Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Adware.Tracking Cookie, Trojan.Gen-Turkojan, Trojan.Gen-Foreign. What I need to do?

  1. #1
    Junior Member
    Join Date
    Mar 2018
    Posts
    15

    Default Adware.Tracking Cookie, Trojan.Gen-Turkojan, Trojan.Gen-Foreign. What I need to do?

    When I scan with Anti Spyware, it detects these infections. I ordered to delete and reboot the system. Is there anything I need to do? I fear it will get infected again as it always is.

    It also says that I have an infection with something related to firefox and nvidia, but I do not install firefox on my C drive, only the gtx 1080ti driver on my system, always auto install set when i start a new windows completely!!!


    This is logs file. Thanks soo much.
    Attached Images Attached Images
    Attached Files Attached Files
    Last edited by tienchien1; 2018-05-28 at 15:43.

  2. #2
    Junior Member
    Join Date
    Mar 2018
    Posts
    15

    Default

    This is OTL log files. From the log file of the OTL, it seems I am confronted with a ZeroAccess!!!???
    Last edited by Juliet; 2018-06-01 at 21:20. Reason: Moved from the forum for Spybot Support

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,176

    Default

    Hello tienchien1,

    So that everyone is on the same track please see the FAQ which includes guidelines for this forum and instructions in post #2 on how to provide the preliminary Farbar Recovery Scan Tool and aswMBR logs used for analysis.

    http://forums.spybot.info/showthread.php?t=288

    A volunteer analyst may respond beforehand.

    Have you posted this issue at any other site?

    Best regards.
    Microsoft MVP Reconnect 2018
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  4. #4
    Junior Member
    Join Date
    Mar 2018
    Posts
    15

    Default

    Quote Originally Posted by tashi View Post
    Hello tienchien1,

    So that everyone is on the same track please see the FAQ which includes guidelines for this forum and instructions in post #2 on how to provide the preliminary Farbar Recovery Scan Tool and aswMBR logs used for analysis.

    http://forums.spybot.info/showthread.php?t=288

    A volunteer analyst may respond beforehand.

    Have you posted this issue at any other site?

    Best regards.
    Only in this forum. When I run aswMBR, in the first window, if I select "yes", the blue screen appears with an error related to aswvmm.sys.

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
    Ran by su (29-05-2018 17:39:41)
    Running from C:\Users\su\Desktop\ap
    Windows 10 Pro Version 1803 17134.81 (X64) (2018-05-26 09:22:21)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3166309138-43010382-2060014392-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3166309138-43010382-2060014392-503 - Limited - Disabled)
    Guest (S-1-5-21-3166309138-43010382-2060014392-501 - Limited - Disabled)
    su (S-1-5-21-3166309138-43010382-2060014392-1001 - Administrator - Enabled) => C:\Users\su
    WDAGUtilityAccount (S-1-5-21-3166309138-43010382-2060014392-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    1Password 6 (HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\{507707B9-C68C-4986-A4AD-F25B24C152FA}_is1) (Version: 6.8.534 - AgileBits Inc.)
    Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.54.32003 - Electronic Arts)
    BWMeter (HKLM-x32\...\BWMeter) (Version: 7.4.0 - DeskSoft)
    DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 397.93 - NVIDIA Corporation) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
    LastPass (chỉ gỡ bỏ) (HKLM-x32\...\LastPass) (Version: - LastPass)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
    MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
    NiceHash Miner 2 0.2.3 (only current user) (HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\08059810-bc78-5c10-942c-2092eebb5ec8) (Version: 0.2.3 - NiceHash d.o.o)
    NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
    NVIDIA Graphics Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 397.93 - NVIDIA Corporation)
    Origin (HKLM-x32\...\Origin) (Version: 10.5.19.61985 - Electronic Arts, Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\su\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\su\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\su\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
    ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-05-12] (Tonec Inc.)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-05-23] (NVIDIA Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {074CD0D1-85FA-439D-8E5A-C0C81F0DC031} - System32\Tasks\SUPERAntiSpyware Scheduled Task 2cf00a8c-2837-487b-807f-aa69fc5d012f => C:\Program Files\SUPERAntiSpyware\SASTask.exe
    Task: {0909468B-6D79-4FA4-8312-D01D077ADEAE} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-23] (NVIDIA Corporation)
    Task: {361A2663-8BA2-4071-B0FD-424DD0CBFF3D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-26] (Microsoft Corporation)
    Task: {3D31182C-FD42-44FC-8E51-08ED92D5E877} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-26] (Microsoft Corporation)
    Task: {45E2AB1D-5664-431C-A3EC-444C57E16C48} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-23] (NVIDIA Corporation)
    Task: {46E21CC1-D28E-40D4-9237-F37B82BAD8E6} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-05-23] (NVIDIA Corporation)
    Task: {5AD898CE-6787-4449-B45B-2E6E7FF26953} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-27] (Google Inc.)
    Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
    Task: {751244C8-F459-47AE-A6C4-7BE7C0F8E9BD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-26] (Microsoft Corporation)
    Task: {8406E52B-85B1-4C0D-8BC2-5721C1E7BC16} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-26] (Microsoft Corporation)
    Task: {936B5146-4343-4333-AED4-AF8B9905A4F8} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-23] (NVIDIA Corporation)
    Task: {AB47D005-3CBC-41F7-AB34-8B8B65843D7C} - System32\Tasks\SUPERAntiSpyware Scheduled Task b2dd9028-24c0-418f-8675-2689c82b31b5 => C:\Program Files\SUPERAntiSpyware\SASTask.exe
    Task: {AEA9B189-DC03-4B46-BA00-E86D417D9247} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-23] (NVIDIA Corporation)
    Task: {B4DE0CB0-D3FC-4D98-992F-6DD529B99B37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-27] (Google Inc.)
    Task: {C1E362E5-5D58-4C7C-95CC-943402E0352C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-23] (NVIDIA Corporation)
    Task: {D7EFF0CD-2A80-4581-81A5-F86607560B19} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-23] (NVIDIA Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2cf00a8c-2837-487b-807f-aa69fc5d012f.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\9f75c804-936d-4f9b-b404-852d4a23c58d.com
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b2dd9028-24c0-418f-8675-2689c82b31b5.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2018-05-28 18:59 - 2018-05-28 18:59 - 000125440 _____ () C:\Program Files (x86)\BWMeter\BWMeterConSvc.exe
    2018-04-12 06:34 - 2018-04-12 06:34 - 000491744 _____ () C:\Windows\SYSTEM32\inputhost.dll
    2018-04-12 06:34 - 2018-04-12 06:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
    2018-04-12 06:34 - 2018-04-12 06:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-04-12 06:34 - 2018-04-12 06:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2018-04-12 06:35 - 2018-04-12 16:20 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-05-26 16:45 - 2018-05-26 16:46 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2018-05-26 16:45 - 2018-05-26 16:46 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2018-05-26 16:45 - 2018-05-26 16:46 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2018-05-26 16:45 - 2018-05-26 16:46 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
    2018-05-27 07:33 - 2018-05-15 10:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll
    2018-05-27 07:33 - 2018-05-15 10:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll
    2018-05-27 07:36 - 2018-05-27 07:36 - 000021824 _____ () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
    2018-05-27 07:36 - 2018-05-27 07:36 - 000015360 _____ () C:\Program Files (x86)\Origin\libEGL.DLL
    2018-05-27 07:36 - 2018-05-27 07:36 - 003090944 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2018-04-12 06:38 - 2018-05-27 09:59 - 000019738 _____ C:\Windows\system32\Drivers\etc\hosts

    0.0.0.0 ars.smartscreen.microsoft.com
    0.0.0.0 az361816.vo.msecnd.net
    0.0.0.0 az512334.vo.msecnd.net
    0.0.0.0 blob.weather.microsoft.com
    0.0.0.0 candycrushsoda.king.com
    0.0.0.0 cdn.content.prod.cms.msn.com
    0.0.0.0 cdn.onenote.net
    0.0.0.0 choice.microsoft.com
    0.0.0.0 choice.microsoft.com.nsatc.net
    0.0.0.0 client.wns.windows.com
    0.0.0.0 client-s.gateway.messenger.live.com
    0.0.0.0 clientconfig.passport.net
    0.0.0.0 deploy.static.akamaitechnologies.com
    0.0.0.0 device.auth.xboxlive.com
    0.0.0.0 dmd.metaservices.microsoft.com
    0.0.0.0 dns.msftncsi.com
    0.0.0.0 feedback.microsoft-hohm.com
    0.0.0.0 feedback.search.microsoft.com
    0.0.0.0 feedback.windows.com
    0.0.0.0 img-s-msn-com.akamaized.net
    0.0.0.0 insiderppe.cloudapp.net
    0.0.0.0 licensing.mp.microsoft.com
    0.0.0.0 mediaredirect.microsoft.com
    0.0.0.0 msftncsi.com
    0.0.0.0 officeclient.microsoft.com
    0.0.0.0 oneclient.sfx.ms
    0.0.0.0 pti.store.microsoft.com
    0.0.0.0 query.prod.cms.rt.microsoft.com
    0.0.0.0 register.cdpcs.microsoft.com
    0.0.0.0 s0.2mdn.net

    There are 457 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3166309138-43010382-2060014392-1001\Control Panel\Desktop\\Wallpaper -> D:\PM\Wall nvidia\nvidia-gtx-4k-5l-2560x1440.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{FDB8D584-DD53-41D9-A845-DBC9D1AED2B9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{3030A960-5C5C-433F-BA3F-9DEAD4127B06}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
    FirewallRules: [{6FAC97B4-08BB-4CBC-A7FC-E83DDE5455F7}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
    FirewallRules: [{2D90EBA7-6D44-44B7-9369-AF1B30977BD5}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
    FirewallRules: [{58055FDC-2834-4271-A573-0652351054EA}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
    FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe
    FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
    FirewallRules: [{7B0A0916-E6E7-4727-94CB-52A349164DA9}] => (Block) C:\Windows\explorer.exe
    FirewallRules: [TCP Query User{3A60E526-4745-445C-BA06-1E3C6B4D0C9D}C:\users\su\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\su\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{4D48AF23-55D3-446E-AC37-14E3C0B2BDC6}C:\users\su\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\su\appdata\local\akamai\netsession_win.exe

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/29/2018 05:39:13 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
    Description: The Windows Search Service has failed to create the new search index. Internal error <8, 0x8007000f, Failed to find Gather Application: Windows>.

    Error: (05/29/2018 05:38:56 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
    Description: The Windows Search Service is being stopped because there is a problem with the indexer: Recovery phase failed.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The gatherer is shutting down. (HRESULT : 0x80040d23) (0x80040d23)

    Error: (05/29/2018 05:38:56 PM) (Source: Windows Search Service) (EventID: 3602) (User: )
    Description: Error ID 1 happened in Windows Search recovery stage, please restart the service. If this error persists, please recreate the index.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The gatherer is shutting down. (HRESULT : 0x80040d23) (0x80040d23)

    Error: (05/29/2018 05:38:55 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
    Description: The Windows Search Service has failed to create the new search index. Internal error <8, 0x8007000f, Failed to find Gather Application: Windows>.

    Error: (05/29/2018 05:38:24 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
    Description: The Windows Search Service has failed to create the new search index. Internal error <8, 0x8007000f, Failed to find Gather Application: Windows>.

    Error: (05/29/2018 05:37:32 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
    Description: The Windows Search Service is being stopped because there is a problem with the indexer: Recovery phase failed.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The gatherer is shutting down. (HRESULT : 0x80040d23) (0x80040d23)

    Error: (05/29/2018 05:37:32 PM) (Source: Windows Search Service) (EventID: 3602) (User: )
    Description: Error ID 1 happened in Windows Search recovery stage, please restart the service. If this error persists, please recreate the index.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The gatherer is shutting down. (HRESULT : 0x80040d23) (0x80040d23)

    Error: (05/29/2018 05:37:32 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
    Description: The Windows Search Service has failed to create the new search index. Internal error <8, 0x8007000f, Failed to find Gather Application: Windows>.


    System errors:
    =============
    Error: (05/29/2018 05:39:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 7 time(s).

    Error: (05/29/2018 05:39:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Windows Search service terminated with the following error:
    The system cannot find the drive specified.

    Error: (05/29/2018 05:38:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 6 time(s).

    Error: (05/29/2018 05:38:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Windows Search service terminated with the following error:
    The system cannot find the drive specified.

    Error: (05/29/2018 05:38:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (05/29/2018 05:38:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Windows Search service terminated with the following error:
    The system cannot find the drive specified.

    Error: (05/29/2018 05:38:02 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    An instance of the service is already running.

    Error: (05/29/2018 05:38:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscDataProtection
    and APPID
    Unavailable
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Windows Defender:
    ===================================
    Date: 2018-05-29 03:57:21.811
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {3FEF6413-E874-4D63-96F9-42D1F465834D}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-05-29 02:24:08.874
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {C8605222-A384-41AF-AF64-AD9FFFF4DC51}
    Scan Type: Antimalware
    Scan Parameters: Full Scan

    Date: 2018-05-29 02:23:47.497
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {A3BB711C-1207-413D-83D3-B6FBB91A2AA3}
    Scan Type: Antimalware
    Scan Parameters: Full Scan

    Date: 2018-05-28 23:33:57.281
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {0A657FCE-D3FF-4F20-BC7E-47E3053FE6C5}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-05-27 22:55:42.681
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {3D2C8B7F-5B62-4AE2-89FB-0170DE35F7AA}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
    Percentage of memory in use: 17%
    Total physical RAM: 16322.48 MB
    Available physical RAM: 13481.5 MB
    Total Virtual: 18754.48 MB
    Available Virtual: 14198.89 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:476.34 GB) (Free:257.29 GB) NTFS
    Drive d: (Data) (Fixed) (Total:3725.9 GB) (Free:2739.71 GB) NTFS

    \\?\Volume{4192b70e-9890-486e-8592-8781fb3a2028}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.13 GB) NTFS
    \\?\Volume{dbda1aa8-8242-44c5-9852-bc0b812d7d73}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 3726 GB) (Disk ID: 078C078C)

    Partition: GPT.

    ========================================================
    Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: BC46E3C2)

    ========================================================
    Disk: 2 (Size: 476.9 GB) (Disk ID: 9CE9E907)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  5. #5
    Junior Member
    Join Date
    Mar 2018
    Posts
    15

    Default

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
    Ran by su (administrator) on DESKTOP-DJNK2QJ (29-05-2018 17:39:19)
    Running from C:\Users\su\Desktop\ap
    Loaded Profiles: su (Available Profiles: su)
    Platform: Windows 10 Pro Version 1803 17134.81 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    () C:\Program Files (x86)\BWMeter\BWMeterConSvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MsMpEng.exe
    (Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\NisSrv.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (AgileBits Inc.) C:\Users\su\AppData\Local\1password\app\6\1Password.NativeMessagingHost.exe
    (AgileBits Inc.) C:\Users\su\AppData\Local\1password\app\6\AgileBits.OnePassword.Desktop.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
    () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
    (AVAST Software) C:\Users\su\Desktop\aswMBR.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-06-29] (Realtek Semiconductor)
    HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4113520 2018-05-16] (Tonec Inc.)
    HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3106600 2018-05-27] (Electronic Arts)
    HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\su\AppData\Local\Akamai\netsession_win.exe"
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{bdf511b5-4f08-47e5-89c6-2de410c037f2}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3166309138-43010382-2060014392-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
    SearchScopes: HKU\S-1-5-21-3166309138-43010382-2060014392-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
    SearchScopes: HKU\S-1-5-21-3166309138-43010382-2060014392-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2018-05-15] (Internet Download Manager, Tonec Inc.)
    BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2018-05-27] (LastPass)
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2018-05-15] (Internet Download Manager, Tonec Inc.)
    BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2018-05-27] (LastPass)
    Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2018-05-27] (LastPass)
    Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2018-05-27] (LastPass)

    FireFox:
    ========
    FF HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\su\AppData\Roaming\IDM\idmmzcc5
    FF Extension: (IDM CC) - C:\Users\su\AppData\Roaming\IDM\idmmzcc5 [2018-05-27] [Legacy] [not signed]
    FF HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
    FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
    FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-05-27] (LastPass)
    FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-05-27] (LastPass)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]

    Chrome:
    =======
    CHR DefaultSearchKeyword: Default -> hxxps://google.com.vn
    CHR Profile: C:\Users\su\AppData\Local\Google\Chrome\User Data\Default [2018-05-29]
    CHR Extension: (1Password extension (desktop app required)) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2018-05-29]
    CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-05-29]
    CHR Extension: (Ddict Translate: Translator - Dictionary) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpggmmljdiliancllaapiggllnkbjocb [2018-05-29]
    CHR Extension: (Adblock Plus) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-29]
    CHR Extension: (VTchromizer) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2018-05-29]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-05-29]
    CHR Extension: (Violentmonkey) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\jinjaccalgkegednnccohejagnlnfdag [2018-05-29]
    CHR Extension: (IDM Integration Module) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-05-29]
    CHR Extension: (Thanh toán trên cửa hàng Chrome trực tuyến) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-29]
    CHR Extension: (Userscript+ for Tampermonkey) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\okiocdganiomklllkfkmhneoibegifch [2018-05-29]
    CHR Extension: (AVIM - Bộ Gơ Tiếng Việt) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\opgbbffpdglhkpglnlkiclakjlpiedoh [2018-05-29]
    CHR Extension: (Chrome Media Router) - C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-29]
    CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-05-16]
    CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-05-16]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 BWMeterConSvc; C:\Program Files (x86)\BWMeter\BWMeterConSvc.exe [125440 2018-05-28] () [File not signed]
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2201920 2018-05-27] (Electronic Arts)
    R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3072328 2018-05-27] (Electronic Arts)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-05-26] (Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-05-26] (Microsoft Corporation)
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
    R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 Microsoft_Bluetooth_AvrcpTransport; C:\Windows\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-12] (Microsoft Corporation)
    R1 MpKslb21181f7; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{75F8F955-A970-4DC8-AB85-34F5BA442488}\MpKslb21181f7.sys [58120 2018-05-29] (Microsoft Corporation)
    R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys [17194584 2018-05-24] (NVIDIA Corporation)
    S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [152064 2018-04-12] (Microsoft Corporation)
    S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46072 2018-05-26] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [313888 2018-05-26] (Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [61472 2018-05-26] (Microsoft Corporation)
    U3 aswMBR; C:\Users\su\AppData\Local\Temp\aswMBR.sys [62728 2018-05-29] () [File not signed] <==== ATTENTION
    U3 aswVmm; C:\Users\su\AppData\Local\Temp\aswVmm.sys [224896 2018-05-29] () <==== ATTENTION
    S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-05-29 17:31 - 2018-05-29 17:31 - 886695832 _____ C:\Windows\MEMORY.DMP
    2018-05-29 17:31 - 2018-05-29 17:31 - 000783300 _____ C:\Windows\Minidump\052918-11046-01.dmp
    2018-05-29 17:31 - 2018-05-29 17:31 - 000000000 ____D C:\Windows\Minidump
    2018-05-29 17:29 - 2018-05-29 17:30 - 005198336 _____ (AVAST Software) C:\Users\su\Desktop\aswMBR.exe
    2018-05-29 17:27 - 2018-05-29 17:39 - 000000000 ____D C:\FRST
    2018-05-29 05:16 - 2018-05-29 05:20 - 000000000 ____D C:\ProgramData\HitmanPro
    2018-05-29 04:49 - 2018-05-29 04:49 - 000000000 ____D C:\Users\su\AppData\Roaming\Macromedia
    2018-05-29 04:13 - 2018-05-29 06:25 - 000000000 ____D C:\Users\su\AppData\Local\NVIDIA Corporation
    2018-05-29 04:00 - 2018-05-29 04:00 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-05-29 04:00 - 2018-05-29 04:00 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-05-29 04:00 - 2018-05-29 04:00 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-05-29 04:00 - 2018-05-29 04:00 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-05-29 04:00 - 2018-05-29 04:00 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-05-29 04:00 - 2018-05-29 04:00 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-05-29 04:00 - 2018-05-29 04:00 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-05-29 04:00 - 2018-05-29 04:00 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
    2018-05-29 04:00 - 2018-05-29 04:00 - 000000000 ____D C:\Windows\LastGood.Tmp
    2018-05-29 04:00 - 2018-05-29 04:00 - 000000000 ____D C:\Program Files (x86)\VulkanRT
    2018-05-29 04:00 - 2018-05-23 05:00 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
    2018-05-29 03:58 - 2018-05-24 01:21 - 040347168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 035250536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 031278392 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 025991448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 013727792 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 011273120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 004350392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 003760672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 002013784 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439793.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 001563584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 001467808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439793.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 001419296 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 001357000 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 001347480 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 001216952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 001157208 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 001092184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 001069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 001063400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 000904896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 000814424 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 000749472 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 000652344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 000634576 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 000627232 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 000608160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 000518072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2018-05-29 03:58 - 2018-05-24 01:20 - 017784432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2018-05-29 03:58 - 2018-05-24 01:20 - 015195248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2018-05-29 03:58 - 2018-05-24 01:20 - 004855208 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
    2018-05-29 03:58 - 2018-05-24 01:20 - 004125048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2018-05-29 03:51 - 2018-05-29 03:51 - 000000000 ____D C:\NVIDIA
    2018-05-29 03:46 - 2018-05-29 04:20 - 000000000 ____D C:\Users\su\Desktop\TMRBLog
    2018-05-29 03:46 - 2018-05-29 03:46 - 000000000 ____D C:\Users\su\Desktop\log
    2018-05-29 03:42 - 2018-05-29 03:42 - 000000020 ___SH C:\Users\su\ntuser.ini
    2018-05-29 03:42 - 2018-05-29 03:42 - 000000008 __RSH C:\ProgramData\ntuser.pol
    2018-05-29 02:01 - 2018-05-29 03:42 - 000000576 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2cf00a8c-2837-487b-807f-aa69fc5d012f.job
    2018-05-29 02:01 - 2018-05-29 02:01 - 000003814 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 2cf00a8c-2837-487b-807f-aa69fc5d012f
    2018-05-29 01:45 - 2018-05-29 01:46 - 000000000 ____D C:\KVRT_Data
    2018-05-29 01:00 - 2018-05-29 01:00 - 000000000 ____D C:\ProgramData\YaraEditor
    2018-05-28 23:02 - 2018-05-28 23:02 - 000000000 ____D C:\Users\su\AppData\Roaming\Adobe
    2018-05-28 21:42 - 2018-05-28 21:44 - 000000000 ____D C:\AdwCleaner
    2018-05-28 21:16 - 2018-05-28 21:16 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2018-05-28 20:45 - 2018-05-29 17:39 - 000000000 ____D C:\Users\su\Desktop\ap
    2018-05-28 20:35 - 2018-05-28 20:35 - 000007569 _____ C:\Users\su\Desktop\SUPERAntiSpyware Scan Log.txt
    2018-05-28 20:29 - 2018-05-28 20:29 - 000000000 ____D C:\Users\su\AppData\Roaming\Google
    2018-05-28 20:00 - 2018-05-28 20:00 - 000000000 ____D C:\SUPERDelete
    2018-05-28 19:58 - 2018-05-28 20:20 - 000000536 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b2dd9028-24c0-418f-8675-2689c82b31b5.job
    2018-05-28 19:58 - 2018-05-28 19:58 - 000003688 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task b2dd9028-24c0-418f-8675-2689c82b31b5
    2018-05-28 19:58 - 2018-05-28 19:58 - 000000000 ____D C:\Users\su\AppData\Roaming\SUPERAntiSpyware.com
    2018-05-28 19:57 - 2018-05-29 04:53 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
    2018-05-28 19:57 - 2018-05-28 19:57 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2018-05-28 18:59 - 2018-05-28 18:59 - 000047152 _____ (DeskSoft) C:\Windows\system32\Drivers\dsnpfd.sys
    2018-05-28 18:59 - 2018-05-28 18:59 - 000001884 _____ C:\Users\su\Desktop\BWMeter.lnk
    2018-05-28 18:59 - 2018-05-28 18:59 - 000000000 ____D C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BWMeter
    2018-05-28 18:59 - 2018-05-28 18:59 - 000000000 ____D C:\Users\su\AppData\Roaming\DeskSoft
    2018-05-28 18:59 - 2018-05-28 18:59 - 000000000 ____D C:\Program Files (x86)\BWMeter
    2018-05-27 18:55 - 2018-05-27 18:55 - 000000000 ____D C:\Users\su\AppData\Roaming\MPC-HC
    2018-05-27 18:53 - 2018-05-27 18:58 - 000000000 ____D C:\Program Files\MPC-HC
    2018-05-27 18:53 - 2018-05-27 18:53 - 000001745 _____ C:\Users\Public\Desktop\MPC-HC x64.lnk
    2018-05-27 18:53 - 2018-05-27 18:53 - 000001745 _____ C:\ProgramData\Desktop\MPC-HC x64.lnk
    2018-05-27 18:53 - 2018-05-27 18:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
    2018-05-27 13:06 - 2018-05-27 13:06 - 000000000 ____D C:\Users\su\AppData\Local\DBG
    2018-05-27 09:55 - 2018-05-27 09:55 - 000000000 ____D C:\Users\su\AppData\Local\PeerDistRepub
    2018-05-27 09:18 - 2018-05-27 09:18 - 000000000 ____D C:\Program Files\Reference Assemblies
    2018-05-27 09:18 - 2018-05-27 09:18 - 000000000 ____D C:\Program Files\MSBuild
    2018-05-27 09:18 - 2018-05-27 09:18 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
    2018-05-27 09:18 - 2018-05-27 09:18 - 000000000 ____D C:\Program Files (x86)\MSBuild
    2018-05-27 09:17 - 2018-03-05 16:07 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
    2018-05-27 09:17 - 2018-03-05 16:07 - 000103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2018-05-27 09:17 - 2018-03-05 16:07 - 000035456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
    2018-05-27 09:17 - 2018-02-14 16:21 - 001166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
    2018-05-27 09:17 - 2018-02-14 16:21 - 000124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2018-05-27 09:17 - 2018-02-14 16:21 - 000035456 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2018-05-27 09:16 - 2018-05-27 09:16 - 000000000 ____D C:\Users\su\Documents\Battlefield 1
    2018-05-27 09:14 - 2018-05-27 09:14 - 000000824 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraISOPortable.lnk
    2018-05-27 09:14 - 2018-05-27 09:14 - 000000756 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
    2018-05-27 09:13 - 2018-05-27 09:13 - 000000936 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\qBittorrentPortable.lnk
    2018-05-27 09:13 - 2018-05-27 09:13 - 000000919 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RevoUPort.lnk
    2018-05-27 09:13 - 2018-05-27 09:13 - 000000860 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mkvtoolnix-gui.lnk
    2018-05-27 09:13 - 2018-05-27 09:13 - 000000825 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SubRip.lnk
    2018-05-27 09:13 - 2018-05-27 09:13 - 000000777 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HWiNFO64.lnk
    2018-05-27 09:13 - 2018-05-27 09:13 - 000000768 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tcpview.lnk
    2018-05-27 09:12 - 2018-05-27 09:12 - 000000959 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CustomDesktopLogo.lnk
    2018-05-27 09:12 - 2018-05-27 09:12 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2018-05-27 09:12 - 2018-05-27 09:12 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
    2018-05-27 09:12 - 2018-05-27 09:12 - 000000000 ____D C:\Program Files\Realtek
    2018-05-27 09:12 - 2017-06-29 18:55 - 013122576 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 012988336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 006410088 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV3apo.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 005938904 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 005593608 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 003509256 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 003507688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 003410832 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 003299816 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 003122656 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 003092336 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 002190976 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 001435136 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 001382232 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 001347136 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 001337640 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 001016928 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000984912 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000965024 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000923736 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000877424 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000873456 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000868176 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000866640 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000852128 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000737960 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000691680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000677664 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000604792 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000532376 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000525768 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000467152 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000447712 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000387312 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000381408 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000343704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000341144 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000341144 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000231912 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000221960 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000214832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000209528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000192976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000166200 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000158696 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000151784 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000134200 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000110976 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000090912 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000088344 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000088312 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000084608 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000083624 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000075536 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 010536152 _____ (Intel Corporation) C:\Windows\system32\IntelSSTAPO.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 004059960 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 002291304 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 001780616 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 001591056 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 001422920 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 001334376 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 001213656 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 001166152 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000999848 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000727432 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000708312 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000680544 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000678176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000618184 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000514520 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000500552 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000428224 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000406448 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2APIPCLL.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000366120 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000360344 _____ (Harman) C:\Windows\system32\HMClariFi.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000330552 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000203840 _____ (Harman) C:\Windows\system32\HMHVS.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000190928 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000190928 _____ (Harman) C:\Windows\system32\HMEQ.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000179592 _____ (Harman) C:\Windows\system32\HMLimiter.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 005346992 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 002444680 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 001965808 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 001959600 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 001616680 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 001554600 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOProp.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 001529136 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64Proxy.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 001508928 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 001326424 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOv251.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 001170872 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOvlldp.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 000743960 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 000504304 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 000445392 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 000441264 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 000362048 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 000327448 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 000310416 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 000272712 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 000253896 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 000253864 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 000252872 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
    2018-05-27 09:12 - 2017-06-29 18:52 - 005826560 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
    2018-05-27 09:12 - 2017-06-29 18:52 - 003677160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
    2018-05-27 09:12 - 2017-06-29 18:52 - 003205120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
    2018-05-27 09:12 - 2017-06-29 18:52 - 002110592 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
    2018-05-27 09:12 - 2017-06-29 18:52 - 000574752 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
    2018-05-27 09:12 - 2017-06-29 18:52 - 000258856 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
    2018-05-27 09:12 - 2017-06-29 18:52 - 000118592 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 072520712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
    2018-05-27 09:12 - 2017-06-29 18:51 - 014057248 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 007172912 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 007096184 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 006264632 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 002210304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 002050176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 001186832 _____ (Intel Corporation) C:\Windows\system32\IntelSstCApoPropPage.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 001133064 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 001003856 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 000931616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 000416504 _____ (Harman) C:\Windows\system32\HMUI.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 000378384 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 000154360 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 000023688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
    2018-05-27 09:12 - 2017-06-29 18:50 - 000122320 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
    2018-05-27 09:12 - 2017-06-29 18:50 - 000118584 _____ C:\Windows\system32\AcpiServiceVnA64.dll
    2018-05-27 09:12 - 2017-06-29 18:50 - 000105304 _____ C:\Windows\system32\audioLibVc.dll
    2018-05-27 09:12 - 2017-06-29 03:05 - 012334923 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
    2018-05-27 09:12 - 2017-06-29 03:05 - 005804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
    2018-05-27 09:12 - 2017-06-29 03:05 - 001920870 _____ C:\Windows\system32\Drivers\rtkSSTsetting.dat
    2018-05-27 09:10 - 2018-05-27 09:10 - 000000000 ____D C:\Program Files (x86)\Realtek
    2018-05-27 09:05 - 2018-05-27 09:05 - 000000000 ____D C:\ProgramData\Electronic Arts
    2018-05-27 08:59 - 2018-05-29 03:42 - 000000000 ____D C:\Users\su\AppData\Local\IsolatedStorage
    2018-05-27 08:59 - 2018-05-27 08:59 - 000001402 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\1Password 6.lnk
    2018-05-27 08:59 - 2018-05-27 08:59 - 000000000 ____D C:\Users\su\AppData\Local\1password
    2018-05-27 07:58 - 2018-05-27 07:58 - 000001243 _____ C:\Users\Public\Desktop\Battlefield 1.lnk
    2018-05-27 07:58 - 2018-05-27 07:58 - 000001243 _____ C:\ProgramData\Desktop\Battlefield 1.lnk
    2018-05-27 07:58 - 2018-05-27 07:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1
    2018-05-27 07:47 - 2018-05-27 09:13 - 000000000 ____D C:\Windows\system32\DAX3
    2018-05-27 07:47 - 2018-05-27 09:13 - 000000000 ____D C:\Windows\system32\DAX2
    2018-05-27 07:47 - 2018-05-27 07:47 - 000000000 ____H C:\ProgramData\DP45977C.lfl
    2018-05-27 07:47 - 2016-09-22 14:55 - 002839520 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
    2018-05-27 07:40 - 2018-05-27 07:40 - 000000000 ____D C:\Program Files (x86)\Origin Games
    2018-05-27 07:39 - 2018-05-27 07:39 - 000001142 _____ C:\Users\Public\Desktop\My LastPass Vault.lnk
    2018-05-27 07:39 - 2018-05-27 07:39 - 000001142 _____ C:\ProgramData\Desktop\My LastPass Vault.lnk
    2018-05-27 07:39 - 2018-05-27 07:39 - 000000000 ____D C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
    2018-05-27 07:39 - 2018-05-27 07:39 - 000000000 ____D C:\Users\su\AppData\LocalLow\LastPass
    2018-05-27 07:39 - 2018-05-27 07:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
    2018-05-27 07:39 - 2018-05-27 07:39 - 000000000 ____D C:\Program Files (x86)\LastPass
    2018-05-27 07:36 - 2018-05-29 04:43 - 000000000 ____D C:\Users\su\AppData\Local\D3DSCache
    2018-05-27 07:36 - 2018-05-27 07:36 - 000001062 _____ C:\Users\Public\Desktop\Origin.lnk
    2018-05-27 07:36 - 2018-05-27 07:36 - 000001062 _____ C:\ProgramData\Desktop\Origin.lnk
    2018-05-27 07:36 - 2018-05-27 07:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
    2018-05-27 07:36 - 2018-05-27 07:36 - 000000000 ____D C:\Program Files (x86)\Origin
    2018-05-27 07:35 - 2018-05-29 17:29 - 000000000 ____D C:\Users\su\AppData\Roaming\IDM
    2018-05-27 07:35 - 2018-05-29 04:54 - 000000000 ____D C:\Users\su\AppData\Roaming\DMCache
    2018-05-27 07:35 - 2018-05-29 04:41 - 000000000 ____D C:\Users\su\Downloads\Compressed
    2018-05-27 07:35 - 2018-05-28 19:42 - 000000000 ____D C:\Users\su\Downloads\Video
    2018-05-27 07:35 - 2018-05-27 07:35 - 000001078 _____ C:\Users\su\Desktop\Internet Download Manager.lnk
    2018-05-27 07:35 - 2018-05-27 07:35 - 000000000 ____D C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    2018-05-27 07:35 - 2018-05-27 07:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    2018-05-27 07:35 - 2018-05-27 07:35 - 000000000 ____D C:\ProgramData\IDM
    2018-05-27 07:35 - 2018-05-27 07:35 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
    2018-05-27 07:34 - 2018-05-29 17:36 - 000000000 ____D C:\Users\su\AppData\Roaming\Origin
    2018-05-27 07:34 - 2018-05-29 17:36 - 000000000 ____D C:\ProgramData\Origin
    2018-05-27 07:34 - 2018-05-27 07:40 - 000000000 ____D C:\Users\su\AppData\Local\Origin
    2018-05-27 07:34 - 2018-05-27 07:34 - 000000000 ____D C:\Users\su\.QtWebEngineProcess
    2018-05-27 07:34 - 2018-05-27 07:34 - 000000000 ____D C:\Users\su\.Origin
    2018-05-27 07:33 - 2018-05-29 04:18 - 000000000 ____D C:\Users\su\Desktop\User Data
    2018-05-27 07:33 - 2018-05-28 19:56 - 000002292 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2018-05-27 07:33 - 2018-05-28 19:56 - 000002292 _____ C:\ProgramData\Desktop\Google Chrome.lnk
    2018-05-27 07:33 - 2018-05-27 09:41 - 000000000 ____D C:\Users\su\AppData\Local\Google
    2018-05-27 07:33 - 2018-05-27 07:33 - 000003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2018-05-27 07:33 - 2018-05-27 07:33 - 000003382 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2018-05-27 07:33 - 2018-05-27 07:33 - 000002369 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-05-27 07:33 - 2018-05-27 07:33 - 000000000 ____D C:\Program Files (x86)\Google
    2018-05-26 17:16 - 2018-05-26 16:20 - 000000000 ____D C:\Windows\Panther
    2018-05-26 16:44 - 2018-05-26 16:44 - 000000000 ____D C:\Users\su\AppData\Local\Comms
    2018-05-26 16:34 - 2018-05-21 02:45 - 000308408 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2018-05-26 16:34 - 2018-05-21 02:45 - 000094104 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2018-05-26 16:34 - 2018-05-21 02:43 - 021389360 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2018-05-26 16:34 - 2018-05-21 02:42 - 001649760 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
    2018-05-26 16:34 - 2018-05-21 02:42 - 001634808 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
    2018-05-26 16:34 - 2018-05-21 02:42 - 000759192 _____ (Microsoft Corporation) C:\Windows\system32\LicensingWinRT.dll
    2018-05-26 16:34 - 2018-05-21 02:27 - 012712960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2018-05-26 16:34 - 2018-05-21 02:27 - 000584192 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
    2018-05-26 16:34 - 2018-05-21 02:26 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\rasplap.dll
    2018-05-26 16:34 - 2018-05-21 02:24 - 002084864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2018-05-26 16:34 - 2018-05-21 02:24 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\rdpshell.exe
    2018-05-26 16:34 - 2018-05-21 02:23 - 004070400 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2018-05-26 16:34 - 2018-05-21 02:23 - 003655168 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
    2018-05-26 16:34 - 2018-05-21 02:23 - 000947712 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
    2018-05-26 16:34 - 2018-05-21 02:23 - 000899072 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
    2018-05-26 16:34 - 2018-05-21 02:23 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\rdpinit.exe
    2018-05-26 16:34 - 2018-05-21 02:22 - 001665024 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
    2018-05-26 16:34 - 2018-05-21 02:22 - 001292288 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe
    2018-05-26 16:34 - 2018-05-21 02:22 - 000941056 _____ (Microsoft Corporation) C:\Windows\system32\rasdlg.dll
    2018-05-26 16:34 - 2018-05-21 02:22 - 000804352 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
    2018-05-26 16:34 - 2018-05-21 01:20 - 000022936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hvsicontainerservice.dll
    2018-05-26 16:34 - 2018-05-21 01:17 - 001454024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
    2018-05-26 16:34 - 2018-05-21 01:15 - 000653208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicensingWinRT.dll
    2018-05-26 16:34 - 2018-05-21 01:14 - 020383712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2018-05-26 16:34 - 2018-05-21 01:14 - 001490144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
    2018-05-26 16:34 - 2018-05-21 01:03 - 011903488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2018-05-26 16:34 - 2018-05-21 01:02 - 000461312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasplap.dll
    2018-05-26 16:34 - 2018-05-21 01:00 - 002896896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
    2018-05-26 16:34 - 2018-05-21 01:00 - 000864768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
    2018-05-26 16:34 - 2018-05-21 00:59 - 002016256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2018-05-26 16:34 - 2018-05-21 00:59 - 000863232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdlg.dll
    2018-05-26 16:34 - 2018-05-21 00:59 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
    2018-05-26 16:34 - 2018-05-20 23:59 - 023862784 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
    2018-05-26 16:34 - 2018-05-20 23:45 - 001271296 _____ (Microsoft Corporation) C:\Windows\system32\HoloSI.PCShell.dll
    2018-05-26 16:34 - 2018-05-20 23:39 - 000944640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Mirage.Internal.dll
    2018-05-26 16:34 - 2018-05-20 23:39 - 000788480 _____ (Microsoft Corporation) C:\Windows\system32\DHolographicDisplay.dll
    2018-05-26 16:34 - 2018-05-20 23:35 - 000677376 _____ (Microsoft Corporation) C:\Windows\system32\HeadTrackerStorage.dll
    2018-05-26 16:34 - 2018-05-20 23:34 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\HoloShellRuntime.dll
    2018-05-26 16:34 - 2018-05-20 22:04 - 000658432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
    2018-05-26 16:34 - 2018-05-20 21:54 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\HoloShellRuntime.dll
    2018-05-26 16:34 - 2018-05-20 19:36 - 000613144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
    2018-05-26 16:34 - 2018-05-20 19:33 - 000748504 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
    2018-05-26 16:34 - 2018-05-20 19:33 - 000707480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
    2018-05-26 16:34 - 2018-05-20 19:33 - 000105368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
    2018-05-26 16:34 - 2018-05-20 19:01 - 001140576 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2018-05-26 16:34 - 2018-05-20 19:01 - 000983008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2018-05-26 16:34 - 2018-05-20 18:59 - 000269224 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave_secure.dll
    2018-05-26 16:34 - 2018-05-20 18:58 - 000272288 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave.dll
    2018-05-26 16:34 - 2018-05-20 18:55 - 001456616 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2018-05-26 16:34 - 2018-05-20 18:55 - 001174424 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
    2018-05-26 16:34 - 2018-05-20 18:55 - 001063320 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
    2018-05-26 16:34 - 2018-05-20 18:55 - 000567176 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
    2018-05-26 16:34 - 2018-05-20 18:55 - 000193936 _____ (Microsoft Corporation) C:\Windows\system32\skci.dll
    2018-05-26 16:34 - 2018-05-20 18:54 - 002564984 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
    2018-05-26 16:34 - 2018-05-20 18:54 - 001800080 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
    2018-05-26 16:34 - 2018-05-20 18:54 - 001017056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
    2018-05-26 16:34 - 2018-05-20 18:54 - 001012120 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
    2018-05-26 16:34 - 2018-05-20 18:54 - 000722288 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2018-05-26 16:34 - 2018-05-20 18:54 - 000170904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2018-05-26 16:34 - 2018-05-20 18:53 - 006816848 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
    2018-05-26 16:34 - 2018-05-20 18:53 - 004402768 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
    2018-05-26 16:34 - 2018-05-20 18:53 - 002836376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2018-05-26 16:34 - 2018-05-20 18:53 - 002371392 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2018-05-26 16:34 - 2018-05-20 18:53 - 002178136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
    2018-05-26 16:34 - 2018-05-20 18:53 - 001947808 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2018-05-26 16:34 - 2018-05-20 18:53 - 001258280 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2018-05-26 16:34 - 2018-05-20 18:53 - 001017088 _____ (Microsoft Corporation) C:\Windows\system32\DolbyDecMFT.dll
    2018-05-26 16:34 - 2018-05-20 18:53 - 001012408 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
    2018-05-26 16:34 - 2018-05-20 18:53 - 000792984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
    2018-05-26 16:34 - 2018-05-20 18:53 - 000709824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2018-05-26 16:34 - 2018-05-20 18:53 - 000131232 _____ (Microsoft Corporation) C:\Windows\system32\rmclient.dll
    2018-05-26 16:34 - 2018-05-20 18:53 - 000088472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
    2018-05-26 16:34 - 2018-05-20 18:52 - 009159064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2018-05-26 16:34 - 2018-05-20 18:52 - 007519992 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 007436632 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 003283400 _____ (Microsoft Corporation) C:\Windows\system32\CoreUIComponents.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 002753040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 001209792 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 001148800 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 001097648 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 000885848 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 000735560 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 000713368 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 000416120 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 000413080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2018-05-26 16:34 - 2018-05-20 18:52 - 000347704 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 000130456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvsocket.sys
    2018-05-26 16:34 - 2018-05-20 18:52 - 000089984 _____ (Microsoft Corporation) C:\Windows\system32\CompPkgSup.dll
    2018-05-26 16:34 - 2018-05-20 18:35 - 025844224 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
    2018-05-26 16:34 - 2018-05-20 18:35 - 000861608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
    2018-05-26 16:34 - 2018-05-20 18:34 - 016592384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
    2018-05-26 16:34 - 2018-05-20 18:34 - 001462288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
    2018-05-26 16:34 - 2018-05-20 18:34 - 000861096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DolbyDecMFT.dll
    2018-05-26 16:34 - 2018-05-20 18:33 - 002331576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
    2018-05-26 16:34 - 2018-05-20 18:33 - 001665920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
    2018-05-26 16:34 - 2018-05-20 18:33 - 001011968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2018-05-26 16:34 - 2018-05-20 18:33 - 000457144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
    2018-05-26 16:34 - 2018-05-20 18:33 - 000101288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rmclient.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 006567904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 006527568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 006044104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 004787960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 002536056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 002486984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreUIComponents.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 002242208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 001559368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 001034096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 000988128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 000567144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 000560488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 000286200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 000077040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CompPkgSup.dll
    2018-05-26 16:34 - 2018-05-20 18:31 - 001456640 _____ (Microsoft Corporation) C:\Windows\system32\WpcDesktopMonSvc.dll
    2018-05-26 16:34 - 2018-05-20 18:30 - 022709248 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2018-05-26 16:34 - 2018-05-20 18:30 - 008188928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
    2018-05-26 16:34 - 2018-05-20 18:29 - 000185344 _____ (Microsoft Corporation) C:\Windows\system32\InstallServiceTasks.dll
    2018-05-26 16:34 - 2018-05-20 18:28 - 004706816 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
    2018-05-26 16:34 - 2018-05-20 18:28 - 004372480 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
    2018-05-26 16:34 - 2018-05-20 18:28 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
    2018-05-26 16:34 - 2018-05-20 18:28 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\AppHostRegistrationVerifier.exe
    2018-05-26 16:34 - 2018-05-20 18:28 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2018-05-26 16:34 - 2018-05-20 18:27 - 000344576 _____ (Microsoft Corporation) C:\Windows\system32\RasMediaManager.dll
    2018-05-26 16:34 - 2018-05-20 18:27 - 000295424 _____ (Microsoft Corporation) C:\Windows\system32\FSClient.dll
    2018-05-26 16:34 - 2018-05-20 18:27 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\ApiSetHost.AppExecutionAlias.dll
    2018-05-26 16:34 - 2018-05-20 18:26 - 003392512 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
    2018-05-26 16:34 - 2018-05-20 18:26 - 003389952 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
    2018-05-26 16:34 - 2018-05-20 18:26 - 001307648 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
    2018-05-26 16:34 - 2018-05-20 18:26 - 000356352 _____ (Microsoft Corporation) C:\Windows\system32\dafWfdProvider.dll
    2018-05-26 16:34 - 2018-05-20 18:26 - 000266752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2018-05-26 16:34 - 2018-05-20 18:26 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\wevtutil.exe
    2018-05-26 16:34 - 2018-05-20 18:26 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
    2018-05-26 16:34 - 2018-05-20 18:26 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\TelephonyInteractiveUser.dll
    2018-05-26 16:34 - 2018-05-20 18:26 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\MSHEIF.dll
    2018-05-26 16:34 - 2018-05-20 18:25 - 022001664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
    2018-05-26 16:34 - 2018-05-20 18:25 - 004867072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2018-05-26 16:34 - 2018-05-20 18:25 - 004563968 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
    2018-05-26 16:34 - 2018-05-20 18:25 - 000835584 _____ (Microsoft Corporation) C:\Windows\system32\PhoneService.dll
    2018-05-26 16:34 - 2018-05-20 18:25 - 000384000 _____ (Microsoft Corporation) C:\Windows\system32\Phoneutil.dll
    2018-05-26 16:34 - 2018-05-20 18:24 - 007582720 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
    2018-05-26 16:34 - 2018-05-20 18:24 - 003320320 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
    2018-05-26 16:34 - 2018-05-20 18:24 - 001767936 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2018-05-26 16:34 - 2018-05-20 18:24 - 001485312 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
    2018-05-26 16:34 - 2018-05-20 18:24 - 000898560 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
    2018-05-26 16:34 - 2018-05-20 18:24 - 000894464 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
    2018-05-26 16:34 - 2018-05-20 18:24 - 000813568 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
    2018-05-26 16:34 - 2018-05-20 18:24 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2018-05-26 16:34 - 2018-05-20 18:24 - 000625152 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
    2018-05-26 16:34 - 2018-05-20 18:24 - 000234496 _____ (Microsoft Corporation) C:\Windows\system32\DolbyMATEnc.dll
    2018-05-26 16:34 - 2018-05-20 18:23 - 013873152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
    2018-05-26 16:34 - 2018-05-20 18:23 - 005951488 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
    2018-05-26 16:34 - 2018-05-20 18:23 - 002366976 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
    2018-05-26 16:34 - 2018-05-20 18:23 - 002364928 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
    2018-05-26 16:34 - 2018-05-20 18:23 - 001318400 _____ (Microsoft Corporation) C:\Windows\system32\ISM.dll
    2018-05-26 16:34 - 2018-05-20 18:23 - 000933376 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
    2018-05-26 16:34 - 2018-05-20 18:23 - 000932352 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
    2018-05-26 16:34 - 2018-05-20 18:23 - 000847360 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
    2018-05-26 16:34 - 2018-05-20 18:22 - 003440640 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2018-05-26 16:34 - 2018-05-20 18:22 - 001817088 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2018-05-26 16:34 - 2018-05-20 18:22 - 000871424 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.BackgroundMediaPlayback.dll
    2018-05-26 16:34 - 2018-05-20 18:22 - 000869376 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
    2018-05-26 16:34 - 2018-05-20 18:22 - 000684544 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
    2018-05-26 16:34 - 2018-05-20 18:21 - 002236928 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
    2018-05-26 16:34 - 2018-05-20 18:21 - 001371136 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
    2018-05-26 16:34 - 2018-05-20 18:21 - 001303040 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
    2018-05-26 16:34 - 2018-05-20 18:21 - 001210880 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
    2018-05-26 16:34 - 2018-05-20 18:21 - 001033728 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
    2018-05-26 16:34 - 2018-05-20 18:21 - 000960512 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
    2018-05-26 16:34 - 2018-05-20 18:21 - 000849408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Playback.MediaPlayer.dll
    2018-05-26 16:34 - 2018-05-20 18:21 - 000783360 _____ (Microsoft Corporation) C:\Windows\system32\DolbyHrtfEnc.dll
    2018-05-26 16:34 - 2018-05-20 18:21 - 000775680 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2018-05-26 16:34 - 2018-05-20 18:21 - 000652800 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
    2018-05-26 16:34 - 2018-05-20 18:21 - 000505344 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
    2018-05-26 16:34 - 2018-05-20 18:21 - 000401920 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
    2018-05-26 16:34 - 2018-05-20 18:18 - 019399168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2018-05-26 16:34 - 2018-05-20 18:17 - 002961408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
    2018-05-26 16:34 - 2018-05-20 18:17 - 002699776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
    2018-05-26 16:34 - 2018-05-20 18:16 - 006661120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
    2018-05-26 16:34 - 2018-05-20 18:16 - 000239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FSClient.dll
    2018-05-26 16:34 - 2018-05-20 18:16 - 000094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
    2018-05-26 16:34 - 2018-05-20 18:16 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ApiSetHost.AppExecutionAlias.dll
    2018-05-26 16:34 - 2018-05-20 18:16 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2018-05-26 16:34 - 2018-05-20 18:15 - 004336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
    2018-05-26 16:34 - 2018-05-20 18:15 - 003712000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2018-05-26 16:34 - 2018-05-20 18:15 - 002900480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
    2018-05-26 16:34 - 2018-05-20 18:15 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallServiceTasks.dll
    2018-05-26 16:34 - 2018-05-20 18:15 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSHEIF.dll
    2018-05-26 16:34 - 2018-05-20 18:14 - 005782528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
    2018-05-26 16:34 - 2018-05-20 18:14 - 001295360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
    2018-05-26 16:34 - 2018-05-20 18:14 - 000331264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
    2018-05-26 16:34 - 2018-05-20 18:14 - 000167936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtutil.exe
    2018-05-26 16:34 - 2018-05-20 18:13 - 004929024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
    2018-05-26 16:34 - 2018-05-20 18:13 - 000646656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
    2018-05-26 16:34 - 2018-05-20 18:13 - 000630784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
    2018-05-26 16:34 - 2018-05-20 18:13 - 000615424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
    2018-05-26 16:34 - 2018-05-20 18:13 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
    2018-05-26 16:34 - 2018-05-20 18:13 - 000317440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Phoneutil.dll
    2018-05-26 16:34 - 2018-05-20 18:12 - 003014656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2018-05-26 16:34 - 2018-05-20 18:12 - 001636352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2018-05-26 16:34 - 2018-05-20 18:12 - 001348096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
    2018-05-26 16:34 - 2018-05-20 18:12 - 000992768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Vpn.dll
    2018-05-26 16:34 - 2018-05-20 18:12 - 000860160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
    2018-05-26 16:34 - 2018-05-20 18:12 - 000619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
    2018-05-26 16:34 - 2018-05-20 18:11 - 001108992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
    2018-05-26 16:34 - 2018-05-20 18:11 - 001036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
    2018-05-26 16:34 - 2018-05-20 18:11 - 001005568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
    2018-05-26 16:34 - 2018-05-20 18:11 - 000669184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2018-05-26 16:34 - 2018-05-20 18:11 - 000648192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
    2018-05-26 16:34 - 2018-05-20 18:11 - 000528384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActivationManager.dll
    2018-05-26 16:34 - 2018-05-20 17:07 - 000001310 _____ C:\Windows\system32\tcbres.wim
    2018-05-26 16:34 - 2018-05-20 15:26 - 000018716 _____ C:\Windows\system32\srms-apr.dat
    2018-05-26 16:34 - 2018-05-19 00:08 - 000018716 _____ C:\Windows\SysWOW64\srms-apr.dat
    2018-05-26 16:34 - 2018-04-28 21:25 - 000652184 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
    2018-05-26 16:34 - 2018-04-28 21:24 - 000749976 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
    2018-05-26 16:34 - 2018-04-28 21:23 - 000826776 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe
    2018-05-26 16:34 - 2018-04-28 21:23 - 000399768 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
    2018-05-26 16:34 - 2018-04-28 21:03 - 013570560 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2018-05-26 16:34 - 2018-04-28 21:03 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
    2018-05-26 16:34 - 2018-04-28 21:03 - 000150528 _____ (Microsoft Corporation) C:\Windows\system32\SharedPCCSP.dll
    2018-05-26 16:34 - 2018-04-28 21:02 - 008623104 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2018-05-26 16:34 - 2018-04-28 21:01 - 000256000 _____ (Microsoft Corporation) C:\Windows\system32\MixedReality.Broker.dll
    2018-05-26 16:34 - 2018-04-28 21:00 - 000695296 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
    2018-05-26 16:34 - 2018-04-28 20:59 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2018-05-26 16:34 - 2018-04-28 20:58 - 001855488 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2018-05-26 16:34 - 2018-04-28 20:58 - 000758272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2018-05-26 16:34 - 2018-04-28 20:18 - 000150016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
    2018-05-26 16:34 - 2018-04-28 20:17 - 012500992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2018-05-26 16:34 - 2018-04-28 20:16 - 007987712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2018-05-26 16:34 - 2018-04-28 20:14 - 000668672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2018-05-26 16:34 - 2018-04-28 20:14 - 000581120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
    2018-05-26 16:34 - 2018-04-28 20:14 - 000344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2018-05-26 16:34 - 2018-04-28 20:13 - 001585664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2018-05-26 16:34 - 2018-04-28 20:12 - 001380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
    2018-05-26 16:34 - 2018-04-28 18:17 - 019525120 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
    2018-05-26 16:34 - 2018-04-28 17:58 - 000976384 _____ (Microsoft Corporation) C:\Windows\system32\Spectrum.exe
    2018-05-26 16:34 - 2018-04-28 17:58 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.Analog.dll
    2018-05-26 16:34 - 2018-04-28 11:37 - 001034624 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
    2018-05-26 16:34 - 2018-04-28 11:31 - 000473496 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
    2018-05-26 16:34 - 2018-04-28 11:29 - 001565592 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
    2018-05-26 16:34 - 2018-04-28 11:29 - 000788216 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2018-05-26 16:34 - 2018-04-28 11:29 - 000776880 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2018-05-26 16:34 - 2018-04-28 11:29 - 000494488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
    2018-05-26 16:34 - 2018-04-28 11:29 - 000382872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
    2018-05-26 16:34 - 2018-04-28 11:29 - 000134552 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
    2018-05-26 16:34 - 2018-04-28 11:27 - 002422168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2018-05-26 16:34 - 2018-04-28 11:27 - 001191168 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2018-05-26 16:34 - 2018-04-28 11:27 - 000604568 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
    2018-05-26 16:34 - 2018-04-28 11:14 - 000434584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
    2018-05-26 16:34 - 2018-04-28 11:13 - 001426328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
    2018-05-26 16:34 - 2018-04-28 11:13 - 000786168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2018-05-26 16:34 - 2018-04-28 11:13 - 000665320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2018-05-26 16:34 - 2018-04-28 11:12 - 000606448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2018-05-26 16:34 - 2018-04-28 11:03 - 000585728 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs3.dll
    2018-05-26 16:34 - 2018-04-28 11:03 - 000444416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs1.dll
    2018-05-26 16:34 - 2018-04-28 11:03 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.th.dll
    2018-05-26 16:34 - 2018-04-28 11:03 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.win81.dll
    2018-05-26 16:34 - 2018-04-28 11:02 - 000613376 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs4.dll
    2018-05-26 16:34 - 2018-04-28 11:02 - 000474624 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs2.dll
    2018-05-26 16:34 - 2018-04-28 11:02 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
    2018-05-26 16:34 - 2018-04-28 11:02 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.win8rtm.dll
    2018-05-26 16:34 - 2018-04-28 11:02 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\wcimage.dll
    2018-05-26 16:34 - 2018-04-28 11:01 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2018-05-26 16:34 - 2018-04-28 11:00 - 000143360 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2018-05-26 16:34 - 2018-04-28 10:59 - 000553984 _____ (Microsoft Corporation) C:\Windows\system32\PerceptionSimulationExtensions.dll
    2018-05-26 16:34 - 2018-04-28 10:58 - 003086336 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2018-05-26 16:34 - 2018-04-28 10:57 - 002170368 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
    2018-05-26 16:34 - 2018-04-28 10:57 - 001534976 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2018-05-26 16:34 - 2018-04-28 10:57 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2018-05-26 16:34 - 2018-04-28 10:56 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2018-05-26 16:34 - 2018-04-28 10:56 - 001550848 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
    2018-05-26 16:34 - 2018-04-28 10:56 - 000917504 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2018-05-26 16:34 - 2018-04-28 10:55 - 001586176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2018-05-26 16:34 - 2018-04-28 10:55 - 001421312 _____ (Microsoft Corporation) C:\Windows\system32\rdpbase.dll
    2018-05-26 16:34 - 2018-04-28 10:55 - 001160192 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
    2018-05-26 16:34 - 2018-04-28 10:55 - 000596480 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
    2018-05-26 16:34 - 2018-04-28 10:55 - 000543744 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2018-05-26 16:34 - 2018-04-28 10:54 - 000561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2018-05-26 16:34 - 2018-04-28 10:53 - 001235968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpbase.dll
    2018-05-26 16:34 - 2018-04-28 10:53 - 000117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2018-05-26 16:34 - 2018-04-28 10:52 - 000836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2018-05-26 16:34 - 2018-04-28 10:51 - 001466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2018-05-26 16:34 - 2018-04-28 10:51 - 000524800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2018-05-26 16:34 - 2018-04-28 09:43 - 001953280 _____ C:\Windows\system32\rdpnano.dll
    2018-05-26 16:33 - 2018-05-26 16:33 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
    2018-05-26 16:33 - 2018-05-26 16:33 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2018-05-26 16:33 - 2018-05-26 16:33 - 000000000 ____D C:\Windows\system32\MRT
    2018-05-26 16:33 - 2018-05-26 16:33 - 000000000 ____D C:\Users\su\AppData\Roaming\NVIDIA
    2018-05-26 16:33 - 2018-05-26 16:32 - 000548000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2018-05-26 16:30 - 2018-05-29 17:35 - 000000000 ____D C:\ProgramData\NVIDIA
    2018-05-26 16:30 - 2018-05-29 09:20 - 000000000 ____D C:\Users\su\AppData\Roaming\nhm2
    2018-05-26 16:30 - 2018-05-29 04:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
    2018-05-26 16:30 - 2018-05-29 04:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2018-05-26 16:30 - 2018-05-29 03:59 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
    2018-05-26 16:30 - 2018-05-27 07:36 - 000000000 ____D C:\ProgramData\Package Cache
    2018-05-26 16:30 - 2018-05-26 16:30 - 000002452 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NiceHash Miner 2.lnk
    2018-05-26 16:30 - 2018-05-26 16:30 - 000002444 _____ C:\Users\su\Desktop\NiceHash Miner 2.lnk
    2018-05-26 16:30 - 2018-05-26 16:30 - 000000000 ____D C:\Users\su\AppData\Roaming\NiceHash Miner 2
    2018-05-26 16:30 - 2018-05-24 01:22 - 000552480 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
    2018-05-26 16:30 - 2018-05-23 02:58 - 002612520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
    2018-05-26 16:30 - 2018-05-23 02:57 - 005947328 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2018-05-26 16:30 - 2018-05-23 02:57 - 001767360 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
    2018-05-26 16:30 - 2018-05-23 02:57 - 000633984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
    2018-05-26 16:30 - 2018-05-23 02:57 - 000450960 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
    2018-05-26 16:30 - 2018-05-23 02:57 - 000124200 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2018-05-26 16:30 - 2018-05-23 02:57 - 000083240 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
    2018-05-26 16:30 - 2018-05-22 13:43 - 008186102 _____ C:\Windows\system32\nvcoproc.bin
    2018-05-26 16:30 - 2018-05-14 23:01 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
    2018-05-26 16:28 - 2018-05-29 02:22 - 000000000 ____D C:\Users\su\AppData\Local\PlaceholderTileLogoFolder
    2018-05-26 16:28 - 2018-05-26 16:28 - 000001417 _____ C:\Users\su\Desktop\Microsoft Edge.lnk
    2018-05-26 16:28 - 2018-05-26 16:28 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
    2018-05-26 16:27 - 2018-05-29 17:31 - 000000000 ____D C:\Users\su
    2018-05-26 16:27 - 2018-05-29 16:54 - 000000000 ____D C:\Users\su\AppData\Local\Packages
    2018-05-26 16:27 - 2018-05-29 04:35 - 000000000 ____D C:\Users\su\AppData\Local\ConnectedDevicesPlatform
    2018-05-26 16:27 - 2018-05-29 02:21 - 000000000 ____D C:\Users\su\AppData\Local\Publishers
    2018-05-26 16:27 - 2018-05-29 00:43 - 000000000 ____D C:\Users\su\AppData\Local\VirtualStore
    2018-05-26 16:27 - 2018-05-27 07:29 - 000000000 __RHD C:\Users\Public\AccountPictures
    2018-05-26 16:27 - 2018-05-27 07:29 - 000000000 ___RD C:\Users\su\3D Objects
    2018-05-26 16:27 - 2018-05-26 16:27 - 000000000 ____D C:\Users\su\AppData\Local\MicrosoftEdge
    2018-05-26 16:26 - 2018-05-26 16:26 - 000000000 ____D C:\ProgramData\Razer
    2018-05-26 16:26 - 2018-05-26 16:26 - 000000000 ____D C:\Program Files (x86)\Razer
    2018-05-26 16:25 - 2018-05-29 04:40 - 000838560 _____ C:\Windows\system32\PerfStringBackup.INI
    2018-05-26 16:23 - 2018-05-26 16:23 - 000000000 ____D C:\Windows\CSC
    2018-05-26 16:23 - 2018-05-26 16:23 - 000000000 ____D C:\ProgramData\USOShared
    2018-05-26 16:23 - 2018-04-12 06:33 - 002752000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
    2018-05-26 16:19 - 2018-05-29 17:35 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2018-05-26 16:19 - 2018-05-29 17:35 - 000000000 ____D C:\Windows\system32\SleepStudy
    2018-05-26 16:19 - 2018-05-27 07:28 - 000233856 _____ C:\Windows\system32\FNTCACHE.DAT
    2018-05-26 16:19 - 2018-05-26 18:31 - 000000000 ____D C:\Windows\system32\Drivers\wd
    2018-05-26 16:19 - 2018-05-26 16:19 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2018-05-26 16:19 - 2018-05-26 16:19 - 000000000 ____D C:\Windows\ServiceProfiles
    2018-05-16 23:43 - 2018-03-01 21:36 - 000226032 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-05-29 18:39 - 2018-04-12 06:38 - 000000000 ___HD C:\Windows\system32\GroupPolicy
    2018-05-29 17:31 - 2018-04-12 06:36 - 000000000 ____D C:\Windows\INF
    2018-05-29 16:59 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\AppReadiness
    2018-05-29 05:13 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\NDF
    2018-05-29 05:05 - 2018-04-12 06:38 - 000000000 ___HD C:\Windows\ELAMBKUP
    2018-05-29 04:35 - 2018-04-12 04:04 - 000524288 _____ C:\Windows\system32\config\BBI
    2018-05-29 02:12 - 2018-04-12 16:20 - 000000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
    2018-05-28 20:29 - 2018-04-12 06:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-05-27 20:16 - 2018-04-12 06:30 - 000000000 ____D C:\Windows\CbsTemp
    2018-05-27 07:28 - 2018-04-12 16:37 - 000000000 ____D C:\Windows\Containers
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\zu-ZA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\yo-NG
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\xh-ZA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\wo-SN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\vi-VN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\uz-Latn-UZ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ur-PK
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ug-CN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\tt-RU
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\tn-ZA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\tk-TM
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ti-ET
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\tg-Cyrl-TJ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\te-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ta-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\sw-KE
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-RS
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-BA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\sq-AL
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\si-LK
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\sd-Arab-PK
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\rw-RW
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\quz-PE
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\quc-Latn-GT
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\prs-AF
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\pa-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\pa-Arab-PK
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\or-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\nso-ZA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\nn-NO
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ne-NP
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\mt-MT
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\mr-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\mn-MN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ml-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\mk-MK
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\mi-NZ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\lo-LA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\lb-LU
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ky-KG
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ku-Arab-IQ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\kok-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\kn-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\km-KH
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\kk-KZ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ka-GE
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\is-IS
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ig-NG
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\id-ID
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\hy-AM
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ha-Latn-NG
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\gu-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\gd-GB
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ga-IE
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\fil-PH
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\fa-IR
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\chr-CHER-US
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\cy-GB
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ca-ES-valencia
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\bs-Latn-BA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\bn-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\bn-BD
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\be-BY
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\az-Latn-AZ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\as-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\am-ET
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\af-ZA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\zu-ZA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\yo-NG
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\xh-ZA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\wo-SN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\vi-VN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\uz-Latn-UZ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ur-PK
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ug-CN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\tt-RU
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\tn-ZA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\tk-TM
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ti-ET
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\tg-Cyrl-TJ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\te-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\sw-KE
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\sr-Cyrl-RS
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\sr-Cyrl-BA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\sq-AL
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\sd-Arab-PK
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\rw-RW
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\quz-PE
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\quc-Latn-GT
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\prs-AF
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\pa-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\pa-Arab-PK
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\or-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\nso-ZA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\nn-NO
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ne-NP
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\mt-MT
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\mr-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\mn-MN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ml-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\mk-MK
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\mi-NZ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\lo-LA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\lb-LU
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ky-KG
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ku-Arab-IQ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\kok-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\kn-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\km-KH
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\kk-KZ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ka-GE
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\is-IS
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ig-NG
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\id-ID
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\hy-AM
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ha-Latn-NG
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\gu-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\gd-GB
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ga-IE
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\fil-PH
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\fa-IR
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\chr-CHER-US
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\cy-GB
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ca-ES-valencia
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\bs-Latn-BA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\bn-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\bn-BD
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\be-BY
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\az-Latn-AZ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\as-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\af-ZA
    2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\TextInput
    2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\SysWOW64\setup
    2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\ta-in
    2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\si-lk
    2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\setup
    2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\oobe
    2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\appraiser
    2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\am-et
    2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\Provisioning
    2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\bcastdvr
    2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
    2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2018-05-27 04:14 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\appcompat
    2018-05-26 18:31 - 2018-04-12 06:38 - 000000000 ____D C:\Program Files\Windows Defender
    2018-05-26 17:16 - 2018-04-12 06:38 - 000028672 _____ C:\Windows\system32\config\BCD-Template
    2018-05-26 16:30 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\Help
    2018-05-26 16:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\WinBioDatabase
    2018-05-26 16:23 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\spool
    2018-05-26 16:23 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\FxsTmp
    2018-05-26 16:23 - 2018-04-12 06:38 - 000000000 ____D C:\ProgramData\USOPrivate
    2018-05-26 16:19 - 2018-04-12 04:04 - 000032768 _____ C:\Windows\system32\config\ELAM
    2018-05-24 01:22 - 2018-04-12 16:20 - 000456608 _____ (Khronos Group) C:\Windows\SysWOW64\opencl.dll
    2018-05-23 05:00 - 2017-11-09 03:57 - 000044277 _____ C:\Windows\system32\nvinfo.pb
    2018-05-02 04:22 - 2018-04-12 06:41 - 000835064 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2018-05-02 04:22 - 2018-04-12 06:41 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

    Some files in TEMP:
    ====================
    2018-05-29 17:25 - 2018-05-29 05:16 - 011605440 _____ (SurfRight B.V.) C:\Users\su\AppData\Local\Temp\HitmanPro.exe
    2018-05-29 03:59 - 2017-10-27 23:06 - 000370296 _____ (NVIDIA Corporation) C:\Users\su\AppData\Local\Temp\nvStInst.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-05-26 16:19

    ==================== End of FRST.txt ============================

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,545

    Default

    Whats located in this drive
    Trojan.Agent/Gen-Turkojan
    D:\PM\DLCD.UTILITIES\HBCD\PROGRAMS\ANTIDEEPFREEZE4.EXE
    Advanced recovery CD solution similar to Hiren's Boot DVD? - and how long have you had this program on your computer?

    Trojan.Agent/Gen-Foreign
    D:\PM\DLCD.UTILITIES\HBCD\PROGRAMS\EDITHOSTS.EXE
    D:\PM\DLCD.UTILITIES\HBCD\PROGRAMS\TOTALCOMMANDER.EXE
    Trojan.Agent/Gen-Siggen
    D:\PM\DLCD.UTILITIES\HBCD\PROGRAMS\SOFTPERFECTNETWORKSCANNER.EXE
    D:\PM\DLCD.UTILITIES\HBCD\PROGRAMS\TFTPD32.EXE
    Whats been found above are the executable files to run the above program you downloaded to D: drive.


    Couple of things
    It's a false positive or, you downloaded this item from a site that also allowed malware to enter at the same time. But whats strange is, you haven't stated anything wrong with your computer.
    In the scans you ran previously, were there any items found?

    ~~~~~~~~~~~~~~~~~~~~
    Enabling System Restore in Windows 10 and Creating System Restore Point

    --------------------

    Press the Windows Key + R at the same time
    Type sysdm.cpl and hit Enter
    Click System Protection
    Under Protection Settings left click on Local Disk C: (System) to highlight the entry
    Click Configure
    Select Turn on system protection
    Click Apply, then OK
    On the System Properties window Click Create...
    Type SpyBot Help Restore Point then click Create.

    ~~~~~~~~~~~~~~~~`

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    CustomCLSID: HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\su\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\su\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\su\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-3166309138-43010382-2060014392-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
    SearchScopes: HKU\S-1-5-21-3166309138-43010382-2060014392-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
    S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]
    U3 aswMBR; C:\Users\su\AppData\Local\Temp\aswMBR.sys [62728 2018-05-29] () [File not signed] <==== ATTENTION
    U3 aswVmm; C:\Users\su\AppData\Local\Temp\aswVmm.sys [224896 2018-05-29] () <==== ATTENTION
    2018-05-29 17:25 - 2018-05-29 05:16 - 011605440 _____ (SurfRight B.V.) C:\Users\su\AppData\Local\Temp\HitmanPro.exe
    2018-05-29 03:59 - 2017-10-27 23:06 - 000370296 _____ (NVIDIA Corporation) C:\Users\su\AppData\Local\Temp\nvStInst.exe
    Emptytemp:
    End::

    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    RogueKiller
    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply


    In your next reply post
    Fixlog.txt
    RogueKiller
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  7. #7
    Junior Member
    Join Date
    Mar 2018
    Posts
    15

    Default

    My system seems to behave incorrectly at some point in time, which is hard to tell, but it always repeats an infection process including the new operating system reinstallation format. And there are always malicious ips connecting to my system, I monitor which ip is connected, and check it in totalvirus, many of which are malicious ip.

    D:\PM\DLCD.UTILITIES\HBCD\PROGRAMS\ANTIDEEPFREEZE4.EXE It was downloaded and saved to disk D :, which is my data disk. It is a rescue .iso file. I have not run this .iso file since the last operating system reinstall. I had it few months ago.
    Last edited by Juliet; 2018-05-29 at 21:48.

  8. #8
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,545

    Default

    but it always repeats an infection process including the new operating system reinstallation format.
    Are you reloading it from D:\PM\DLCD.UTILITIES\HBCD rescue disk you created?

    If your asking SuperAntiSpyware to remove this and it doesn't or does it return?

    malicious ips connecting to my system, I monitor which ip is connected, and check it in totalvirus, many of which are malicious ip.
    What tool are you using to investigate malicious-ips?

    Something I think that would be good to do now, is to reboot your router.

    Did you run the scans Fixlog.txt -RogueKiller
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  9. #9
    Junior Member
    Join Date
    Mar 2018
    Posts
    15

    Default

    Quote Originally Posted by Juliet View Post
    Are you reloading it from D:\PM\DLCD.UTILITIES\HBCD rescue disk you created?

    If your asking SuperAntiSpyware to remove this and it doesn't or does it return?


    What tool are you using to investigate malicious-ips?

    Something I think that would be good to do now, is to reboot your router.

    Did you run the scans Fixlog.txt -RogueKiller
    Sorry. this log files. The infection was cleared, and it did not come back. As mentioned, I use virustotal.com to check ip.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
    Ran by su (30-05-2018 01:24:28) Run:1
    Running from C:\Users\su\Desktop\ap
    Loaded Profiles: su (Available Profiles: su)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    CustomCLSID: HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\su\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\su\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\su\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-3166309138-43010382-2060014392-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
    SearchScopes: HKU\S-1-5-21-3166309138-43010382-2060014392-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
    S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]
    U3 aswMBR; C:\Users\su\AppData\Local\Temp\aswMBR.sys [62728 2018-05-29] () [File not signed] <==== ATTENTION
    U3 aswVmm; C:\Users\su\AppData\Local\Temp\aswVmm.sys [224896 2018-05-29] () <==== ATTENTION
    2018-05-29 17:25 - 2018-05-29 05:16 - 011605440 _____ (SurfRight B.V.) C:\Users\su\AppData\Local\Temp\HitmanPro.exe
    2018-05-29 03:59 - 2017-10-27 23:06 - 000370296 _____ (NVIDIA Corporation) C:\Users\su\AppData\Local\Temp\nvStInst.exe
    Emptytemp:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    "HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}" => removed successfully
    "HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}" => removed successfully
    "HKU\S-1-5-21-3166309138-43010382-2060014392-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}" => removed successfully
    "HKLM\SOFTWARE\Policies\Google" => removed successfully
    "HKU\S-1-5-21-3166309138-43010382-2060014392-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
    "HKU\S-1-5-21-3166309138-43010382-2060014392-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
    HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
    "HKLM\System\CurrentControlSet\Services\NVHDA" => removed successfully
    NVHDA => service removed successfully
    aswMBR => service removed successfully
    aswVmm => service removed successfully
    "C:\Users\su\AppData\Local\Temp\HitmanPro.exe" => not found
    "C:\Users\su\AppData\Local\Temp\nvStInst.exe" => not found

    =========== EmptyTemp: ==========

    BITS transfer queue => 7888896 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39847115 B
    Java, Flash, Steam htmlcache => 291 B
    Windows/system/drivers => 475529 B
    Edge => 14664270 B
    Chrome => 138532076 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 6288 B
    LocalService => 0 B
    NetworkService => 32038 B
    NetworkService => 0 B
    su => 264737939 B

    RecycleBin => 1874946063 B
    EmptyTemp: => 2.2 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 01:24:47 ====

  10. #10
    Junior Member
    Join Date
    Mar 2018
    Posts
    15

    Default

    Roguekill log. Thanks!!!

    RogueKiller V12.12.19.0 (x64) [May 28 2018] (Premium) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.17134) 64 bits version
    Started in : Normal mode
    User : su [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Scan -- Date : 05/30/2018 01:29:27 (Duration : 00:13:59)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 4 ¤¤¤
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3166309138-43010382-2060014392-1001\Software\Microsoft\Windows\CurrentVersion\Run | 1Password : "C:\Users\su\AppData\Local\1password\app\7\1Password.exe" /silent [7] -> Found
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3166309138-43010382-2060014392-1001\Software\Microsoft\Windows\CurrentVersion\Run | 1Password : "C:\Users\su\AppData\Local\1password\app\7\1Password.exe" /silent [7] -> Found
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3166309138-43010382-2060014392-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3166309138-43010382-2060014392-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [https://google.com.vn] -> Found

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST4000DM000-1F2168 +++++
    --- User ---
    [MBR] bdbf642f7815e1d104249319214743bd
    [BSP] 32468b9bbceed235b53e6e1f43cc2026 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - Basic data partition | Offset (sectors): 264192 | Size: 3815318 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: WDC WD10EZEX-07M2NA1 +++++
    --- User ---
    [MBR] 6f55a60693a1c7accad56a8e9314b89e
    [BSP] e98a4e0a9d09745e7e06b13ce90d9b34 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: SAMSUNG MZVKW512HMJP-00000 +++++
    --- User ---
    [MBR] d842b42cf92bc1b7bc9065473ec2a0d4
    [BSP] 402ae62735247d720795bdd9d76ad31c : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 499 MB
    1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1024000 | Size: 100 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1228800 | Size: 16 MB
    3 - Basic data partition | Offset (sectors): 1261568 | Size: 487770 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([1] Incorrect function. )

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •