-06-01 14:52 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-06-01 13:18 - 2018-06-01 14:04 - 001275116 _____ C:\Windows\ZAM.krnl.trace
2018-06-01 13:18 - 2018-06-01 13:18 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2018-06-01 12:59 - 2018-06-01 12:59 - 000000000 ____D C:\Windows\System32\Tasks\Apple
2018-06-01 10:13 - 2018-06-02 07:21 - 000103648 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-06-01 10:13 - 2018-06-02 01:18 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-06-01 10:13 - 2018-06-02 01:18 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-06-01 10:13 - 2018-06-02 01:18 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-06-01 10:13 - 2018-06-01 10:13 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-06-01 02:03 - 2018-06-01 23:48 - 000000000 __RHD C:\Users\su\Desktop\su
2018-06-01 01:40 - 2018-06-01 01:40 - 000000056 _____ C:\Users\su\Desktop\New Text Document.txt
2018-06-01 01:24 - 2010-05-13 14:53 - 000047104 _____ (Inside Core) C:\Users\su\Desktop\AutoRunExterminator.exe
2018-05-31 19:59 - 2018-05-31 19:59 - 000000000 ____D C:\Users\su\AppData\Local\CEF
2018-05-31 19:30 - 2018-05-31 19:30 - 000001630 _____ C:\Users\Public\Desktop\Razer Synapse.lnk
2018-05-31 19:30 - 2018-05-31 19:30 - 000001630 _____ C:\ProgramData\Desktop\Razer Synapse.lnk
2018-05-31 19:30 - 2018-05-31 19:30 - 000000000 ____D C:\Users\su\AppData\Roaming\Synapse3
2018-05-31 19:30 - 2018-05-31 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2018-05-31 19:28 - 2018-05-31 19:28 - 000000000 ____D C:\Users\su\AppData\Local\Razer
2018-05-31 17:46 - 2018-05-31 17:46 - 000000000 ____D C:\Windows\ERUNT
2018-05-31 17:45 - 2018-05-31 17:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-30 23:59 - 2018-05-30 23:59 - 000000000 ____D C:\Users\su\AppData\Local\Apple Computer
2018-05-30 23:30 - 2018-05-30 23:30 - 000000946 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2018-05-30 23:30 - 2018-05-30 23:30 - 000000898 _____ C:\Users\su\Desktop\Start Tor Browser.lnk
2018-05-30 23:29 - 2018-05-30 23:29 - 000000000 ____D C:\Users\su\Desktop\Tor Browser
2018-05-30 22:40 - 2018-05-30 22:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2018-05-30 22:40 - 2018-05-30 22:40 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2018-05-30 22:08 - 2018-05-30 22:08 - 000290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2018-05-30 22:04 - 2018-05-31 17:45 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-05-30 22:04 - 2018-05-31 17:45 - 000001912 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2018-05-30 22:04 - 2018-05-31 17:45 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-30 22:04 - 2018-05-30 22:04 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-30 22:04 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-05-30 20:39 - 2018-05-31 22:19 - 000000000 ____D C:\Program Files (x86)\VietPN
2018-05-30 20:39 - 2018-05-30 23:05 - 000001048 _____ C:\Users\su\Desktop\VietPN.lnk
2018-05-30 20:39 - 2018-05-30 20:39 - 000000000 ____D C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VietPN
2018-05-30 20:29 - 2018-05-30 23:59 - 000000000 ____D C:\Users\su\AppData\Roaming\Apple Computer
2018-05-30 20:04 - 2018-05-30 20:04 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-05-30 20:04 - 2018-05-30 20:04 - 000001816 _____ C:\ProgramData\Desktop\iTunes.lnk
2018-05-30 20:04 - 2018-05-30 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-05-30 20:04 - 2018-05-30 20:04 - 000000000 ____D C:\ProgramData\Apple Computer
2018-05-30 20:04 - 2018-05-30 20:04 - 000000000 ____D C:\Program Files\iTunes
2018-05-30 20:04 - 2018-05-30 20:04 - 000000000 ____D C:\Program Files\iPod
2018-05-30 20:03 - 2018-06-01 12:59 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-05-30 20:03 - 2018-05-30 20:03 - 000000000 ____D C:\Users\su\AppData\Local\Apple
2018-05-30 20:03 - 2018-05-30 20:03 - 000000000 ____D C:\ProgramData\Apple
2018-05-30 20:03 - 2018-05-30 20:03 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-05-30 20:03 - 2018-05-30 20:03 - 000000000 ____D C:\Program Files\Bonjour
2018-05-30 20:03 - 2018-05-30 20:03 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-05-30 20:03 - 2018-05-30 20:03 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-05-30 19:49 - 2018-05-30 20:15 - 000000000 ____D C:\Users\su\AppData\Local\ElevatedDiagnostics
2018-05-30 13:38 - 2018-05-30 13:38 - 000002259 _____ C:\Windows\epplauncher.mif
2018-05-30 12:14 - 2018-05-30 22:49 - 000000000 ____D C:\Temp
2018-05-30 01:28 - 2018-06-02 01:17 - 000000000 ____D C:\ProgramData\RogueKiller
2018-05-30 01:00 - 2018-05-30 01:00 - 000001302 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\1Password.lnk
2018-05-30 00:35 - 2018-05-30 00:35 - 000000000 ___HD C:\Users\su\MicrosoftEdgeBackups
2018-05-30 00:34 - 2018-06-01 20:37 - 000000000 ____D C:\Users\su\Documents\Virtual Machines
2018-05-30 00:33 - 2018-06-02 12:34 - 000000000 ____D C:\Users\su\AppData\Roaming\VMware
2018-05-30 00:33 - 2018-06-02 12:34 - 000000000 ____D C:\Users\su\AppData\Local\VMware
2018-05-30 00:33 - 2017-09-18 06:33 - 001134056 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2018-05-30 00:33 - 2017-09-18 06:32 - 000402408 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2018-05-30 00:33 - 2017-09-18 06:32 - 000367080 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2018-05-30 00:33 - 2017-09-18 06:32 - 000134104 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll
2018-05-30 00:33 - 2017-09-18 06:32 - 000043992 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2018-05-30 00:33 - 2017-09-18 06:21 - 000095704 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2018-05-30 00:33 - 2017-09-18 06:21 - 000052288 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmkbd.sys
2018-05-30 00:33 - 2017-09-05 04:54 - 000091712 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2018-05-30 00:33 - 2017-09-05 04:54 - 000069104 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2018-05-30 00:33 - 2017-09-05 04:54 - 000065016 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2018-05-30 00:33 - 2017-08-31 01:11 - 000083008 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2018-05-30 00:32 - 2018-06-02 01:18 - 000000000 ____D C:\ProgramData\VMware
2018-05-30 00:32 - 2018-05-30 00:32 - 000856456 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-05-30 00:32 - 2018-05-30 00:32 - 000001276 _____ C:\Users\Public\Desktop\VMware Workstation Pro.lnk
2018-05-30 00:32 - 2018-05-30 00:32 - 000001276 _____ C:\ProgramData\Desktop\VMware Workstation Pro.lnk
2018-05-30 00:32 - 2018-05-30 00:32 - 000001024 _____ C:\Windows\SysWOW64\%TMP%
2018-05-30 00:32 - 2018-05-30 00:32 - 000000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2018-05-30 00:32 - 2018-05-30 00:32 - 000000000 ____D C:\ProgramData\Documents\Shared Virtual Machines
2018-05-30 00:32 - 2018-05-30 00:32 - 000000000 ____D C:\Program Files\Common Files\VMware
2018-05-30 00:32 - 2018-05-30 00:32 - 000000000 ____D C:\Program Files (x86)\VMware
2018-05-29 23:37 - 2018-05-29 23:41 - 000001116 _____ C:\Users\su\Desktop\Total Commander 64 bit.lnk
2018-05-29 23:36 - 2018-05-30 00:04 - 000000000 ____D C:\Program Files (x86)\totalcmd
2018-05-29 23:36 - 2018-05-29 23:36 - 000000000 ____D C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2018-05-29 23:31 - 2018-05-29 23:34 - 000000000 ____D C:\Users\su\AppData\Local\GHISLER
2018-05-29 23:29 - 2018-05-29 23:47 - 000000000 ____D C:\Users\su\AppData\Roaming\GHISLER
2018-05-29 22:47 - 2018-05-30 20:26 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-05-29 22:47 - 2018-05-29 22:47 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-05-29 21:28 - 2018-05-29 21:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-05-29 21:28 - 2018-05-29 21:28 - 000000000 ____D C:\Program Files\7-Zip
2018-05-29 20:40 - 2018-05-29 20:40 - 000000000 ___RD C:\Windows\PrintDialog
2018-05-29 20:40 - 2018-05-29 20:40 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2018-05-29 20:25 - 2018-05-29 20:25 - 000000950 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autoruns64.lnk
2018-05-29 20:25 - 2018-05-29 20:25 - 000000936 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\procexp64.lnk
2018-05-29 17:31 - 2018-05-30 00:28 - 000000000 ____D C:\Windows\Minidump
2018-05-29 04:13 - 2018-05-29 06:25 - 000000000 ____D C:\Users\su\AppData\Local\NVIDIA Corporation
2018-05-29 04:00 - 2018-05-29 04:00 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-29 04:00 - 2018-05-29 04:00 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-29 04:00 - 2018-05-29 04:00 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-29 04:00 - 2018-05-29 04:00 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-29 04:00 - 2018-05-29 04:00 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-29 04:00 - 2018-05-29 04:00 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-29 04:00 - 2018-05-29 04:00 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-29 04:00 - 2018-05-29 04:00 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-05-29 04:00 - 2018-05-29 04:00 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-05-29 04:00 - 2018-05-23 05:00 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2018-05-29 03:58 - 2018-05-24 01:21 - 040347168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 035250536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 031278392 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 025991448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 013727792 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 011273120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 004350392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 003760672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 002013784 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439793.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 001563584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 001467808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439793.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 001419296 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 001357000 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 001347480 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 001216952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 001157208 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 001092184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 001069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 001063400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 000904896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 000814424 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 000749472 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 000652344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 000634576 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 000627232 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 000608160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2018-05-29 03:58 - 2018-05-24 01:21 - 000518072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-05-29 03:58 - 2018-05-24 01:20 - 017784432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-05-29 03:58 - 2018-05-24 01:20 - 015195248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-05-29 03:58 - 2018-05-24 01:20 - 004855208 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-05-29 03:58 - 2018-05-24 01:20 - 004125048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-05-29 03:42 - 2018-05-29 03:42 - 000000020 ___SH C:\Users\su\ntuser.ini
2018-05-29 01:00 - 2018-05-29 01:00 - 000000000 ____D C:\ProgramData\YaraEditor
2018-05-28 21:16 - 2018-05-30 16:24 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-05-28 19:57 - 2018-05-29 04:53 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-05-28 19:57 - 2018-05-28 19:57 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-05-28 18:59 - 2018-05-28 18:59 - 000047152 _____ (DeskSoft) C:\Windows\system32\Drivers\dsnpfd.sys
2018-05-28 18:59 - 2018-05-28 18:59 - 000001884 _____ C:\Users\su\Desktop\BWMeter.lnk
2018-05-28 18:59 - 2018-05-28 18:59 - 000000000 ____D C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BWMeter
2018-05-28 18:59 - 2018-05-28 18:59 - 000000000 ____D C:\Users\su\AppData\Roaming\DeskSoft
2018-05-28 18:59 - 2018-05-28 18:59 - 000000000 ____D C:\Program Files (x86)\BWMeter
2018-05-27 18:55 - 2018-05-27 18:55 - 000000000 ____D C:\Users\su\AppData\Roaming\MPC-HC
2018-05-27 18:53 - 2018-05-27 18:58 - 000000000 ____D C:\Program Files\MPC-HC
2018-05-27 18:53 - 2018-05-27 18:53 - 000001745 _____ C:\Users\Public\Desktop\MPC-HC x64.lnk
2018-05-27 18:53 - 2018-05-27 18:53 - 000001745 _____ C:\ProgramData\Desktop\MPC-HC x64.lnk
2018-05-27 18:53 - 2018-05-27 18:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2018-05-27 13:06 - 2018-05-27 13:06 - 000000000 ____D C:\Users\su\AppData\Local\DBG
2018-05-27 09:55 - 2018-05-27 09:55 - 000000000 ____D C:\Users\su\AppData\Local\PeerDistRepub
2018-05-27 09:18 - 2018-05-27 09:18 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-05-27 09:18 - 2018-05-27 09:18 - 000000000 ____D C:\Program Files\MSBuild
2018-05-27 09:18 - 2018-05-27 09:18 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-05-27 09:18 - 2018-05-27 09:18 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-05-27 09:17 - 2018-03-05 16:07 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2018-05-27 09:17 - 2018-03-05 16:07 - 000103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-27 09:17 - 2018-03-05 16:07 - 000035456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2018-05-27 09:17 - 2018-02-14 16:21 - 001166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2018-05-27 09:17 - 2018-02-14 16:21 - 000124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-27 09:17 - 2018-02-14 16:21 - 000035456 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2018-05-27 09:16 - 2018-05-27 09:16 - 000000000 ____D C:\Users\su\Documents\Battlefield 1
2018-05-27 09:14 - 2018-05-27 09:14 - 000000824 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraISOPortable.lnk
2018-05-27 09:14 - 2018-05-27 09:14 - 000000756 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2018-05-27 09:13 - 2018-05-27 09:13 - 000000936 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\qBittorrentPortable.lnk
2018-05-27 09:13 - 2018-05-27 09:13 - 000000919 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RevoUPort.lnk
2018-05-27 09:13 - 2018-05-27 09:13 - 000000860 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mkvtoolnix-gui.lnk
2018-05-27 09:13 - 2018-05-27 09:13 - 000000825 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SubRip.lnk
2018-05-27 09:13 - 2018-05-27 09:13 - 000000777 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HWiNFO64.lnk
2018-05-27 09:13 - 2018-05-27 09:13 - 000000768 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tcpview.lnk
2018-05-27 09:12 - 2018-05-27 09:12 - 000000959 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CustomDesktopLogo.lnk
2018-05-27 09:12 - 2018-05-27 09:12 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-05-27 09:12 - 2018-05-27 09:12 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2018-05-27 09:12 - 2018-05-27 09:12 - 000000000 ____D C:\Program Files\Realtek
2018-05-27 09:12 - 2017-06-29 18:55 - 013122576 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 012988336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 006410088 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV3apo.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 005938904 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 005593608 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 003509256 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 003507688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 003410832 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 003299816 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 003122656 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 003092336 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 002190976 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 001435136 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 001382232 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 001347136 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 001337640 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 001016928 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000984912 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000965024 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000923736 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000877424 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000873456 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000868176 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000866640 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000852128 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000737960 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000691680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000677664 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000604792 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000532376 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000525768 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000467152 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000447712 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000387312 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000381408 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000343704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000341144 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000341144 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000231912 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000221960 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000214832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000209528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000192976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000166200 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000158696 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000151784 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000134200 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000110976 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000090912 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000088344 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000088312 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000084608 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000083624 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2018-05-27 09:12 - 2017-06-29 18:55 - 000075536 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 010536152 _____ (Intel Corporation) C:\Windows\system32\IntelSSTAPO.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 004059960 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 002291304 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 001780616 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 001591056 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 001422920 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 001334376 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 001213656 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 001166152 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000999848 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000727432 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000708312 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000680544 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000678176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000618184 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000514520 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000500552 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000428224 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000406448 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2APIPCLL.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000366120 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000360344 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000330552 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000203840 _____ (Harman) C:\Windows\system32\HMHVS.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000190928 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000190928 _____ (Harman) C:\Windows\system32\HMEQ.dll
2018-05-27 09:12 - 2017-06-29 18:54 - 000179592 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 005346992 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 002444680 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 001965808 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 001959600 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 001616680 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 001554600 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOProp.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 001529136 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64Proxy.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 001508928 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 001326424 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOv251.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 001170872 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOvlldp.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 000743960 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 000504304 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 000445392 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 000441264 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 000362048 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 000327448 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 000310416 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 000272712 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 000253896 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 000253864 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2018-05-27 09:12 - 2017-06-29 18:53 - 000252872 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2018-05-27 09:12 - 2017-06-29 18:52 - 005826560 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2018-05-27 09:12 - 2017-06-29 18:52 - 003677160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2018-05-27 09:12 - 2017-06-29 18:52 - 003205120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2018-05-27 09:12 - 2017-06-29 18:52 - 002110592 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2018-05-27 09:12 - 2017-06-29 18:52 - 000574752 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2018-05-27 09:12 - 2017-06-29 18:52 - 000258856 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2018-05-27 09:12 - 2017-06-29 18:52 - 000118592 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 072520712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2018-05-27 09:12 - 2017-06-29 18:51 - 014057248 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 007172912 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 007096184 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 006264632 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 002210304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 002050176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 001186832 _____ (Intel Corporation) C:\Windows\system32\IntelSstCApoPropPage.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 001133064 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 001003856 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 000931616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 000416504 _____ (Harman) C:\Windows\system32\HMUI.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 000378384 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 000154360 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2018-05-27 09:12 - 2017-06-29 18:51 - 000023688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2018-05-27 09:12 - 2017-06-29 18:50 - 000122320 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2018-05-27 09:12 - 2017-06-29 18:50 - 000118584 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2018-05-27 09:12 - 2017-06-29 18:50 - 000105304 _____ C:\Windows\system32\audioLibVc.dll
2018-05-27 09:12 - 2017-06-29 03:05 - 012334923 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2018-05-27 09:12 - 2017-06-29 03:05 - 005804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2018-05-27 09:12 - 2017-06-29 03:05 - 001920870 _____ C:\Windows\system32\Drivers\rtkSSTsetting.dat
2018-05-27 09:10 - 2018-05-27 09:10 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-05-27 09:05 - 2018-05-27 09:05 - 000000000 ____D C:\ProgramData\Electronic Arts
2018-05-27 08:59 - 2018-06-02 01:08 - 000000000 ____D C:\Users\su\AppData\Local\IsolatedStorage
2018-05-27 08:59 - 2018-05-27 08:59 - 000000000 ____D C:\Users\su\AppData\Local\1password
2018-05-27 07:58 - 2018-05-27 07:58 - 000001243 _____ C:\Users\Public\Desktop\Battlefield 1.lnk
2018-05-27 07:58 - 2018-05-27 07:58 - 000001243 _____ C:\ProgramData\Desktop\Battlefield 1.lnk
2018-05-27 07:58 - 2018-05-27 07:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1
2018-05-27 07:47 - 2018-05-27 09:13 - 000000000 ____D C:\Windows\system32\DAX3
2018-05-27 07:47 - 2018-05-27 09:13 - 000000000 ____D C:\Windows\system32\DAX2
2018-05-27 07:47 - 2016-09-22 14:55 - 002839520 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2018-05-27 07:40 - 2018-05-27 07:40 - 000000000 ____D C:\Program Files (x86)\Origin Games
2018-05-27 07:39 - 2018-05-27 07:39 - 000001142 _____ C:\Users\Public\Desktop\My LastPass Vault.lnk
2018-05-27 07:39 - 2018-05-27 07:39 - 000001142 _____ C:\ProgramData\Desktop\My LastPass Vault.lnk
2018-05-27 07:39 - 2018-05-27 07:39 - 000000000 ____D C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2018-05-27 07:39 - 2018-05-27 07:39 - 000000000 ____D C:\Users\su\AppData\LocalLow\LastPass
2018-05-27 07:39 - 2018-05-27 07:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2018-05-27 07:39 - 2018-05-27 07:39 - 000000000 ____D C:\Program Files (x86)\LastPass
2018-05-27 07:36 - 2018-06-02 01:18 - 000000000 ____D C:\Users\su\AppData\Local\D3DSCache
2018-05-27 07:36 - 2018-05-27 07:36 - 000001062 _____ C:\Users\Public\Desktop\Origin.lnk
2018-05-27 07:36 - 2018-05-27 07:36 - 000001062 _____ C:\ProgramData\Desktop\Origin.lnk
2018-05-27 07:36 - 2018-05-27 07:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2018-05-27 07:36 - 2018-05-27 07:36 - 000000000 ____D C:\Program Files (x86)\Origin
2018-05-27 07:35 - 2018-06-02 16:22 - 000000000 ____D C:\Users\su\Downloads\Compressed
2018-05-27 07:35 - 2018-06-02 01:13 - 000000000 ____D C:\Users\su\AppData\Roaming\DMCache
2018-05-27 07:35 - 2018-06-01 22:58 - 000000000 ____D C:\Users\su\Downloads\Video
2018-05-27 07:35 - 2018-05-29 17:29 - 000000000 ____D C:\Users\su\AppData\Roaming\IDM
2018-05-27 07:35 - 2018-05-27 07:35 - 000001078 _____ C:\Users\su\Desktop\Internet Download Manager.lnk
2018-05-27 07:35 - 2018-05-27 07:35 - 000000000 ____D C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-05-27 07:35 - 2018-05-27 07:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-05-27 07:35 - 2018-05-27 07:35 - 000000000 ____D C:\ProgramData\IDM
2018-05-27 07:35 - 2018-05-27 07:35 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2018-05-27 07:34 - 2018-06-02 01:19 - 000000000 ____D C:\Users\su\AppData\Roaming\Origin
2018-05-27 07:34 - 2018-06-02 01:19 - 000000000 ____D C:\ProgramData\Origin
2018-05-27 07:34 - 2018-05-27 07:40 - 000000000 ____D C:\Users\su\AppData\Local\Origin
2018-05-27 07:33 - 2018-06-02 15:45 - 000000000 ____D C:\Program Files (x86)\Google
2018-05-26 17:16 - 2018-05-26 16:20 - 000000000 ____D C:\Windows\Panther
2018-05-26 16:44 - 2018-05-26 16:44 - 000000000 ____D C:\Users\su\AppData\Local\Comms
2018-05-26 16:34 - 2018-05-21 02:45 - 000308408 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-05-26 16:34 - 2018-05-21 02:45 - 000094104 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2018-05-26 16:34 - 2018-05-21 02:43 - 021389360 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-05-26 16:34 - 2018-05-21 02:42 - 001649760 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2018-05-26 16:34 - 2018-05-21 02:42 - 001634808 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2018-05-26 16:34 - 2018-05-21 02:42 - 000759192 _____ (Microsoft Corporation) C:\Windows\system32\LicensingWinRT.dll
2018-05-26 16:34 - 2018-05-21 02:27 - 012712960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-05-26 16:34 - 2018-05-21 02:27 - 000584192 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2018-05-26 16:34 - 2018-05-21 02:26 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\rasplap.dll
2018-05-26 16:34 - 2018-05-21 02:24 - 002084864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-05-26 16:34 - 2018-05-21 02:24 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\rdpshell.exe
2018-05-26 16:34 - 2018-05-21 02:23 - 004070400 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-05-26 16:34 - 2018-05-21 02:23 - 003655168 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2018-05-26 16:34 - 2018-05-21 02:23 - 000947712 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2018-05-26 16:34 - 2018-05-21 02:23 - 000899072 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2018-05-26 16:34 - 2018-05-21 02:23 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\rdpinit.exe
2018-05-26 16:34 - 2018-05-21 02:22 - 001665024 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2018-05-26 16:34 - 2018-05-21 02:22 - 001292288 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe
2018-05-26 16:34 - 2018-05-21 02:22 - 000941056 _____ (Microsoft Corporation) C:\Windows\system32\rasdlg.dll
2018-05-26 16:34 - 2018-05-21 02:22 - 000804352 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2018-05-26 16:34 - 2018-05-21 01:20 - 000022936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hvsicontainerservice.dll
2018-05-26 16:34 - 2018-05-21 01:17 - 001454024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2018-05-26 16:34 - 2018-05-21 01:15 - 000653208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicensingWinRT.dll
2018-05-26 16:34 - 2018-05-21 01:14 - 020383712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-05-26 16:34 - 2018-05-21 01:14 - 001490144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2018-05-26 16:34 - 2018-05-21 01:03 - 011903488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-05-26 16:34 - 2018-05-21 01:02 - 000461312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasplap.dll
2018-05-26 16:34 - 2018-05-21 01:00 - 002896896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-05-26 16:34 - 2018-05-21 01:00 - 000864768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2018-05-26 16:34 - 2018-05-21 00:59 - 002016256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-05-26 16:34 - 2018-05-21 00:59 - 000863232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdlg.dll
2018-05-26 16:34 - 2018-05-21 00:59 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2018-05-26 16:34 - 2018-05-20 23:59 - 023862784 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2018-05-26 16:34 - 2018-05-20 23:45 - 001271296 _____ (Microsoft Corporation) C:\Windows\system32\HoloSI.PCShell.dll
2018-05-26 16:34 - 2018-05-20 23:39 - 000944640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Mirage.Internal.dll
2018-05-26 16:34 - 2018-05-20 23:39 - 000788480 _____ (Microsoft Corporation) C:\Windows\system32\DHolographicDisplay.dll
2018-05-26 16:34 - 2018-05-20 23:36 - 003733312 _____ C:\Windows\system32\Windows.Mirage.dll
2018-05-26 16:34 - 2018-05-20 23:35 - 000677376 _____ (Microsoft Corporation) C:\Windows\system32\HeadTrackerStorage.dll
2018-05-26 16:34 - 2018-05-20 23:34 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\HoloShellRuntime.dll
2018-05-26 16:34 - 2018-05-20 22:04 - 000658432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2018-05-26 16:34 - 2018-05-20 22:00 - 002841312 _____ C:\Windows\SysWOW64\Windows.Mirage.dll
2018-05-26 16:34 - 2018-05-20 21:54 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\HoloShellRuntime.dll
2018-05-26 16:34 - 2018-05-20 19:36 - 000613144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2018-05-26 16:34 - 2018-05-20 19:33 - 000748504 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2018-05-26 16:34 - 2018-05-20 19:33 - 000707480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2018-05-26 16:34 - 2018-05-20 19:33 - 000105368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2018-05-26 16:34 - 2018-05-20 19:01 - 001140576 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-05-26 16:34 - 2018-05-20 19:01 - 000983008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-05-26 16:34 - 2018-05-20 18:59 - 000269224 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave_secure.dll
2018-05-26 16:34 - 2018-05-20 18:58 - 000272288 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave.dll
2018-05-26 16:34 - 2018-05-20 18:55 - 001456616 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-05-26 16:34 - 2018-05-20 18:55 - 001174424 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2018-05-26 16:34 - 2018-05-20 18:55 - 001063320 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2018-05-26 16:34 - 2018-05-20 18:55 - 000567176 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2018-05-26 16:34 - 2018-05-20 18:55 - 000193936 _____ (Microsoft Corporation) C:\Windows\system32\skci.dll
2018-05-26 16:34 - 2018-05-20 18:54 - 002564984 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2018-05-26 16:34 - 2018-05-20 18:54 - 001800080 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2018-05-26 16:34 - 2018-05-20 18:54 - 001017056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2018-05-26 16:34 - 2018-05-20 18:54 - 001012120 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2018-05-26 16:34 - 2018-05-20 18:54 - 000722288 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-05-26 16:34 - 2018-05-20 18:54 - 000170904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-05-26 16:34 - 2018-05-20 18:53 - 006816848 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2018-05-26 16:34 - 2018-05-20 18:53 - 004402768 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2018-05-26 16:34 - 2018-05-20 18:53 - 002836376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-05-26 16:34 - 2018-05-20 18:53 - 002371392 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2018-05-26 16:34 - 2018-05-20 18:53 - 002178136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2018-05-26 16:34 - 2018-05-20 18:53 - 001947808 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2018-05-26 16:34 - 2018-05-20 18:53 - 001258280 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-05-26 16:34 - 2018-05-20 18:53 - 001017088 _____ (Microsoft Corporation) C:\Windows\system32\DolbyDecMFT.dll
2018-05-26 16:34 - 2018-05-20 18:53 - 001012408 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2018-05-26 16:34 - 2018-05-20 18:53 - 000792984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2018-05-26 16:34 - 2018-05-20 18:53 - 000709824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-05-26 16:34 - 2018-05-20 18:53 - 000131232 _____ (Microsoft Corporation) C:\Windows\system32\rmclient.dll
2018-05-26 16:34 - 2018-05-20 18:53 - 000088472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2018-05-26 16:34 - 2018-05-20 18:52 - 009159064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-05-26 16:34 - 2018-05-20 18:52 - 007519992 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 007436632 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 003283400 _____ (Microsoft Corporation) C:\Windows\system32\CoreUIComponents.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 002753040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 001209792 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 001148800 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 001097648 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 000885848 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 000735560 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 000713368 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 000416120 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 000413080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-05-26 16:34 - 2018-05-20 18:52 - 000347704 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-05-26 16:34 - 2018-05-20 18:52 - 000130456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvsocket.sys
2018-05-26 16:34 - 2018-05-20 18:52 - 000089984 _____ (Microsoft Corporation) C:\Windows\system32\CompPkgSup.dll
2018-05-26 16:34 - 2018-05-20 18:35 - 025844224 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2018-05-26 16:34 - 2018-05-20 18:35 - 000861608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2018-05-26 16:34 - 2018-05-20 18:34 - 016592384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2018-05-26 16:34 - 2018-05-20 18:34 - 001462288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2018-05-26 16:34 - 2018-05-20 18:34 - 000861096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DolbyDecMFT.dll
2018-05-26 16:34 - 2018-05-20 18:33 - 002331576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2018-05-26 16:34 - 2018-05-20 18:33 - 001665920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2018-05-26 16:34 - 2018-05-20 18:33 - 001011968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2018-05-26 16:34 - 2018-05-20 18:33 - 000457144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2018-05-26 16:34 - 2018-05-20 18:33 - 000101288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rmclient.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 006567904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 006527568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 006044104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 004787960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 002536056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 002486984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreUIComponents.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 002242208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 001559368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 001034096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 000988128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 000567144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 000560488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 000286200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2018-05-26 16:34 - 2018-05-20 18:32 - 000077040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CompPkgSup.dll
2018-05-26 16:34 - 2018-05-20 18:31 - 001456640 _____ (Microsoft Corporation) C:\Windows\system32\WpcDesktopMonSvc.dll
2018-05-26 16:34 - 2018-05-20 18:30 - 022709248 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-05-26 16:34 - 2018-05-20 18:30 - 008188928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2018-05-26 16:34 - 2018-05-20 18:29 - 000185344 _____ (Microsoft Corporation) C:\Windows\system32\InstallServiceTasks.dll
2018-05-26 16:34 - 2018-05-20 18:28 - 004706816 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2018-05-26 16:34 - 2018-05-20 18:28 - 004372480 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2018-05-26 16:34 - 2018-05-20 18:28 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2018-05-26 16:34 - 2018-05-20 18:28 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\AppHostRegistrationVerifier.exe
2018-05-26 16:34 - 2018-05-20 18:28 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-05-26 16:34 - 2018-05-20 18:27 - 000344576 _____ (Microsoft Corporation) C:\Windows\system32\RasMediaManager.dll
2018-05-26 16:34 - 2018-05-20 18:27 - 000295424 _____ (Microsoft Corporation) C:\Windows\system32\FSClient.dll
2018-05-26 16:34 - 2018-05-20 18:27 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\ApiSetHost.AppExecutionAlias.dll
2018-05-26 16:34 - 2018-05-20 18:26 - 003392512 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-05-26 16:34 - 2018-05-20 18:26 - 003389952 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2018-05-26 16:34 - 2018-05-20 18:26 - 001307648 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2018-05-26 16:34 - 2018-05-20 18:26 - 000356352 _____ (Microsoft Corporation) C:\Windows\system32\dafWfdProvider.dll
2018-05-26 16:34 - 2018-05-20 18:26 - 000266752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-05-26 16:34 - 2018-05-20 18:26 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\wevtutil.exe
2018-05-26 16:34 - 2018-05-20 18:26 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2018-05-26 16:34 - 2018-05-20 18:26 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\TelephonyInteractiveUser.dll
2018-05-26 16:34 - 2018-05-20 18:26 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\MSHEIF.dll
2018-05-26 16:34 - 2018-05-20 18:25 - 022001664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-05-26 16:34 - 2018-05-20 18:25 - 004867072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-05-26 16:34 - 2018-05-20 18:25 - 004563968 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2018-05-26 16:34 - 2018-05-20 18:25 - 000835584 _____ (Microsoft Corporation) C:\Windows\system32\PhoneService.dll
2018-05-26 16:34 - 2018-05-20 18:25 - 000384000 _____ (Microsoft Corporation) C:\Windows\system32\Phoneutil.dll
2018-05-26 16:34 - 2018-05-20 18:24 - 007582720 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2018-05-26 16:34 - 2018-05-20 18:24 - 003320320 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2018-05-26 16:34 - 2018-05-20 18:24 - 001767936 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2018-05-26 16:34 - 2018-05-20 18:24 - 001485312 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2018-05-26 16:34 - 2018-05-20 18:24 - 000898560 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2018-05-26 16:34 - 2018-05-20 18:24 - 000894464 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2018-05-26 16:34 - 2018-05-20 18:24 - 000813568 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2018-05-26 16:34 - 2018-05-20 18:24 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-05-26 16:34 - 2018-05-20 18:24 - 000625152 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2018-05-26 16:34 - 2018-05-20 18:24 - 000234496 _____ (Microsoft Corporation) C:\Windows\system32\DolbyMATEnc.dll
2018-05-26 16:34 - 2018-05-20 18:23 - 013873152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2018-05-26 16:34 - 2018-05-20 18:23 - 005951488 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2018-05-26 16:34 - 2018-05-20 18:23 - 002366976 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2018-05-26 16:34 - 2018-05-20 18:23 - 002364928 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2018-05-26 16:34 - 2018-05-20 18:23 - 001318400 _____ (Microsoft Corporation) C:\Windows\system32\ISM.dll
2018-05-26 16:34 - 2018-05-20 18:23 - 000933376 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2018-05-26 16:34 - 2018-05-20 18:23 - 000932352 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2018-05-26 16:34 - 2018-05-20 18:23 - 000847360 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2018-05-26 16:34 - 2018-05-20 18:22 - 003440640 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-05-26 16:34 - 2018-05-20 18:22 - 001817088 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-05-26 16:34 - 2018-05-20 18:22 - 000871424 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-05-26 16:34 - 2018-05-20 18:22 - 000869376 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-05-26 16:34 - 2018-05-20 18:22 - 000684544 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2018-05-26 16:34 - 2018-05-20 18:21 - 002236928 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2018-05-26 16:34 - 2018-05-20 18:21 - 001371136 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2018-05-26 16:34 - 2018-05-20 18:21 - 001303040 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
2018-05-26 16:34 - 2018-05-20 18:21 - 001210880 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2018-05-26 16:34 - 2018-05-20 18:21 - 001033728 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2018-05-26 16:34 - 2018-05-20 18:21 - 000960512 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2018-05-26 16:34 - 2018-05-20 18:21 - 000849408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Playback.MediaPlayer.dll
2018-05-26 16:34 - 2018-05-20 18:21 - 000783360 _____ (Microsoft Corporation) C:\Windows\system32\DolbyHrtfEnc.dll
2018-05-26 16:34 - 2018-05-20 18:21 - 000775680 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-05-26 16:34 - 2018-05-20 18:21 - 000652800 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
2018-05-26 16:34 - 2018-05-20 18:21 - 000505344 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2018-05-26 16:34 - 2018-05-20 18:21 - 000401920 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2018-05-26 16:34 - 2018-05-20 18:18 - 019399168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-05-26 16:34 - 2018-05-20 18:17 - 002961408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2018-05-26 16:34 - 2018-05-20 18:17 - 002699776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-05-26 16:34 - 2018-05-20 18:16 - 006661120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2018-05-26 16:34 - 2018-05-20 18:16 - 000239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FSClient.dll
2018-05-26 16:34 - 2018-05-20 18:16 - 000094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2018-05-26 16:34 - 2018-05-20 18:16 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2018-05-26 16:34 - 2018-05-20 18:16 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-05-26 16:34 - 2018-05-20 18:15 - 004336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2018-05-26 16:34 - 2018-05-20 18:15 - 003712000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-05-26 16:34 - 2018-05-20 18:15 - 002900480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-05-26 16:34 - 2018-05-20 18:15 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallServiceTasks.dll
2018-05-26 16:34 - 2018-05-20 18:15 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSHEIF.dll
2018-05-26 16:34 - 2018-05-20 18:14 - 005782528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-05-26 16:34 - 2018-05-20 18:14 - 001295360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2018-05-26 16:34 - 2018-05-20 18:14 - 000331264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2018-05-26 16:34 - 2018-05-20 18:14 - 000167936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtutil.exe
2018-05-26 16:34 - 2018-05-20 18:13 - 004929024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2018-05-26 16:34 - 2018-05-20 18:13 - 000646656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-05-26 16:34 - 2018-05-20 18:13 - 000630784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-05-26 16:34 - 2018-05-20 18:13 - 000615424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2018-05-26 16:34 - 2018-05-20 18:13 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-05-26 16:34 - 2018-05-20 18:13 - 000317440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Phoneutil.dll
2018-05-26 16:34 - 2018-05-20 18:12 - 003014656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-05-26 16:34 - 2018-05-20 18:12 - 001636352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-05-26 16:34 - 2018-05-20 18:12 - 001348096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2018-05-26 16:34 - 2018-05-20 18:12 - 000992768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Vpn.dll
2018-05-26 16:34 - 2018-05-20 18:12 - 000860160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2018-05-26 16:34 - 2018-05-20 18:12 - 000619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2018-05-26 16:34 - 2018-05-20 18:11 - 001108992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2018-05-26 16:34 - 2018-05-20 18:11 - 001036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2018-05-26 16:34 - 2018-05-20 18:11 - 001005568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2018-05-26 16:34 - 2018-05-20 18:11 - 000669184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-05-26 16:34 - 2018-05-20 18:11 - 000648192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-05-26 16:34 - 2018-05-20 18:11 - 000528384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActivationManager.dll
2018-05-26 16:34 - 2018-05-20 17:07 - 000001310 _____ C:\Windows\system32\tcbres.wim
2018-05-26 16:34 - 2018-05-20 15:26 - 000018716 _____ C:\Windows\system32\srms-apr.dat
2018-05-26 16:34 - 2018-05-19 00:08 - 000018716 _____ C:\Windows\SysWOW64\srms-apr.dat
2018-05-26 16:34 - 2018-04-28 21:25 - 000652184 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2018-05-26 16:34 - 2018-04-28 21:24 - 000749976 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2018-05-26 16:34 - 2018-04-28 21:23 - 000826776 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe
2018-05-26 16:34 - 2018-04-28 21:23 - 000399768 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
2018-05-26 16:34 - 2018-04-28 21:03 - 013570560 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-05-26 16:34 - 2018-04-28 21:03 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-05-26 16:34 - 2018-04-28 21:03 - 000150528 _____ (Microsoft Corporation) C:\Windows\system32\SharedPCCSP.dll
2018-05-26 16:34 - 2018-04-28 21:02 - 008623104 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2018-05-26 16:34 - 2018-04-28 21:01 - 000256000 _____ (Microsoft Corporation) C:\Windows\system32\MixedReality.Broker.dll
2018-05-26 16:34 - 2018-04-28 21:00 - 000695296 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2018-05-26 16:34 - 2018-04-28 20:59 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-05-26 16:34 - 2018-04-28 20:58 - 001855488 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-05-26 16:34 - 2018-04-28 20:58 - 000758272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-05-26 16:34 - 2018-04-28 20:18 - 000150016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-05-26 16:34 - 2018-04-28 20:17 - 012500992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-05-26 16:34 - 2018-04-28 20:16 - 007987712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2018-05-26 16:34 - 2018-04-28 20:14 - 000668672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-05-26 16:34 - 2018-04-28 20:14 - 000581120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2018-05-26 16:34 - 2018-04-28 20:14 - 000344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-05-26 16:34 - 2018-04-28 20:13 - 001585664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-05-26 16:34 - 2018-04-28 20:12 - 001380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2018-05-26 16:34 - 2018-04-28 18:17 - 019525120 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2018-05-26 16:34 - 2018-04-28 17:58 - 000976384 _____ (Microsoft Corporation) C:\Windows\system32\Spectrum.exe
2018-05-26 16:34 - 2018-04-28 17:58 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.Analog.dll
2018-05-26 16:34 - 2018-04-28 11:37 - 001034624 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2018-05-26 16:34 - 2018-04-28 11:31 - 000473496 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2018-05-26 16:34 - 2018-04-28 11:29 - 001565592 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2018-05-26 16:34 - 2018-04-28 11:29 - 000788216 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-05-26 16:34 - 2018-04-28 11:29 - 000776880 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2018-05-26 16:34 - 2018-04-28 11:29 - 000494488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2018-05-26 16:34 - 2018-04-28 11:29 - 000382872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2018-05-26 16:34 - 2018-04-28 11:29 - 000134552 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2018-05-26 16:34 - 2018-04-28 11:27 - 002422168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-05-26 16:34 - 2018-04-28 11:27 - 001191168 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-05-26 16:34 - 2018-04-28 11:27 - 000604568 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2018-05-26 16:34 - 2018-04-28 11:14 - 000434584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2018-05-26 16:34 - 2018-04-28 11:13 - 001426328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2018-05-26 16:34 - 2018-04-28 11:13 - 000786168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-05-26 16:34 - 2018-04-28 11:13 - 000665320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2018-05-26 16:34 - 2018-04-28 11:12 - 000606448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2018-05-26 16:34 - 2018-04-28 11:03 - 000585728 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-26 16:34 - 2018-04-28 11:03 - 000444416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-26 16:34 - 2018-04-28 11:03 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-26 16:34 - 2018-04-28 11:03 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-26 16:34 - 2018-04-28 11:02 - 000613376 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-26 16:34 - 2018-04-28 11:02 - 000474624 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-26 16:34 - 2018-04-28 11:02 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-05-26 16:34 - 2018-04-28 11:02 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-26 16:34 - 2018-04-28 11:02 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\wcimage.dll
2018-05-26 16:34 - 2018-04-28 11:01 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-05-26 16:34 - 2018-04-28 11:00 - 000143360 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-05-26 16:34 - 2018-04-28 10:59 - 000553984 _____ (Microsoft Corporation) C:\Windows\system32\PerceptionSimulationExtensions.dll
2018-05-26 16:34 - 2018-04-28 10:58 - 003086336 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-05-26 16:34 - 2018-04-28 10:57 - 002170368 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2018-05-26 16:34 - 2018-04-28 10:57 - 001534976 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-05-26 16:34 - 2018-04-28 10:57 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-05-26 16:34 - 2018-04-28 10:56 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-05-26 16:34 - 2018-04-28 10:56 - 001550848 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2018-05-26 16:34 - 2018-04-28 10:56 - 000917504 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-05-26 16:34 - 2018-04-28 10:55 - 001586176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-05-26 16:34 - 2018-04-28 10:55 - 001421312 _____ (Microsoft Corporation) C:\Windows\system32\rdpbase.dll
2018-05-26 16:34 - 2018-04-28 10:55 - 001160192 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-05-26 16:34 - 2018-04-28 10:55 - 000596480 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2018-05-26 16:34 - 2018-04-28 10:55 - 000543744 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-05-26 16:34 - 2018-04-28 10:54 - 000561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-05-26 16:34 - 2018-04-28 10:53 - 001235968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpbase.dll
2018-05-26 16:34 - 2018-04-28 10:53 - 000117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-05-26 16:34 - 2018-04-28 10:52 - 000836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-05-26 16:34 - 2018-04-28 10:51 - 001466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-05-26 16:34 - 2018-04-28 10:51 - 000524800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-05-26 16:34 - 2018-04-28 09:43 - 001953280 _____ C:\Windows\system32\rdpnano.dll
2018-05-26 16:33 - 2018-05-31 23:41 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-05-26 16:33 - 2018-05-31 23:41 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-05-26 16:33 - 2018-05-26 16:33 - 000000000 ____D C:\Windows\system32\MRT
2018-05-26 16:33 - 2018-05-26 16:33 - 000000000 ____D C:\Users\su\AppData\Roaming\NVIDIA
2018-05-26 16:33 - 2018-05-26 16:32 - 000548000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-05-26 16:30 - 2018-06-02 13:18 - 000000000 ____D C:\Users\su\AppData\Roaming\nhm2
2018-05-26 16:30 - 2018-06-02 01:18 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-26 16:30 - 2018-06-02 01:15 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-26 16:30 - 2018-05-31 01:37 - 000002444 _____ C:\Users\su\Desktop\NiceHash Miner 2.lnk
2018-05-26 16:30 - 2018-05-29 04:11 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-05-26 16:30 - 2018-05-29 04:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-05-26 16:30 - 2018-05-29 04:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-05-26 16:30 - 2018-05-26 16:30 - 000002452 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NiceHash Miner 2.lnk
2018-05-26 16:30 - 2018-05-26 16:30 - 000000000 ____D C:\Users\su\AppData\Roaming\NiceHash Miner 2
2018-05-26 16:30 - 2018-05-24 01:22 - 000552480 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-05-26 16:30 - 2018-05-23 02:58 - 002612520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-05-26 16:30 - 2018-05-23 02:57 - 005947328 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-05-26 16:30 - 2018-05-23 02:57 - 001767360 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-05-26 16:30 - 2018-05-23 02:57 - 000633984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-05-26 16:30 - 2018-05-23 02:57 - 000450960 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-05-26 16:30 - 2018-05-23 02:57 - 000124200 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-05-26 16:30 - 2018-05-23 02:57 - 000083240 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-05-26 16:30 - 2018-05-22 13:43 - 008186102 _____ C:\Windows\system32\nvcoproc.bin
2018-05-26 16:30 - 2018-05-14 23:01 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-05-26 16:28 - 2018-05-29 02:22 - 000000000 ____D C:\Users\su\AppData\Local\PlaceholderTileLogoFolder
2018-05-26 16:28 - 2018-05-26 16:28 - 000001417 _____ C:\Users\su\Desktop\Microsoft Edge.lnk
2018-05-26 16:28 - 2018-05-26 16:28 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-05-26 16:27 - 2018-06-02 03:32 - 000000000 ____D C:\Users\su\AppData\Local\Packages
2018-05-26 16:27 - 2018-06-01 22:20 - 000000000 ____D C:\Users\su
2018-05-26 16:27 - 2018-05-31 22:25 - 000000000 ____D C:\Users\su\AppData\Local\Publishers
2018-05-26 16:27 - 2018-05-30 20:29 - 000000000 ____D C:\Users\su\AppData\Local\ConnectedDevicesPlatform
2018-05-26 16:27 - 2018-05-29 00:43 - 000000000 ____D C:\Users\su\AppData\Local\VirtualStore
2018-05-26 16:27 - 2018-05-27 07:29 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-26 16:27 - 2018-05-27 07:29 - 000000000 ___RD C:\Users\su\3D Objects
2018-05-26 16:27 - 2018-05-26 16:27 - 000000000 ____D C:\Users\su\AppData\Local\MicrosoftEdge
2018-05-26 16:26 - 2018-05-31 19:29 - 000000000 ____D C:\ProgramData\Razer
2018-05-26 16:26 - 2018-05-31 19:29 - 000000000 ____D C:\Program Files (x86)\Razer
2018-05-26 16:25 - 2018-06-02 01:24 - 000842708 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-26 16:23 - 2018-05-26 16:23 - 000000000 ____D C:\Windows\CSC
2018-05-26 16:23 - 2018-05-26 16:23 - 000000000 ____D C:\ProgramData\USOShared
2018-05-26 16:23 - 2018-04-12 06:33 - 002752000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2018-05-26 16:19 - 2018-06-02 16:20 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-05-26 16:19 - 2018-06-02 01:18 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-26 16:19 - 2018-05-31 17:29 - 000000000 ____D C:\Windows\system32\Drivers\wd
2018-05-26 16:19 - 2018-05-27 07:28 - 000233856 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-26 16:19 - 2018-05-26 16:19 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-05-26 16:19 - 2018-05-26 16:19 - 000000000 ____D C:\Windows\ServiceProfiles
2018-05-16 23:43 - 2018-03-01 21:36 - 000226032 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-06-02 03:32 - 2018-04-12 06:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-02 03:32 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\AppReadiness
2018-06-02 01:24 - 2018-04-12 06:36 - 000000000 ____D C:\Windows\INF
2018-06-02 01:20 - 2018-04-12 06:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-06-02 01:18 - 2018-04-12 04:04 - 000524288 _____ C:\Windows\system32\config\BBI
2018-06-02 01:08 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\Macromed
2018-06-02 01:07 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-06-02 01:05 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\oobe
2018-05-31 17:45 - 2018-04-12 04:04 - 000032768 _____ C:\Windows\system32\config\ELAM
2018-05-30 22:46 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\Web
2018-05-30 20:13 - 2018-04-12 06:30 - 000000000 ____D C:\Windows\CbsTemp
2018-05-30 20:07 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\NDF
2018-05-30 01:41 - 2018-04-12 06:38 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-05-29 20:40 - 2018-04-12 16:20 - 000000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2018-05-29 05:05 - 2018-04-12 06:38 - 000000000 ___HD C:\Windows\ELAMBKUP
2018-05-27 07:28 - 2018-04-12 16:37 - 000000000 ____D C:\Windows\Containers
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\zu-ZA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\yo-NG
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\xh-ZA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\wo-SN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\vi-VN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\uz-Latn-UZ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ur-PK
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ug-CN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\tt-RU
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\tn-ZA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\tk-TM
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ti-ET
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\tg-Cyrl-TJ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\te-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ta-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\sw-KE
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-RS
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-BA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\sq-AL
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\si-LK
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\sd-Arab-PK
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\rw-RW
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\quz-PE
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\quc-Latn-GT
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\prs-AF
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\pa-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\pa-Arab-PK
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\or-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\nso-ZA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\nn-NO
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ne-NP
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\mt-MT
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\mr-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\mn-MN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ml-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\mk-MK
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\mi-NZ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\lo-LA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\lb-LU
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ky-KG
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ku-Arab-IQ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\kok-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\kn-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\km-KH
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\kk-KZ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ka-GE
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\is-IS
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ig-NG
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\id-ID
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\hy-AM
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ha-Latn-NG
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\gu-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\gd-GB
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ga-IE
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\fil-PH
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\fa-IR
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\chr-CHER-US
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\cy-GB
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ca-ES-valencia
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\bs-Latn-BA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\bn-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\bn-BD
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\be-BY
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\az-Latn-AZ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\as-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\am-ET
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\af-ZA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\zu-ZA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\yo-NG
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\xh-ZA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\wo-SN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\vi-VN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\uz-Latn-UZ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ur-PK
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ug-CN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\tt-RU
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\tn-ZA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\tk-TM
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ti-ET
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\tg-Cyrl-TJ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\te-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\sw-KE
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\sr-Cyrl-RS
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\sr-Cyrl-BA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\sq-AL
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\sd-Arab-PK
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\rw-RW
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\quz-PE
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\quc-Latn-GT
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\prs-AF
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\pa-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\pa-Arab-PK
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\or-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\nso-ZA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\nn-NO
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ne-NP
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\mt-MT
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\mr-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\mn-MN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ml-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\mk-MK
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\mi-NZ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\lo-LA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\lb-LU
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ky-KG
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ku-Arab-IQ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\kok-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\kn-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\km-KH
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\kk-KZ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ka-GE
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\is-IS
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ig-NG
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\id-ID
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\hy-AM
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ha-Latn-NG
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\gu-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\gd-GB
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ga-IE
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\fil-PH
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\fa-IR
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\chr-CHER-US
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\cy-GB
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ca-ES-valencia
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\bs-Latn-BA
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\bn-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\bn-BD
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\be-BY
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\az-Latn-AZ
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\as-IN
2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\af-ZA
2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\TextInput
2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\SysWOW64\setup
2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\ta-in
2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\si-lk
2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\setup
2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\appraiser
2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\am-et
2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\Provisioning
2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\bcastdvr
2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-05-27 04:14 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\appcompat
2018-05-26 18:31 - 2018-04-12 06:38 - 000000000 ____D C:\Program Files\Windows Defender
2018-05-26 17:16 - 2018-04-12 06:38 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2018-05-26 16:30 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\Help
2018-05-26 16:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2018-05-26 16:23 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\spool
2018-05-26 16:23 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-05-24 01:22 - 2018-04-12 16:20 - 000456608 _____ (Khronos Group) C:\Windows\SysWOW64\opencl.dll
2018-05-23 05:00 - 2017-11-09 03:57 - 000044277 _____ C:\Windows\system32\nvinfo.pb
==================== Files in the root of some directories =======
2018-06-01 01:33 - 2018-06-02 16:32 - 002586041 _____ () C:\Users\su\AppData\Roaming\ICARE.LOG
2018-06-02 08:14 - 2018-06-02 08:14 - 009215439 _____ () C:\Users\su\AppData\Roaming\ICARE.LOG.OLD
2018-06-01 02:41 - 2018-06-01 02:41 - 000000166 _____ () C:\Users\su\AppData\Roaming\ICARE_ACTIVITY.LOG
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ==> Could not access BCD.
LastRegBack: 2018-05-26 16:19
==================== End of FRST.txt ============================
Let's see if we can get Chrome remnants off so you can reinstall.
ATTENTION: System Restore is disabled
Enabling System Restore in Windows 10 and Creating System Restore Point
--------------------
Press the Windows Key + R at the same time
Type sysdm.cpl and hit Enter
Click System Protection
Under Protection Settings left click on Local Disk C: (System) to highlight the entry
Click Configure
Select Turn on system protection
Click Apply, then OK
On the System Properties window Click Create...
Type SpyBot Help Restore Point then click Create.
~~~~~~~~~~~~~~~~~~~~~~~~~~``
Highlight the entire content of the quote box below and select Copy.
Start::
CloseProcesses:
CreateRestorePoint:
Task: {0C639D82-FF21-4296-A972-D75D6828A80F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-02] (Google Inc.)
Task: {3DEF727F-AD79-41D9-A3A0-1A05A4251C42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-02] (Google Inc.)
S3 Browser; %SystemRoot%\System32\browser.dll [X]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-05-16]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-05-16]
Emptytemp:
End::
Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Also, run Chrome cleanup tool. It might say no files found but we'll see.
https://www.bleepingcomputer.com/download/chrome-cleanup-tool/
After the above, see if you can download Chrome now.
All vbscript.dll does is allows programs to call it to run vbscripts. So if this is only happening in IE when you launch it, something may be trying to run a VB script in IE. If you are not sure the contents of this, I would reset IE back to defaults just to be safe.
Turning off Disable Internet Explorer VB Scripting seems to fix it.
MalwareBytes has a good write up of information here
https://forums.malwarebytes.com/topic/213719-exclusions-failure/
Also, some additional information from Microsoft. It explains a bit more about VBScript and why blocking/disabling it is a good idea.
https://blogs.windows.com/msedgedev/2017/04/12/disabling-vbscript-execution-in-internet-explorer-11/
tienchien1
2018-06-03, 07:31
All vbscript.dll does is allows programs to call it to run vbscripts. So if this is only happening in IE when you launch it, something may be trying to run a VB script in IE. If you are not sure the contents of this, I would reset IE back to defaults just to be safe.
Turning off Disable Internet Explorer VB Scripting seems to fix it.
MalwareBytes has a good write up of information here
https://forums.malwarebytes.com/topic/213719-exclusions-failure/
Also, some additional information from Microsoft. It explains a bit more about VBScript and why blocking/disabling it is a good idea.
https://blogs.windows.com/msedgedev/2017/04/12/disabling-vbscript-execution-in-internet-explorer-11/
After deleting parts of chrome, the setup file worked. But after running the fixlist, some of the chrome extensions have been deleted, am I allowed to reload them? Thanks for the help, and give your information to me.
Fix result of Farbar Recovery Scan Tool (x64) Version: 02.06.2018
Ran by su (03-06-2018 12:18:00) Run:1
Running from C:\Users\su\Desktop
Loaded Profiles: su (Available Profiles: su)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
Task: {0C639D82-FF21-4296-A972-D75D6828A80F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-02] (Google Inc.)
Task: {3DEF727F-AD79-41D9-A3A0-1A05A4251C42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-02] (Google Inc.)
S3 Browser; %SystemRoot%\System32\browser.dll [X]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-05-16]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-05-16]
Emptytemp:
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C639D82-FF21-4296-A972-D75D6828A80F} => not found
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DEF727F-AD79-41D9-A3A0-1A05A4251C42} => not found
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\System\CurrentControlSet\Services\Browser" => removed successfully
Browser => service removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\hdokiejnpimakedhajhdlcegeplioahd" => removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => removed successfully
C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hdokiejnpimakedhajhdlcegeplioahd" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => removed successfully
"C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25665798 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1030198 B
Edge => 9905348 B
Chrome => 135528372 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 15206 B
LocalService => 0 B
NetworkService => 31008 B
NetworkService => 0 B
su => 39661411071 B
RecycleBin => 55087652 B
EmptyTemp: => 37.2 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 12:18:28 ====
some of the chrome extensions have been deleted, am I allowed to reload them?
Yes but make sure you download from the legitimate chrome web site since there are many fake sites out there.
Malicious Chrome Extensions Found in Chrome Web Store
https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-chrome-extensions-found-chrome-web-store-form-droidclub-botnet/
Ready to remove tools and quarantine folders?
tienchien1
2018-06-07, 11:36
Yes but make sure you download from the legitimate chrome web site since there are many fake sites out there.
Malicious Chrome Extensions Found in Chrome Web Store
https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-chrome-extensions-found-chrome-web-store-form-droidclub-botnet/
Ready to remove tools and quarantine folders?
In yesterday, I continue to receive this warning, is it serious?
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 6/6/18
Protection Event Time: 4:01 PM
Log File: 20e0d091-6968-11e8-878e-2c4d544e0a6f.json
Administrator: Yes
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.367
Update Package Version: 1.0.5376
License: Trial
-System Information-
OS: Windows 10 (Build 17134.81)
CPU: x64
File System: NTFS
User: System
-Exploit Details-
File: 0
(No malicious items detected)
Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0
-Exploit Data-
Affected Application: Google Chrome (and plug-ins)
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe PowerShell.exe -windowstyle hidden -command Start-Process cmd -ArgumentList '\c takeown \f "C:\Users\su\AppData\Local\Temp\JQE2A33.tmp.dir\DIFXAPI.dll" && icacls "C:\Users\su\AppData\Local\Temp\JQE2A33.tmp.dir\DIFXAPI.dll" \grant *S-1-3-4:F \t \c \l' -Verb runAs
URL:
(end)
tienchien1
2018-06-07, 11:39
And I want to ask this, my chrome continue to automatically add aol, ask in search! But when I scan with adwcleaner, it does not detect, it only disappears when i delete manual !!!
I'm not sure whats going on.
Did you install more chrome extensions?
~~~~~~~~~~~~~~~~~~~~~~~~
Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/
If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
RogueKiller
right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
Let's run a new scan with Farbar Recovery Scan Tool
Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.