Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

oload.download consistently popping up

This is a discussion on oload.download consistently popping up within the Resolved HJT Threads forums, part of the Tech Support Forum category. There's this popup that comes up in the bottom right of my screen and it constantly blocks me from clicking


 
 
Thread Tools Search this Thread
Old 11-17-2018, 11:30 AM   #1
Registered Member
 
Join Date: May 2012
Posts: 36
OS: Windows 10



There's this popup that comes up in the bottom right of my screen and it constantly blocks me from clicking things in that area and it's always there. I ran adware cleaner and followed the instructions and it just came back full force. Looking to get rid of this malware or virus.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.17134.1 BrowserJavaVersion: 11.181.2
Run by John Kim at 11:25:52 on 2018-11-17
Microsoft Windows 10 Home 10.0.17134.0.1252.1.1033.18.6090.2939 [GMT -8:00]
.
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k localservice -p -s BthAvctpSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k appmodel -p -s camsvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s BTAGService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k localservicenonetwork -p
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
C:\WINDOWS\system32\ibtsiva.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
C:\WINDOWS\system32\wbem\unsecapp.exe
c:\windows\system32\svchost.exe -k netsvcs -p
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\WINDOWS\system32\SearchIndexer.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
C:\WINDOWS\system32\svchost.exe -k LocalService -p
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DsSvc
C:\Program Files\rempl\sedsvc.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\WINDOWS\system32\wbem\wmiprvse.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\System32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
c:\windows\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Windows\System32\smartscreen.exe
C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\WINDOWS\system32\msiexec.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\windows\SysWOW64\UMonit64.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\RTFTrack.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\John Kim\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\windows\system32\taskhostw.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll
uRun: [Spotify Web Helper] "C:\Users\John Kim\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [OneDrive] "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Spotify] "C:\Users\John Kim\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
mPolicies-System: SoftwareSASGeneration = dword:1
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{11f6b674-c3dd-4f71-88f4-ef63d9d587f4} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{11f6b674-c3dd-4f71-88f4-ef63d9d587f4}\14962707F62747759664968223E2437492 : DHCPNameServer = 210.220.163.82 168.126.63.1
TCP: Interfaces\{7599bbc2-779f-4566-a1fe-677c7a5ad54c} : DHCPNameServer = 192.168.1.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {30C521FB-255B-46C8-9F0D-EE5AE371C9AA} - "C:\Program Files (x86)\AVAST Software\Browser\Application\69.1.867.100\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
x64-Run: [RtHDVBg_LENOVO_DOLBYDRAGON] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON
x64-Run: [RtHDVBg_LENOVO_MICPKEY] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY
x64-Run: [RtsFT] RTFTrack.exe
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [AdobeGCInvoker-1.0] "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
x64-Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 0.0.0.0 fr.a2dfp.net
Hosts: 0.0.0.0 m.fr.a2dfp.net
Hosts: 0.0.0.0 mfr.a2dfp.net
Hosts: 0.0.0.0 ad.a8.net
Hosts: 0.0.0.0 asy.a8ww.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John Kim\AppData\Roaming\Mozilla\Firefox\Profiles\fxzq9272.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?trackid=sp-006
FF - prefs.js: browser.search.selectedEngine - Google (avast)
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search?trackid=sp-006
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?trackid=sp-006
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\John Kim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\John Kim\AppData\Roaming\raidcall\plugins\nprcplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswbidsh;aswbidsh;C:\WINDOWS\System32\drivers\aswbidsha.sys [2018-6-2 201328]
R0 aswblog;aswblog;C:\WINDOWS\System32\drivers\aswbloga.sys [2018-6-2 346664]
R0 aswbuniv;aswbuniv;C:\WINDOWS\System32\drivers\aswbuniva.sys [2018-6-2 59592]
R0 aswRvrt;aswRvrt;C:\WINDOWS\System32\drivers\aswRvrt.sys [2018-6-2 85968]
R0 aswVmm;aswVmm;C:\WINDOWS\System32\drivers\aswVmm.sys [2018-6-2 381584]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-8-7 644968]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2018-4-11 177192]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2018-4-11 58272]
R0 LHDmgr;LHDmgr;C:\WINDOWS\System32\drivers\LhdX64.sys [2014-3-7 39008]
R0 SgrmAgent;System Guard Runtime Monitor Agent;C:\WINDOWS\System32\drivers\SgrmAgent.sys [2018-4-11 63896]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2018-4-11 16288]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2018-7-25 72768]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2018-4-11 18472]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2018-4-11 209816]
R1 afunix;afunix;C:\WINDOWS\System32\drivers\afunix.sys [2018-4-11 39424]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2018-4-11 254464]
R1 aswArPot;aswArPot;C:\WINDOWS\System32\drivers\aswArPot.sys [2018-8-14 197160]
R1 aswbidsdriver;aswbidsdriver;C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [2018-6-2 229392]
R1 aswHdsKe;aswHdsKe;C:\WINDOWS\System32\drivers\aswHdsKe.sys [2018-8-14 239680]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswSnx.sys [2018-6-2 1027728]
R1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswsp.sys [2018-6-2 465640]
R1 bam;Background Activity Moderator Driver;C:\WINDOWS\System32\drivers\bam.sys [2018-4-11 60320]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2018-4-11 55808]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-4-11 8192]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2015-9-15 669872]
R2 AGMService;Adobe Genuine Monitor Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2018-5-11 2910696]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-9-4 2704872]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2018-6-2 159640]
R2 aswStm;aswStm;C:\WINDOWS\System32\drivers\aswStm.sys [2018-6-2 211160]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-8-14 322464]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
R2 CDPUserSvc_4741881;Connected Devices Platform User Service_4741881;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2018-8-14 414720]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p [2018-4-11 51288]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc -p [2018-4-11 51288]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
R2 ibtsiva;Intel Bluetooth Service;C:\WINDOWS\System32\ibtsiva --> C:\WINDOWS\System32\ibtsiva [?]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-3-7 131544]
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [2013-6-26 155448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-3-7 169432]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2015-5-21 419304]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\WINDOWS\System32\drivers\LMIInfo.sys [2017-4-3 30432]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\System32\drivers\LMIRfsDriver.sys [2015-5-29 81088]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2018-10-10 6347056]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-2-16 458176]
R2 OneSyncSvc_4741881;Sync Host_4741881;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2018-8-14 760888]
R2 sedsvc;Windows Remediation Service;C:\Program Files\rempl\sedsvc.exe [2018-11-8 322712]
R2 SgrmBroker;System Guard Runtime Monitor Broker;C:\WINDOWS\System32\SgrmBroker.exe [2018-4-11 163336]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2018-4-11 82432]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-1-20 255096]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R2 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2018-4-11 151960]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R2 WpnUserService_4741881;Windows Push Notifications User Service_4741881;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\WINDOWS\System32\drivers\AcpiVpc.sys [2012-7-8 35600]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2018-4-11 51288]
R3 aswbIDSAgent;aswbIDSAgent;C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-8-14 7780400]
R3 BTAGService;Bluetooth Audio Gateway Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2018-4-11 51288]
R3 BthAvctpSvc;AVCTP service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2018-4-11 86528]
R3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2018-4-11 60320]
R3 camsvc;Capability Access Manager Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2018-4-11 51288]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2016-12-12 230656]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\WINDOWS\System32\drivers\L1C63x64.sys [2013-9-27 130248]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2018-11-13 260480]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2018-4-11 20992]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit;C:\WINDOWS\System32\drivers\Netwbw02.sys [2018-4-11 3485696]
R3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
R3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2017-4-7 56384]
R3 PimIndexMaintenanceSvc_4741881;Contact Data_4741881;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R3 rtsuvc;Lenovo EasyCamera;C:\WINDOWS\System32\drivers\rtsuvc.sys [2014-3-7 8876248]
R3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2016-2-2 51320]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
R3 TokenBroker;Web Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R3 UnistoreSvc_4741881;User Data Storage_4741881;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R3 UserDataSvc_4741881;User Data Access_4741881;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
S2 avast;%1!s! Update Service (avast);C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-8-15 164984]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2018-4-11 51288]
S2 NvNetworkService;NVIDIA Network Service;"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe" --> C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [?]
S2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2017-4-7 2522680]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-7-18 317408]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-4-11 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2018-4-11 1135520]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2018-4-11 18432]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness -p [2018-4-11 51288]
S3 aswElam;aswElam;C:\WINDOWS\System32\drivers\aswElam.sys [2018-8-14 15360]
S3 aswHwid;aswHwid;C:\WINDOWS\System32\drivers\aswHwid.sys [2018-6-2 46976]
S3 avastm;%1!s! Update Service (avastm);C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-8-15 164984]
S3 BcastDVRUserService_4741881;GameDVR and Broadcast User Service_4741881;C:\WINDOWS\System32\svchost.exe -k BcastDVRUserService [2018-4-11 51288]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2018-4-11 9728]
S3 bindflt;Windows Bind Filter Driver;C:\WINDOWS\System32\drivers\bindflt.sys [2018-4-11 92056]
S3 BluetoothUserService_4741881;Bluetooth User Support Service_4741881;C:\WINDOWS\System32\svchost.exe -k BthAppGroup [2018-4-11 51288]
S3 bttflt;Microsoft Hyper-V VHDPMEM BTT Filter;C:\WINDOWS\System32\drivers\bttflt.sys [2018-4-11 38304]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-4-11 39936]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2018-4-11 123392]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-4-11 321432]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-4-11 1836952]
S3 DevicePickerUserSvc_4741881;DevicePicker_4741881;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2018-4-11 51288]
S3 DevicesFlowUserSvc_4741881;DevicesFlow_4741881;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2018-4-11 51288]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-7-22 131712]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-8-14 90624]
S3 diagsvc;Diagnostic Execution Service;C:\WINDOWS\System32\svchost.exe -k diagnostics [2018-4-11 51288]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2018-4-11 51288]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2018-4-11 51288]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-4-11 20992]
S3 GraphicsPerfSvc;GraphicsPerfSvc;C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup [2018-4-11 51288]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-4-11 50592]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\WINDOWS\System32\drivers\mshwnclx.sys [2018-4-11 27136]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2018-4-11 36864]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2018-4-11 91648]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-4-11 79360]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-4-11 88576]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-4-11 171520]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-4-11 174592]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2018-4-11 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2018-4-11 113152]
S3 iaStorAVC;Intel Chipset SATA RAID Controller;C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-4-11 885144]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2018-4-11 526232]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-4-11 38912]
S3 InstallService;Microsoft Store Install Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 IPT;IPT;C:\WINDOWS\System32\drivers\ipt.sys [2018-4-11 32256]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 ItSas35i;ItSas35i;C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-4-11 145816]
S3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-8-12 177376]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-4-11 124312]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-4-11 128408]
S3 LxpSvc;Language Experience Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2018-4-11 51288]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2018-4-11 505240]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2018-4-11 56736]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-4-11 75160]
S3 megasas35i;megasas35i;C:\WINDOWS\System32\drivers\megasas35i.sys [2018-4-11 82328]
S3 MessagingService_4741881;MessagingService_4741881;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-4-11 842648]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2018-4-11 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2018-4-11 175104]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2018-4-11 197632]
S3 npggsvc;nProtect GameGuard Service;C:\WINDOWS\System32\GameMon.des -service --> C:\WINDOWS\System32\GameMon.des -service [?]
S3 nvdimm;Microsoft NVDIMM device driver;C:\WINDOWS\System32\drivers\nvdimm.sys [2018-4-11 104448]
S3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-8-25 28216]
S3 OverwolfUpdater;Overwolf Updater Windows SCM;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2018-11-6 2308936]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2018-4-11 58776]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2018-4-11 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
S3 PNPMEM;Microsoft Memory Module Driver;C:\WINDOWS\System32\drivers\pnpmem.sys [2018-4-11 16896]
S3 PrintWorkflowUserSvc_4741881;PrintWorkflow_4741881;C:\WINDOWS\System32\svchost.exe -k PrintWorkflow [2018-4-11 51288]
S3 PushToInstall;Windows PushToInstall Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 Ramdisk;Windows RAM Disk Driver;C:\WINDOWS\System32\drivers\ramdisk.sys [2018-4-11 39840]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2018-7-25 1921944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2018-7-25 945568]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2018-4-11 51288]
S3 rhproxy;Resource Hub proxy driver;C:\WINDOWS\System32\drivers\rhproxy.sys [2018-4-11 104448]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2018-4-11 51288]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2018-8-14 128920]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2018-4-11 33176]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2018-4-11 1273344]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2018-4-11 154528]
S3 SharedRealitySvc;Spatial Data Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2018-4-11 51288]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2018-4-11 57752]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2018-6-12 976384]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2015-9-12 165504]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2018-6-2 105368]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2018-7-25 48544]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2018-4-11 303616]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2018-4-11 128512]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2018-4-11 152576]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2018-4-11 57856]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2018-4-11 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2018-6-12 29600]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2018-4-11 282008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2018-4-11 98200]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2018-4-11 144288]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2018-4-11 29088]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2018-4-11 67992]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2018-4-11 28064]
S3 VacSvc;Volumetric Audio Compositor Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2018-11-13 36352]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2018-8-14 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 WaaSMedicSvc;Windows Update Medic Service;C:\WINDOWS\System32\svchost.exe -k wusvcs -p [2018-4-11 51288]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
S3 WarpJITSvc;WarpJITSvc;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2018-4-11 51288]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2018-4-11 82944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2018-11-13 787456]
S3 WdmCompanionFilter;WdmCompanionFilter;C:\WINDOWS\System32\drivers\WdmCompanionFilter.sys [2018-4-11 21408]
S3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [2018-7-30 61992]
S3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe [2018-7-30 3905952]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2018-4-11 51288]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2018-4-11 32152]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2018-11-13 228864]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2018-4-11 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 wlpasvc;Local Profile Assistant Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
S3 WpcMonSvc;Parental Controls;C:\WINDOWS\System32\svchost.exe -k LocalService [2018-4-11 51288]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2018-4-11 25088]
S3 wsvd;wsvd;C:\WINDOWS\System32\drivers\wsvd.sys [2014-3-7 102376]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\xbgmsvc.exe [2018-4-11 59512]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2018-7-25 295424]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2018-4-11 46592]
S4 hvcrash;hvcrash;C:\WINDOWS\System32\drivers\hvcrash.sys [2018-4-11 33184]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S4 ssh-agent;OpenSSH Authentication Agent;C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [2018-4-12 495616]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2018-11-17 19:23:29 -------- d--h--w- C:\OneDriveTemp
2018-11-14 02:22:08 835168 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2018-11-14 02:22:08 179808 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2018-11-14 02:21:30 260480 ----a-w- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
2018-11-14 01:19:05 7520088 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2018-11-14 01:19:04 6570368 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2018-11-14 01:19:02 25855488 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2018-11-14 01:17:59 765440 ----a-w- C:\WINDOWS\System32\tdh.dll
2018-11-11 06:05:19 -------- d-----w- C:\Program Files (x86)\Common Files\Overwolf
2018-11-11 06:05:18 -------- d-----w- C:\Program Files (x86)\Overwolf
2018-11-11 06:04:40 -------- d-----w- C:\ProgramData\Overwolf
2018-11-11 06:03:59 -------- d-----w- C:\Users\John Kim\AppData\Local\Overwolf
.
==================== Find3M ====================
.
2018-11-01 11:49:26 348160 ----a-w- C:\WINDOWS\System32\MusNotifyIcon.exe
2018-11-01 11:45:21 4527776 ----a-w- C:\WINDOWS\System32\sppsvc.exe
2018-11-01 11:45:20 1376672 ----a-w- C:\WINDOWS\System32\ole32.dll
2018-11-01 11:45:04 1617320 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2018-11-01 11:32:09 64000 ----a-w- C:\WINDOWS\System32\iemigplugin.dll
2018-11-01 11:31:51 6602240 ----a-w- C:\WINDOWS\System32\twinui.dll
2018-11-01 11:30:26 122368 ----a-w- C:\WINDOWS\System32\musdialoghandlers.dll
2018-11-01 11:30:15 29696 ----a-w- C:\WINDOWS\System32\msisip.dll
2018-11-01 11:29:05 73728 ----a-w- C:\WINDOWS\System32\SMSRouter.dll
2018-11-01 11:28:55 253952 ----a-w- C:\WINDOWS\System32\prnntfy.dll
2018-11-01 11:28:25 4491264 ----a-w- C:\WINDOWS\System32\xpsrchvw.exe
2018-11-01 11:28:09 3649024 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2018-11-01 11:27:22 878592 ----a-w- C:\WINDOWS\System32\CPFilters.dll
2018-11-01 11:27:01 1121792 ----a-w- C:\WINDOWS\System32\TSWorkspace.dll
2018-11-01 11:26:51 1364992 ----a-w- C:\WINDOWS\System32\bcastdvruserservice.dll
2018-11-01 11:26:21 503296 ----a-w- C:\WINDOWS\System32\sppcext.dll
2018-11-01 11:25:57 577024 ----a-w- C:\WINDOWS\System32\SppExtComObj.Exe
2018-11-01 10:09:54 1027000 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2018-11-01 09:59:13 5669888 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2018-11-01 09:56:37 24576 ----a-w- C:\WINDOWS\SysWow64\msisip.dll
2018-11-01 09:56:03 226304 ----a-w- C:\WINDOWS\SysWow64\prnntfy.dll
2018-11-01 09:54:26 3397632 ----a-w- C:\WINDOWS\SysWow64\xpsrchvw.exe
2018-11-01 09:53:44 908288 ----a-w- C:\WINDOWS\SysWow64\TSWorkspace.dll
2018-11-01 09:52:45 2892800 ----a-w- C:\WINDOWS\SysWow64\win32kfull.sys
2018-11-01 09:15:23 23861760 ----a-w- C:\WINDOWS\System32\Hydrogen.dll
2018-11-01 09:13:39 19525120 ----a-w- C:\WINDOWS\System32\HologramCompositor.dll
2018-11-01 07:39:00 1035256 ----a-w- C:\WINDOWS\System32\ApplyTrustOffline.exe
2018-11-01 07:38:08 269336 ----a-w- C:\WINDOWS\System32\SgrmEnclave_secure.dll
2018-11-01 07:37:57 272408 ----a-w- C:\WINDOWS\System32\SgrmEnclave.dll
2018-11-01 07:28:29 1029944 ----a-w- C:\WINDOWS\System32\hvax64.exe
2018-11-01 07:28:20 1221432 ----a-w- C:\WINDOWS\System32\hvix64.exe
2018-11-01 07:28:17 134968 ----a-w- C:\WINDOWS\System32\hvloader.dll
2018-11-01 07:28:13 566568 ----a-w- C:\WINDOWS\System32\tcblaunch.exe
2018-11-01 07:28:11 76088 ----a-w- C:\WINDOWS\System32\drivers\hvservice.sys
2018-11-01 07:28:09 1062712 ----a-w- C:\WINDOWS\System32\SecConfig.efi
2018-11-01 07:27:52 491200 ----a-w- C:\WINDOWS\System32\mf.dll
2018-11-01 07:27:36 1017152 ----a-w- C:\WINDOWS\System32\msmpeg2adec.dll
2018-11-01 07:26:42 3180080 ----a-w- C:\WINDOWS\System32\d3d11.dll
2018-11-01 07:26:28 3291640 ----a-w- C:\WINDOWS\System32\combase.dll
2018-11-01 07:26:22 1363536 ----a-w- C:\WINDOWS\System32\WinTypes.dll
2018-11-01 07:26:01 7432120 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2018-11-01 07:03:03 34816 ----a-w- C:\WINDOWS\System32\dusmtask.exe
2018-11-01 07:03:00 3397120 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2018-11-01 07:02:22 47104 ----a-w- C:\WINDOWS\System32\dusmapi.dll
2018-11-01 07:02:21 23552 ----a-w- C:\WINDOWS\System32\CSystemEventsBrokerClient.dll
2018-11-01 07:01:20 7057408 ----a-w- C:\WINDOWS\System32\mos.dll
2018-11-01 07:01:10 9084928 ----a-w- C:\WINDOWS\System32\BingMaps.dll
2018-11-01 07:00:25 8189440 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2018-11-01 07:00:16 433664 ----a-w- C:\WINDOWS\System32\MusNotification.exe
2018-11-01 07:00:14 3392000 ----a-w- C:\WINDOWS\System32\tquery.dll
2018-11-01 07:00:11 6031360 ----a-w- C:\WINDOWS\System32\d2d1.dll
2018-11-01 07:00:10 209408 ----a-w- C:\WINDOWS\System32\AppXApplicabilityBlob.dll
2018-11-01 06:59:14 241152 ----a-w- C:\WINDOWS\System32\tetheringservice.dll
2018-11-01 06:59:09 107520 ----a-w- C:\WINDOWS\System32\dab.dll
2018-11-01 06:59:04 176128 ----a-w- C:\WINDOWS\System32\WPTaskScheduler.dll
2018-11-01 06:59:02 192000 ----a-w- C:\WINDOWS\System32\scrrun.dll
2018-11-01 06:59:00 322048 ----a-w- C:\WINDOWS\System32\MusNotificationUx.exe
2018-11-01 06:58:48 4383744 ----a-w- C:\WINDOWS\System32\EdgeContent.dll
2018-11-01 06:58:43 530432 ----a-w- C:\WINDOWS\System32\MapConfiguration.dll
2018-11-01 06:58:43 154112 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2018-11-01 06:58:42 149504 ----a-w- C:\WINDOWS\System32\dssvc.dll
2018-11-01 06:58:11 273408 ----a-w- C:\WINDOWS\System32\ubpm.dll
2018-11-01 06:58:10 4867072 ----a-w- C:\WINDOWS\System32\jscript9.dll
2018-11-01 06:58:03 7573504 ----a-w- C:\WINDOWS\System32\Chakra.dll
2018-11-01 06:57:53 835584 ----a-w- C:\WINDOWS\System32\PhoneService.dll
2018-11-01 06:57:47 356352 ----a-w- C:\WINDOWS\System32\dusmsvc.dll
2018-11-01 06:57:44 898560 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2018-11-01 06:57:42 2364928 ----a-w- C:\WINDOWS\System32\OpcServices.dll
2018-11-01 06:57:41 3381248 ----a-w- C:\WINDOWS\System32\MapRouter.dll
2018-11-01 06:57:41 265728 ----a-w- C:\WINDOWS\System32\psmsrv.dll
2018-11-01 06:57:38 2825728 ----a-w- C:\WINDOWS\System32\MapGeocoder.dll
2018-11-01 06:57:27 726528 ----a-w- C:\WINDOWS\System32\jscript9diag.dll
2018-11-01 06:57:19 894464 ----a-w- C:\WINDOWS\System32\webplatstorageserver.dll
2018-11-01 06:57:16 1708544 ----a-w- C:\WINDOWS\System32\MSPhotography.dll
2018-11-01 06:57:14 808448 ----a-w- C:\WINDOWS\System32\EdgeManager.dll
2018-11-01 06:57:04 281600 ----a-w- C:\WINDOWS\System32\SystemEventsBrokerServer.dll
2018-11-01 06:56:57 1768448 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2018-11-01 06:56:53 2172928 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.onecore.dll
2018-11-01 06:56:33 506880 ----a-w- C:\WINDOWS\System32\netprofmsvc.dll
2018-11-01 06:56:25 2929664 ----a-w- C:\WINDOWS\System32\xpsservices.dll
2018-11-01 06:56:19 1395200 ----a-w- C:\WINDOWS\System32\TokenBroker.dll
2018-11-01 06:55:23 2738688 ----a-w- C:\WINDOWS\System32\mssrch.dll
2018-11-01 06:55:15 684544 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll
2018-11-01 06:55:09 1058304 ----a-w- C:\WINDOWS\System32\SearchIndexer.exe
2018-11-01 06:54:44 1225216 ----a-w- C:\WINDOWS\System32\MapsStore.dll
2018-11-01 06:54:41 916480 ----a-w- C:\WINDOWS\System32\Windows.Security.Authentication.Web.Core.dll
2018-11-01 06:54:39 1551360 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.desktop.dll
2018-11-01 06:54:23 1023488 ----a-w- C:\WINDOWS\System32\ShareHost.dll
2018-11-01 06:54:21 1264640 ----a-w- C:\WINDOWS\System32\JpMapControl.dll
2018-11-01 06:54:13 606208 ----a-w- C:\WINDOWS\System32\updatehandlers.dll
2018-11-01 06:54:12 943616 ----a-w- C:\WINDOWS\System32\BingOnlineServices.dll
2018-11-01 06:54:11 1679360 ----a-w- C:\WINDOWS\System32\wwansvc.dll
2018-11-01 06:54:06 884736 ----a-w- C:\WINDOWS\System32\MapControlCore.dll
2018-11-01 06:54:03 895488 ----a-w- C:\WINDOWS\System32\Windows.Security.Authentication.OnlineId.dll
2018-11-01 06:54:00 796672 ----a-w- C:\WINDOWS\System32\mssvp.dll
2018-11-01 06:53:53 2248192 ----a-w- C:\WINDOWS\System32\wlidsvc.dll
2018-11-01 06:53:53 1159680 ----a-w- C:\WINDOWS\System32\rpcss.dll
2018-11-01 06:53:52 542208 ----a-w- C:\WINDOWS\System32\vbscript.dll
2018-11-01 06:53:51 1373696 ----a-w- C:\WINDOWS\System32\usocore.dll
2018-11-01 06:53:47 889344 ----a-w- C:\WINDOWS\System32\schedsvc.dll
.
============= FINISH: 11:27:42.62 ===============
Attached Files
File Type: txt attach.txt (517.8 KB, 7 views)
h34n is offline  
Sponsored Links
Advertisement
 
Old 11-17-2018, 03:30 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Even though you already ran AdwCleaner, I need to see what if finds.
  • Run AdwCleaner and select Scan Now
  • Once the Scan is done, select Clean & Repair
  • When prompted, select Clean & Restart Now
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\Logs\AdwCleaner[C0#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-17-2018, 04:18 PM   #3
Registered Member
 
Join Date: May 2012
Posts: 36
OS: Windows 10



Here are the results. Last time i ran adwcleaner it found 6 results but this time only one came up.

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-11-14.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-17-2018
# Duration: 00:00:03
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Not Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1771 octets] - [11/11/2018 17:33:43]
AdwCleaner[C00].txt - [1843 octets] - [11/11/2018 17:33:56]
AdwCleaner[S01].txt - [1374 octets] - [17/11/2018 16:07:38]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########


Far bar results:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.11.2018
Ran by John Kim (administrator) on JOHN (17-11-2018 16:13:37)
Running from C:\Users\John Kim\Desktop
Loaded Profiles: John Kim (Available Profiles: John Kim)
Platform: Windows 10 Home Version 1803 17134.407 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Windows\SysWOW64\UMonit64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20106.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Spotify Ltd) C:\Users\John Kim\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13886208 2015-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-10-17] (Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-03-07] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-03-07] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [445416 2018-09-27] (LogMeIn, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-08-14] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1053144 2017-06-06] (DivX, LLC)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\...\Run: [Spotify Web Helper] => C:\Users\John Kim\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2017-03-11] (Spotify Ltd)
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\...\Run: [Spotify] => C:\Users\John Kim\AppData\Roaming\Spotify\Spotify.exe [6987376 2017-03-11] (Spotify Ltd)
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3131680 2018-11-09] (Valve Corporation)
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [804352 2018-04-11] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{11f6b674-c3dd-4f71-88f4-ef63d9d587f4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7599bbc2-779f-4566-a1fe-677c7a5ad54c}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKU\S-1-5-21-3656025934-1805325345-282951442-1002 -> DefaultScope {A55F4D66-FF70-4AFD-BA74-871F669C8BA0} URL =
SearchScopes: HKU\S-1-5-21-3656025934-1805325345-282951442-1002 -> {A55F4D66-FF70-4AFD-BA74-871F669C8BA0} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-29] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-29] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: fxzq9272.default
FF ProfilePath: C:\Users\John Kim\AppData\Roaming\Mozilla\Firefox\Profiles\fxzq9272.default [2018-08-15]
FF Homepage: Mozilla\Firefox\Profiles\fxzq9272.default -> hxxps://www.google.com/?trackid=sp-006
FF NewTab: Mozilla\Firefox\Profiles\fxzq9272.default -> about:newtab
FF SearchPlugin: C:\Users\John Kim\AppData\Roaming\Mozilla\Firefox\Profiles\fxzq9272.default\searchplugins\google-avast.xml [2016-02-23]
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2017-06-05] (DivX, LLC)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @Java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-29] (Oracle Corporation)
FF Plugin-x32: @Java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @Nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @Raidcall.en/RCplugin -> C:\Users\John Kim\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @Videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @Videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3656025934-1805325345-282951442-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\John Kim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-04-27] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default [2018-11-17]
CHR Extension: (Google Drive) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-07-25]
CHR Extension: (YouTube) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tampermonkey) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-10-01]
CHR Extension: (ICE Quick Stream) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl [2017-05-31]
CHR Extension: (Google Docs Offline) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-18]
CHR Extension: (AdBlock) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-10-12]
CHR Extension: (Avast Online Security) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-26]
CHR Profile: C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-11-17]
CHR Profile: C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-17]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-08-14] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-15] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-08-14] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-15] (AVAST Software)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [184064 2016-12-12] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-22] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419304 2018-09-27] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [587752 2018-09-27] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-05-21] (LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2308936 2018-11-06] (Overwolf LTD)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255096 2016-01-20] (Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-07-30] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-07-30] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
S2 NvNetworkService; "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [197160 2018-08-14] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [229392 2018-08-14] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201328 2018-08-14] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346664 2018-08-14] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59592 2018-08-14] (AVAST Software)
S3 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-08-14] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239680 2018-08-14] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-08-14] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159640 2018-08-14] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111872 2018-08-14] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-08-14] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027728 2018-08-14] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [465640 2018-08-25] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [211160 2018-08-14] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381584 2018-08-14] (AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2016-12-12] (Intel Corporation)
R2 LMIInfo; C:\WINDOWS\system32\drivers\LMIInfo.sys [30432 2017-01-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-17] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2018-04-11] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_0221ce4ec0827f74\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-17] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51320 2016-01-20] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46584 2018-07-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-07-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-07-30] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-17 16:13 - 2018-11-17 16:14 - 000025014 _____ C:\Users\John Kim\Desktop\FRST.txt
2018-11-17 16:09 - 2018-11-17 16:09 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-11-17 16:07 - 2018-11-17 16:07 - 002416128 _____ (Farbar) C:\Users\John Kim\Desktop\FRST64.exe
2018-11-17 14:13 - 2018-11-17 14:13 - 000000000 ___HD C:\OneDriveTemp
2018-11-17 11:27 - 2018-11-17 11:27 - 000530266 _____ C:\Users\John Kim\Desktop\attach.txt
2018-11-17 11:27 - 2018-11-17 11:27 - 000051800 _____ C:\Users\John Kim\Desktop\dds.txt
2018-11-17 11:25 - 2018-11-17 11:25 - 000688992 ____R (Swearware) C:\Users\John Kim\Desktop\dds.scr
2018-11-13 18:22 - 2018-11-05 09:34 - 000835168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-13 18:22 - 2018-11-05 09:34 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-13 17:19 - 2018-10-31 23:25 - 007520088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-13 17:19 - 2018-10-31 23:09 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-13 17:19 - 2018-10-31 23:01 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-13 17:19 - 2018-10-31 20:47 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-11-13 17:18 - 2018-11-01 03:46 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-11-13 17:18 - 2018-11-01 03:45 - 004527776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-13 17:18 - 2018-11-01 03:45 - 001617320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-13 17:18 - 2018-11-01 03:45 - 001376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-13 17:18 - 2018-11-01 03:31 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-11-13 17:18 - 2018-11-01 03:29 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-11-13 17:18 - 2018-11-01 03:28 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-11-13 17:18 - 2018-11-01 03:28 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-13 17:18 - 2018-11-01 03:27 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-11-13 17:18 - 2018-11-01 03:26 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-13 17:18 - 2018-11-01 02:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-13 17:18 - 2018-11-01 01:59 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-11-13 17:18 - 2018-11-01 01:56 - 011902464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-11-13 17:18 - 2018-11-01 01:54 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-11-13 17:18 - 2018-11-01 01:52 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-11-13 17:18 - 2018-11-01 01:15 - 023861760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-13 17:18 - 2018-11-01 01:13 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-13 17:18 - 2018-10-31 23:39 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-13 17:18 - 2018-10-31 23:28 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-11-13 17:18 - 2018-10-31 23:28 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-11-13 17:18 - 2018-10-31 23:27 - 001017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-11-13 17:18 - 2018-10-31 23:27 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-11-13 17:18 - 2018-10-31 23:26 - 007432120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-11-13 17:18 - 2018-10-31 23:26 - 003291640 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-13 17:18 - 2018-10-31 23:26 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-11-13 17:18 - 2018-10-31 23:25 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-13 17:18 - 2018-10-31 23:25 - 004404912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-13 17:18 - 2018-10-31 23:25 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-13 17:18 - 2018-10-31 23:25 - 002571320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-13 17:18 - 2018-10-31 23:25 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-13 17:18 - 2018-10-31 23:25 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-13 17:18 - 2018-10-31 23:25 - 001784680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-13 17:18 - 2018-10-31 23:25 - 001456728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-11-13 17:18 - 2018-10-31 23:25 - 001288920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-13 17:18 - 2018-10-31 23:25 - 001257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-11-13 17:18 - 2018-10-31 23:25 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-13 17:18 - 2018-10-31 23:25 - 001190248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-13 17:18 - 2018-10-31 23:25 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-11-13 17:18 - 2018-10-31 23:25 - 000982592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-11-13 17:18 - 2018-10-31 23:25 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-13 17:18 - 2018-10-31 23:03 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-13 17:18 - 2018-10-31 23:01 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-11-13 17:18 - 2018-10-31 23:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-11-13 17:18 - 2018-10-31 23:00 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-11-13 17:18 - 2018-10-31 23:00 - 006031360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-11-13 17:18 - 2018-10-31 23:00 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-11-13 17:18 - 2018-10-31 23:00 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-11-13 17:18 - 2018-10-31 22:58 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-13 17:18 - 2018-10-31 22:58 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-13 17:18 - 2018-10-31 22:58 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-13 17:18 - 2018-10-31 22:57 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-11-13 17:18 - 2018-10-31 22:57 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-11-13 17:18 - 2018-10-31 22:57 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-13 17:18 - 2018-10-31 22:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-11-13 17:18 - 2018-10-31 22:57 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-13 17:18 - 2018-10-31 22:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-13 17:18 - 2018-10-31 22:56 - 002929664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-13 17:18 - 2018-10-31 22:56 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-13 17:18 - 2018-10-31 22:56 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-13 17:18 - 2018-10-31 22:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-13 17:18 - 2018-10-31 22:56 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-13 17:18 - 2018-10-31 22:55 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-11-13 17:18 - 2018-10-31 22:55 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-11-13 17:18 - 2018-10-31 22:55 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-13 17:18 - 2018-10-31 22:54 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-13 17:18 - 2018-10-31 22:54 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-11-13 17:18 - 2018-10-31 22:54 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-11-13 17:18 - 2018-10-31 22:54 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-11-13 17:18 - 2018-10-31 22:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-11-13 17:18 - 2018-10-31 22:54 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-13 17:18 - 2018-10-31 22:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-11-13 17:18 - 2018-10-31 22:54 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-11-13 17:18 - 2018-10-31 22:53 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-13 17:18 - 2018-10-31 22:53 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-11-13 17:18 - 2018-10-31 22:53 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-13 17:18 - 2018-10-31 22:53 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-13 17:18 - 2018-10-31 21:08 - 002417952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-11-13 17:18 - 2018-10-31 20:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-11-13 17:18 - 2018-10-31 20:50 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-13 17:18 - 2018-10-31 20:48 - 006039064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-11-13 17:18 - 2018-10-31 20:48 - 004790184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-11-13 17:18 - 2018-10-31 20:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-13 17:18 - 2018-10-31 20:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-11-13 17:18 - 2018-10-31 20:48 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-11-13 17:18 - 2018-10-31 20:48 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-11-13 17:18 - 2018-10-31 20:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-13 17:18 - 2018-10-31 20:47 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-13 17:18 - 2018-10-31 20:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-11-13 17:18 - 2018-10-31 20:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-13 17:18 - 2018-10-31 20:40 - 022015488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-11-13 17:18 - 2018-10-31 20:35 - 019403776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-13 17:18 - 2018-10-31 20:34 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-11-13 17:18 - 2018-10-31 20:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-11-13 17:18 - 2018-10-31 20:33 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-13 17:18 - 2018-10-31 20:32 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-11-13 17:18 - 2018-10-31 20:31 - 005307904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-11-13 17:18 - 2018-10-31 20:30 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-11-13 17:18 - 2018-10-31 20:30 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-11-13 17:18 - 2018-10-31 20:29 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-11-13 17:18 - 2018-10-31 20:29 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-11-13 17:18 - 2018-10-31 20:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-13 17:18 - 2018-10-31 20:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-11-13 17:18 - 2018-10-31 20:27 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-11-13 17:18 - 2018-10-31 20:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-13 17:18 - 2018-10-21 05:00 - 021386368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-11-13 17:18 - 2018-10-21 05:00 - 001639560 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-11-13 17:18 - 2018-10-21 05:00 - 001516120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-11-13 17:18 - 2018-10-21 05:00 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-11-13 17:18 - 2018-10-21 04:46 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-11-13 17:18 - 2018-10-21 04:46 - 004393472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-11-13 17:18 - 2018-10-21 04:43 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-11-13 17:18 - 2018-10-21 04:42 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-11-13 17:18 - 2018-10-21 04:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-11-13 17:18 - 2018-10-21 03:38 - 001322376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-11-13 17:18 - 2018-10-21 03:37 - 020381808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-11-13 17:18 - 2018-10-21 03:37 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-11-13 17:18 - 2018-10-21 03:28 - 012501504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-11-13 17:18 - 2018-10-21 03:22 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-11-13 17:18 - 2018-10-20 23:48 - 005602456 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-11-13 17:18 - 2018-10-20 23:46 - 000717112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-11-13 17:18 - 2018-10-20 23:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-11-13 17:18 - 2018-10-20 23:45 - 003283512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-11-13 17:18 - 2018-10-20 23:45 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-11-13 17:18 - 2018-10-20 23:45 - 001946208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-11-13 17:18 - 2018-10-20 23:45 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-11-13 17:18 - 2018-10-20 23:45 - 000607136 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-11-13 17:18 - 2018-10-20 23:28 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-11-13 17:18 - 2018-10-20 23:22 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-11-13 17:18 - 2018-10-20 23:21 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-11-13 17:18 - 2018-10-20 23:19 - 002487088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-11-13 17:18 - 2018-10-20 23:19 - 001620776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-11-13 17:18 - 2018-10-20 23:19 - 001130768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-11-13 17:18 - 2018-10-20 23:19 - 000505616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-11-13 17:18 - 2018-10-20 23:17 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-11-13 17:18 - 2018-10-20 23:17 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-11-13 17:18 - 2018-10-20 23:17 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-11-13 17:18 - 2018-10-20 23:17 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-11-13 17:18 - 2018-10-20 23:17 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcp.dll
2018-11-13 17:18 - 2018-10-20 23:16 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-11-13 17:18 - 2018-10-20 23:16 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-13 17:18 - 2018-10-20 23:16 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-11-13 17:18 - 2018-10-20 23:15 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-11-13 17:18 - 2018-10-20 23:15 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-13 17:18 - 2018-10-20 23:15 - 000743936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2018-11-13 17:18 - 2018-10-20 23:14 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-13 17:18 - 2018-10-20 23:14 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-13 17:18 - 2018-10-20 23:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-11-13 17:18 - 2018-10-20 23:14 - 001097216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-11-13 17:18 - 2018-10-20 23:14 - 001034752 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-11-13 17:18 - 2018-10-20 23:14 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-11-13 17:18 - 2018-10-20 23:09 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-11-13 17:18 - 2018-10-20 23:02 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-11-13 17:18 - 2018-10-20 22:57 - 002611200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-11-13 17:17 - 2018-11-01 03:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-11-13 17:17 - 2018-11-01 03:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-11-13 17:17 - 2018-11-01 03:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-11-13 17:17 - 2018-11-01 03:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-13 17:17 - 2018-11-01 03:29 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-13 17:17 - 2018-11-01 03:28 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-13 17:17 - 2018-11-01 03:27 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-11-13 17:17 - 2018-11-01 03:26 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-11-13 17:17 - 2018-11-01 03:26 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-13 17:17 - 2018-11-01 03:25 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-11-13 17:17 - 2018-11-01 01:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-13 17:17 - 2018-11-01 01:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-13 17:17 - 2018-11-01 01:54 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-11-13 17:17 - 2018-11-01 01:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-11-13 17:17 - 2018-10-31 23:38 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-11-13 17:17 - 2018-10-31 23:37 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-11-13 17:17 - 2018-10-31 23:28 - 001062712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-11-13 17:17 - 2018-10-31 23:28 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-11-13 17:17 - 2018-10-31 23:28 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-11-13 17:17 - 2018-10-31 23:28 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-11-13 17:17 - 2018-10-31 23:26 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-13 17:17 - 2018-10-31 23:25 - 000885968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-13 17:17 - 2018-10-31 23:25 - 000793080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-11-13 17:17 - 2018-10-31 23:25 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-11-13 17:17 - 2018-10-31 23:25 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-13 17:17 - 2018-10-31 23:25 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-11-13 17:17 - 2018-10-31 23:25 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-11-13 17:17 - 2018-10-31 23:25 - 000375824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-13 17:17 - 2018-10-31 23:25 - 000268088 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-13 17:17 - 2018-10-31 23:25 - 000261000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-11-13 17:17 - 2018-10-31 23:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2018-11-13 17:17 - 2018-10-31 23:02 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2018-11-13 17:17 - 2018-10-31 23:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2018-11-13 17:17 - 2018-10-31 23:00 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-11-13 17:17 - 2018-10-31 22:59 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-11-13 17:17 - 2018-10-31 22:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-13 17:17 - 2018-10-31 22:59 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-13 17:17 - 2018-10-31 22:59 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-13 17:17 - 2018-10-31 22:59 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-13 17:17 - 2018-10-31 22:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-11-13 17:17 - 2018-10-31 22:58 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-13 17:17 - 2018-10-31 22:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-11-13 17:17 - 2018-10-31 22:58 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-13 17:17 - 2018-10-31 22:57 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-11-13 17:17 - 2018-10-31 22:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-11-13 17:17 - 2018-10-31 22:57 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-13 17:17 - 2018-10-31 22:57 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-13 17:17 - 2018-10-31 22:57 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-13 17:17 - 2018-10-31 22:57 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-13 17:17 - 2018-10-31 22:57 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-13 17:17 - 2018-10-31 22:54 - 001679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-13 17:17 - 2018-10-31 22:54 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-11-13 17:17 - 2018-10-31 22:54 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-11-13 17:17 - 2018-10-31 22:53 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-13 17:17 - 2018-10-31 22:53 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-13 17:17 - 2018-10-31 21:39 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-11-13 17:17 - 2018-10-31 20:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-11-13 17:17 - 2018-10-31 20:47 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-11-13 17:17 - 2018-10-31 20:47 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-11-13 17:17 - 2018-10-31 20:47 - 000129304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-11-13 17:17 - 2018-10-31 20:31 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-11-13 17:17 - 2018-10-31 20:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-11-13 17:17 - 2018-10-31 20:30 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-11-13 17:17 - 2018-10-31 20:30 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-11-13 17:17 - 2018-10-31 20:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-11-13 17:17 - 2018-10-31 20:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-11-13 17:17 - 2018-10-31 20:29 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-11-13 17:17 - 2018-10-31 20:29 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-13 17:17 - 2018-10-31 20:29 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-11-13 17:17 - 2018-10-31 20:29 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-11-13 17:17 - 2018-10-31 20:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-13 17:17 - 2018-10-31 20:28 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-11-13 17:17 - 2018-10-31 20:28 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-11-13 17:17 - 2018-10-31 20:27 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-11-13 17:17 - 2018-10-31 20:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-13 17:17 - 2018-10-31 20:26 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-11-13 17:17 - 2018-10-31 20:26 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-11-13 17:17 - 2018-10-31 20:26 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-11-13 17:17 - 2018-10-21 05:00 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-11-13 17:17 - 2018-10-21 04:59 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-11-13 17:17 - 2018-10-21 04:59 - 000236728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-11-13 17:17 - 2018-10-21 04:45 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-11-13 17:17 - 2018-10-21 04:44 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2018-11-13 17:17 - 2018-10-21 04:44 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-11-13 17:17 - 2018-10-21 04:43 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2018-11-13 17:17 - 2018-10-21 04:43 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2018-11-13 17:17 - 2018-10-21 04:42 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-11-13 17:17 - 2018-10-21 04:42 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-11-13 17:17 - 2018-10-21 04:42 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-11-13 17:17 - 2018-10-21 03:38 - 000662312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-11-13 17:17 - 2018-10-21 03:38 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-11-13 17:17 - 2018-10-21 03:38 - 000221216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-11-13 17:17 - 2018-10-21 03:28 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-11-13 17:17 - 2018-10-21 03:23 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-11-13 17:17 - 2018-10-21 03:23 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-11-13 17:17 - 2018-10-21 03:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2018-11-13 17:17 - 2018-10-21 01:29 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-11-13 17:17 - 2018-10-21 00:44 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-11-13 17:17 - 2018-10-20 23:47 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-11-13 17:17 - 2018-10-20 23:46 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-11-13 17:17 - 2018-10-20 23:46 - 000560136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-11-13 17:17 - 2018-10-20 23:46 - 000497864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2018-11-13 17:17 - 2018-10-20 23:46 - 000171024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-11-13 17:17 - 2018-10-20 23:45 - 000185120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-11-13 17:17 - 2018-10-20 23:45 - 000175624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2018-11-13 17:17 - 2018-10-20 23:45 - 000139792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-11-13 17:17 - 2018-10-20 23:45 - 000058088 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2018-11-13 17:17 - 2018-10-20 23:21 - 000123424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-11-13 17:17 - 2018-10-20 23:20 - 000424000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2018-11-13 17:17 - 2018-10-20 23:20 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-11-13 17:17 - 2018-10-20 23:20 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2018-11-13 17:17 - 2018-10-20 23:20 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2018-11-13 17:17 - 2018-10-20 23:20 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-11-13 17:17 - 2018-10-20 23:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-11-13 17:17 - 2018-10-20 23:19 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-11-13 17:17 - 2018-10-20 23:19 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2018-11-13 17:17 - 2018-10-20 23:19 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-11-13 17:17 - 2018-10-20 23:19 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2018-11-13 17:17 - 2018-10-20 23:19 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-11-13 17:17 - 2018-10-20 23:19 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-11-13 17:17 - 2018-10-20 23:19 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2018-11-13 17:17 - 2018-10-20 23:19 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcpAppSvc.dll
2018-11-13 17:17 - 2018-10-20 23:19 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
2018-11-13 17:17 - 2018-10-20 23:19 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2018-11-13 17:17 - 2018-10-20 23:18 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-11-13 17:17 - 2018-10-20 23:18 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2018-11-13 17:17 - 2018-10-20 23:18 - 000395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-11-13 17:17 - 2018-10-20 23:18 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2018-11-13 17:17 - 2018-10-20 23:18 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-11-13 17:17 - 2018-10-20 23:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2018-11-13 17:17 - 2018-10-20 23:18 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2018-11-13 17:17 - 2018-10-20 23:17 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-11-13 17:17 - 2018-10-20 23:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-11-13 17:17 - 2018-10-20 23:16 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-11-13 17:17 - 2018-10-20 23:16 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-11-13 17:17 - 2018-10-20 23:16 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-11-13 17:17 - 2018-10-20 23:15 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-11-13 17:17 - 2018-10-20 23:14 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-11-13 17:17 - 2018-10-20 23:14 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2018-11-13 17:17 - 2018-10-20 23:14 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-11-13 17:17 - 2018-10-20 23:02 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2018-11-13 17:17 - 2018-10-20 23:01 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-11-13 17:17 - 2018-10-20 23:01 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2018-11-13 17:17 - 2018-10-20 23:00 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2018-11-13 17:17 - 2018-10-20 22:59 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-11-13 17:17 - 2018-10-20 22:58 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-11-13 17:17 - 2018-10-20 22:58 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-11-13 17:17 - 2018-10-20 22:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-11-13 17:17 - 2018-10-20 21:59 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-11-13 17:17 - 2018-10-20 21:59 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2018-11-13 17:17 - 2018-04-27 20:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-11-11 17:32 - 2018-11-11 17:33 - 007592144 _____ (Malwarebytes) C:\Users\John Kim\Desktop\adwcleaner_7.2.4.0.exe
2018-11-10 22:20 - 2018-11-10 22:20 - 000001442 _____ C:\Users\John Kim\Desktop\Overwolf.lnk
2018-11-10 22:06 - 2018-11-10 22:06 - 000004382 _____ C:\WINDOWS\System32\Tasks\Overwolf Updater Task
2018-11-10 22:05 - 2018-11-15 10:06 - 000000000 ____D C:\Program Files (x86)\Overwolf
2018-11-10 22:05 - 2018-11-10 22:05 - 000000000 ____D C:\Users\John Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2018-11-10 22:04 - 2018-11-10 22:18 - 000000000 ____D C:\ProgramData\Overwolf
2018-11-10 22:03 - 2018-11-10 22:39 - 000000000 ____D C:\Users\John Kim\AppData\Local\Overwolf
2018-11-10 17:12 - 2018-11-10 17:12 - 000000219 _____ C:\Users\John Kim\Desktop\Counter-Strike Source.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-17 16:13 - 2015-11-21 12:13 - 000000000 ____D C:\FRST
2018-11-17 16:12 - 2015-07-29 16:32 - 000000000 ___RD C:\Users\John Kim\OneDrive
2018-11-17 16:12 - 2015-06-22 08:26 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-11-17 16:10 - 2018-04-11 15:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-17 16:10 - 2015-05-29 21:22 - 000001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2018-11-17 16:09 - 2018-06-03 10:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-17 16:09 - 2016-09-12 03:13 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-17 16:08 - 2018-04-11 13:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-11-17 16:03 - 2018-06-03 10:44 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5200A860-A67C-42FB-B70A-E819A4714641}
2018-11-17 15:32 - 2016-01-08 11:54 - 000000000 ____D C:\Program Files (x86)\Steam
2018-11-17 14:33 - 2017-06-21 14:18 - 000002488 _____ C:\Users\John Kim\Desktop\Warcraft III - TFT.lnk
2018-11-17 14:13 - 2015-07-07 08:13 - 000000000 ____D C:\Users\John Kim\AppData\Local\TSVNCache
2018-11-17 14:13 - 2015-04-26 14:13 - 000000000 ____D C:\Users\John Kim\AppData\Local\Adobe
2018-11-17 13:40 - 2016-01-08 11:21 - 000000000 ____D C:\Users\John Kim\AppData\Local\Battle.net
2018-11-17 12:45 - 2016-06-17 19:33 - 000000000 ____D C:\Program Files (x86)\Overwatch
2018-11-17 11:40 - 2016-01-08 11:21 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-11-17 09:50 - 2015-05-29 21:20 - 000000000 ____D C:\ProgramData\LogMeIn
2018-11-16 21:28 - 2015-05-31 14:02 - 000001456 _____ C:\Users\John Kim\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-11-16 21:28 - 2015-05-31 12:21 - 000000000 ____D C:\Users\John Kim\Desktop\PSD's signatures
2018-11-16 21:28 - 2015-04-08 22:17 - 000000000 ____D C:\Program Files (x86)\Heroes of the Storm
2018-11-16 20:59 - 2014-06-09 16:49 - 000000000 ____D C:\Users\John Kim\Desktop\Treasure Pygmy
2018-11-16 18:57 - 2018-06-03 10:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-16 18:17 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-16 14:10 - 2018-04-11 15:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-16 14:05 - 2018-06-03 10:44 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-11-15 18:08 - 2018-01-17 17:45 - 000000000 ____D C:\Program Files\rempl
2018-11-14 10:30 - 2015-08-08 15:35 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-14 10:30 - 2015-08-08 15:35 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-14 10:28 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-11-13 18:27 - 2018-06-03 10:31 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-13 18:27 - 2018-04-11 15:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-13 18:23 - 2018-04-27 10:26 - 000000000 ___RD C:\Users\John Kim\3D Objects
2018-11-13 18:23 - 2014-06-10 07:53 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-13 18:20 - 2018-06-03 10:12 - 002568952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-13 17:52 - 2018-04-11 15:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-11-13 17:52 - 2018-04-11 15:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-13 17:52 - 2018-04-11 15:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-11-13 17:52 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-11-13 17:52 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-11-13 17:52 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-13 17:52 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-13 17:34 - 2018-04-11 15:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-13 17:33 - 2014-06-12 14:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-13 17:29 - 2014-06-12 14:28 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-13 14:54 - 2018-06-03 10:44 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3656025934-1805325345-282951442-1002
2018-11-13 14:54 - 2018-06-03 10:20 - 000002418 _____ C:\Users\John Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-11-11 19:23 - 2015-04-08 21:46 - 000000000 ____D C:\Program Files (x86)\Heroes of the Storm Public Test
2018-11-11 17:33 - 2018-01-23 09:13 - 000000000 ____D C:\AdwCleaner
2018-11-11 15:05 - 2014-08-25 18:42 - 000000000 ____D C:\Program Files (x86)\Diablo III
2018-11-10 21:45 - 2015-01-20 22:30 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2018-11-10 17:12 - 2015-03-13 12:35 - 000000000 ____D C:\Users\John Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-11-08 21:10 - 2017-02-25 16:53 - 000000000 ____D C:\Users\John Kim\AppData\Local\CrashDumps
2018-11-08 14:36 - 2014-06-09 15:58 - 000000000 ____D C:\Users\John Kim\AppData\Roaming\Adobe
2018-11-07 19:21 - 2018-06-03 10:20 - 000000000 ____D C:\Users\John Kim
2018-10-30 22:07 - 2018-10-10 22:28 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-10-26 16:28 - 2018-08-15 01:55 - 000002509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-10-26 16:28 - 2018-08-15 01:55 - 000002474 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-10-24 17:46 - 2018-06-03 10:44 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-10-24 17:46 - 2018-06-03 10:44 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-10-24 17:46 - 2018-06-03 10:44 - 000003042 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2018-10-24 17:46 - 2018-06-03 10:44 - 000002878 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3656025934-1805325345-282951442-1002
2018-10-24 17:46 - 2018-06-03 10:44 - 000002772 _____ C:\WINDOWS\System32\Tasks\DivXUpdate
2018-10-24 17:46 - 2018-06-03 10:44 - 000002710 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-John-John Kim
2018-10-24 17:46 - 2018-06-03 10:44 - 000002680 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2018-10-24 17:46 - 2018-06-03 10:44 - 000002404 _____ C:\WINDOWS\System32\Tasks\UMonitor Task
2018-10-24 17:46 - 2018-06-03 10:44 - 000002376 _____ C:\WINDOWS\System32\Tasks\{93BEC5DE-C765-48CC-AEB2-CB9D0C24B9FC}
2018-10-24 17:46 - 2018-06-03 10:44 - 000002340 _____ C:\WINDOWS\System32\Tasks\{07E2D8E9-32F4-4041-9390-2839C301F611}
2018-10-24 17:46 - 2018-06-03 10:44 - 000002318 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3656025934-1805325345-282951442-500
2018-10-24 17:46 - 2018-06-03 10:44 - 000002318 _____ C:\WINDOWS\System32\Tasks\{E6481478-7A5E-4F08-8DB3-37D960006318}
2018-10-24 17:46 - 2018-06-03 10:44 - 000002318 _____ C:\WINDOWS\System32\Tasks\{D7F3FFF7-A6E2-4967-9B8C-50BFEDB6F8AF}
2018-10-24 17:46 - 2018-06-03 10:44 - 000002318 _____ C:\WINDOWS\System32\Tasks\{D6CF2520-D3C6-46FA-BBB5-250D5AC1BAA7}
2018-10-24 17:46 - 2018-06-03 10:44 - 000002318 _____ C:\WINDOWS\System32\Tasks\{CE78FDE4-6EBC-4BD8-91D8-87ECBB62B2CC}
2018-10-24 17:46 - 2018-06-03 10:44 - 000002318 _____ C:\WINDOWS\System32\Tasks\{C6530C39-5EA9-4A90-8620-69DB258E5929}
2018-10-24 17:46 - 2018-06-03 10:44 - 000002318 _____ C:\WINDOWS\System32\Tasks\{BA4FA00A-0EBB-49FB-B984-CA78027D50FB}
2018-10-24 17:46 - 2018-06-03 10:44 - 000002318 _____ C:\WINDOWS\System32\Tasks\{A6A8D389-25EE-4782-B22B-CB4CA80F9076}
2018-10-24 17:46 - 2018-06-03 10:44 - 000002318 _____ C:\WINDOWS\System32\Tasks\{6C49DB90-67E8-4866-BF2A-9DCE9A8CE188}
2018-10-24 17:46 - 2018-06-03 10:44 - 000002318 _____ C:\WINDOWS\System32\Tasks\{2F05EA96-91AF-4CBA-B98B-1A9D7D54CC22}
2018-10-24 17:46 - 2018-06-03 10:44 - 000002256 _____ C:\WINDOWS\System32\Tasks\PDVDServ Task
2018-10-24 17:46 - 2018-06-03 10:44 - 000002254 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2018-10-24 17:46 - 2018-06-03 10:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2018-10-22 13:36 - 2018-07-25 19:24 - 000000000 ____D C:\ProgramData\Packages

==================== Files in the root of some directories =======

2017-05-08 08:39 - 2014-11-05 08:51 - 001654869 _____ (Dynu Systems Inc.) C:\ProgramData\DynuEncrypt.dll
2016-02-23 17:10 - 2017-06-11 23:31 - 000000024 _____ () C:\Users\John Kim\7A1920D61156ABC05A60135AEFE8BC67.dat
2016-02-24 08:59 - 2016-02-25 13:02 - 000000024 _____ () C:\Users\John Kim\C5998D8FBE90B7D10A4A006650E2B7A9.dat
2017-06-11 23:36 - 2017-06-12 16:06 - 000000024 _____ () C:\Users\John Kim\D94CAEC6BBCB5B40066FADF295158C57.dat
2015-05-31 14:02 - 2018-11-16 21:28 - 000001456 _____ () C:\Users\John Kim\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-05-06 11:53 - 2018-05-06 11:53 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2179B.tmp
2018-05-23 23:21 - 2018-05-23 23:21 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D217F2.tmp
2018-05-23 17:43 - 2018-05-23 17:43 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D21C5B.tmp
2018-05-23 14:45 - 2018-05-23 14:45 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D22220.tmp
2018-05-02 22:13 - 2018-05-02 22:13 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D22865.tmp
2018-05-05 20:08 - 2018-05-05 20:08 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D23927.tmp
2018-04-11 09:03 - 2018-04-11 09:03 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D23A1E.tmp
2018-06-11 14:51 - 2018-06-11 14:51 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D23A3C.tmp
2018-04-28 16:38 - 2018-04-28 16:38 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D241F2.tmp
2018-05-06 14:30 - 2018-05-06 14:30 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D24EC1.tmp
2018-05-05 21:58 - 2018-05-05 21:58 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D250C.tmp
2018-05-04 17:19 - 2018-05-04 17:19 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D25278.tmp
2018-05-21 16:12 - 2018-05-21 16:12 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D25403.tmp
2018-05-09 18:09 - 2018-05-09 18:09 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D25557.tmp
2018-05-13 19:52 - 2018-05-13 19:52 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D256FF.tmp
2018-05-09 11:06 - 2018-05-09 11:06 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D25C08.tmp
2018-05-23 14:49 - 2018-05-23 14:49 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2687C.tmp
2018-05-06 15:56 - 2018-05-06 15:56 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D26EAD.tmp
2018-01-22 12:01 - 2018-01-22 12:01 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2731F.tmp
2018-05-09 17:14 - 2018-05-09 17:14 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D27B46.tmp
2018-06-03 11:38 - 2018-06-03 11:38 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D27BFA.tmp
2018-05-13 19:53 - 2018-05-13 19:53 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2818A.tmp
2018-05-05 17:44 - 2018-05-05 17:44 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D282E4.tmp
2018-05-13 19:53 - 2018-05-13 19:53 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D290BE.tmp
2018-05-12 10:23 - 2018-05-12 10:23 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D295A3.tmp
2018-05-06 07:44 - 2018-05-06 07:44 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2991B.tmp
2018-05-18 10:41 - 2018-05-18 10:41 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2A0A3.tmp
2018-05-18 23:36 - 2018-05-18 23:36 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2A473.tmp
2018-05-02 21:41 - 2018-05-02 21:41 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2A71B.tmp
2018-05-06 07:42 - 2018-05-06 07:42 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2AC6D.tmp
2018-05-12 19:44 - 2018-05-12 19:44 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2B3B7.tmp
2018-05-30 12:47 - 2018-05-30 12:47 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2B5DD.tmp
2018-05-23 13:37 - 2018-05-23 13:37 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2C05.tmp
2018-05-09 15:14 - 2018-05-09 15:14 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2C304.tmp
2018-05-06 11:40 - 2018-05-06 11:40 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2C7FF.tmp
2018-05-20 20:18 - 2018-05-20 20:18 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2DCB4.tmp
2018-05-21 13:30 - 2018-05-21 13:30 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2E1D0.tmp
2018-05-05 23:53 - 2018-05-05 23:53 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2E565.tmp
2018-05-22 11:51 - 2018-05-22 11:51 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2F841.tmp
2018-09-27 23:18 - 2018-09-27 23:18 - 000000000 _____ () C:\Users\John Kim\AppData\Local\oobelibMkey.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-03 10:12

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (68.2 KB, 4 views)
h34n is offline  
Sponsored Links
Advertisement
 
Old 11-17-2018, 08:06 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, h34n. I need to see that AdwCleaner log you referred to.

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

C:\AdwCleaner\Logs\AdwCleaner[C00].txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-18-2018, 10:23 AM   #5
Registered Member
 
Join Date: May 2012
Posts: 36
OS: Windows 10



# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-11-05.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-11-2018
# Duration: 00:00:03
# OS: Windows 10 Home
# Cleaned: 5
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted C:\END

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\homepage-web.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\homepage-web.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Ask
Deleted Web Search
Not Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1771 octets] - [11/11/2018 17:33:43]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
h34n is offline  
Old 11-18-2018, 06:55 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, h34n. Unfortunately, I'm not seeing anything malicious here.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...-up-your-files

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    SearchScopes: HKU\S-1-5-21-3656025934-1805325345-282951442-1002 -> DefaultScope {A55F4D66-FF70-4AFD-BA74-871F669C8BA0} URL =
    SearchScopes: HKU\S-1-5-21-3656025934-1805325345-282951442-1002 -> {A55F4D66-FF70-4AFD-BA74-871F669C8BA0} URL =
    Task: {F5870665-3967-46BE-BC12-4B7FE1BB2929} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-19-2018, 03:51 PM   #7
Registered Member
 
Join Date: May 2012
Posts: 36
OS: Windows 10



Fix result of Farbar Recovery Scan Tool (x64) Version: 15.11.2018
Ran by John Kim (19-11-2018 14:21:23) Run:1
Running from C:\Users\John Kim\Desktop
Loaded Profiles: John Kim (Available Profiles: John Kim)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
SearchScopes: HKU\S-1-5-21-3656025934-1805325345-282951442-1002 -> DefaultScope {A55F4D66-FF70-4AFD-BA74-871F669C8BA0} URL =
SearchScopes: HKU\S-1-5-21-3656025934-1805325345-282951442-1002 -> {A55F4D66-FF70-4AFD-BA74-871F669C8BA0} URL =
Task: {F5870665-3967-46BE-BC12-4B7FE1BB2929} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKU\S-1-5-21-3656025934-1805325345-282951442-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F4D66-FF70-4AFD-BA74-871F669C8BA0} => removed successfully
HKLM\Software\Classes\CLSID\{A55F4D66-FF70-4AFD-BA74-871F669C8BA0} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5870665-3967-46BE-BC12-4B7FE1BB2929}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5870665-3967-46BE-BC12-4B7FE1BB2929}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 406211036 B
Java, Flash, Steam htmlcache => 73754359 B
Windows/system/drivers => 3249030 B
Edge => 1112494 B
Chrome => 809495363 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 33386 B
LocalService => 0 B
NetworkService => 66260 B
NetworkService => 0 B
John Kim => 182614918 B

RecycleBin => 0 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:23:13 ====
h34n is offline  
Old 11-19-2018, 08:36 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, h34n. Any improvement? Still getting the popup?

------------------------------------------------------

I recommend installing Cybereason Ransom Free. I use it on all my machines.

It recently detected, and prevented, an attempted ransomware infection on one of my laptops.

Download RansomFree and save it to your desktop.

Right-click CybereasonRansomFree.msi > Install and follow the prompts to install it.

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Quarantine Selected to allow MBAM to quarantine what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart, wait for MBAM to open back up, then click Export Summary
  • If no threats were found, simply click Export Summary
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Please post that saved log in your next reply.
------------------------------------------------------

Your Java is out of date.

Java 8 Update 181 can be updated from the Java Control Panel(right-click the Windows "logo" button > Control Panel > (View by: Small or Large icons)) and click the Java icon(looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it. Also, let Java remove older versions if prompted.
  • After the install is complete, go back to your Control Panel(right-click the Windows "logo" button > Control Panel > > (Programs) ) and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-21-2018, 11:00 AM   #9
Registered Member
 
Join Date: May 2012
Posts: 36
OS: Windows 10



I still get the popup but both the scanners came out with no threats. I think it might be an app in my chrome browser.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/21/18
Scan Time: 8:31 AM
Log File: e642bf09-edaa-11e8-85ad-28d24461c8d7.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7957
License: Free

-System Information-
OS: Windows 10 (Build 17134.407)
CPU: x64
File System: NTFS
User: John\John Kim

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 309534
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 6 min, 19 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

The eset scanner didn't provide a results log.
h34n is offline  
Old 11-21-2018, 07:11 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, h34n. Did you intentionally install Popcorn Time?

If you didn't or don't use it, I would uninstall them. Your versions are way out of date.

Anyways...

https://www.shouldiremoveit.com/Popc...9-program.aspx

---------------------------------------------------

Do you know the exact date the popups started?

The only questionable Chrome extension I see is TamperMonkey. Do you use it?

You could disable it or remove it from Chrome extensions.

---------------------------------------------------

For a more detailed description of cleaning up, checking Chrome extensions, etc., do the following:

Open Chrome, copy/paste the following bolded text into your Chrome browser address bar and press Enter:

chrome://settings

Go Advanced, then scroll down to 'Reset and clean up'.

Click Clean up computer > Find

Let me know if it found anything. If still no joy...

Go back to 'Reset and clean up', click Restore settings to their original defaults > Reset settings

This will disable all Chrome extensions, but won't delete saved bookmarks or passwords.

Exit then re-launch Chrome. How is it now?

In Chrome, copy/paste the following bolded text into your Chrome browser address bar and press Enter:

chrome://extensions/

Re-enable each extension until you find the culprit. Let me know what you find.

---------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-24-2018, 06:40 PM   #11
Registered Member
 
Join Date: May 2012
Posts: 36
OS: Windows 10



Yes i intentionally installed it. I think it was about 2-3 months ago.

I cleaned out the browser and it seemed to have stopped but the find didn't find anything harmful or potentially unwanted.

I think it was the ICE addon that i installed through a site a while ago.
h34n is offline  
Old 11-24-2018, 10:25 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, h34n. I didn't suspect that one since it had been on the machine since 5/31/17.

See how it behaves another day or so and make sure the popup doesn't return.

Let me know and I will give you some final instructions.

---------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-28-2018, 09:35 PM   #13
Registered Member
 
Join Date: May 2012
Posts: 36
OS: Windows 10



The popup seems to have gone away. I'm ready for the final instructions.
h34n is offline  
Old 11-29-2018, 02:29 AM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

Run AdwCleaner and go Settings > Remove AdwCleaner > Remove

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-30-2018, 03:40 PM   #15
Registered Member
 
Join Date: May 2012
Posts: 36
OS: Windows 10



Thanks and done.
h34n is offline  
Old 12-01-2018, 08:42 AM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Popping Sound from Computer
Once I hear the popping sound from the computer It ceases to preform any more actions and severs my internet connection until eventually it gives me a blue screen. The popping gets more and more frequent until eventually I can't get past the start up screen. The only thing that works that I have...
LiquidCarbon Windows XP Support 6 04-07-2013 08:20 AM
Audio popping and crackling after reformat
Recently reformatted my computer to give it a bit of a cleaning up. It had Windows 7 Home Premium (x86) before the reformat, as well as after. No hardware has changed. This is on a Dell Optiplex GX620 After the reformat, I'm getting audio popping and crackling. I've tried both my onboard...
MBAS1984 Sound Cards 2 05-29-2012 05:33 PM
Computer, calculator, browser keeps popping up randomly
Computer, calculator, browser keeps popping up randomly This is my problem: The Computer window, calculator, and the default browser (Google Chrome) keeps popping up randomly. The computer window would only open ONE window, while the other two would randomly open MULTIPLE windows. It happens...
itsjustJOH Virus/Trojan/Spyware Help 1 01-23-2012 07:51 AM
COMMAND PROMPT KEEPS POPPING UP
HI I'M NEW HERE ..I NEED HELP WITH THIS PROBLEM CONCERNING THE COMMAND PROMPT WHICH KEEPS POPPING UP UPON START UP...HAVE TAKEN ALL THE NECESSARY ACTION NEEDED TO BE TAKEN..EVEN DONE THE SFC SCAN..AND DISK CHECK..EVEN CHECKED FOR VIRUSES AND MALWARE....BUT IT KEEPS POPPING UP SHOWING SOME...
atlantis8948 Resolved HJT Threads 1 06-18-2011 03:43 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:13 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts