Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 26

Thread: Adware.Tracking Cookie, Trojan.Gen-Turkojan, Trojan.Gen-Foreign. What I need to do?

  1. #11
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Did you allow RogueKiller to delete what it found?

    What problems are you having now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  2. #12
    Junior Member
    Join Date
    Mar 2018
    Posts
    15

    Default

    Quote Originally Posted by Juliet View Post
    Did you allow RogueKiller to delete what it found?

    What problems are you having now?
    Very sorry did not reply soon.

    I was scanned a program called "Adware Removal Tool". And here is the log file.

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

    Adware Removal Tool 5.1
    Time: 2018_05_30_22_08_00
    OS: Windows 10 Enterprise - x64 Bit
    Account Name: su
    Adware Definition: 05302018
    Elapsed time: 21:21
    Scan Status:- Automatic Done

    \\\\\\\\\\\\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\\\\\\\\\\\\

    Browser: Chrome Found : PUP.taboola : C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Preferences

  3. #13
    Junior Member
    Join Date
    Mar 2018
    Posts
    15

    Default

    I have also been asked to repair this file, and I did. And continue the program suggested I should reset IE and chrome, and I did. And my system is currently working fine, but I still fear the infection will return.

  4. #14
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    And continue the program suggested I should reset IE and chrome, and I did. And my system is currently working fine, but I still fear the infection will return.
    Sounds good.
    And you rebooted your router?


    Let's check for remnants

    Emsisoft Emergency Kit - Fix Mode
    Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
    • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
    • Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
    • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
    • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
    • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
    • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    • After the restart, open EEK again (in the C:\EEK folder);
    • This time, click on Logs;
    • From there, go under the Quarantine Log tab, and click on the Export button;
    • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

    created by Aura
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #15
    Junior Member
    Join Date
    Mar 2018
    Posts
    15

    Default

    The Emsisoft Emergency Department does not detect any infection. But my browser seem to be under attack, now. With chrome, in the search, automatically add vn.yahoo.com, bing.com, ask.com, aol.com.
    Last edited by Juliet; 2018-06-01 at 22:19.

  6. #16
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Let's try this

    Export-Bookmarks-from-Chrome
    https://www.wikihow.com/Export-Bookmarks-from-Chrome


    Please download and install Revo Uninstaller Free
    • Double click Revo Uninstaller to run it.
    • From the list of programs double click on The Program to remove ==> Chrome
    • When prompted if you want to uninstall click Yes.
    • Be sure the Moderate option is selected then click Next.
    • The program will run, If prompted again click Yes
    • when the built-in uninstaller is finished click on Next.
    • Once the program has searched for leftovers click Next.
    • Check/tick the bolded items only on the list then click Delete
    • when prompted click on Yes and then on next.
    • put a check on any folders that are found and select delete
    • when prompted select yes then on next
    • Once done click Finish.


    Then, it can be reinstalled from
    http://www.google.com/chrome/

    +++++++++++++++

    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


    ~~~~~~~~~~~~~~~~~~~~``

    I'd like to see a fresh scan from Farbar Recovery Scan Tool (FRST)
    • Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
    Last edited by Juliet; 2018-06-01 at 22:47.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #17
    Junior Member
    Join Date
    Mar 2018
    Posts
    15

    Default

    After deleting chrome, i can not reinstall, the message says unknown error during reinstall.

    Also, while I use IE to post this article, Mbytes has already displayed a warning, and this is the content of that alert!!!!???

    [QUOTE][/Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Protection Event Date: 6/2/18
    Protection Event Time: 4:25 PM
    Log File: dc17b9ca-6646-11e8-8784-2c4d544e0a6f.json
    Administrator: Yes

    -Software Information-
    Version: 3.5.1.2522
    Components Version: 1.0.365
    Update Package Version: 1.0.5338
    License: Trial

    -System Information-
    OS: Windows 10 (Build 17134.81)
    CPU: x64
    File System: NTFS
    User: System

    -Exploit Details-
    File: 0
    (No malicious items detected)

    Exploit: 1
    Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0

    -Exploit Data-
    Affected Application: Internet Explorer (and add-ons)
    Protection Layer: Application Hardening
    Protection Technique: Attempt to execute VBScript blocked
    File Name: C:\Windows\SysWOW64\vbscript.dll
    URL:



    (end)QUOTE]

  8. #18
    Junior Member
    Join Date
    Mar 2018
    Posts
    15

    Default

    This is FRST file logs. Thanks!!!

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
    Ran by su (02-06-2018 16:32:08)
    Running from C:\Users\su\Desktop
    Windows 10 Pro Version 1803 17134.81 (X64) (2018-05-26 09:22:21)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3166309138-43010382-2060014392-500 - Administrator - Enabled)
    DefaultAccount (S-1-5-21-3166309138-43010382-2060014392-503 - Limited - Disabled)
    Guest (S-1-5-21-3166309138-43010382-2060014392-501 - Limited - Enabled)
    su (S-1-5-21-3166309138-43010382-2060014392-1001 - Administrator - Enabled) => C:\Users\su
    WDAGUtilityAccount (S-1-5-21-3166309138-43010382-2060014392-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    1Password (HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\{507707B9-C68C-4986-A4AD-F25B24C152FA}_is1) (Version: 7.0.558 - AgileBits Inc.)
    7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
    Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
    Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.54.32003 - Electronic Arts)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    BWMeter (HKLM-x32\...\BWMeter) (Version: 7.4.0 - DeskSoft)
    DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 397.93 - NVIDIA Corporation) Hidden
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
    Hỗ trợ Ứng dụng Apple (32 bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
    Hỗ trợ Ứng dụng Apple (64 bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.)
    Imaging And Configuration Designer (HKLM-x32\...\{E0F2B4CC-8551-9304-84E0-73535C1AA953}) (Version: 10.1.17134.1 - Microsoft) Hidden
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
    iTunes (HKLM\...\{640DF567-A929-4B53-A730-CC6B012B16E4}) (Version: 12.7.5.9 - Apple Inc.)
    Kits Configuration Installer (HKLM-x32\...\{C690B2D9-0AA8-8CDA-965D-FED648C3EF9C}) (Version: 10.1.17134.1 - Microsoft) Hidden
    LastPass (chỉ gỡ bỏ) (HKLM-x32\...\LastPass) (Version: - LastPass)
    Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
    MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
    NiceHash Miner 2 0.2.4 (only current user) (HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\08059810-bc78-5c10-942c-2092eebb5ec8) (Version: 0.2.4 - NiceHash d.o.o)
    NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
    NVIDIA Graphics Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 397.93 - NVIDIA Corporation)
    Origin (HKLM-x32\...\Origin) (Version: 10.5.19.61985 - Electronic Arts, Inc.)
    Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.3.0531.053017 - Razer Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
    Samsung NVM Express Driver (HKLM-x32\...\{bfb0503a-76b9-415a-b0a3-dd55d2a01ebe}) (Version: 3.0.0.1802 - Samsung Electronics)
    Samsung NVM Express Driver 3.0.0.1802 (HKLM\...\{03FE2BA9-9538-4195-83E3-09B43901141E}) (Version: 3.0.0.1802 - Samsung Electronics Co., Ltd) Hidden
    Toolkit Documentation (HKLM-x32\...\{563689A6-D95B-EA6D-665F-97959643E0DB}) (Version: 10.1.17134.1 - Microsoft) Hidden
    Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.12 - Ghisler Software GmbH)
    VietPN 1.3 (HKLM-x32\...\VietPN) (Version: 1.3 - )
    VMware Workstation (HKLM\...\{E374BA09-9CD0-4F58-90EE-F8C1488BC81E}) (Version: 14.0.0 - VMware, Inc.)
    Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{d794748d-72e9-45d7-9ab7-83d6c4c80f7f}) (Version: 10.1.17134.1 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-05-12] (Tonec Inc.)
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
    ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2017-09-18] (VMware, Inc.)
    ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2017-09-18] (VMware, Inc.)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-05-23] (NVIDIA Corporation)
    ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0909468B-6D79-4FA4-8312-D01D077ADEAE} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-23] (NVIDIA Corporation)
    Task: {0C639D82-FF21-4296-A972-D75D6828A80F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-02] (Google Inc.)
    Task: {3DEF727F-AD79-41D9-A3A0-1A05A4251C42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-02] (Google Inc.)
    Task: {45E2AB1D-5664-431C-A3EC-444C57E16C48} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-23] (NVIDIA Corporation)
    Task: {46E21CC1-D28E-40D4-9237-F37B82BAD8E6} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-05-23] (NVIDIA Corporation)
    Task: {528D1B22-C808-4368-B275-AC15054E6F82} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
    Task: {584097E1-44C4-4D0C-A6C0-C319A4D1AA7E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
    Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
    Task: {936B5146-4343-4333-AED4-AF8B9905A4F8} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-23] (NVIDIA Corporation)
    Task: {AEA9B189-DC03-4B46-BA00-E86D417D9247} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-23] (NVIDIA Corporation)
    Task: {BA82B92C-E6E2-495A-AF08-9BA61CF44888} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
    Task: {C1E362E5-5D58-4C7C-95CC-943402E0352C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-23] (NVIDIA Corporation)
    Task: {D7EFF0CD-2A80-4581-81A5-F86607560B19} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-23] (NVIDIA Corporation)
    Task: {EAE43702-3393-4273-A484-0196DDFB92A8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
    Task: {F25945CE-0E36-497E-8D92-526AD813981E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2018-05-26 16:30 - 2018-05-23 02:58 - 000137856 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2018-04-12 06:34 - 2018-04-12 06:34 - 000444416 _____ () c:\windows\system32\SSDM.dll
    2018-05-15 18:59 - 2018-05-15 18:59 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2018-05-15 18:58 - 2018-05-15 18:58 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2018-05-28 18:59 - 2018-05-28 18:59 - 000125440 _____ () C:\Program Files (x86)\BWMeter\BWMeterConSvc.exe
    2018-05-30 22:04 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2018-05-30 22:04 - 2018-04-30 12:54 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2018-04-12 06:34 - 2018-04-12 06:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
    2018-04-12 06:34 - 2018-04-12 06:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-04-12 06:34 - 2018-04-12 06:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2018-04-12 06:34 - 2018-04-12 06:34 - 000491744 _____ () C:\Windows\SYSTEM32\inputhost.dll
    2017-09-18 06:33 - 2017-09-18 06:33 - 014344168 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
    2018-05-30 15:32 - 2018-05-30 15:32 - 000283888 _____ () C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
    2018-04-12 06:35 - 2018-04-12 16:20 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-06-01 01:48 - 2018-06-01 01:48 - 027118080 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Video.UI.exe
    2018-05-26 16:44 - 2018-05-26 16:44 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\SharedUI.dll
    2018-05-26 16:44 - 2018-05-26 16:44 - 006748672 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\EntCommon.dll
    2018-04-12 16:23 - 2018-04-12 16:23 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2018-05-26 16:44 - 2018-05-26 16:44 - 009358848 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\EntPlat.dll
    2018-05-22 22:09 - 2018-05-22 22:09 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
    2018-05-22 22:08 - 2018-05-22 22:08 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
    2018-05-30 15:32 - 2018-05-30 15:32 - 000292080 _____ () C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service Process.exe
    2018-05-30 16:18 - 2018-05-30 16:18 - 000428272 _____ () C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
    2018-05-27 07:36 - 2018-05-27 07:36 - 000021824 _____ () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
    2018-05-26 16:45 - 2018-05-26 16:45 - 000084992 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
    2018-05-26 16:45 - 2018-05-26 16:45 - 001873120 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2018-05-30 22:57 - 2018-06-01 01:48 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2018-05-30 22:57 - 2018-06-01 01:48 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2018-05-26 16:45 - 2018-05-26 16:47 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
    2018-05-30 22:57 - 2018-06-01 01:48 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
    2018-05-30 22:57 - 2018-05-30 22:57 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
    2018-05-26 16:45 - 2018-05-26 16:47 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
    2018-05-30 22:57 - 2018-06-01 01:48 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
    2018-05-26 16:45 - 2018-05-26 16:47 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
    2018-05-30 22:57 - 2018-06-01 01:48 - 014850560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
    2018-05-30 22:57 - 2018-05-30 22:57 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\MediaEngine.dll
    2018-05-30 22:57 - 2018-05-30 22:57 - 003265536 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
    2018-05-30 22:57 - 2018-06-01 01:48 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
    2018-05-30 22:57 - 2018-06-01 01:48 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2018-05-30 22:57 - 2018-05-30 22:57 - 000103424 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\BendRealityNode.dll
    2018-05-30 22:57 - 2018-06-01 01:48 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
    2018-04-12 16:24 - 2018-04-12 16:24 - 000043008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
    2018-05-30 22:57 - 2018-06-01 01:48 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\SKU.dll
    2018-06-02 16:22 - 2014-08-23 16:24 - 000521216 _____ () C:\Users\su\AppData\Local\Temp\7zOC9DCF40A\UniKeyNT.exe
    2017-09-18 06:24 - 2017-09-18 06:24 - 000084456 _____ () C:\Program Files (x86)\VMware\VMware Workstation\zlib1.dll
    2017-09-18 06:33 - 2017-09-18 06:33 - 000126952 _____ () C:\Program Files (x86)\VMware\VMware Workstation\expat.dll
    2018-06-02 01:18 - 2018-05-30 15:29 - 000150768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.ChromaSDKWrapper.dll
    2018-06-02 01:18 - 2018-05-30 15:29 - 000179440 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.NativeDeviceDetectionWrapper.dll
    2018-06-02 01:18 - 2018-05-30 15:29 - 000202480 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.PowerPlan.dll
    2018-06-02 01:18 - 2018-05-30 15:55 - 000081648 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_AccelWinM.dll
    2018-06-02 01:18 - 2018-05-30 15:29 - 000129776 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_KeyboardKeysWrapper.dll
    2018-06-02 01:18 - 2018-05-30 15:55 - 000086256 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedCommon.dll
    2018-06-02 01:18 - 2018-05-30 15:55 - 000299760 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedMacros.dll
    2018-06-02 01:18 - 2018-05-30 15:55 - 000257264 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_MappingTypesM.dll
    2018-06-02 01:18 - 2018-05-30 15:29 - 002278128 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_PowerSwitchWrapper.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000288496 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_Battery.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000581872 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_DeviceStatus.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000288496 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_DriverMode.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000150256 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_Mapping.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000572144 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_MappingBaseM.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000537840 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_OnboardMem.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000313584 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_PollingRate.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000327408 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_PowerManagement.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000334576 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_Sensitivity.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000408304 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_SurfaceCalBaseM.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000086768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_SurfaceCalPixart.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000291056 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_SwapMouseButtons.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000288496 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_Battery.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000581872 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_DeviceStatus.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000288496 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_DriverMode.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000150256 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_Mapping.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000572144 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_MappingBaseM.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000537840 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_OnboardMem.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000313584 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_PollingRate.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000327408 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_PowerManagement.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000334576 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_Sensitivity.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000408304 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_SurfaceCalBaseM.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000086768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_SurfaceCalPixart.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000291056 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_SwapMouseButtons.dll
    2018-06-02 01:18 - 2018-05-18 17:54 - 000056048 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_KeyboardKeys.dll
    2018-05-27 07:36 - 2018-05-27 07:36 - 000015360 _____ () C:\Program Files (x86)\Origin\libEGL.DLL
    2018-05-27 07:36 - 2018-05-27 07:36 - 003090944 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
    2017-09-18 06:16 - 2017-09-18 06:16 - 000360424 _____ () C:\Program Files (x86)\VMware\VMware Workstation\pcre.dll
    2018-05-19 06:58 - 2018-05-19 07:00 - 001005408 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.Core.dll
    2018-05-19 06:58 - 2018-05-19 07:00 - 053444984 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libcef.dll
    2018-05-30 16:16 - 2018-05-30 16:16 - 000135408 _____ () C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Common.Dependencies\RSy3_KeyboardKeysWrapper.dll
    2018-05-19 06:58 - 2018-05-19 07:00 - 000691056 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.Core.dll
    2018-05-19 06:58 - 2018-05-19 07:00 - 001984392 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libglesv2.dll
    2018-05-19 06:58 - 2018-05-19 07:00 - 000082824 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libegl.dll
    2018-05-30 01:00 - 2018-05-27 12:43 - 001022864 _____ () C:\Users\su\AppData\Local\1password\app\7\x86\opw.dll
    2018-05-30 01:00 - 2018-05-27 12:43 - 000806288 _____ () C:\Users\su\AppData\Local\1password\app\7\x86\e_sqlite3.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7865 more sites.

    IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\123simsen.com -> www.123simsen.com

    There are 7865 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2018-06-01 02:29 - 2018-05-30 00:31 - 000469086 ____R C:\Windows\system32\Drivers\etc\hosts

    0.0.0.0 ars.smartscreen.microsoft.com
    0.0.0.0 az361816.vo.msecnd.net
    0.0.0.0 az512334.vo.msecnd.net
    0.0.0.0 blob.weather.microsoft.com
    0.0.0.0 candycrushsoda.king.com
    0.0.0.0 cdn.content.prod.cms.msn.com
    0.0.0.0 cdn.onenote.net
    0.0.0.0 choice.microsoft.com
    0.0.0.0 choice.microsoft.com.nsatc.net
    0.0.0.0 client.wns.windows.com
    0.0.0.0 client-s.gateway.messenger.live.com
    0.0.0.0 clientconfig.passport.net
    0.0.0.0 deploy.static.akamaitechnologies.com
    0.0.0.0 device.auth.xboxlive.com
    0.0.0.0 dmd.metaservices.microsoft.com
    0.0.0.0 dns.msftncsi.com
    0.0.0.0 feedback.microsoft-hohm.com
    0.0.0.0 feedback.search.microsoft.com
    0.0.0.0 feedback.windows.com
    0.0.0.0 img-s-msn-com.akamaized.net
    0.0.0.0 insiderppe.cloudapp.net
    0.0.0.0 licensing.mp.microsoft.com
    0.0.0.0 mediaredirect.microsoft.com
    0.0.0.0 msftncsi.com
    0.0.0.0 officeclient.microsoft.com
    0.0.0.0 oneclient.sfx.ms
    0.0.0.0 pti.store.microsoft.com
    0.0.0.0 query.prod.cms.rt.microsoft.com
    0.0.0.0 register.cdpcs.microsoft.com
    0.0.0.0 s0.2mdn.net

    There are 15947 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3166309138-43010382-2060014392-1001\Control Panel\Desktop\\Wallpaper -> c:\users\su\appdata\roaming\microsoft\windows photo viewer\windows photo viewer wallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{3030A960-5C5C-433F-BA3F-9DEAD4127B06}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
    FirewallRules: [{6FAC97B4-08BB-4CBC-A7FC-E83DDE5455F7}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
    FirewallRules: [{2D90EBA7-6D44-44B7-9369-AF1B30977BD5}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
    FirewallRules: [{58055FDC-2834-4271-A573-0652351054EA}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
    FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe
    FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
    FirewallRules: [{7B0A0916-E6E7-4727-94CB-52A349164DA9}] => (Block) C:\Windows\explorer.exe
    FirewallRules: [TCP Query User{3A60E526-4745-445C-BA06-1E3C6B4D0C9D}C:\users\su\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\su\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{4D48AF23-55D3-446E-AC37-14E3C0B2BDC6}C:\users\su\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\su\appdata\local\akamai\netsession_win.exe
    FirewallRules: [{1639C557-AAA0-4E7E-A943-AF5834D4C87A}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
    FirewallRules: [{0EA16C29-FF6B-417F-926E-6579F27DBF0A}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
    FirewallRules: [{F3FDA53D-90E1-4B1C-B71A-2610AADCD916}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
    FirewallRules: [{016C0DD8-D7F8-4458-A66A-71FE57AFE91C}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
    FirewallRules: [TCP Query User{E4E9AA75-89DF-4517-8BEB-3A744BD6BD83}D:\pm\mpc-hcportable\app\mpc-hc\mpc-hc.exe] => (Allow) D:\pm\mpc-hcportable\app\mpc-hc\mpc-hc.exe
    FirewallRules: [UDP Query User{33A96792-5BCC-468B-83BD-246764F95AF0}D:\pm\mpc-hcportable\app\mpc-hc\mpc-hc.exe] => (Allow) D:\pm\mpc-hcportable\app\mpc-hc\mpc-hc.exe
    FirewallRules: [TCP Query User{130D2313-C5C1-439E-9478-BDF608B6B7F6}C:\program files (x86)\origin games\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\origin games\battlefield 1\bf1.exe
    FirewallRules: [UDP Query User{4BB9A111-3CDB-4D62-B181-3DC66639C599}C:\program files (x86)\origin games\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\origin games\battlefield 1\bf1.exe
    FirewallRules: [{42A4F09F-5AAD-4ED8-873C-B28362F4C2CB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    FirewallRules: [{EEC26354-739E-40E5-8E87-93F80C69122D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4E29F2E9-9264-4D36-BB65-5ADA322C7651}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{72A54139-3A7D-47C0-8C55-556EFE14F1D3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{FDCA43CF-844D-49B7-9EB8-B9390ED8CC83}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{7DB0EBEA-73DA-4BC8-BA42-F3D5DF54CEC7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [TCP Query User{77B9B086-3BFB-4985-AE8E-A1D34D8A808D}C:\program files (x86)\vietpn\vietpnd.exe] => (Allow) C:\program files (x86)\vietpn\vietpnd.exe
    FirewallRules: [UDP Query User{7A79921D-A370-4B2E-A3AC-094569CC8890}C:\program files (x86)\vietpn\vietpnd.exe] => (Allow) C:\program files (x86)\vietpn\vietpnd.exe
    FirewallRules: [{DB06422A-34ED-451E-B301-3F39E9DFB8BB}] => (Block) C:\program files (x86)\vietpn\vietpnd.exe
    FirewallRules: [{E30B4256-35A2-46B0-AC68-737341F38B22}] => (Block) C:\program files (x86)\vietpn\vietpnd.exe

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled

    ==================== Faulty Device Manager Devices =============

    Name: TAP-Windows Adapter V9
    Description: TAP-Windows Adapter V9
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: TAP-Windows Provider V9
    Service: tap0901
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/01/2018 11:50:06 PM) (Source: MsiInstaller) (EventID: 10005) (User: DESKTOP-DJNK2QJ)
    Description: Product: Tweakui Powertoy for Windows XP -- The powertoys require Windows XP or a service pack. They will not function on a version of Windows earlier or later than Windows XP.

    Error: (06/01/2018 04:34:18 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: CustomDesktopLogo.exe, version: 2.2.0.0, time stamp: 0x48fd123e
    Faulting module name: KERNELBASE.dll, version: 6.2.17134.1, time stamp: 0x149ab0fd
    Exception code: 0xc0020001
    Fault offset: 0x0010d722
    Faulting process id: 0x%9
    Faulting application start time: 0xCustomDesktopLogo.exe0
    Faulting application path: CustomDesktopLogo.exe1
    Faulting module path: CustomDesktopLogo.exe2
    Report Id: CustomDesktopLogo.exe3
    Faulting package full name: CustomDesktopLogo.exe4
    Faulting package-relative application ID: CustomDesktopLogo.exe5

    Error: (06/01/2018 03:06:07 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Razer Synapse Service Process.exe, version: 1.0.0.0, time stamp: 0x5b0e60c4
    Faulting module name: KERNELBASE.dll, version: 10.0.17134.1, time stamp: 0x149ab0fd
    Exception code: 0xe0434352
    Fault offset: 0x0010d722
    Faulting process id: 0x2b48
    Faulting application start time: 0x01d3f97d85034db8
    Faulting application path: C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service Process.exe
    Faulting module path: C:\Windows\System32\KERNELBASE.dll
    Report Id: d5914b41-bc38-4fbc-b4f0-6c17203ba132
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (06/01/2018 03:06:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Razer Synapse Service Process.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.InvalidOperationException
    at System.Diagnostics.Process.EnsureState(State)
    at System.Diagnostics.Process.get_ProcessName()
    at Synapse3.UserInteractive.ForegroundWindowMonitor.ProcessExecutablePath(System.Diagnostics.Process, IntPtr)
    at Synapse3.UserInteractive.ForegroundWindowMonitor.EventCallback(IntPtr, Int32, IntPtr, Int32, Int32, Int32, Int32)

    Error: (06/01/2018 02:04:45 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetVolumeComponents. hr = 0x80073bc3, The requested system device cannot be found.
    .


    Operation:
    OnIdentify event
    Gathering Writer Data

    Context:
    Execution Context: ASR Writer
    Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
    Writer Name: ASR Writer
    Writer Instance ID: {fa75aa4d-6dda-4343-8087-260c79df12d6}

    Error: (06/01/2018 01:35:25 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Razer Synapse Service Process.exe, version: 1.0.0.0, time stamp: 0x5b0e60c4
    Faulting module name: KERNELBASE.dll, version: 10.0.17134.1, time stamp: 0x149ab0fd
    Exception code: 0xe0434352
    Fault offset: 0x0010d722
    Faulting process id: 0x26b8
    Faulting application start time: 0x01d3f95692c36b99
    Faulting application path: C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service Process.exe
    Faulting module path: C:\Windows\System32\KERNELBASE.dll
    Report Id: bee87be1-d052-4bfa-bc31-3cf686897740
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (06/01/2018 01:35:25 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Razer Synapse Service Process.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.ArgumentException
    at System.Diagnostics.Process.GetProcessById(Int32, System.String)
    at System.Diagnostics.Process.GetProcessById(Int32)
    at Synapse3.UserInteractive.ForegroundWindowMonitor.EventCallback(IntPtr, Int32, IntPtr, Int32, Int32, Int32, Int32)

    Error: (06/01/2018 02:31:28 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: CustomDesktopLogo.exe, version: 2.2.0.0, time stamp: 0x48fd123e
    Faulting module name: KERNELBASE.dll, version: 6.2.17134.1, time stamp: 0x149ab0fd
    Exception code: 0xc0020001
    Fault offset: 0x0010d722
    Faulting process id: 0x%9
    Faulting application start time: 0xCustomDesktopLogo.exe0
    Faulting application path: CustomDesktopLogo.exe1
    Faulting module path: CustomDesktopLogo.exe2
    Report Id: CustomDesktopLogo.exe3
    Faulting package full name: CustomDesktopLogo.exe4
    Faulting package-relative application ID: CustomDesktopLogo.exe5


    System errors:
    =============
    Error: (06/02/2018 04:18:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Browser service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (06/02/2018 04:18:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.

    Error: (06/02/2018 04:18:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Browser service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (06/02/2018 04:18:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.

    Error: (06/02/2018 04:18:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Browser service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (06/02/2018 04:18:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.

    Error: (06/02/2018 04:18:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Browser service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (06/02/2018 04:18:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.


    Windows Defender:
    ===================================
    Date: 2018-06-02 15:59:15.566
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {8B0B0FFB-24B9-4254-8B98-10051DE06DD7}
    Scan Type: Antimalware
    Scan Parameters: Full Scan

    Date: 2018-06-02 00:00:13.368
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {3F3A1C73-5B11-49CC-B34E-6EC77F722EAF}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-05-30 13:55:34.360
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {7DCF50F0-C2C1-4CD3-90E6-6AC54C11CCE3}
    Scan Type: Antimalware
    Scan Parameters: Full Scan

    Date: 2018-05-30 13:37:27.878
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {CF285581-C7E5-40F4-8ADC-9FB7A34862DA}
    Scan Type: Antimalware
    Scan Parameters: Full Scan

    Date: 2018-05-29 03:57:21.811
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {3FEF6413-E874-4D63-96F9-42D1F465834D}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-06-01 14:51:28.949
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version: 1.269.448.0
    Previous Signature Version: 1.269.435.0
    Update Source: User
    Signature Type: AntiSpyware
    Update Type: Delta
    Current Engine Version: 1.1.14901.4
    Previous Engine Version: 1.1.14901.4
    Error code: 0x80509004
    Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

    Date: 2018-06-01 14:51:28.948
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version: 1.269.448.0
    Previous Signature Version: 1.269.435.0
    Update Source: User
    Signature Type: AntiVirus
    Update Type: Delta
    Current Engine Version: 1.1.14901.4
    Previous Engine Version: 1.1.14901.4
    Error code: 0x80509004
    Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

    CodeIntegrity:
    ===================================

    Date: 2018-06-02 16:01:31.289
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-06-02 16:01:31.289
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-06-02 03:15:47.478
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-06-02 03:15:47.477
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-06-02 00:19:09.382
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-06-02 00:19:09.382
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-06-01 18:49:14.875
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-06-01 18:49:14.853
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
    Percentage of memory in use: 23%
    Total physical RAM: 16322.48 MB
    Available physical RAM: 12550.19 MB
    Total Virtual: 19246.59 MB
    Available Virtual: 12904.53 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:476.34 GB) (Free:100.5 GB) NTFS
    Drive d: (Data) (Fixed) (Total:3725.9 GB) (Free:2464.14 GB) NTFS

    \\?\Volume{4192b70e-9890-486e-8592-8781fb3a2028}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.13 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 3726 GB) (Disk ID: 078C078C)

    Partition: GPT.

    ========================================================
    Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: BC46E3C2)

    ========================================================
    Disk: 2 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: 9CE9E907)

    Partition: GPT.

    ==================== End of Addition.txt ============================
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
    Ran by su (administrator) on DESKTOP-DJNK2QJ (02-06-2018 16:31:46)
    Running from C:\Users\su\Desktop
    Loaded Profiles: su (Available Profiles: su)
    Platform: Windows 10 Pro Version 1803 17134.81 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser not detected!)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files (x86)\BWMeter\BWMeterConSvc.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
    (Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
    (Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
    (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
    (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\MsMpEng.exe
    () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
    () C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\NisSrv.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Video.UI.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Inside Core) C:\Users\su\Desktop\AutoRunExterminator.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
    (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
    (Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
    () C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service Process.exe
    () C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
    (The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe
    () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
    () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (AgileBits Inc.) C:\Users\su\AppData\Local\1password\app\7\1Password.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Eric Wong) D:\PM\Custom_Desktop_Logo_V2.1\CustomDesktopLogo.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
    (Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    () C:\Users\su\AppData\Local\Temp\7zOC9DCF40A\UniKeyNT.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-06-29] (Realtek Semiconductor)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc.)
    HKLM\...\Run: [AutoRunExterminator] => C:\Users\su\Desktop\AutoRunExterminator.exe [47104 2010-05-13] (Inside Core)
    HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [115688 2017-09-18] (VMware, Inc.)
    HKLM\...\Policies\Explorer: [NoAutorun] 1
    HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
    HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <==== ATTENTION
    HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4113520 2018-05-16] (Tonec Inc.)
    HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3106600 2018-05-27] (Electronic Arts)
    HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Policies\Explorer: [HideSCANetwork] 0
    HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Policies\Explorer: [HideSCAVolume] 0
    HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Policies\Explorer: [NoPreviewPane] 0
    HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Policies\Explorer: [NoWinkeys] 0
    HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\Policies\Explorer: [NoViewContextMenu] 0
    Startup: C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe Tray Agent.lnk [2018-06-01]
    ShortcutTarget: Wipe Tray Agent.lnk -> C:\Program Files\Wipe\Wipe.exe (No File)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\..\Interfaces\{bdf511b5-4f08-47e5-89c6-2de410c037f2}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=255141
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://go.microsoft.com/fwlink/p/?LinkId=255141
    HKU\S-1-5-21-3166309138-43010382-2060014392-1001\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\
    HKU\S-1-5-21-3166309138-43010382-2060014392-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://google.com.vn/
    SearchScopes: HKU\S-1-5-21-3166309138-43010382-2060014392-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2018-05-15] (Internet Download Manager, Tonec Inc.)
    BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2018-05-27] (LastPass)
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2018-05-15] (Internet Download Manager, Tonec Inc.)
    BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2018-05-27] (LastPass)
    Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2018-05-27] (LastPass)
    Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2018-05-27] (LastPass)

    FireFox:
    ========
    FF HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\su\AppData\Roaming\IDM\idmmzcc5
    FF Extension: (IDM CC) - C:\Users\su\AppData\Roaming\IDM\idmmzcc5 [2018-05-27] [Legacy] [not signed]
    FF HKU\S-1-5-21-3166309138-43010382-2060014392-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
    FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
    FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-05-27] (LastPass)
    FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-05-27] (LastPass)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-02] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-02] (Google Inc.)

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-05-16]
    CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-05-16]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc.)
    R2 BWMeterConSvc; C:\Program Files (x86)\BWMeter\BWMeterConSvc.exe [125440 2018-05-28] () [File not signed]
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2201920 2018-05-27] (Electronic Arts)
    R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3072328 2018-05-27] (Electronic Arts)
    R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [147792 2017-08-12] (Razer Inc)
    R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [283888 2018-05-30] ()
    R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533376 2018-05-19] (Razer Inc.)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
    R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14344168 2017-09-18] ()
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-05-31] (Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-05-31] (Microsoft Corporation)
    S3 Browser; %SystemRoot%\System32\browser.dll [X]
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
    R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
    R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-06-01] (Malwarebytes)
    R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-06-02] (Malwarebytes)
    R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [44768 2018-06-02] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-02] (Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [103648 2018-06-02] (Malwarebytes)
    R3 Microsoft_Bluetooth_AvrcpTransport; C:\Windows\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-12] (Microsoft Corporation)
    R1 MpKsl88eb1f5a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6DA36CB5-DE8E-418F-8A55-4130435DD19C}\MpKsl88eb1f5a.sys [58120 2018-06-02] (Microsoft Corporation)
    R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys [17194584 2018-05-24] (NVIDIA Corporation)
    R3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [49136 2018-04-16] (Razer Inc)
    R3 RzDev_0062; C:\Windows\System32\drivers\RzDev_0062.sys [51696 2018-04-23] (Razer Inc)
    R0 secnvme; C:\Windows\System32\drivers\secnvme.sys [134120 2018-02-13] (Samsung Electronics Co., Ltd)
    S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [152064 2018-04-12] (Microsoft Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-05-30] ()
    R1 vmkbd3; C:\Windows\system32\DRIVERS\vmkbd.sys [52288 2017-09-18] (VMware, Inc.)
    R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2017-09-05] (VMware, Inc.)
    R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [38376 2017-05-05] (VMware, Inc.)
    S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46072 2018-05-31] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [313384 2018-05-31] (Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [61992 2018-05-31] (Microsoft Corporation)
    S3 WIMMount; C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [35744 2018-04-10] (Microsoft Corporation)
    R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-06-01] (Zemana Ltd.)
    S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-06-02 16:31 - 2018-06-02 16:31 - 000015928 _____ C:\Users\su\Desktop\FRST.txt
    2018-06-02 16:31 - 2018-06-02 16:31 - 000000000 ____D C:\FRST
    2018-06-02 16:25 - 2018-06-02 16:25 - 002413056 _____ (Farbar) C:\Users\su\Desktop\FRST64.exe
    2018-06-02 16:25 - 2018-06-02 16:25 - 000000789 _____ C:\Users\su\Desktop\New Text Document (5).txt
    2018-06-02 16:22 - 2018-06-02 16:22 - 000001316 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnikeyNT.lnk
    2018-06-02 16:21 - 2018-06-02 16:21 - 000000000 ____D C:\Users\su\AppData\LocalLow\Temp
    2018-06-02 16:20 - 2018-06-02 16:20 - 000000000 ____D C:\AdwCleaner
    2018-06-02 15:45 - 2018-06-02 15:50 - 000000000 ____D C:\Users\su\AppData\Local\Deployment
    2018-06-02 15:45 - 2018-06-02 15:45 - 000003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2018-06-02 15:45 - 2018-06-02 15:45 - 000003382 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2018-06-02 15:45 - 2018-06-02 15:45 - 000000000 ____D C:\Users\su\AppData\Roaming\Adobe
    2018-06-02 15:45 - 2018-06-02 15:45 - 000000000 ____D C:\Users\su\AppData\Local\Apps\2.0
    2018-06-02 15:42 - 2018-06-02 15:42 - 000000000 _____ C:\Users\su\Desktop\New Text Document (4).txt
    2018-06-02 15:40 - 2018-06-02 15:42 - 000001365 _____ C:\Users\su\Desktop\New Text Document (3).txt
    2018-06-02 15:40 - 2018-06-02 15:40 - 000008813 _____ C:\Users\su\Desktop\bookmarks_02_06_2018.html
    2018-06-02 08:14 - 2018-06-02 08:14 - 009215439 _____ C:\Users\su\AppData\Roaming\ICARE.LOG.OLD
    2018-06-02 01:51 - 2018-06-02 13:09 - 000000000 ____D C:\Users\su\Desktop\New folder
    2018-06-02 00:54 - 2018-06-02 00:54 - 000000099 _____ C:\Users\su\Desktop\New Text Document (2).txt
    2018-06-02 00:05 - 2018-06-02 00:05 - 000000000 ____D C:\Program Files\Samsung
    2018-06-01 23:50 - 2018-06-01 23:50 - 000000000 ____D C:\Windows\Downloaded Installations
    2018-06-01 22:20 - 2018-06-01 22:20 - 000000000 ____D C:\Users\su\.QtWebEngineProcess
    2018-06-01 22:20 - 2018-06-01 22:20 - 000000000 ____D C:\Users\su\.Origin
    2018-06-01 15:06 - 2018-06-01 15:06 - 000000000 ____D C:\Users\su\AppData\Local\CrashDumps
    2018-06-01 14:32 - 2018-06-01 14:32 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2018-06-01 13:18 - 2018-06-02 16:31 - 000237612 _____ C:\Windows\ZAM_Guard.krnl.trace
    2018-06-01 13:18 - 2018-06-01 14:52 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
    2018-06-01 13:18 - 2018-06-01 14:04 - 001275116 _____ C:\Windows\ZAM.krnl.trace
    2018-06-01 13:18 - 2018-06-01 13:18 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
    2018-06-01 12:59 - 2018-06-01 12:59 - 000000000 ____D C:\Windows\System32\Tasks\Apple
    2018-06-01 10:13 - 2018-06-02 07:21 - 000103648 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2018-06-01 10:13 - 2018-06-02 01:18 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2018-06-01 10:13 - 2018-06-02 01:18 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2018-06-01 10:13 - 2018-06-02 01:18 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2018-06-01 10:13 - 2018-06-01 10:13 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
    2018-06-01 02:03 - 2018-06-01 23:48 - 000000000 __RHD C:\Users\su\Desktop\su
    2018-06-01 01:40 - 2018-06-01 01:40 - 000000056 _____ C:\Users\su\Desktop\New Text Document.txt
    2018-06-01 01:24 - 2010-05-13 14:53 - 000047104 _____ (Inside Core) C:\Users\su\Desktop\AutoRunExterminator.exe
    2018-05-31 19:59 - 2018-05-31 19:59 - 000000000 ____D C:\Users\su\AppData\Local\CEF
    2018-05-31 19:30 - 2018-05-31 19:30 - 000001630 _____ C:\Users\Public\Desktop\Razer Synapse.lnk
    2018-05-31 19:30 - 2018-05-31 19:30 - 000001630 _____ C:\ProgramData\Desktop\Razer Synapse.lnk
    2018-05-31 19:30 - 2018-05-31 19:30 - 000000000 ____D C:\Users\su\AppData\Roaming\Synapse3
    2018-05-31 19:30 - 2018-05-31 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
    2018-05-31 19:28 - 2018-05-31 19:28 - 000000000 ____D C:\Users\su\AppData\Local\Razer
    2018-05-31 17:46 - 2018-05-31 17:46 - 000000000 ____D C:\Windows\ERUNT
    2018-05-31 17:45 - 2018-05-31 17:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2018-05-30 23:59 - 2018-05-30 23:59 - 000000000 ____D C:\Users\su\AppData\Local\Apple Computer
    2018-05-30 23:30 - 2018-05-30 23:30 - 000000946 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
    2018-05-30 23:30 - 2018-05-30 23:30 - 000000898 _____ C:\Users\su\Desktop\Start Tor Browser.lnk
    2018-05-30 23:29 - 2018-05-30 23:29 - 000000000 ____D C:\Users\su\Desktop\Tor Browser
    2018-05-30 22:40 - 2018-05-30 22:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
    2018-05-30 22:40 - 2018-05-30 22:40 - 000000000 ____D C:\Program Files (x86)\Windows Kits
    2018-05-30 22:08 - 2018-05-30 22:08 - 000290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
    2018-05-30 22:04 - 2018-05-31 17:45 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2018-05-30 22:04 - 2018-05-31 17:45 - 000001912 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
    2018-05-30 22:04 - 2018-05-31 17:45 - 000000000 ____D C:\ProgramData\Malwarebytes
    2018-05-30 22:04 - 2018-05-30 22:04 - 000000000 ____D C:\Program Files\Malwarebytes
    2018-05-30 22:04 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
    2018-05-30 20:39 - 2018-05-31 22:19 - 000000000 ____D C:\Program Files (x86)\VietPN
    2018-05-30 20:39 - 2018-05-30 23:05 - 000001048 _____ C:\Users\su\Desktop\VietPN.lnk
    2018-05-30 20:39 - 2018-05-30 20:39 - 000000000 ____D C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VietPN
    2018-05-30 20:29 - 2018-05-30 23:59 - 000000000 ____D C:\Users\su\AppData\Roaming\Apple Computer
    2018-05-30 20:04 - 2018-05-30 20:04 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
    2018-05-30 20:04 - 2018-05-30 20:04 - 000001816 _____ C:\ProgramData\Desktop\iTunes.lnk
    2018-05-30 20:04 - 2018-05-30 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2018-05-30 20:04 - 2018-05-30 20:04 - 000000000 ____D C:\ProgramData\Apple Computer
    2018-05-30 20:04 - 2018-05-30 20:04 - 000000000 ____D C:\Program Files\iTunes
    2018-05-30 20:04 - 2018-05-30 20:04 - 000000000 ____D C:\Program Files\iPod
    2018-05-30 20:03 - 2018-06-01 12:59 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2018-05-30 20:03 - 2018-05-30 20:03 - 000000000 ____D C:\Users\su\AppData\Local\Apple
    2018-05-30 20:03 - 2018-05-30 20:03 - 000000000 ____D C:\ProgramData\Apple
    2018-05-30 20:03 - 2018-05-30 20:03 - 000000000 ____D C:\Program Files\Common Files\Apple
    2018-05-30 20:03 - 2018-05-30 20:03 - 000000000 ____D C:\Program Files\Bonjour
    2018-05-30 20:03 - 2018-05-30 20:03 - 000000000 ____D C:\Program Files (x86)\Bonjour
    2018-05-30 20:03 - 2018-05-30 20:03 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
    2018-05-30 19:49 - 2018-05-30 20:15 - 000000000 ____D C:\Users\su\AppData\Local\ElevatedDiagnostics
    2018-05-30 13:38 - 2018-05-30 13:38 - 000002259 _____ C:\Windows\epplauncher.mif
    2018-05-30 12:14 - 2018-05-30 22:49 - 000000000 ____D C:\Temp
    2018-05-30 01:28 - 2018-06-02 01:17 - 000000000 ____D C:\ProgramData\RogueKiller
    2018-05-30 01:00 - 2018-05-30 01:00 - 000001302 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\1Password.lnk
    2018-05-30 00:35 - 2018-05-30 00:35 - 000000000 ___HD C:\Users\su\MicrosoftEdgeBackups
    2018-05-30 00:34 - 2018-06-01 20:37 - 000000000 ____D C:\Users\su\Documents\Virtual Machines
    2018-05-30 00:33 - 2018-06-02 12:34 - 000000000 ____D C:\Users\su\AppData\Roaming\VMware
    2018-05-30 00:33 - 2018-06-02 12:34 - 000000000 ____D C:\Users\su\AppData\Local\VMware
    2018-05-30 00:33 - 2017-09-18 06:33 - 001134056 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
    2018-05-30 00:33 - 2017-09-18 06:32 - 000402408 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
    2018-05-30 00:33 - 2017-09-18 06:32 - 000367080 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
    2018-05-30 00:33 - 2017-09-18 06:32 - 000134104 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll
    2018-05-30 00:33 - 2017-09-18 06:32 - 000043992 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
    2018-05-30 00:33 - 2017-09-18 06:21 - 000095704 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
    2018-05-30 00:33 - 2017-09-18 06:21 - 000052288 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmkbd.sys
    2018-05-30 00:33 - 2017-09-05 04:54 - 000091712 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
    2018-05-30 00:33 - 2017-09-05 04:54 - 000069104 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
    2018-05-30 00:33 - 2017-09-05 04:54 - 000065016 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
    2018-05-30 00:33 - 2017-08-31 01:11 - 000083008 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
    2018-05-30 00:32 - 2018-06-02 01:18 - 000000000 ____D C:\ProgramData\VMware
    2018-05-30 00:32 - 2018-05-30 00:32 - 000856456 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2018-05-30 00:32 - 2018-05-30 00:32 - 000001276 _____ C:\Users\Public\Desktop\VMware Workstation Pro.lnk
    2018-05-30 00:32 - 2018-05-30 00:32 - 000001276 _____ C:\ProgramData\Desktop\VMware Workstation Pro.lnk
    2018-05-30 00:32 - 2018-05-30 00:32 - 000001024 _____ C:\Windows\SysWOW64\%TMP%
    2018-05-30 00:32 - 2018-05-30 00:32 - 000000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
    2018-05-30 00:32 - 2018-05-30 00:32 - 000000000 ____D C:\ProgramData\Documents\Shared Virtual Machines
    2018-05-30 00:32 - 2018-05-30 00:32 - 000000000 ____D C:\Program Files\Common Files\VMware
    2018-05-30 00:32 - 2018-05-30 00:32 - 000000000 ____D C:\Program Files (x86)\VMware
    2018-05-29 23:37 - 2018-05-29 23:41 - 000001116 _____ C:\Users\su\Desktop\Total Commander 64 bit.lnk
    2018-05-29 23:36 - 2018-05-30 00:04 - 000000000 ____D C:\Program Files (x86)\totalcmd
    2018-05-29 23:36 - 2018-05-29 23:36 - 000000000 ____D C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
    2018-05-29 23:31 - 2018-05-29 23:34 - 000000000 ____D C:\Users\su\AppData\Local\GHISLER
    2018-05-29 23:29 - 2018-05-29 23:47 - 000000000 ____D C:\Users\su\AppData\Roaming\GHISLER
    2018-05-29 22:47 - 2018-05-30 20:26 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2018-05-29 22:47 - 2018-05-29 22:47 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
    2018-05-29 21:28 - 2018-05-29 21:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    2018-05-29 21:28 - 2018-05-29 21:28 - 000000000 ____D C:\Program Files\7-Zip
    2018-05-29 20:40 - 2018-05-29 20:40 - 000000000 ___RD C:\Windows\PrintDialog
    2018-05-29 20:40 - 2018-05-29 20:40 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
    2018-05-29 20:25 - 2018-05-29 20:25 - 000000950 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autoruns64.lnk
    2018-05-29 20:25 - 2018-05-29 20:25 - 000000936 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\procexp64.lnk
    2018-05-29 17:31 - 2018-05-30 00:28 - 000000000 ____D C:\Windows\Minidump
    2018-05-29 04:13 - 2018-05-29 06:25 - 000000000 ____D C:\Users\su\AppData\Local\NVIDIA Corporation
    2018-05-29 04:00 - 2018-05-29 04:00 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-05-29 04:00 - 2018-05-29 04:00 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-05-29 04:00 - 2018-05-29 04:00 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-05-29 04:00 - 2018-05-29 04:00 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-05-29 04:00 - 2018-05-29 04:00 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-05-29 04:00 - 2018-05-29 04:00 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-05-29 04:00 - 2018-05-29 04:00 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-05-29 04:00 - 2018-05-29 04:00 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
    2018-05-29 04:00 - 2018-05-29 04:00 - 000000000 ____D C:\Program Files (x86)\VulkanRT
    2018-05-29 04:00 - 2018-05-23 05:00 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
    2018-05-29 03:58 - 2018-05-24 01:21 - 040347168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 035250536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 031278392 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 025991448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 013727792 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 011273120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 004350392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 003760672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 002013784 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439793.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 001563584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 001467808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439793.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 001419296 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 001357000 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 001347480 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 001216952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 001157208 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 001092184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 001069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 001063400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 000904896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 000814424 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 000749472 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 000652344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 000634576 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 000627232 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 000608160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
    2018-05-29 03:58 - 2018-05-24 01:21 - 000518072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2018-05-29 03:58 - 2018-05-24 01:20 - 017784432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2018-05-29 03:58 - 2018-05-24 01:20 - 015195248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2018-05-29 03:58 - 2018-05-24 01:20 - 004855208 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
    2018-05-29 03:58 - 2018-05-24 01:20 - 004125048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2018-05-29 03:42 - 2018-05-29 03:42 - 000000020 ___SH C:\Users\su\ntuser.ini
    2018-05-29 01:00 - 2018-05-29 01:00 - 000000000 ____D C:\ProgramData\YaraEditor
    2018-05-28 21:16 - 2018-05-30 16:24 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2018-05-28 19:57 - 2018-05-29 04:53 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
    2018-05-28 19:57 - 2018-05-28 19:57 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2018-05-28 18:59 - 2018-05-28 18:59 - 000047152 _____ (DeskSoft) C:\Windows\system32\Drivers\dsnpfd.sys
    2018-05-28 18:59 - 2018-05-28 18:59 - 000001884 _____ C:\Users\su\Desktop\BWMeter.lnk
    2018-05-28 18:59 - 2018-05-28 18:59 - 000000000 ____D C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BWMeter
    2018-05-28 18:59 - 2018-05-28 18:59 - 000000000 ____D C:\Users\su\AppData\Roaming\DeskSoft
    2018-05-28 18:59 - 2018-05-28 18:59 - 000000000 ____D C:\Program Files (x86)\BWMeter
    2018-05-27 18:55 - 2018-05-27 18:55 - 000000000 ____D C:\Users\su\AppData\Roaming\MPC-HC
    2018-05-27 18:53 - 2018-05-27 18:58 - 000000000 ____D C:\Program Files\MPC-HC
    2018-05-27 18:53 - 2018-05-27 18:53 - 000001745 _____ C:\Users\Public\Desktop\MPC-HC x64.lnk
    2018-05-27 18:53 - 2018-05-27 18:53 - 000001745 _____ C:\ProgramData\Desktop\MPC-HC x64.lnk
    2018-05-27 18:53 - 2018-05-27 18:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
    2018-05-27 13:06 - 2018-05-27 13:06 - 000000000 ____D C:\Users\su\AppData\Local\DBG
    2018-05-27 09:55 - 2018-05-27 09:55 - 000000000 ____D C:\Users\su\AppData\Local\PeerDistRepub
    2018-05-27 09:18 - 2018-05-27 09:18 - 000000000 ____D C:\Program Files\Reference Assemblies
    2018-05-27 09:18 - 2018-05-27 09:18 - 000000000 ____D C:\Program Files\MSBuild
    2018-05-27 09:18 - 2018-05-27 09:18 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
    2018-05-27 09:18 - 2018-05-27 09:18 - 000000000 ____D C:\Program Files (x86)\MSBuild
    2018-05-27 09:17 - 2018-03-05 16:07 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
    2018-05-27 09:17 - 2018-03-05 16:07 - 000103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2018-05-27 09:17 - 2018-03-05 16:07 - 000035456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
    2018-05-27 09:17 - 2018-02-14 16:21 - 001166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
    2018-05-27 09:17 - 2018-02-14 16:21 - 000124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2018-05-27 09:17 - 2018-02-14 16:21 - 000035456 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2018-05-27 09:16 - 2018-05-27 09:16 - 000000000 ____D C:\Users\su\Documents\Battlefield 1
    2018-05-27 09:14 - 2018-05-27 09:14 - 000000824 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraISOPortable.lnk
    2018-05-27 09:14 - 2018-05-27 09:14 - 000000756 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
    2018-05-27 09:13 - 2018-05-27 09:13 - 000000936 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\qBittorrentPortable.lnk
    2018-05-27 09:13 - 2018-05-27 09:13 - 000000919 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RevoUPort.lnk
    2018-05-27 09:13 - 2018-05-27 09:13 - 000000860 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mkvtoolnix-gui.lnk
    2018-05-27 09:13 - 2018-05-27 09:13 - 000000825 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SubRip.lnk
    2018-05-27 09:13 - 2018-05-27 09:13 - 000000777 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HWiNFO64.lnk
    2018-05-27 09:13 - 2018-05-27 09:13 - 000000768 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tcpview.lnk
    2018-05-27 09:12 - 2018-05-27 09:12 - 000000959 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CustomDesktopLogo.lnk
    2018-05-27 09:12 - 2018-05-27 09:12 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2018-05-27 09:12 - 2018-05-27 09:12 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
    2018-05-27 09:12 - 2018-05-27 09:12 - 000000000 ____D C:\Program Files\Realtek
    2018-05-27 09:12 - 2017-06-29 18:55 - 013122576 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 012988336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 006410088 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV3apo.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 005938904 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 005593608 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 003509256 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 003507688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 003410832 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 003299816 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 003122656 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 003092336 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 002190976 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 001435136 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 001382232 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 001347136 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 001337640 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 001016928 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000984912 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000965024 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000923736 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000877424 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000873456 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000868176 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000866640 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000852128 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000737960 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000691680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000677664 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000604792 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000532376 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000525768 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000467152 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000447712 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000387312 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000381408 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000343704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000341144 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000341144 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000231912 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000221960 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000214832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000209528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000192976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000166200 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000158696 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000151784 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000134200 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000110976 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000090912 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000088344 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000088312 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000084608 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000083624 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
    2018-05-27 09:12 - 2017-06-29 18:55 - 000075536 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 010536152 _____ (Intel Corporation) C:\Windows\system32\IntelSSTAPO.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 004059960 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 002291304 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 001780616 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 001591056 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 001422920 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 001334376 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 001213656 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 001166152 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000999848 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000727432 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000708312 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000680544 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000678176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000618184 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000514520 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000500552 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000428224 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000406448 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2APIPCLL.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000366120 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000360344 _____ (Harman) C:\Windows\system32\HMClariFi.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000330552 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000203840 _____ (Harman) C:\Windows\system32\HMHVS.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000190928 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000190928 _____ (Harman) C:\Windows\system32\HMEQ.dll
    2018-05-27 09:12 - 2017-06-29 18:54 - 000179592 _____ (Harman) C:\Windows\system32\HMLimiter.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 005346992 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 002444680 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 001965808 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 001959600 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 001616680 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 001554600 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOProp.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 001529136 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64Proxy.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 001508928 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 001326424 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOv251.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 001170872 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOvlldp.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 000743960 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 000504304 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 000445392 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 000441264 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 000362048 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 000327448 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 000310416 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 000272712 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 000253896 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 000253864 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
    2018-05-27 09:12 - 2017-06-29 18:53 - 000252872 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
    2018-05-27 09:12 - 2017-06-29 18:52 - 005826560 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
    2018-05-27 09:12 - 2017-06-29 18:52 - 003677160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
    2018-05-27 09:12 - 2017-06-29 18:52 - 003205120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
    2018-05-27 09:12 - 2017-06-29 18:52 - 002110592 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
    2018-05-27 09:12 - 2017-06-29 18:52 - 000574752 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
    2018-05-27 09:12 - 2017-06-29 18:52 - 000258856 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
    2018-05-27 09:12 - 2017-06-29 18:52 - 000118592 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 072520712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
    2018-05-27 09:12 - 2017-06-29 18:51 - 014057248 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 007172912 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 007096184 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 006264632 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 002210304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 002050176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 001186832 _____ (Intel Corporation) C:\Windows\system32\IntelSstCApoPropPage.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 001133064 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 001003856 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 000931616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 000416504 _____ (Harman) C:\Windows\system32\HMUI.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 000378384 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 000154360 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
    2018-05-27 09:12 - 2017-06-29 18:51 - 000023688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
    2018-05-27 09:12 - 2017-06-29 18:50 - 000122320 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
    2018-05-27 09:12 - 2017-06-29 18:50 - 000118584 _____ C:\Windows\system32\AcpiServiceVnA64.dll
    2018-05-27 09:12 - 2017-06-29 18:50 - 000105304 _____ C:\Windows\system32\audioLibVc.dll
    2018-05-27 09:12 - 2017-06-29 03:05 - 012334923 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
    2018-05-27 09:12 - 2017-06-29 03:05 - 005804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
    2018-05-27 09:12 - 2017-06-29 03:05 - 001920870 _____ C:\Windows\system32\Drivers\rtkSSTsetting.dat
    2018-05-27 09:10 - 2018-05-27 09:10 - 000000000 ____D C:\Program Files (x86)\Realtek
    2018-05-27 09:05 - 2018-05-27 09:05 - 000000000 ____D C:\ProgramData\Electronic Arts
    2018-05-27 08:59 - 2018-06-02 01:08 - 000000000 ____D C:\Users\su\AppData\Local\IsolatedStorage
    2018-05-27 08:59 - 2018-05-27 08:59 - 000000000 ____D C:\Users\su\AppData\Local\1password
    2018-05-27 07:58 - 2018-05-27 07:58 - 000001243 _____ C:\Users\Public\Desktop\Battlefield 1.lnk
    2018-05-27 07:58 - 2018-05-27 07:58 - 000001243 _____ C:\ProgramData\Desktop\Battlefield 1.lnk
    2018-05-27 07:58 - 2018-05-27 07:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1
    2018-05-27 07:47 - 2018-05-27 09:13 - 000000000 ____D C:\Windows\system32\DAX3
    2018-05-27 07:47 - 2018-05-27 09:13 - 000000000 ____D C:\Windows\system32\DAX2
    2018-05-27 07:47 - 2016-09-22 14:55 - 002839520 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
    2018-05-27 07:40 - 2018-05-27 07:40 - 000000000 ____D C:\Program Files (x86)\Origin Games
    2018-05-27 07:39 - 2018-05-27 07:39 - 000001142 _____ C:\Users\Public\Desktop\My LastPass Vault.lnk
    2018-05-27 07:39 - 2018-05-27 07:39 - 000001142 _____ C:\ProgramData\Desktop\My LastPass Vault.lnk
    2018-05-27 07:39 - 2018-05-27 07:39 - 000000000 ____D C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
    2018-05-27 07:39 - 2018-05-27 07:39 - 000000000 ____D C:\Users\su\AppData\LocalLow\LastPass
    2018-05-27 07:39 - 2018-05-27 07:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
    2018-05-27 07:39 - 2018-05-27 07:39 - 000000000 ____D C:\Program Files (x86)\LastPass
    2018-05-27 07:36 - 2018-06-02 01:18 - 000000000 ____D C:\Users\su\AppData\Local\D3DSCache
    2018-05-27 07:36 - 2018-05-27 07:36 - 000001062 _____ C:\Users\Public\Desktop\Origin.lnk
    2018-05-27 07:36 - 2018-05-27 07:36 - 000001062 _____ C:\ProgramData\Desktop\Origin.lnk
    2018-05-27 07:36 - 2018-05-27 07:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
    2018-05-27 07:36 - 2018-05-27 07:36 - 000000000 ____D C:\Program Files (x86)\Origin
    2018-05-27 07:35 - 2018-06-02 16:22 - 000000000 ____D C:\Users\su\Downloads\Compressed
    2018-05-27 07:35 - 2018-06-02 01:13 - 000000000 ____D C:\Users\su\AppData\Roaming\DMCache
    2018-05-27 07:35 - 2018-06-01 22:58 - 000000000 ____D C:\Users\su\Downloads\Video
    2018-05-27 07:35 - 2018-05-29 17:29 - 000000000 ____D C:\Users\su\AppData\Roaming\IDM
    2018-05-27 07:35 - 2018-05-27 07:35 - 000001078 _____ C:\Users\su\Desktop\Internet Download Manager.lnk
    2018-05-27 07:35 - 2018-05-27 07:35 - 000000000 ____D C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    2018-05-27 07:35 - 2018-05-27 07:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    2018-05-27 07:35 - 2018-05-27 07:35 - 000000000 ____D C:\ProgramData\IDM
    2018-05-27 07:35 - 2018-05-27 07:35 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
    2018-05-27 07:34 - 2018-06-02 01:19 - 000000000 ____D C:\Users\su\AppData\Roaming\Origin
    2018-05-27 07:34 - 2018-06-02 01:19 - 000000000 ____D C:\ProgramData\Origin
    2018-05-27 07:34 - 2018-05-27 07:40 - 000000000 ____D C:\Users\su\AppData\Local\Origin
    2018-05-27 07:33 - 2018-06-02 15:45 - 000000000 ____D C:\Program Files (x86)\Google
    2018-05-26 17:16 - 2018-05-26 16:20 - 000000000 ____D C:\Windows\Panther
    2018-05-26 16:44 - 2018-05-26 16:44 - 000000000 ____D C:\Users\su\AppData\Local\Comms
    2018-05-26 16:34 - 2018-05-21 02:45 - 000308408 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2018-05-26 16:34 - 2018-05-21 02:45 - 000094104 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2018-05-26 16:34 - 2018-05-21 02:43 - 021389360 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2018-05-26 16:34 - 2018-05-21 02:42 - 001649760 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
    2018-05-26 16:34 - 2018-05-21 02:42 - 001634808 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
    2018-05-26 16:34 - 2018-05-21 02:42 - 000759192 _____ (Microsoft Corporation) C:\Windows\system32\LicensingWinRT.dll
    2018-05-26 16:34 - 2018-05-21 02:27 - 012712960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2018-05-26 16:34 - 2018-05-21 02:27 - 000584192 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
    2018-05-26 16:34 - 2018-05-21 02:26 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\rasplap.dll
    2018-05-26 16:34 - 2018-05-21 02:24 - 002084864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2018-05-26 16:34 - 2018-05-21 02:24 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\rdpshell.exe
    2018-05-26 16:34 - 2018-05-21 02:23 - 004070400 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2018-05-26 16:34 - 2018-05-21 02:23 - 003655168 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
    2018-05-26 16:34 - 2018-05-21 02:23 - 000947712 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
    2018-05-26 16:34 - 2018-05-21 02:23 - 000899072 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
    2018-05-26 16:34 - 2018-05-21 02:23 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\rdpinit.exe
    2018-05-26 16:34 - 2018-05-21 02:22 - 001665024 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
    2018-05-26 16:34 - 2018-05-21 02:22 - 001292288 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe
    2018-05-26 16:34 - 2018-05-21 02:22 - 000941056 _____ (Microsoft Corporation) C:\Windows\system32\rasdlg.dll
    2018-05-26 16:34 - 2018-05-21 02:22 - 000804352 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
    2018-05-26 16:34 - 2018-05-21 01:20 - 000022936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hvsicontainerservice.dll
    2018-05-26 16:34 - 2018-05-21 01:17 - 001454024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
    2018-05-26 16:34 - 2018-05-21 01:15 - 000653208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicensingWinRT.dll
    2018-05-26 16:34 - 2018-05-21 01:14 - 020383712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2018-05-26 16:34 - 2018-05-21 01:14 - 001490144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
    2018-05-26 16:34 - 2018-05-21 01:03 - 011903488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2018-05-26 16:34 - 2018-05-21 01:02 - 000461312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasplap.dll
    2018-05-26 16:34 - 2018-05-21 01:00 - 002896896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
    2018-05-26 16:34 - 2018-05-21 01:00 - 000864768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
    2018-05-26 16:34 - 2018-05-21 00:59 - 002016256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2018-05-26 16:34 - 2018-05-21 00:59 - 000863232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdlg.dll
    2018-05-26 16:34 - 2018-05-21 00:59 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
    2018-05-26 16:34 - 2018-05-20 23:59 - 023862784 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
    2018-05-26 16:34 - 2018-05-20 23:45 - 001271296 _____ (Microsoft Corporation) C:\Windows\system32\HoloSI.PCShell.dll
    2018-05-26 16:34 - 2018-05-20 23:39 - 000944640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Mirage.Internal.dll
    2018-05-26 16:34 - 2018-05-20 23:39 - 000788480 _____ (Microsoft Corporation) C:\Windows\system32\DHolographicDisplay.dll
    2018-05-26 16:34 - 2018-05-20 23:36 - 003733312 _____ C:\Windows\system32\Windows.Mirage.dll
    2018-05-26 16:34 - 2018-05-20 23:35 - 000677376 _____ (Microsoft Corporation) C:\Windows\system32\HeadTrackerStorage.dll
    2018-05-26 16:34 - 2018-05-20 23:34 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\HoloShellRuntime.dll
    2018-05-26 16:34 - 2018-05-20 22:04 - 000658432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
    2018-05-26 16:34 - 2018-05-20 22:00 - 002841312 _____ C:\Windows\SysWOW64\Windows.Mirage.dll
    2018-05-26 16:34 - 2018-05-20 21:54 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\HoloShellRuntime.dll
    2018-05-26 16:34 - 2018-05-20 19:36 - 000613144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
    2018-05-26 16:34 - 2018-05-20 19:33 - 000748504 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
    2018-05-26 16:34 - 2018-05-20 19:33 - 000707480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
    2018-05-26 16:34 - 2018-05-20 19:33 - 000105368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
    2018-05-26 16:34 - 2018-05-20 19:01 - 001140576 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2018-05-26 16:34 - 2018-05-20 19:01 - 000983008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2018-05-26 16:34 - 2018-05-20 18:59 - 000269224 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave_secure.dll
    2018-05-26 16:34 - 2018-05-20 18:58 - 000272288 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave.dll
    2018-05-26 16:34 - 2018-05-20 18:55 - 001456616 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2018-05-26 16:34 - 2018-05-20 18:55 - 001174424 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
    2018-05-26 16:34 - 2018-05-20 18:55 - 001063320 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
    2018-05-26 16:34 - 2018-05-20 18:55 - 000567176 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
    2018-05-26 16:34 - 2018-05-20 18:55 - 000193936 _____ (Microsoft Corporation) C:\Windows\system32\skci.dll
    2018-05-26 16:34 - 2018-05-20 18:54 - 002564984 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
    2018-05-26 16:34 - 2018-05-20 18:54 - 001800080 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
    2018-05-26 16:34 - 2018-05-20 18:54 - 001017056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
    2018-05-26 16:34 - 2018-05-20 18:54 - 001012120 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
    2018-05-26 16:34 - 2018-05-20 18:54 - 000722288 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2018-05-26 16:34 - 2018-05-20 18:54 - 000170904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2018-05-26 16:34 - 2018-05-20 18:53 - 006816848 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
    2018-05-26 16:34 - 2018-05-20 18:53 - 004402768 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
    2018-05-26 16:34 - 2018-05-20 18:53 - 002836376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2018-05-26 16:34 - 2018-05-20 18:53 - 002371392 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2018-05-26 16:34 - 2018-05-20 18:53 - 002178136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
    2018-05-26 16:34 - 2018-05-20 18:53 - 001947808 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2018-05-26 16:34 - 2018-05-20 18:53 - 001258280 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2018-05-26 16:34 - 2018-05-20 18:53 - 001017088 _____ (Microsoft Corporation) C:\Windows\system32\DolbyDecMFT.dll
    2018-05-26 16:34 - 2018-05-20 18:53 - 001012408 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
    2018-05-26 16:34 - 2018-05-20 18:53 - 000792984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
    2018-05-26 16:34 - 2018-05-20 18:53 - 000709824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2018-05-26 16:34 - 2018-05-20 18:53 - 000131232 _____ (Microsoft Corporation) C:\Windows\system32\rmclient.dll
    2018-05-26 16:34 - 2018-05-20 18:53 - 000088472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
    2018-05-26 16:34 - 2018-05-20 18:52 - 009159064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2018-05-26 16:34 - 2018-05-20 18:52 - 007519992 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 007436632 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 003283400 _____ (Microsoft Corporation) C:\Windows\system32\CoreUIComponents.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 002753040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 001209792 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 001148800 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 001097648 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 000885848 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 000735560 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 000713368 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 000416120 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 000413080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2018-05-26 16:34 - 2018-05-20 18:52 - 000347704 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2018-05-26 16:34 - 2018-05-20 18:52 - 000130456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvsocket.sys
    2018-05-26 16:34 - 2018-05-20 18:52 - 000089984 _____ (Microsoft Corporation) C:\Windows\system32\CompPkgSup.dll
    2018-05-26 16:34 - 2018-05-20 18:35 - 025844224 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
    2018-05-26 16:34 - 2018-05-20 18:35 - 000861608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
    2018-05-26 16:34 - 2018-05-20 18:34 - 016592384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
    2018-05-26 16:34 - 2018-05-20 18:34 - 001462288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
    2018-05-26 16:34 - 2018-05-20 18:34 - 000861096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DolbyDecMFT.dll
    2018-05-26 16:34 - 2018-05-20 18:33 - 002331576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
    2018-05-26 16:34 - 2018-05-20 18:33 - 001665920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
    2018-05-26 16:34 - 2018-05-20 18:33 - 001011968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2018-05-26 16:34 - 2018-05-20 18:33 - 000457144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
    2018-05-26 16:34 - 2018-05-20 18:33 - 000101288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rmclient.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 006567904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 006527568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 006044104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 004787960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 002536056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 002486984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreUIComponents.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 002242208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 001559368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 001034096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 000988128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 000567144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 000560488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 000286200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2018-05-26 16:34 - 2018-05-20 18:32 - 000077040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CompPkgSup.dll
    2018-05-26 16:34 - 2018-05-20 18:31 - 001456640 _____ (Microsoft Corporation) C:\Windows\system32\WpcDesktopMonSvc.dll
    2018-05-26 16:34 - 2018-05-20 18:30 - 022709248 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2018-05-26 16:34 - 2018-05-20 18:30 - 008188928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
    2018-05-26 16:34 - 2018-05-20 18:29 - 000185344 _____ (Microsoft Corporation) C:\Windows\system32\InstallServiceTasks.dll
    2018-05-26 16:34 - 2018-05-20 18:28 - 004706816 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
    2018-05-26 16:34 - 2018-05-20 18:28 - 004372480 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
    2018-05-26 16:34 - 2018-05-20 18:28 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
    2018-05-26 16:34 - 2018-05-20 18:28 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\AppHostRegistrationVerifier.exe
    2018-05-26 16:34 - 2018-05-20 18:28 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2018-05-26 16:34 - 2018-05-20 18:27 - 000344576 _____ (Microsoft Corporation) C:\Windows\system32\RasMediaManager.dll
    2018-05-26 16:34 - 2018-05-20 18:27 - 000295424 _____ (Microsoft Corporation) C:\Windows\system32\FSClient.dll
    2018-05-26 16:34 - 2018-05-20 18:27 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\ApiSetHost.AppExecutionAlias.dll
    2018-05-26 16:34 - 2018-05-20 18:26 - 003392512 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
    2018-05-26 16:34 - 2018-05-20 18:26 - 003389952 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
    2018-05-26 16:34 - 2018-05-20 18:26 - 001307648 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
    2018-05-26 16:34 - 2018-05-20 18:26 - 000356352 _____ (Microsoft Corporation) C:\Windows\system32\dafWfdProvider.dll
    2018-05-26 16:34 - 2018-05-20 18:26 - 000266752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2018-05-26 16:34 - 2018-05-20 18:26 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\wevtutil.exe
    2018-05-26 16:34 - 2018-05-20 18:26 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
    2018-05-26 16:34 - 2018-05-20 18:26 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\TelephonyInteractiveUser.dll
    2018-05-26 16:34 - 2018-05-20 18:26 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\MSHEIF.dll
    2018-05-26 16:34 - 2018-05-20 18:25 - 022001664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
    2018-05-26 16:34 - 2018-05-20 18:25 - 004867072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2018-05-26 16:34 - 2018-05-20 18:25 - 004563968 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
    2018-05-26 16:34 - 2018-05-20 18:25 - 000835584 _____ (Microsoft Corporation) C:\Windows\system32\PhoneService.dll
    2018-05-26 16:34 - 2018-05-20 18:25 - 000384000 _____ (Microsoft Corporation) C:\Windows\system32\Phoneutil.dll
    2018-05-26 16:34 - 2018-05-20 18:24 - 007582720 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
    2018-05-26 16:34 - 2018-05-20 18:24 - 003320320 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
    2018-05-26 16:34 - 2018-05-20 18:24 - 001767936 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2018-05-26 16:34 - 2018-05-20 18:24 - 001485312 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
    2018-05-26 16:34 - 2018-05-20 18:24 - 000898560 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
    2018-05-26 16:34 - 2018-05-20 18:24 - 000894464 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
    2018-05-26 16:34 - 2018-05-20 18:24 - 000813568 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
    2018-05-26 16:34 - 2018-05-20 18:24 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2018-05-26 16:34 - 2018-05-20 18:24 - 000625152 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
    2018-05-26 16:34 - 2018-05-20 18:24 - 000234496 _____ (Microsoft Corporation) C:\Windows\system32\DolbyMATEnc.dll
    2018-05-26 16:34 - 2018-05-20 18:23 - 013873152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
    2018-05-26 16:34 - 2018-05-20 18:23 - 005951488 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
    2018-05-26 16:34 - 2018-05-20 18:23 - 002366976 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
    2018-05-26 16:34 - 2018-05-20 18:23 - 002364928 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
    2018-05-26 16:34 - 2018-05-20 18:23 - 001318400 _____ (Microsoft Corporation) C:\Windows\system32\ISM.dll
    2018-05-26 16:34 - 2018-05-20 18:23 - 000933376 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
    2018-05-26 16:34 - 2018-05-20 18:23 - 000932352 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
    2018-05-26 16:34 - 2018-05-20 18:23 - 000847360 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
    2018-05-26 16:34 - 2018-05-20 18:22 - 003440640 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2018-05-26 16:34 - 2018-05-20 18:22 - 001817088 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2018-05-26 16:34 - 2018-05-20 18:22 - 000871424 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.BackgroundMediaPlayback.dll
    2018-05-26 16:34 - 2018-05-20 18:22 - 000869376 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
    2018-05-26 16:34 - 2018-05-20 18:22 - 000684544 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
    2018-05-26 16:34 - 2018-05-20 18:21 - 002236928 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
    2018-05-26 16:34 - 2018-05-20 18:21 - 001371136 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
    2018-05-26 16:34 - 2018-05-20 18:21 - 001303040 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
    2018-05-26 16:34 - 2018-05-20 18:21 - 001210880 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
    2018-05-26 16:34 - 2018-05-20 18:21 - 001033728 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
    2018-05-26 16:34 - 2018-05-20 18:21 - 000960512 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
    2018-05-26 16:34 - 2018-05-20 18:21 - 000849408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Playback.MediaPlayer.dll
    2018-05-26 16:34 - 2018-05-20 18:21 - 000783360 _____ (Microsoft Corporation) C:\Windows\system32\DolbyHrtfEnc.dll
    2018-05-26 16:34 - 2018-05-20 18:21 - 000775680 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2018-05-26 16:34 - 2018-05-20 18:21 - 000652800 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
    2018-05-26 16:34 - 2018-05-20 18:21 - 000505344 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
    2018-05-26 16:34 - 2018-05-20 18:21 - 000401920 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
    2018-05-26 16:34 - 2018-05-20 18:18 - 019399168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2018-05-26 16:34 - 2018-05-20 18:17 - 002961408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
    2018-05-26 16:34 - 2018-05-20 18:17 - 002699776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
    2018-05-26 16:34 - 2018-05-20 18:16 - 006661120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
    2018-05-26 16:34 - 2018-05-20 18:16 - 000239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FSClient.dll
    2018-05-26 16:34 - 2018-05-20 18:16 - 000094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
    2018-05-26 16:34 - 2018-05-20 18:16 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ApiSetHost.AppExecutionAlias.dll
    2018-05-26 16:34 - 2018-05-20 18:16 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2018-05-26 16:34 - 2018-05-20 18:15 - 004336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
    2018-05-26 16:34 - 2018-05-20 18:15 - 003712000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2018-05-26 16:34 - 2018-05-20 18:15 - 002900480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
    2018-05-26 16:34 - 2018-05-20 18:15 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallServiceTasks.dll
    2018-05-26 16:34 - 2018-05-20 18:15 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSHEIF.dll
    2018-05-26 16:34 - 2018-05-20 18:14 - 005782528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
    2018-05-26 16:34 - 2018-05-20 18:14 - 001295360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
    2018-05-26 16:34 - 2018-05-20 18:14 - 000331264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
    2018-05-26 16:34 - 2018-05-20 18:14 - 000167936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtutil.exe
    2018-05-26 16:34 - 2018-05-20 18:13 - 004929024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
    2018-05-26 16:34 - 2018-05-20 18:13 - 000646656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
    2018-05-26 16:34 - 2018-05-20 18:13 - 000630784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
    2018-05-26 16:34 - 2018-05-20 18:13 - 000615424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
    2018-05-26 16:34 - 2018-05-20 18:13 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
    2018-05-26 16:34 - 2018-05-20 18:13 - 000317440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Phoneutil.dll
    2018-05-26 16:34 - 2018-05-20 18:12 - 003014656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2018-05-26 16:34 - 2018-05-20 18:12 - 001636352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2018-05-26 16:34 - 2018-05-20 18:12 - 001348096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
    2018-05-26 16:34 - 2018-05-20 18:12 - 000992768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Vpn.dll
    2018-05-26 16:34 - 2018-05-20 18:12 - 000860160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
    2018-05-26 16:34 - 2018-05-20 18:12 - 000619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
    2018-05-26 16:34 - 2018-05-20 18:11 - 001108992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
    2018-05-26 16:34 - 2018-05-20 18:11 - 001036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
    2018-05-26 16:34 - 2018-05-20 18:11 - 001005568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
    2018-05-26 16:34 - 2018-05-20 18:11 - 000669184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2018-05-26 16:34 - 2018-05-20 18:11 - 000648192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
    2018-05-26 16:34 - 2018-05-20 18:11 - 000528384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActivationManager.dll
    2018-05-26 16:34 - 2018-05-20 17:07 - 000001310 _____ C:\Windows\system32\tcbres.wim
    2018-05-26 16:34 - 2018-05-20 15:26 - 000018716 _____ C:\Windows\system32\srms-apr.dat
    2018-05-26 16:34 - 2018-05-19 00:08 - 000018716 _____ C:\Windows\SysWOW64\srms-apr.dat
    2018-05-26 16:34 - 2018-04-28 21:25 - 000652184 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
    2018-05-26 16:34 - 2018-04-28 21:24 - 000749976 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
    2018-05-26 16:34 - 2018-04-28 21:23 - 000826776 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe
    2018-05-26 16:34 - 2018-04-28 21:23 - 000399768 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
    2018-05-26 16:34 - 2018-04-28 21:03 - 013570560 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2018-05-26 16:34 - 2018-04-28 21:03 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
    2018-05-26 16:34 - 2018-04-28 21:03 - 000150528 _____ (Microsoft Corporation) C:\Windows\system32\SharedPCCSP.dll
    2018-05-26 16:34 - 2018-04-28 21:02 - 008623104 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2018-05-26 16:34 - 2018-04-28 21:01 - 000256000 _____ (Microsoft Corporation) C:\Windows\system32\MixedReality.Broker.dll
    2018-05-26 16:34 - 2018-04-28 21:00 - 000695296 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
    2018-05-26 16:34 - 2018-04-28 20:59 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2018-05-26 16:34 - 2018-04-28 20:58 - 001855488 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2018-05-26 16:34 - 2018-04-28 20:58 - 000758272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2018-05-26 16:34 - 2018-04-28 20:18 - 000150016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
    2018-05-26 16:34 - 2018-04-28 20:17 - 012500992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2018-05-26 16:34 - 2018-04-28 20:16 - 007987712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2018-05-26 16:34 - 2018-04-28 20:14 - 000668672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2018-05-26 16:34 - 2018-04-28 20:14 - 000581120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
    2018-05-26 16:34 - 2018-04-28 20:14 - 000344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2018-05-26 16:34 - 2018-04-28 20:13 - 001585664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2018-05-26 16:34 - 2018-04-28 20:12 - 001380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
    2018-05-26 16:34 - 2018-04-28 18:17 - 019525120 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
    2018-05-26 16:34 - 2018-04-28 17:58 - 000976384 _____ (Microsoft Corporation) C:\Windows\system32\Spectrum.exe
    2018-05-26 16:34 - 2018-04-28 17:58 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.Analog.dll
    2018-05-26 16:34 - 2018-04-28 11:37 - 001034624 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
    2018-05-26 16:34 - 2018-04-28 11:31 - 000473496 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
    2018-05-26 16:34 - 2018-04-28 11:29 - 001565592 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
    2018-05-26 16:34 - 2018-04-28 11:29 - 000788216 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2018-05-26 16:34 - 2018-04-28 11:29 - 000776880 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2018-05-26 16:34 - 2018-04-28 11:29 - 000494488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
    2018-05-26 16:34 - 2018-04-28 11:29 - 000382872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
    2018-05-26 16:34 - 2018-04-28 11:29 - 000134552 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
    2018-05-26 16:34 - 2018-04-28 11:27 - 002422168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2018-05-26 16:34 - 2018-04-28 11:27 - 001191168 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2018-05-26 16:34 - 2018-04-28 11:27 - 000604568 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
    2018-05-26 16:34 - 2018-04-28 11:14 - 000434584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
    2018-05-26 16:34 - 2018-04-28 11:13 - 001426328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
    2018-05-26 16:34 - 2018-04-28 11:13 - 000786168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2018-05-26 16:34 - 2018-04-28 11:13 - 000665320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2018-05-26 16:34 - 2018-04-28 11:12 - 000606448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2018-05-26 16:34 - 2018-04-28 11:03 - 000585728 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs3.dll
    2018-05-26 16:34 - 2018-04-28 11:03 - 000444416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs1.dll
    2018-05-26 16:34 - 2018-04-28 11:03 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.th.dll
    2018-05-26 16:34 - 2018-04-28 11:03 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.win81.dll
    2018-05-26 16:34 - 2018-04-28 11:02 - 000613376 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs4.dll
    2018-05-26 16:34 - 2018-04-28 11:02 - 000474624 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs2.dll
    2018-05-26 16:34 - 2018-04-28 11:02 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
    2018-05-26 16:34 - 2018-04-28 11:02 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.win8rtm.dll
    2018-05-26 16:34 - 2018-04-28 11:02 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\wcimage.dll
    2018-05-26 16:34 - 2018-04-28 11:01 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2018-05-26 16:34 - 2018-04-28 11:00 - 000143360 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2018-05-26 16:34 - 2018-04-28 10:59 - 000553984 _____ (Microsoft Corporation) C:\Windows\system32\PerceptionSimulationExtensions.dll
    2018-05-26 16:34 - 2018-04-28 10:58 - 003086336 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2018-05-26 16:34 - 2018-04-28 10:57 - 002170368 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
    2018-05-26 16:34 - 2018-04-28 10:57 - 001534976 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2018-05-26 16:34 - 2018-04-28 10:57 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2018-05-26 16:34 - 2018-04-28 10:56 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2018-05-26 16:34 - 2018-04-28 10:56 - 001550848 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
    2018-05-26 16:34 - 2018-04-28 10:56 - 000917504 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2018-05-26 16:34 - 2018-04-28 10:55 - 001586176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2018-05-26 16:34 - 2018-04-28 10:55 - 001421312 _____ (Microsoft Corporation) C:\Windows\system32\rdpbase.dll
    2018-05-26 16:34 - 2018-04-28 10:55 - 001160192 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
    2018-05-26 16:34 - 2018-04-28 10:55 - 000596480 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
    2018-05-26 16:34 - 2018-04-28 10:55 - 000543744 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2018-05-26 16:34 - 2018-04-28 10:54 - 000561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2018-05-26 16:34 - 2018-04-28 10:53 - 001235968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpbase.dll
    2018-05-26 16:34 - 2018-04-28 10:53 - 000117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2018-05-26 16:34 - 2018-04-28 10:52 - 000836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2018-05-26 16:34 - 2018-04-28 10:51 - 001466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2018-05-26 16:34 - 2018-04-28 10:51 - 000524800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2018-05-26 16:34 - 2018-04-28 09:43 - 001953280 _____ C:\Windows\system32\rdpnano.dll
    2018-05-26 16:33 - 2018-05-31 23:41 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
    2018-05-26 16:33 - 2018-05-31 23:41 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2018-05-26 16:33 - 2018-05-26 16:33 - 000000000 ____D C:\Windows\system32\MRT
    2018-05-26 16:33 - 2018-05-26 16:33 - 000000000 ____D C:\Users\su\AppData\Roaming\NVIDIA
    2018-05-26 16:33 - 2018-05-26 16:32 - 000548000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2018-05-26 16:30 - 2018-06-02 13:18 - 000000000 ____D C:\Users\su\AppData\Roaming\nhm2
    2018-05-26 16:30 - 2018-06-02 01:18 - 000000000 ____D C:\ProgramData\NVIDIA
    2018-05-26 16:30 - 2018-06-02 01:15 - 000000000 ____D C:\ProgramData\Package Cache
    2018-05-26 16:30 - 2018-05-31 01:37 - 000002444 _____ C:\Users\su\Desktop\NiceHash Miner 2.lnk
    2018-05-26 16:30 - 2018-05-29 04:11 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
    2018-05-26 16:30 - 2018-05-29 04:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
    2018-05-26 16:30 - 2018-05-29 04:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2018-05-26 16:30 - 2018-05-26 16:30 - 000002452 _____ C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NiceHash Miner 2.lnk
    2018-05-26 16:30 - 2018-05-26 16:30 - 000000000 ____D C:\Users\su\AppData\Roaming\NiceHash Miner 2
    2018-05-26 16:30 - 2018-05-24 01:22 - 000552480 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
    2018-05-26 16:30 - 2018-05-23 02:58 - 002612520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
    2018-05-26 16:30 - 2018-05-23 02:57 - 005947328 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2018-05-26 16:30 - 2018-05-23 02:57 - 001767360 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
    2018-05-26 16:30 - 2018-05-23 02:57 - 000633984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
    2018-05-26 16:30 - 2018-05-23 02:57 - 000450960 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
    2018-05-26 16:30 - 2018-05-23 02:57 - 000124200 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2018-05-26 16:30 - 2018-05-23 02:57 - 000083240 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
    2018-05-26 16:30 - 2018-05-22 13:43 - 008186102 _____ C:\Windows\system32\nvcoproc.bin
    2018-05-26 16:30 - 2018-05-14 23:01 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
    2018-05-26 16:28 - 2018-05-29 02:22 - 000000000 ____D C:\Users\su\AppData\Local\PlaceholderTileLogoFolder
    2018-05-26 16:28 - 2018-05-26 16:28 - 000001417 _____ C:\Users\su\Desktop\Microsoft Edge.lnk
    2018-05-26 16:28 - 2018-05-26 16:28 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
    2018-05-26 16:27 - 2018-06-02 03:32 - 000000000 ____D C:\Users\su\AppData\Local\Packages
    2018-05-26 16:27 - 2018-06-01 22:20 - 000000000 ____D C:\Users\su
    2018-05-26 16:27 - 2018-05-31 22:25 - 000000000 ____D C:\Users\su\AppData\Local\Publishers
    2018-05-26 16:27 - 2018-05-30 20:29 - 000000000 ____D C:\Users\su\AppData\Local\ConnectedDevicesPlatform
    2018-05-26 16:27 - 2018-05-29 00:43 - 000000000 ____D C:\Users\su\AppData\Local\VirtualStore
    2018-05-26 16:27 - 2018-05-27 07:29 - 000000000 __RHD C:\Users\Public\AccountPictures
    2018-05-26 16:27 - 2018-05-27 07:29 - 000000000 ___RD C:\Users\su\3D Objects
    2018-05-26 16:27 - 2018-05-26 16:27 - 000000000 ____D C:\Users\su\AppData\Local\MicrosoftEdge
    2018-05-26 16:26 - 2018-05-31 19:29 - 000000000 ____D C:\ProgramData\Razer
    2018-05-26 16:26 - 2018-05-31 19:29 - 000000000 ____D C:\Program Files (x86)\Razer
    2018-05-26 16:25 - 2018-06-02 01:24 - 000842708 _____ C:\Windows\system32\PerfStringBackup.INI
    2018-05-26 16:23 - 2018-05-26 16:23 - 000000000 ____D C:\Windows\CSC
    2018-05-26 16:23 - 2018-05-26 16:23 - 000000000 ____D C:\ProgramData\USOShared
    2018-05-26 16:23 - 2018-04-12 06:33 - 002752000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
    2018-05-26 16:19 - 2018-06-02 16:20 - 000000000 ____D C:\Windows\system32\SleepStudy
    2018-05-26 16:19 - 2018-06-02 01:18 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2018-05-26 16:19 - 2018-05-31 17:29 - 000000000 ____D C:\Windows\system32\Drivers\wd
    2018-05-26 16:19 - 2018-05-27 07:28 - 000233856 _____ C:\Windows\system32\FNTCACHE.DAT
    2018-05-26 16:19 - 2018-05-26 16:19 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2018-05-26 16:19 - 2018-05-26 16:19 - 000000000 ____D C:\Windows\ServiceProfiles
    2018-05-16 23:43 - 2018-03-01 21:36 - 000226032 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-06-02 03:32 - 2018-04-12 06:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-06-02 03:32 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\AppReadiness
    2018-06-02 01:24 - 2018-04-12 06:36 - 000000000 ____D C:\Windows\INF
    2018-06-02 01:20 - 2018-04-12 06:38 - 000000000 ____D C:\ProgramData\USOPrivate
    2018-06-02 01:18 - 2018-04-12 04:04 - 000524288 _____ C:\Windows\system32\config\BBI
    2018-06-02 01:08 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\Macromed
    2018-06-02 01:07 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\SysWOW64\Macromed
    2018-06-02 01:05 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\oobe
    2018-05-31 17:45 - 2018-04-12 04:04 - 000032768 _____ C:\Windows\system32\config\ELAM
    2018-05-30 22:46 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\Web
    2018-05-30 20:13 - 2018-04-12 06:30 - 000000000 ____D C:\Windows\CbsTemp
    2018-05-30 20:07 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\NDF
    2018-05-30 01:41 - 2018-04-12 06:38 - 000000000 ___HD C:\Windows\system32\GroupPolicy
    2018-05-29 20:40 - 2018-04-12 16:20 - 000000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
    2018-05-29 05:05 - 2018-04-12 06:38 - 000000000 ___HD C:\Windows\ELAMBKUP
    2018-05-27 07:28 - 2018-04-12 16:37 - 000000000 ____D C:\Windows\Containers
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\zu-ZA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\yo-NG
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\xh-ZA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\wo-SN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\vi-VN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\uz-Latn-UZ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ur-PK
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ug-CN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\tt-RU
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\tn-ZA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\tk-TM
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ti-ET
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\tg-Cyrl-TJ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\te-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ta-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\sw-KE
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-RS
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-BA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\sq-AL
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\si-LK
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\sd-Arab-PK
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\rw-RW
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\quz-PE
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\quc-Latn-GT
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\prs-AF
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\pa-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\pa-Arab-PK
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\or-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\nso-ZA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\nn-NO
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ne-NP
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\mt-MT
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\mr-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\mn-MN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ml-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\mk-MK
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\mi-NZ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\lo-LA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\lb-LU
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ky-KG
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ku-Arab-IQ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\kok-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\kn-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\km-KH
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\kk-KZ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ka-GE
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\is-IS
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ig-NG
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\id-ID
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\hy-AM
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ha-Latn-NG
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\gu-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\gd-GB
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ga-IE
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\fil-PH
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\fa-IR
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\chr-CHER-US
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\cy-GB
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\ca-ES-valencia
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\bs-Latn-BA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\bn-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\bn-BD
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\be-BY
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\az-Latn-AZ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\as-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\am-ET
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\SysWOW64\af-ZA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\zu-ZA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\yo-NG
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\xh-ZA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\wo-SN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\vi-VN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\uz-Latn-UZ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ur-PK
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ug-CN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\tt-RU
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\tn-ZA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\tk-TM
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ti-ET
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\tg-Cyrl-TJ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\te-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\sw-KE
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\sr-Cyrl-RS
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\sr-Cyrl-BA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\sq-AL
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\sd-Arab-PK
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\rw-RW
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\quz-PE
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\quc-Latn-GT
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\prs-AF
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\pa-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\pa-Arab-PK
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\or-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\nso-ZA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\nn-NO
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ne-NP
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\mt-MT
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\mr-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\mn-MN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ml-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\mk-MK
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\mi-NZ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\lo-LA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\lb-LU
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ky-KG
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ku-Arab-IQ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\kok-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\kn-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\km-KH
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\kk-KZ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ka-GE
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\is-IS
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ig-NG
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\id-ID
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\hy-AM
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ha-Latn-NG
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\gu-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\gd-GB
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ga-IE
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\fil-PH
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\fa-IR
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\chr-CHER-US
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\cy-GB
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\ca-ES-valencia
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\bs-Latn-BA
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\bn-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\bn-BD
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\be-BY
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\az-Latn-AZ
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\as-IN
    2018-05-27 07:28 - 2018-04-12 16:19 - 000000000 ____D C:\Windows\system32\af-ZA
    2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\TextInput
    2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\SysWOW64\setup
    2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\ta-in
    2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\si-lk
    2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\setup
    2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\appraiser
    2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\am-et
    2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\Provisioning
    2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\bcastdvr
    2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
    2018-05-27 07:28 - 2018-04-12 06:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2018-05-27 04:14 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\appcompat
    2018-05-26 18:31 - 2018-04-12 06:38 - 000000000 ____D C:\Program Files\Windows Defender
    2018-05-26 17:16 - 2018-04-12 06:38 - 000028672 _____ C:\Windows\system32\config\BCD-Template
    2018-05-26 16:30 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\Help
    2018-05-26 16:28 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\WinBioDatabase
    2018-05-26 16:23 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\spool
    2018-05-26 16:23 - 2018-04-12 06:38 - 000000000 ____D C:\Windows\system32\FxsTmp
    2018-05-24 01:22 - 2018-04-12 16:20 - 000456608 _____ (Khronos Group) C:\Windows\SysWOW64\opencl.dll
    2018-05-23 05:00 - 2017-11-09 03:57 - 000044277 _____ C:\Windows\system32\nvinfo.pb

    ==================== Files in the root of some directories =======

    2018-06-01 01:33 - 2018-06-02 16:32 - 002586041 _____ () C:\Users\su\AppData\Roaming\ICARE.LOG
    2018-06-02 08:14 - 2018-06-02 08:14 - 009215439 _____ () C:\Users\su\AppData\Roaming\ICARE.LOG.OLD
    2018-06-01 02:41 - 2018-06-01 02:41 - 000000166 _____ () C:\Users\su\AppData\Roaming\ICARE_ACTIVITY.LOG

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    ATTENTION: ==> Could not access BCD.

    LastRegBack: 2018-05-26 16:19

    ==================== End of FRST.txt ============================

  9. #19
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Let's see if we can get Chrome remnants off so you can reinstall.

    ATTENTION: System Restore is disabled
    Enabling System Restore in Windows 10 and Creating System Restore Point

    --------------------
    Press the Windows Key + R at the same time
    Type sysdm.cpl and hit Enter
    Click System Protection
    Under Protection Settings left click on Local Disk C: (System) to highlight the entry
    Click Configure
    Select Turn on system protection
    Click Apply, then OK
    On the System Properties window Click Create...
    Type SpyBot Help Restore Point then click Create.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~``

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    Task: {0C639D82-FF21-4296-A972-D75D6828A80F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-02] (Google Inc.)
    Task: {3DEF727F-AD79-41D9-A3A0-1A05A4251C42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-02] (Google Inc.)
    S3 Browser; %SystemRoot%\System32\browser.dll [X]
    CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-05-16]
    CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-05-16]
    Emptytemp:
    End::

    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Also, run Chrome cleanup tool. It might say no files found but we'll see.
    https://www.bleepingcomputer.com/dow...-cleanup-tool/


    After the above, see if you can download Chrome now.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #20
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    All vbscript.dll does is allows programs to call it to run vbscripts. So if this is only happening in IE when you launch it, something may be trying to run a VB script in IE. If you are not sure the contents of this, I would reset IE back to defaults just to be safe.
    Turning off Disable Internet Explorer VB Scripting seems to fix it.
    MalwareBytes has a good write up of information here
    https://forums.malwarebytes.com/topi...sions-failure/

    Also, some additional information from Microsoft. It explains a bit more about VBScript and why blocking/disabling it is a good idea.
    https://blogs.windows.com/msedgedev/...t-explorer-11/
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •