User Tag List

Koobface worm infected me

This is a discussion on Koobface worm infected me within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. So apparently i got a call regarding those popups i posted about a while ago. Well they came back and


 
 
Thread Tools Search this Thread
Old 01-26-2019, 09:08 PM   #1
Registered Member
 
Join Date: May 2012
Posts: 36
OS: Windows 10



So apparently i got a call regarding those popups i posted about a while ago. Well they came back and i thought they were harmless but this phone call lead to an GoToAssist session with them going through my command prompt and opening up the netstat showing like 20+ foreign connections. They told me it came through an email unfortunately i hung up once they mentioned a fee thinking it was a scam. But they did a dir/s command on the command prompt and the end stated "Koobface detected" . They ended up running it again and it had "Email attatchment... system critical."
h34n is offline  
Sponsored Links
Advertisement
 
Old 01-26-2019, 09:59 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again h34n.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

We want all our members to perform the steps outlined here:

https://www.techsupportforum.com/sec...oval-help.html

After running through all the steps, you shall have a proper set of logs. Please post/attach the logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

-----------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-26-2019, 11:03 PM   #3
Registered Member
 
Join Date: May 2012
Posts: 36
OS: Windows 10



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.17134.1 BrowserJavaVersion: 11.191.2
Run by John Kim at 23:01:04 on 2019-01-26
Microsoft Windows 10 Home 10.0.17134.0.1252.1.1033.18.6090.2652 [GMT -8:00]
.
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
C:\Windows\System32\WUDFHost.exe
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k localservice -p -s BthAvctpSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s BTAGService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
C:\WINDOWS\system32\svchost.exe -k LocalService -p
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k appmodel -p -s camsvc
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\WINDOWS\system32\ibtsiva.exe
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\WINDOWS\system32\SearchIndexer.exe
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k netsvcs -p
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\rempl\sedsvc.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DsSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
c:\windows\system32\taskhostw.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeApp.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\windows\SysWOW64\UMonit64.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\RTFTrack.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\John Kim\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\Windows\System32\RuntimeBroker.exe
svchost.exe
C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Video.UI.exe
C:\Windows\System32\RuntimeBroker.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
C:\WINDOWS\system32\AUDIODG.EXE
C:\Windows\System32\smartscreen.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll
uRun: [Spotify Web Helper] "C:\Users\John Kim\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [OneDrive] "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Spotify] "C:\Users\John Kim\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
mPolicies-System: SoftwareSASGeneration = dword:1
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{11f6b674-c3dd-4f71-88f4-ef63d9d587f4} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{11f6b674-c3dd-4f71-88f4-ef63d9d587f4}\14962707F62747759664968223E2437492 : DHCPNameServer = 210.220.163.82 168.126.63.1
TCP: Interfaces\{7599bbc2-779f-4566-a1fe-677c7a5ad54c} : DHCPNameServer = 192.168.1.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {30C521FB-255B-46C8-9F0D-EE5AE371C9AA} - "C:\Program Files (x86)\AVAST Software\Browser\Application\71.0.1037.98\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
x64-Run: [RtHDVBg_LENOVO_DOLBYDRAGON] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON
x64-Run: [RtHDVBg_LENOVO_MICPKEY] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY
x64-Run: [RtsFT] RTFTrack.exe
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [AdobeGCInvoker-1.0] "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
x64-Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Notify: GoToAssist Express Customer - C:\Program Files (x86)\GoToAssist Remote Support Customer\1610\g2ax_winlogonx64.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 0.0.0.0 fr.a2dfp.net
Hosts: 0.0.0.0 m.fr.a2dfp.net
Hosts: 0.0.0.0 mfr.a2dfp.net
Hosts: 0.0.0.0 ad.a8.net
Hosts: 0.0.0.0 asy.a8ww.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John Kim\AppData\Roaming\Mozilla\Firefox\Profiles\fxzq9272.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?trackid=sp-006
FF - prefs.js: browser.search.selectedEngine - Google (avast)
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search?trackid=sp-006
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?trackid=sp-006
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\John Kim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\John Kim\AppData\Roaming\raidcall\plugins\nprcplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswArDisk;aswArDisk;C:\WINDOWS\System32\drivers\aswArDisk.sys [2019-1-8 37304]
R0 aswbidsh;aswbidsh;C:\WINDOWS\System32\drivers\aswbidsh.sys [2019-1-8 196264]
R0 aswblog;aswblog;C:\WINDOWS\System32\drivers\aswblog.sys [2019-1-8 320888]
R0 aswbuniv;aswbuniv;C:\WINDOWS\System32\drivers\aswbuniv.sys [2019-1-8 58160]
R0 aswElam;aswElam;C:\WINDOWS\System32\drivers\aswElam.sys [2018-8-14 15488]
R0 aswRvrt;aswRvrt;C:\WINDOWS\System32\drivers\aswRvrt.sys [2018-6-2 88144]
R0 aswVmm;aswVmm;C:\WINDOWS\System32\drivers\aswVmm.sys [2018-6-2 380144]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-8-7 644968]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2018-4-11 177192]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2018-12-11 58168]
R0 LHDmgr;LHDmgr;C:\WINDOWS\System32\drivers\LhdX64.sys [2014-3-7 39008]
R0 SgrmAgent;System Guard Runtime Monitor Agent;C:\WINDOWS\System32\drivers\SgrmAgent.sys [2018-4-11 63896]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2018-4-11 16288]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2018-7-25 72768]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2018-4-11 18472]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2018-4-11 209816]
R1 afunix;afunix;C:\WINDOWS\System32\drivers\afunix.sys [2018-4-11 39424]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2018-4-11 254464]
R1 aswArPot;aswArPot;C:\WINDOWS\System32\drivers\aswArPot.sys [2018-8-14 203488]
R1 aswbidsdriver;aswbidsdriver;C:\WINDOWS\System32\drivers\aswbidsdriver.sys [2019-1-14 223056]
R1 aswHdsKe;aswHdsKe;C:\WINDOWS\System32\drivers\aswHdsKe.sys [2018-8-14 239808]
R1 aswKbd;aswKbd;C:\WINDOWS\System32\drivers\aswKbd.sys [2019-1-8 42488]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswSnx.sys [2018-6-2 1034056]
R1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswSP.sys [2018-6-2 474648]
R1 bam;Background Activity Moderator Driver;C:\WINDOWS\System32\drivers\bam.sys [2018-4-11 60320]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2018-4-11 55808]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-4-11 8192]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2015-9-15 669872]
R2 AGMService;Adobe Genuine Monitor Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2018-5-11 2917864]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-9-4 2709480]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2018-6-2 166792]
R2 aswStm;aswStm;C:\WINDOWS\System32\drivers\aswStm.sys [2018-6-2 218056]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2019-1-7 357816]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
R2 CDPUserSvc_ac0dc81;Connected Devices Platform User Service_ac0dc81;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2018-8-14 414720]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p [2018-4-11 51288]
R2 CybereasonRansomFree;Cybereason RansomFree Engine;C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [2017-11-20 13824]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc -p [2018-4-11 51288]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
R2 ibtsiva;Intel Bluetooth Service;C:\WINDOWS\System32\ibtsiva --> C:\WINDOWS\System32\ibtsiva [?]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-3-7 131544]
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [2013-6-26 155448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-3-7 169432]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2015-5-21 420296]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\WINDOWS\System32\drivers\LMIInfo.sys [2017-4-3 30432]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\System32\drivers\LMIRfsDriver.sys [2015-5-29 81088]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2018-10-10 6347056]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-2-16 458176]
R2 OneSyncSvc_ac0dc81;Sync Host_ac0dc81;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2018-8-14 760888]
R2 sedsvc;Windows Remediation Service;C:\Program Files\rempl\sedsvc.exe [2019-1-11 325432]
R2 SgrmBroker;System Guard Runtime Monitor Broker;C:\WINDOWS\System32\SgrmBroker.exe [2018-4-11 163336]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2018-12-11 82432]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-1-20 255096]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R2 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2018-4-11 151960]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R2 WpnUserService_ac0dc81;Windows Push Notifications User Service_ac0dc81;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\WINDOWS\System32\drivers\AcpiVpc.sys [2012-7-8 35600]
R3 aswbIDSAgent;aswbIDSAgent;C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2019-1-7 7834368]
R3 BTAGService;Bluetooth Audio Gateway Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2018-4-11 51288]
R3 BthAvctpSvc;AVCTP service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2018-4-11 86528]
R3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2018-4-11 60320]
R3 camsvc;Capability Access Manager Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2016-12-12 230656]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\WINDOWS\System32\drivers\L1C63x64.sys [2013-9-27 130248]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2019-1-18 261032]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2018-4-11 20992]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit;C:\WINDOWS\System32\drivers\Netwbw02.sys [2018-4-11 3485696]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2017-4-7 56384]
R3 PimIndexMaintenanceSvc_ac0dc81;Contact Data_ac0dc81;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R3 rtsuvc;Lenovo EasyCamera;C:\WINDOWS\System32\drivers\rtsuvc.sys [2014-3-7 8876248]
R3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2016-2-2 51320]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
R3 TokenBroker;Web Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R3 UnistoreSvc_ac0dc81;User Data Storage_ac0dc81;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R3 UserDataSvc_ac0dc81;User Data Access_ac0dc81;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R3 WaaSMedicSvc;Windows Update Medic Service;C:\WINDOWS\System32\svchost.exe -k wusvcs -p [2018-4-11 51288]
R3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2018-12-11 83456]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2018-4-11 25088]
S2 avast;%1!s! Update Service (avast);C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-8-15 164984]
S2 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;C:\Program Files (x86)\GoToAssist Remote Support Customer\1610\g2ax_service.exe [2019-1-26 614368]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2018-4-11 51288]
S2 NvNetworkService;NVIDIA Network Service;"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe" --> C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [?]
S2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2017-4-7 2522680]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-7-18 317408]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-4-11 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2018-4-11 1135520]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2018-4-11 18432]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness -p [2018-4-11 51288]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2018-4-11 51288]
S3 aswHwid;aswHwid;C:\WINDOWS\System32\drivers\aswHwid.sys [2018-6-2 46584]
S3 avastm;%1!s! Update Service (avastm);C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-8-15 164984]
S3 AvastSecureBrowserElevationService;Avast Secure Browser Elevation Service;C:\Program Files (x86)\AVAST Software\Browser\Application\71.0.1037.98\elevation_service.exe [2019-1-16 390552]
S3 AvastWscReporter;AvastWscReporter;C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [2019-1-7 57504]
S3 BcastDVRUserService_ac0dc81;GameDVR and Broadcast User Service_ac0dc81;C:\WINDOWS\System32\svchost.exe -k BcastDVRUserService [2018-4-11 51288]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2018-4-11 9728]
S3 bindflt;Windows Bind Filter Driver;C:\WINDOWS\System32\drivers\bindflt.sys [2018-12-11 92688]
S3 BluetoothUserService_ac0dc81;Bluetooth User Support Service_ac0dc81;C:\WINDOWS\System32\svchost.exe -k BthAppGroup [2018-4-11 51288]
S3 bttflt;Microsoft Hyper-V VHDPMEM BTT Filter;C:\WINDOWS\System32\drivers\bttflt.sys [2018-4-11 38304]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-4-11 39936]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2018-4-11 123392]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-4-11 321432]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-4-11 1836952]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2018-4-11 51288]
S3 DevicePickerUserSvc_ac0dc81;DevicePicker_ac0dc81;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2018-4-11 51288]
S3 DevicesFlowUserSvc_ac0dc81;DevicesFlow_ac0dc81;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2018-4-11 51288]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-7-22 131712]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-8-14 90624]
S3 diagsvc;Diagnostic Execution Service;C:\WINDOWS\System32\svchost.exe -k diagnostics [2018-4-11 51288]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2018-4-11 51288]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2018-4-11 51288]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-4-11 20992]
S3 GoogleChromeElevationService;Google Chrome Elevation Service;C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [2018-12-18 443872]
S3 GraphicsPerfSvc;GraphicsPerfSvc;C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup [2018-4-11 51288]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-4-11 50592]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\WINDOWS\System32\drivers\mshwnclx.sys [2018-4-11 27136]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2018-4-11 36864]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2018-4-11 91648]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-4-11 79360]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-4-11 88576]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-4-11 171520]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-4-11 174592]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2018-4-11 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2018-4-11 113152]
S3 iaStorAVC;Intel Chipset SATA RAID Controller;C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-4-11 885144]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2018-4-11 526232]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-4-11 38912]
S3 InstallService;Microsoft Store Install Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 IPT;IPT;C:\WINDOWS\System32\drivers\ipt.sys [2018-4-11 32256]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 ItSas35i;ItSas35i;C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-4-11 145816]
S3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-8-12 177376]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-4-11 124312]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-4-11 128408]
S3 LxpSvc;Language Experience Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2018-4-11 51288]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2018-4-11 505240]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2018-4-11 56736]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-4-11 75160]
S3 megasas35i;megasas35i;C:\WINDOWS\System32\drivers\megasas35i.sys [2018-4-11 82328]
S3 MessagingService_ac0dc81;MessagingService_ac0dc81;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-4-11 842648]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2018-4-11 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2018-4-11 175104]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2018-4-11 197632]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 npggsvc;nProtect GameGuard Service;C:\WINDOWS\System32\GameMon.des -service --> C:\WINDOWS\System32\GameMon.des -service [?]
S3 nvdimm;Microsoft NVDIMM device driver;C:\WINDOWS\System32\drivers\nvdimm.sys [2018-4-11 104448]
S3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-8-25 28216]
S3 OverwolfUpdater;Overwolf Updater Windows SCM;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2019-1-9 2424648]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2018-4-11 58776]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2018-4-11 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
S3 PNPMEM;Microsoft Memory Module Driver;C:\WINDOWS\System32\drivers\pnpmem.sys [2018-4-11 16896]
S3 PrintWorkflowUserSvc_ac0dc81;PrintWorkflow_ac0dc81;C:\WINDOWS\System32\svchost.exe -k PrintWorkflow [2018-4-11 51288]
S3 PushToInstall;Windows PushToInstall Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 Ramdisk;Windows RAM Disk Driver;C:\WINDOWS\System32\drivers\ramdisk.sys [2018-4-11 39840]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2018-7-25 1921944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2018-7-25 945568]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2018-4-11 51288]
S3 rhproxy;Resource Hub proxy driver;C:\WINDOWS\System32\drivers\rhproxy.sys [2018-4-11 104448]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2018-4-11 51288]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2018-8-14 128920]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2018-4-11 33176]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2018-4-11 1273344]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2018-4-11 154528]
S3 SharedRealitySvc;Spatial Data Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2018-4-11 51288]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2018-4-11 57752]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2018-6-12 976384]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2015-9-12 165504]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2018-6-2 105368]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2018-7-25 48544]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2018-4-11 303616]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2018-4-11 128512]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2018-4-11 152576]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2018-4-11 57856]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2018-4-11 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2018-6-12 29600]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2018-4-11 282008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2018-4-11 98200]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2018-4-11 144288]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2018-4-11 29088]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2018-4-11 67992]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2018-4-11 28064]
S3 VacSvc;Volumetric Audio Compositor Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2018-11-13 36352]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2018-8-14 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
S3 WarpJITSvc;WarpJITSvc;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2018-4-11 51288]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2018-11-13 787456]
S3 WdmCompanionFilter;WdmCompanionFilter;C:\WINDOWS\System32\drivers\WdmCompanionFilter.sys [2018-4-11 21408]
S3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [2018-7-30 61992]
S3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe [2018-7-30 3905952]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2018-4-11 51288]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2018-4-11 32152]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2018-11-13 228864]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2018-4-11 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 wlpasvc;Local Profile Assistant Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
S3 WpcMonSvc;Parental Controls;C:\WINDOWS\System32\svchost.exe -k LocalService [2018-4-11 51288]
S3 wsvd;wsvd;C:\WINDOWS\System32\drivers\wsvd.sys [2014-3-7 102376]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\xbgmsvc.exe [2018-4-11 59512]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2018-7-25 295424]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2018-4-11 46592]
S4 hvcrash;hvcrash;C:\WINDOWS\System32\drivers\hvcrash.sys [2018-4-11 33184]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S4 ssh-agent;OpenSSH Authentication Agent;C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [2018-4-12 495616]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2019-01-27 06:27:17 -------- d-----w- C:\Xcaches51
2019-01-27 06:27:17 -------- d-----w- C:\.iversion210
2019-01-27 04:26:27 -------- d-----w- C:\Program Files (x86)\GoToAssist Remote Support Customer
2019-01-27 04:26:21 -------- d-----w- C:\Users\John Kim\AppData\Local\GoToAssist Remote Support Customer
2019-01-27 04:26:21 -------- d-----w- C:\Users\John Kim\AppData\Local\GoTo Opener
2019-01-26 19:12:34 -------- d--h--w- C:\OneDriveTemp
2019-01-19 03:14:35 261032 ----a-w- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
2019-01-14 15:33:12 223056 ----a-w- C:\WINDOWS\System32\drivers\aswbidsdriver.sys
2019-01-09 20:19:58 2478664 ----a-w- C:\WINDOWS\SysWow64\combase.dll
2019-01-08 23:08:57 42488 ----a-w- C:\WINDOWS\System32\drivers\aswKbd.sys
2019-01-08 23:08:55 37304 ----a-w- C:\WINDOWS\System32\drivers\aswArDisk.sys
2019-01-08 23:08:39 58160 ----a-w- C:\WINDOWS\System32\drivers\aswbuniv.sys
2019-01-08 23:08:38 320888 ----a-w- C:\WINDOWS\System32\drivers\aswblog.sys
2019-01-08 23:08:37 196264 ----a-w- C:\WINDOWS\System32\drivers\aswbidsh.sys
.
==================== Find3M ====================
.
2019-01-18 22:58:10 166792 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys
2019-01-07 21:56:16 218056 ----a-w- C:\WINDOWS\System32\drivers\aswStm.sys
2019-01-07 21:56:14 380144 ----a-w- C:\WINDOWS\System32\drivers\aswVmm.sys
2019-01-07 21:56:13 88144 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys
2019-01-07 21:56:13 46584 ----a-w- C:\WINDOWS\System32\drivers\aswHwid.sys
2019-01-07 21:56:13 203488 ----a-w- C:\WINDOWS\System32\drivers\aswArPot.sys
2019-01-07 21:56:13 15488 ----a-w- C:\WINDOWS\System32\drivers\aswElam.sys
2019-01-07 21:56:13 111992 ----a-w- C:\WINDOWS\System32\drivers\aswRdr2.sys
2019-01-07 21:56:12 239808 ----a-w- C:\WINDOWS\System32\drivers\aswHdsKe.sys
2019-01-07 21:55:16 1034056 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys
2019-01-02 19:41:40 835480 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2019-01-02 19:41:40 179600 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2019-01-01 13:50:14 64000 ----a-w- C:\WINDOWS\System32\iemigplugin.dll
2019-01-01 13:47:36 225792 ----a-w- C:\WINDOWS\System32\windowslivelogin.dll
2019-01-01 13:45:57 285184 ----a-w- C:\WINDOWS\System32\wlidcredprov.dll
2019-01-01 13:45:47 714752 ----a-w- C:\WINDOWS\System32\wlidcli.dll
2019-01-01 13:43:48 1364992 ----a-w- C:\WINDOWS\System32\bcastdvruserservice.dll
2019-01-01 13:20:16 165888 ----a-w- C:\WINDOWS\SysWow64\windowslivelogin.dll
2019-01-01 13:18:05 500736 ----a-w- C:\WINDOWS\SysWow64\wlidcli.dll
2019-01-01 13:17:39 231936 ----a-w- C:\WINDOWS\SysWow64\wlidcredprov.dll
2019-01-01 07:14:47 1063224 ----a-w- C:\WINDOWS\System32\SecConfig.efi
2019-01-01 07:14:47 1029944 ----a-w- C:\WINDOWS\System32\hvax64.exe
2019-01-01 07:14:46 76088 ----a-w- C:\WINDOWS\System32\drivers\hvservice.sys
2019-01-01 07:14:39 566568 ----a-w- C:\WINDOWS\System32\tcblaunch.exe
2019-01-01 07:14:39 1221432 ----a-w- C:\WINDOWS\System32\hvix64.exe
2019-01-01 07:14:37 134968 ----a-w- C:\WINDOWS\System32\hvloader.dll
2019-01-01 07:13:36 709728 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2019-01-01 07:13:36 3292152 ----a-w- C:\WINDOWS\System32\combase.dll
2019-01-01 07:13:30 436024 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2019-01-01 07:13:30 1363536 ----a-w- C:\WINDOWS\System32\WinTypes.dll
2019-01-01 07:13:21 170808 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys
2019-01-01 07:12:59 7520104 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2019-01-01 07:12:53 9084216 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2019-01-01 07:12:45 2465792 ----a-w- C:\WINDOWS\System32\msxml6.dll
2019-01-01 07:12:39 268304 ----a-w- C:\WINDOWS\System32\browserbroker.dll
2019-01-01 07:12:35 2421288 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2019-01-01 07:12:29 43536 ----a-w- C:\WINDOWS\System32\browser_broker.exe
2019-01-01 07:12:26 713272 ----a-w- C:\WINDOWS\System32\MSVideoDSP.dll
2019-01-01 07:12:20 128824 ----a-w- C:\WINDOWS\System32\drivers\tm.sys
2019-01-01 06:55:34 25856512 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2019-01-01 06:50:40 4383744 ----a-w- C:\WINDOWS\System32\EdgeContent.dll
2019-01-01 06:48:10 79360 ----a-w- C:\WINDOWS\System32\Print.Workflow.Source.dll
2019-01-01 06:48:03 81920 ----a-w- C:\WINDOWS\System32\drivers\wanarp.sys
2019-01-01 06:48:01 342528 ----a-w- C:\WINDOWS\System32\browserexport.exe
2019-01-01 06:47:38 433152 ----a-w- C:\WINDOWS\System32\MusNotification.exe
2019-01-01 06:47:17 808448 ----a-w- C:\WINDOWS\System32\EdgeManager.dll
2019-01-01 06:46:47 153088 ----a-w- C:\WINDOWS\System32\dssvc.dll
2019-01-01 06:46:13 154112 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2019-01-01 06:46:03 209408 ----a-w- C:\WINDOWS\System32\MicrosoftAccountTokenProvider.dll
2019-01-01 06:45:47 352768 ----a-w- C:\WINDOWS\System32\dhcpcore.dll
2019-01-01 06:45:13 2368512 ----a-w- C:\WINDOWS\System32\WebRuntimeManager.dll
2019-01-01 06:45:03 7573504 ----a-w- C:\WINDOWS\System32\Chakra.dll
2019-01-01 06:44:49 1708544 ----a-w- C:\WINDOWS\System32\MSPhotography.dll
2019-01-01 06:44:46 456192 ----a-w- C:\WINDOWS\System32\Windows.Graphics.Printing.Workflow.dll
2019-01-01 06:44:44 894464 ----a-w- C:\WINDOWS\System32\webplatstorageserver.dll
2019-01-01 06:44:28 662528 ----a-w- C:\WINDOWS\System32\wlidprov.dll
2019-01-01 06:44:03 1549824 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2019-01-01 06:42:36 1371136 ----a-w- C:\WINDOWS\System32\aadtb.dll
2019-01-01 06:42:29 2247680 ----a-w- C:\WINDOWS\System32\wlidsvc.dll
2019-01-01 06:42:17 717312 ----a-w- C:\WINDOWS\System32\Windows.Web.dll
2019-01-01 06:42:11 4939776 ----a-w- C:\WINDOWS\System32\wininet.dll
2019-01-01 06:41:40 1159680 ----a-w- C:\WINDOWS\System32\rpcss.dll
2019-01-01 06:41:32 895488 ----a-w- C:\WINDOWS\System32\Windows.Security.Authentication.OnlineId.dll
2019-01-01 06:41:22 505344 ----a-w- C:\WINDOWS\System32\edgeIso.dll
2019-01-01 06:41:04 899072 ----a-w- C:\WINDOWS\System32\kerberos.dll
2019-01-01 06:37:58 880048 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2019-01-01 06:37:56 381240 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2019-01-01 06:37:50 1989040 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2019-01-01 06:37:32 6571584 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2019-01-01 06:37:13 581808 ----a-w- C:\WINDOWS\SysWow64\MSVideoDSP.dll
2019-01-01 06:29:00 22016512 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2019-01-01 06:17:25 153088 ----a-w- C:\WINDOWS\SysWow64\MicrosoftAccountTokenProvider.dll
2019-01-01 06:16:52 1361408 ----a-w- C:\WINDOWS\SysWow64\MSPhotography.dll
2019-01-01 06:16:49 5775872 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2019-01-01 06:16:41 310272 ----a-w- C:\WINDOWS\SysWow64\wincorlib.dll
2019-01-01 06:15:47 331264 ----a-w- C:\WINDOWS\SysWow64\edgeIso.dll
2019-01-01 06:15:37 5307392 ----a-w- C:\WINDOWS\SysWow64\d2d1.dll
2019-01-01 06:15:18 608768 ----a-w- C:\WINDOWS\SysWow64\EdgeManager.dll
2019-01-01 06:15:13 317440 ----a-w- C:\WINDOWS\SysWow64\dhcpcore.dll
2019-01-01 06:14:50 578560 ----a-w- C:\WINDOWS\SysWow64\webplatstorageserver.dll
2019-01-01 06:14:08 4514816 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2019-01-01 06:14:06 330752 ----a-w- C:\WINDOWS\SysWow64\Windows.Graphics.Printing.Workflow.dll
2019-01-01 06:13:26 251904 ----a-w- C:\WINDOWS\SysWow64\msIso.dll
2019-01-01 06:13:16 594432 ----a-w- C:\WINDOWS\SysWow64\Windows.Web.dll
2019-01-01 06:12:54 1036288 ----a-w- C:\WINDOWS\SysWow64\aadtb.dll
2019-01-01 06:12:44 795648 ----a-w- C:\WINDOWS\SysWow64\Windows.Security.Authentication.OnlineId.dll
2019-01-01 06:12:18 516608 ----a-w- C:\WINDOWS\SysWow64\wlidprov.dll
2019-01-01 06:12:11 778240 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll
2018-12-19 04:49:12 352768 ----a-w- C:\WINDOWS\SysWow64\msrd3x40.dll
2018-12-18 03:36:14 152688 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2018-12-14 07:29:22 1130760 ----a-w- C:\WINDOWS\SysWow64\msvproc.dll
2018-12-14 07:25:40 1035256 ----a-w- C:\WINDOWS\System32\ApplyTrustOffline.exe
2018-12-14 07:21:46 1098064 ----a-w- C:\WINDOWS\System32\msvproc.dll
2018-12-14 07:21:44 1457240 ----a-w- C:\WINDOWS\System32\winload.efi
2018-12-14 07:21:43 1140480 ----a-w- C:\WINDOWS\System32\winresume.efi
2018-12-14 07:21:42 982912 ----a-w- C:\WINDOWS\System32\winresume.exe
2018-12-14 07:21:42 1257672 ----a-w- C:\WINDOWS\System32\winload.exe
2018-12-14 07:10:38 1295360 ----a-w- C:\WINDOWS\SysWow64\MSVPXENC.dll
2018-12-14 06:55:44 3396608 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2018-12-14 06:55:04 209408 ----a-w- C:\WINDOWS\System32\AppXApplicabilityBlob.dll
.
============= FINISH: 23:01:48.41 ===============
Attached Files
File Type: txt attach.txt (517.1 KB, 7 views)
h34n is offline  
Sponsored Links
Advertisement
 
Old 01-26-2019, 11:28 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again h34n.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan Now
  • Once the Scan is done, select Clean & Repair
  • When prompted, select Clean & Restart Now
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\Logs\AdwCleaner[C0#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-27-2019, 12:30 AM   #5
Registered Member
 
Join Date: May 2012
Posts: 36
OS: Windows 10



# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build: 12-18-2018
# Database: 2019-01-25.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-27-2019
# Duration: 00:00:11
# OS: Windows 10 Home
# Scanned: 31744
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [1771 octets] - [11/11/2018 17:33:43]
AdwCleaner[C00].txt - [1843 octets] - [11/11/2018 17:33:56]
AdwCleaner[S01].txt - [1374 octets] - [17/11/2018 16:07:38]
AdwCleaner[C01].txt - [1540 octets] - [17/11/2018 16:08:00]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ########

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.01.2019
Ran by John Kim (administrator) on JOHN (27-01-2019 00:27:20)
Running from C:\Users\John Kim\Desktop
Loaded Profiles: John Kim (Available Profiles: John Kim)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
() C:\Windows\SysWOW64\UMonit64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Spotify Ltd) C:\Users\John Kim\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13886208 2015-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-10-17] (Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-03-07] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-03-07] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [446400 2018-11-22] (LogMeIn, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems, Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-07] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1053144 2017-06-06] (DivX, LLC)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-07] (AVAST Software)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\...\Run: [Spotify Web Helper] => C:\Users\John Kim\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2017-03-11] (Spotify Ltd)
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\...\Run: [Spotify] => C:\Users\John Kim\AppData\Roaming\Spotify\Spotify.exe [6987376 2017-03-11] (Spotify Ltd)
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3131680 2018-11-26] (Valve Corporation)
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [804352 2018-04-11] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-18] (Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\71.0.1037.98\Installer\chrmstp.exe [2019-01-16] (AVAST Software)
HKLM\Software\...\Authentication\Credential Providers: [{65CD7F9B-E8F3-4bb0-82EB-6F6875B745DF}] -> C:\windows\system32\LMIinit.dll [2018-11-22] (LogMeIn, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{11f6b674-c3dd-4f71-88f4-ef63d9d587f4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7599bbc2-779f-4566-a1fe-677c7a5ad54c}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKU\S-1-5-21-3656025934-1805325345-282951442-1002 -> DefaultScope {A55F4D66-FF70-4AFD-BA74-871F669C8BA0} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-11-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-21] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: fxzq9272.default
FF ProfilePath: C:\Users\John Kim\AppData\Roaming\Mozilla\Firefox\Profiles\fxzq9272.default [2018-08-15]
FF Homepage: Mozilla\Firefox\Profiles\fxzq9272.default -> hxxps://www.google.com/?trackid=sp-006
FF NewTab: Mozilla\Firefox\Profiles\fxzq9272.default -> about:newtab
FF SearchPlugin: C:\Users\John Kim\AppData\Roaming\Mozilla\Firefox\Profiles\fxzq9272.default\searchplugins\google-avast.xml [2016-02-23]
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2017-06-05] (DivX, LLC)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @Java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-21] (Oracle Corporation)
FF Plugin-x32: @Java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @Nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @Nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @Raidcall.en/RCplugin -> C:\Users\John Kim\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @Videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @Videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3656025934-1805325345-282951442-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\John Kim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-04-27] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default [2019-01-27]
CHR Extension: (Google Drive) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-07-25]
CHR Extension: (YouTube) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (AdBlock) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-01-16]
CHR Extension: (Avast Online Security) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-01-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-08]
CHR Profile: C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-12-14]
CHR Profile: C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7834368 2019-01-07] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-15] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357816 2019-01-07] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-15] (AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\71.0.1037.98\elevation_service.exe [390552 2019-01-09] (AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-01-07] (AVAST Software)
R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [13824 2017-11-20] (Cybereason) [File not signed]
S2 GoToAssist Remote Support Customer; C:\Program Files (x86)\GoToAssist Remote Support Customer\1610\g2ax_service.exe [614368 2019-01-26] (LogMeIn, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [184064 2016-12-12] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-22] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [420296 2018-11-22] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [588744 2018-11-22] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-05-21] (LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2424648 2019-01-09] (Overwolf LTD)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255096 2016-01-20] (Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-07-30] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-07-30] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
S2 NvNetworkService; "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37304 2019-01-07] (AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [203488 2019-01-07] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [223056 2019-01-14] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196264 2019-01-07] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320888 2019-01-07] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [58160 2019-01-07] (AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-07] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239808 2019-01-07] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46584 2019-01-07] (AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42488 2019-01-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [166792 2019-01-18] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111992 2019-01-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88144 2019-01-07] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1034056 2019-01-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [474648 2019-01-07] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [218056 2019-01-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380144 2019-01-07] (AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2016-12-12] (Intel Corporation)
R2 LMIInfo; C:\WINDOWS\system32\drivers\LMIInfo.sys [30432 2017-01-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-01-18] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2018-04-11] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_0221ce4ec0827f74\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-17] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51320 2016-01-20] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46584 2018-07-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-07-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-07-30] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-27 00:27 - 2019-01-27 00:28 - 000025621 _____ C:\Users\John Kim\Desktop\FRST.txt
2019-01-27 00:25 - 2019-01-27 00:25 - 007320272 _____ (Malwarebytes) C:\Users\John Kim\Desktop\AdwCleaner.exe
2019-01-27 00:25 - 2019-01-27 00:25 - 002428416 _____ (Farbar) C:\Users\John Kim\Desktop\FRST64.exe
2019-01-27 00:23 - 2019-01-27 00:23 - 000000000 ___HD C:\OneDriveTemp
2019-01-26 23:01 - 2019-01-26 23:01 - 000529532 _____ C:\Users\John Kim\Desktop\attach.txt
2019-01-26 23:01 - 2019-01-26 23:01 - 000053708 _____ C:\Users\John Kim\Desktop\dds.txt
2019-01-26 23:00 - 2019-01-26 23:00 - 000688992 ____R (Swearware) C:\Users\John Kim\Desktop\dds.scr
2019-01-26 22:27 - 2019-01-26 22:27 - 000515975 ____N C:\Users\Qrhk\seeking-voting-smile-kingdom.xlsx
2019-01-26 22:27 - 2019-01-26 22:27 - 000505093 ____N C:\Users\Akpd72x\standing.minister.guests.exclude.xlsx
2019-01-26 22:27 - 2019-01-26 22:27 - 000216438 ____N C:\Users\Qrhk\oscillateherself.mdb
2019-01-26 22:27 - 2019-01-26 22:27 - 000215476 ____N C:\Users\Akpd72x\returned loans household.mdb
2019-01-26 22:27 - 2019-01-26 22:27 - 000078571 ____N C:\Users\Qrhk\approximately quoted curt.xls
2019-01-26 22:27 - 2019-01-26 22:27 - 000071624 ____N C:\Users\Akpd72x\fill typical climbed.xls
2019-01-26 22:27 - 2019-01-26 22:27 - 000054523 ____N C:\Users\Akpd72x\congo finger submarine partly.pem
2019-01-26 22:27 - 2019-01-26 22:27 - 000050144 ____N C:\Users\Qrhk\whether-ultimately-illuminate.pem
2019-01-26 22:27 - 2019-01-26 22:27 - 000020650 ____N C:\Users\Akpd72x\looks.aimed.txt
2019-01-26 22:27 - 2019-01-26 22:27 - 000016660 ____N C:\Users\Qrhk\seems_loan_brothers.txt
2019-01-26 22:27 - 2019-01-26 22:27 - 000016237 ____N C:\Users\Qrhk\canada-endless-abandon-methods.sql
2019-01-26 22:27 - 2019-01-26 22:27 - 000013589 ____N C:\Users\Akpd72x\employment guards.sql
2019-01-26 22:27 - 2019-01-26 22:27 - 000000000 __SHD C:\Users\John Kim\Desktop\0K, this directory is for Ransomware detection (just leave it here)
2019-01-26 22:27 - 2019-01-26 22:27 - 000000000 ___HD C:\Users\Qrhk
2019-01-26 22:27 - 2019-01-26 22:27 - 000000000 ___HD C:\Users\John Kim\Documents\Xfiles218
2019-01-26 22:27 - 2019-01-26 22:27 - 000000000 ___HD C:\Users\John Kim\Documents\Aprogram186
2019-01-26 22:27 - 2019-01-26 22:27 - 000000000 ___HD C:\Users\Akpd72x
2019-01-26 22:27 - 2019-01-26 22:27 - 000000000 ____D C:\Xcaches51
2019-01-26 22:27 - 2019-01-26 22:27 - 000000000 ____D C:\.iversion210
2019-01-26 20:26 - 2019-01-26 20:26 - 000001596 _____ C:\Users\John Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoToAssist Customer.lnk
2019-01-26 20:26 - 2019-01-26 20:26 - 000001566 _____ C:\Users\John Kim\Desktop\GoToAssist Customer.lnk
2019-01-26 20:26 - 2019-01-26 20:26 - 000000000 ____D C:\Users\John Kim\AppData\Local\GoToAssist Remote Support Customer
2019-01-26 20:26 - 2019-01-26 20:26 - 000000000 ____D C:\Users\John Kim\AppData\Local\GoTo Opener
2019-01-26 20:26 - 2019-01-26 20:26 - 000000000 ____D C:\Program Files (x86)\GoToAssist Remote Support Customer
2019-01-18 19:14 - 2019-01-18 19:14 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-01-14 07:33 - 2019-01-14 07:33 - 000223056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-01-09 12:20 - 2019-01-01 05:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-09 12:20 - 2019-01-01 05:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-09 12:20 - 2018-12-31 23:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-09 12:20 - 2018-12-31 23:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-09 12:20 - 2018-12-31 23:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-09 12:20 - 2018-12-31 22:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-09 12:20 - 2018-12-31 22:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-09 12:20 - 2018-12-31 22:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-09 12:20 - 2018-12-31 22:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-09 12:20 - 2018-12-31 22:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-09 12:20 - 2018-12-31 22:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-09 12:20 - 2018-12-31 22:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-09 12:20 - 2018-12-31 22:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-09 12:20 - 2018-12-31 22:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-09 12:20 - 2018-12-31 22:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-09 12:19 - 2019-01-01 05:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-09 12:19 - 2019-01-01 05:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-01-09 12:19 - 2019-01-01 05:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-01-09 12:19 - 2019-01-01 05:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-01-09 12:19 - 2019-01-01 05:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-09 12:19 - 2019-01-01 05:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-01-09 12:19 - 2019-01-01 05:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-01-09 12:19 - 2019-01-01 05:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-01-09 12:19 - 2018-12-31 23:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-09 12:19 - 2018-12-31 23:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-09 12:19 - 2018-12-31 23:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-09 12:19 - 2018-12-31 23:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-09 12:19 - 2018-12-31 23:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-09 12:19 - 2018-12-31 23:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-09 12:19 - 2018-12-31 23:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-09 12:19 - 2018-12-31 23:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-01-09 12:19 - 2018-12-31 23:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-09 12:19 - 2018-12-31 23:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-09 12:19 - 2018-12-31 23:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-09 12:19 - 2018-12-31 23:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-09 12:19 - 2018-12-31 23:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-09 12:19 - 2018-12-31 23:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-09 12:19 - 2018-12-31 23:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-09 12:19 - 2018-12-31 23:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-09 12:19 - 2018-12-31 23:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-01-09 12:19 - 2018-12-31 22:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-01-09 12:19 - 2018-12-31 22:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-09 12:19 - 2018-12-31 22:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-09 12:19 - 2018-12-31 22:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-09 12:19 - 2018-12-31 22:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-09 12:19 - 2018-12-31 22:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-01-09 12:19 - 2018-12-31 22:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-09 12:19 - 2018-12-31 22:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-09 12:19 - 2018-12-31 22:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-09 12:19 - 2018-12-31 22:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-01-09 12:19 - 2018-12-31 22:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-09 12:19 - 2018-12-31 22:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-09 12:19 - 2018-12-31 22:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-09 12:19 - 2018-12-31 22:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-01-09 12:19 - 2018-12-31 22:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-09 12:19 - 2018-12-31 22:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-09 12:19 - 2018-12-31 22:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-09 12:19 - 2018-12-31 22:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-09 12:19 - 2018-12-31 22:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-09 12:19 - 2018-12-31 22:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-09 12:19 - 2018-12-31 22:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-09 12:19 - 2018-12-31 22:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-09 12:19 - 2018-12-31 22:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-09 12:19 - 2018-12-31 22:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-09 12:19 - 2018-12-31 22:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-09 12:19 - 2018-12-31 22:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-09 12:19 - 2018-12-31 22:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-01-09 12:19 - 2018-12-31 22:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-09 12:19 - 2018-12-31 22:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-09 12:19 - 2018-12-31 22:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-09 12:19 - 2018-12-31 22:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-09 12:19 - 2018-12-31 22:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-01-09 12:19 - 2018-12-31 22:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-09 12:19 - 2018-12-31 22:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-09 12:19 - 2018-12-31 22:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-09 12:19 - 2018-12-31 22:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-01-09 12:19 - 2018-12-31 22:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-09 12:19 - 2018-12-31 22:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-09 12:19 - 2018-12-31 22:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-09 12:19 - 2018-12-31 22:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-09 12:19 - 2018-12-31 22:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-09 12:19 - 2018-12-31 22:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-09 12:19 - 2018-12-31 22:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-09 12:19 - 2018-12-31 22:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-09 12:19 - 2018-12-31 22:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-09 12:19 - 2018-12-31 21:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-01-09 12:19 - 2018-12-18 20:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-08 15:08 - 2019-01-07 13:55 - 000320888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
2019-01-08 15:08 - 2019-01-07 13:55 - 000196264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-01-08 15:08 - 2019-01-07 13:55 - 000058160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-01-08 15:08 - 2019-01-07 13:55 - 000042488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-01-08 15:08 - 2019-01-07 13:55 - 000037304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2019-01-07 13:58 - 2019-01-07 13:55 - 000361352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-27 00:27 - 2015-11-21 12:13 - 000000000 ____D C:\FRST
2019-01-27 00:25 - 2018-06-03 10:44 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5200A860-A67C-42FB-B70A-E819A4714641}
2019-01-27 00:23 - 2015-07-29 16:32 - 000000000 ___RD C:\Users\John Kim\OneDrive
2019-01-27 00:23 - 2015-04-26 14:13 - 000000000 ____D C:\Users\John Kim\AppData\Local\Adobe
2019-01-27 00:22 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-27 00:22 - 2018-04-11 15:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-27 00:22 - 2015-07-07 08:13 - 000000000 ____D C:\Users\John Kim\AppData\Local\TSVNCache
2019-01-27 00:22 - 2015-05-29 21:20 - 000000000 ____D C:\ProgramData\LogMeIn
2019-01-26 20:05 - 2018-06-03 10:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-01-26 11:15 - 2018-04-11 15:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-25 22:28 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-01-24 16:46 - 2018-07-25 19:24 - 000000000 ____D C:\ProgramData\Packages
2019-01-24 01:52 - 2017-02-25 16:53 - 000000000 ____D C:\Users\John Kim\AppData\Local\CrashDumps
2019-01-24 00:53 - 2015-05-31 14:02 - 000001456 _____ C:\Users\John Kim\AppData\Local\Adobe Save for Web 13.0 Prefs
2019-01-24 00:53 - 2015-05-31 12:21 - 000000000 ____D C:\Users\John Kim\Desktop\PSD's signatures
2019-01-23 18:36 - 2014-06-09 16:49 - 000000000 ____D C:\Users\John Kim\Desktop\Treasure Pygmy
2019-01-23 17:37 - 2018-12-06 15:37 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-01-23 17:37 - 2018-12-06 15:37 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-01-23 17:37 - 2018-11-21 08:30 - 000002956 _____ C:\WINDOWS\System32\Tasks\Cybereason RansomFree Keepalive
2019-01-23 17:37 - 2018-11-21 08:30 - 000002248 _____ C:\WINDOWS\System32\Tasks\Cybereason RansomFree Autostart
2019-01-23 17:37 - 2018-11-10 22:06 - 000003244 _____ C:\WINDOWS\System32\Tasks\Overwolf Updater Task
2019-01-23 17:37 - 2018-06-03 10:44 - 000003042 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2019-01-23 17:37 - 2018-06-03 10:44 - 000002878 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3656025934-1805325345-282951442-1002
2019-01-23 17:37 - 2018-06-03 10:44 - 000002856 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3656025934-1805325345-282951442-1002
2019-01-23 17:37 - 2018-06-03 10:44 - 000002802 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-John-John Kim
2019-01-23 17:37 - 2018-06-03 10:44 - 000002772 _____ C:\WINDOWS\System32\Tasks\DivXUpdate
2019-01-23 17:37 - 2018-06-03 10:44 - 000002680 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2019-01-23 17:37 - 2018-06-03 10:44 - 000002404 _____ C:\WINDOWS\System32\Tasks\UMonitor Task
2019-01-23 17:37 - 2018-06-03 10:44 - 000002376 _____ C:\WINDOWS\System32\Tasks\{93BEC5DE-C765-48CC-AEB2-CB9D0C24B9FC}
2019-01-23 17:37 - 2018-06-03 10:44 - 000002340 _____ C:\WINDOWS\System32\Tasks\{07E2D8E9-32F4-4041-9390-2839C301F611}
2019-01-23 17:37 - 2018-06-03 10:44 - 000002318 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3656025934-1805325345-282951442-500
2019-01-23 17:37 - 2018-06-03 10:44 - 000002318 _____ C:\WINDOWS\System32\Tasks\{E6481478-7A5E-4F08-8DB3-37D960006318}
2019-01-23 17:37 - 2018-06-03 10:44 - 000002318 _____ C:\WINDOWS\System32\Tasks\{D7F3FFF7-A6E2-4967-9B8C-50BFEDB6F8AF}
2019-01-23 17:37 - 2018-06-03 10:44 - 000002318 _____ C:\WINDOWS\System32\Tasks\{D6CF2520-D3C6-46FA-BBB5-250D5AC1BAA7}
2019-01-23 17:37 - 2018-06-03 10:44 - 000002318 _____ C:\WINDOWS\System32\Tasks\{CE78FDE4-6EBC-4BD8-91D8-87ECBB62B2CC}
2019-01-23 17:37 - 2018-06-03 10:44 - 000002318 _____ C:\WINDOWS\System32\Tasks\{C6530C39-5EA9-4A90-8620-69DB258E5929}
2019-01-23 17:37 - 2018-06-03 10:44 - 000002318 _____ C:\WINDOWS\System32\Tasks\{BA4FA00A-0EBB-49FB-B984-CA78027D50FB}
2019-01-23 17:37 - 2018-06-03 10:44 - 000002318 _____ C:\WINDOWS\System32\Tasks\{A6A8D389-25EE-4782-B22B-CB4CA80F9076}
2019-01-23 17:37 - 2018-06-03 10:44 - 000002318 _____ C:\WINDOWS\System32\Tasks\{6C49DB90-67E8-4866-BF2A-9DCE9A8CE188}
2019-01-23 17:37 - 2018-06-03 10:44 - 000002318 _____ C:\WINDOWS\System32\Tasks\{2F05EA96-91AF-4CBA-B98B-1A9D7D54CC22}
2019-01-23 17:37 - 2018-06-03 10:44 - 000002256 _____ C:\WINDOWS\System32\Tasks\PDVDServ Task
2019-01-23 17:37 - 2018-06-03 10:44 - 000002254 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2019-01-23 17:37 - 2018-06-03 10:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-01-23 13:28 - 2018-06-03 10:20 - 000002418 _____ C:\Users\John Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-23 12:31 - 2018-06-03 10:44 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-01-22 20:07 - 2015-06-22 08:26 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-01-21 11:52 - 2018-12-19 13:17 - 000001216 _____ C:\Users\John Kim\Desktop\feels.txt
2019-01-18 19:20 - 2018-06-03 10:31 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-18 19:20 - 2018-04-11 15:36 - 000000000 ____D C:\WINDOWS\INF
2019-01-18 19:15 - 2015-05-29 21:22 - 000001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2019-01-18 19:14 - 2018-06-03 10:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-18 19:14 - 2016-09-12 03:13 - 000000000 ____D C:\ProgramData\NVIDIA
2019-01-18 15:47 - 2018-04-11 13:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-01-18 15:02 - 2018-01-17 17:45 - 000000000 ____D C:\Program Files\rempl
2019-01-18 14:58 - 2018-06-02 18:46 - 000166792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-01-17 18:12 - 2017-06-21 14:18 - 000002488 _____ C:\Users\John Kim\Desktop\Warcraft III - TFT.lnk
2019-01-16 23:03 - 2018-06-03 10:20 - 000000000 ____D C:\Users\John Kim
2019-01-16 22:35 - 2014-08-03 03:38 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2019-01-16 22:35 - 2014-08-03 03:38 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2019-01-16 12:35 - 2014-08-03 03:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2019-01-16 08:57 - 2018-08-15 01:55 - 000002509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-01-16 08:57 - 2018-08-15 01:55 - 000002474 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2019-01-14 14:05 - 2015-02-13 23:06 - 000000000 ____D C:\Program Files (x86)\Warcraft III
2019-01-12 10:06 - 2018-11-10 22:05 - 000000000 ____D C:\Program Files (x86)\Overwolf
2019-01-10 09:55 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-10 09:55 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-10 09:26 - 2014-06-12 14:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-01-10 09:23 - 2018-04-11 15:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-10 09:23 - 2014-06-12 14:28 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-01-07 13:58 - 2018-04-11 15:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-01-07 13:56 - 2018-08-14 20:14 - 000239808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-01-07 13:56 - 2018-08-14 20:14 - 000203488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-01-07 13:56 - 2018-08-14 20:14 - 000015488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2019-01-07 13:56 - 2018-06-02 18:46 - 000474648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-01-07 13:56 - 2018-06-02 18:46 - 000380144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-01-07 13:56 - 2018-06-02 18:46 - 000218056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-01-07 13:56 - 2018-06-02 18:46 - 000111992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-01-07 13:56 - 2018-06-02 18:46 - 000088144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-01-07 13:56 - 2018-06-02 18:46 - 000046584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2019-01-07 13:55 - 2018-06-02 18:46 - 001034056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-01-02 11:41 - 2018-11-13 18:22 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-01-02 11:41 - 2018-11-13 18:22 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-05-08 08:39 - 2014-11-05 08:51 - 001654869 _____ (Dynu Systems Inc.) C:\ProgramData\DynuEncrypt.dll
2016-02-23 17:10 - 2017-06-11 23:31 - 000000024 _____ () C:\Users\John Kim\7A1920D61156ABC05A60135AEFE8BC67.dat
2016-02-24 08:59 - 2016-02-25 13:02 - 000000024 _____ () C:\Users\John Kim\C5998D8FBE90B7D10A4A006650E2B7A9.dat
2017-06-11 23:36 - 2017-06-12 16:06 - 000000024 _____ () C:\Users\John Kim\D94CAEC6BBCB5B40066FADF295158C57.dat
2015-05-31 14:02 - 2019-01-24 00:53 - 000001456 _____ () C:\Users\John Kim\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-05-06 11:53 - 2018-05-06 11:53 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2179B.tmp
2018-05-23 23:21 - 2018-05-23 23:21 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D217F2.tmp
2018-05-23 17:43 - 2018-05-23 17:43 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D21C5B.tmp
2018-05-23 14:45 - 2018-05-23 14:45 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D22220.tmp
2018-05-02 22:13 - 2018-05-02 22:13 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D22865.tmp
2018-05-05 20:08 - 2018-05-05 20:08 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D23927.tmp
2018-04-11 09:03 - 2018-04-11 09:03 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D23A1E.tmp
2018-06-11 14:51 - 2018-06-11 14:51 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D23A3C.tmp
2018-04-28 16:38 - 2018-04-28 16:38 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D241F2.tmp
2018-05-06 14:30 - 2018-05-06 14:30 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D24EC1.tmp
2018-05-05 21:58 - 2018-05-05 21:58 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D250C.tmp
2018-05-04 17:19 - 2018-05-04 17:19 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D25278.tmp
2018-05-21 16:12 - 2018-05-21 16:12 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D25403.tmp
2018-05-09 18:09 - 2018-05-09 18:09 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D25557.tmp
2018-05-13 19:52 - 2018-05-13 19:52 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D256FF.tmp
2018-05-09 11:06 - 2018-05-09 11:06 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D25C08.tmp
2018-05-23 14:49 - 2018-05-23 14:49 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2687C.tmp
2018-05-06 15:56 - 2018-05-06 15:56 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D26EAD.tmp
2018-01-22 12:01 - 2018-01-22 12:01 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2731F.tmp
2018-05-09 17:14 - 2018-05-09 17:14 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D27B46.tmp
2018-06-03 11:38 - 2018-06-03 11:38 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D27BFA.tmp
2018-05-13 19:53 - 2018-05-13 19:53 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2818A.tmp
2018-05-05 17:44 - 2018-05-05 17:44 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D282E4.tmp
2018-05-13 19:53 - 2018-05-13 19:53 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D290BE.tmp
2018-05-12 10:23 - 2018-05-12 10:23 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D295A3.tmp
2018-05-06 07:44 - 2018-05-06 07:44 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2991B.tmp
2018-05-18 10:41 - 2018-05-18 10:41 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2A0A3.tmp
2018-05-18 23:36 - 2018-05-18 23:36 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2A473.tmp
2018-05-02 21:41 - 2018-05-02 21:41 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2A71B.tmp
2018-05-06 07:42 - 2018-05-06 07:42 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2AC6D.tmp
2018-05-12 19:44 - 2018-05-12 19:44 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2B3B7.tmp
2018-05-30 12:47 - 2018-05-30 12:47 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2B5DD.tmp
2018-05-23 13:37 - 2018-05-23 13:37 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2C05.tmp
2018-05-09 15:14 - 2018-05-09 15:14 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2C304.tmp
2018-05-06 11:40 - 2018-05-06 11:40 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2C7FF.tmp
2018-05-20 20:18 - 2018-05-20 20:18 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2DCB4.tmp
2018-05-21 13:30 - 2018-05-21 13:30 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2E1D0.tmp
2018-05-05 23:53 - 2018-05-05 23:53 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2E565.tmp
2018-05-22 11:51 - 2018-05-22 11:51 - 000000000 _____ () C:\Users\John Kim\AppData\Local\D2F841.tmp
2018-09-27 23:18 - 2018-09-27 23:18 - 000000000 _____ () C:\Users\John Kim\AppData\Local\oobelibMkey.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-03 10:12

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (74.0 KB, 7 views)
h34n is offline  
Old 01-27-2019, 07:03 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, h34n. I see no sign of infection in your logs. Are you actually experiencing any symptoms?

Please, don't ever let someone you don't know have access to your machine.

We'll do a couple of scans to check for remnants.

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Quarantine Selected to allow MBAM to quarantine what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart, wait for MBAM to open back up, then click Export Summary
  • If no threats were found, simply click Export Summary
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Please post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-27-2019, 10:21 PM   #7
Registered Member
 
Join Date: May 2012
Posts: 36
OS: Windows 10



Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/27/19
Scan Time: 7:46 PM
Log File: 3a6236d4-22af-11e9-883f-28d24461c8d7.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.508
Update Package Version: 1.0.8988
License: Free

-System Information-
OS: Windows 10 (Build 17134.523)
CPU: x64
File System: NTFS
User: John\John Kim

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 307683
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 7 min, 5 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

The eset scanner finished and just said no threats found and only had a continue key and a submit and finish.
h34n is offline  
Old 01-28-2019, 05:54 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, h34n. I see no sign of infection in your logs. Are you actually experiencing any symptoms?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-28-2019, 08:06 PM   #9
Registered Member
 
Join Date: May 2012
Posts: 36
OS: Windows 10



Yes. The popup keeps coming as a notification and it would constantly come back after closing and it comes from the bottom right corner of my browser.
h34n is offline  
Old 01-29-2019, 07:05 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Can you post a pic or screenshot of the popup? Please make sure I can read all of it.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-31-2019, 03:24 PM   #11
Registered Member
 
Join Date: May 2012
Posts: 36
OS: Windows 10



https://i.imgur.com/g0CCrXZ.jpg
h34n is offline  
Old 02-02-2019, 11:21 AM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, h34n. That popup isn't malicious; it's just an advertisement.

Did you disable all Chrome extensions like you did in your previous thread?

Please do so and use the browser for a couple of days. Do you still get the popups?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-02-2019, 01:08 PM   #13
Registered Member
 
Join Date: May 2012
Posts: 36
OS: Windows 10



It still comes up even without the extensions.
h34n is offline  
Old 02-02-2019, 07:30 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, h34n. Hard to believe you still get the popup with all Chrome extensions disabled.

Open Chrome, copy/paste the following bolded text into your Chrome browser address bar and press Enter:

chrome://settings

Go Advanced, then scroll down to 'Reset and clean up'.

Click Clean up computer > Find

Let me know.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-03-2019, 11:30 AM   #15
Registered Member
 
Join Date: May 2012
Posts: 36
OS: Windows 10



It said no harmful software detected.
h34n is offline  
Old 02-03-2019, 12:34 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, h34n. Are you aware you have a guest profile in Chrome?

Quote:
CHR Profile: C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-12-14]
Did you create it? Do you use it? Is it needed?

------------------------------------------------------

Please download SystemLook from here and save it to your Desktop.
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8/Win10 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :dir
    C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Guest Profile
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------

Let's see if disabling notifications and/or blocking sites will work:

https://support.google.com/chrome/answer/3220216

See here for blocking sites or apps from sending you notifications:

https://support.google.com/chrome/answer/3123708

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-05-2019, 06:29 PM   #17
Registered Member
 
Join Date: May 2012
Posts: 36
OS: Windows 10



No i didn't create or use it.

SystemLook 30.07.11 by jpshortstuff
Log created at 18:28 on 05/02/2019 by John Kim
Administrator - Elevation successful

========== dir ==========

C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Guest Profile - Parameters: "(none)"

---Files---
000003.log --a---- 0 bytes [05:07 15/12/2018] [05:07 15/12/2018]
Cookies --a---- 20480 bytes [05:07 15/12/2018] [05:07 15/12/2018]
Cookies-journal --a---- 0 bytes [01:23 06/11/2018] [05:07 15/12/2018]
CURRENT --a---- 16 bytes [05:07 15/12/2018] [05:07 15/12/2018]
Favicons --a---- 20480 bytes [01:23 06/11/2018] [01:23 06/11/2018]
Favicons-journal --a---- 0 bytes [01:23 06/11/2018] [01:23 06/11/2018]
History --a---- 118784 bytes [05:07 15/12/2018] [06:58 15/12/2018]
History-journal --a---- 0 bytes [01:23 06/11/2018] [06:58 15/12/2018]
LOCK --a---- 0 bytes [05:07 15/12/2018] [05:07 15/12/2018]
LOG --a---- 46 bytes [05:07 15/12/2018] [06:58 15/12/2018]
Login Data --a---- 18432 bytes [01:23 06/11/2018] [05:07 15/12/2018]
Login Data-journal --a---- 0 bytes [01:23 06/11/2018] [05:07 15/12/2018]
MANIFEST-000002 --a---- 50 bytes [05:07 15/12/2018] [05:07 15/12/2018]
Network Persistent State --a---- 208 bytes [01:24 06/11/2018] [05:08 15/12/2018]
Origin Bound Certs --a---- 20480 bytes [01:23 06/11/2018] [01:23 06/11/2018]
Origin Bound Certs-journal --a---- 0 bytes [01:23 06/11/2018] [01:23 06/11/2018]
page_load_capping_opt_out.db --a---- 16384 bytes [01:23 06/11/2018] [01:23 06/11/2018]
page_load_capping_opt_out.db-journal --a---- 0 bytes [01:23 06/11/2018] [01:23 06/11/2018]
Preferences --a---- 6967 bytes [01:23 06/11/2018] [06:58 15/12/2018]
previews_opt_out.db --a---- 16384 bytes [01:23 06/11/2018] [01:23 06/11/2018]
previews_opt_out.db-journal --a---- 0 bytes [01:23 06/11/2018] [01:23 06/11/2018]
README --a---- 180 bytes [01:23 06/11/2018] [01:23 06/11/2018]
Secure Preferences --a---- 16034 bytes [01:23 06/11/2018] [05:07 15/12/2018]
Translate Ranker Model --a---- 2537 bytes [05:08 15/12/2018] [05:08 15/12/2018]
TransportSecurity --a---- 322 bytes [01:23 06/11/2018] [05:07 15/12/2018]
Visited Links --a---- 131072 bytes [05:07 15/12/2018] [06:58 15/12/2018]
Web Data --a---- 71680 bytes [01:23 06/11/2018] [05:07 15/12/2018]
Web Data-journal --a---- 0 bytes [01:23 06/11/2018] [05:07 15/12/2018]

---Folders---
blob_storage d------ [01:23 06/11/2018]
Cache d------ [01:23 06/11/2018]
data_reduction_proxy_leveldb d------ [01:23 06/11/2018]
Extension State d------ [01:23 06/11/2018]
Site Characteristics Database d------ [00:12 18/11/2018]
Sync Data d------ [01:23 06/11/2018]

-= EOF =-
h34n is offline  
Old 02-06-2019, 03:30 AM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Did you try the rest of the instructions?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-25-2019, 03:23 AM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Untraceable Worm/Virus named Brontok
So first, this virus made .exe in every single folder on my D: drive. I formatted the C: drive and then formatted D: as well. It was like a completely new PC. Last night, the same virus came back, it's showing up on my AVG. The exact name is: I-Worm Brontok.X I downloaded a "tool" that...
c0ldpr0xy Resolved HJT Threads 32 06-02-2012 11:54 PM
((((Google Redirects))))
So this morning i was infected with the win7 anti virus 2012 software and used the instructions on this website hxxp://www.wiki-security.com/wiki/Parasite/Win7AntiVirus2012/ to manually remove the parasite from my computer. I was able to successfully remove the software by following the...
blackbrawler Inactive Malware Help Topics 12 08-19-2011 09:42 AM
XP Security 2011/Java-CVE-2010/Cycbot Removal
Hey, everybody. Here's the lowdown: A couple of months ago my sister accidentally sent me the XP Security 2011 virus in a .JPG attached to her e-mail. (I know it was her, alas, as that's how she caught the exact same virus.) I took my PC to a local computer company and paid good money to...
KeithEKimball Resolved HJT Threads 20 08-15-2011 03:34 PM
Laptop barely works, can't access task manager
No access to a Windows install disc or a boot CD Computer takes way too long to start. Takes way too long to restart and shut down. The internet shuts off after a couple of hours and I have to restart the computer. Pop-up keeps appearing even when a web page isn't open....
BalloonBottle Resolved HJT Threads 21 07-25-2011 02:36 PM
XP security center
Hi, using XP SP3, with up to date AVG free. Using other PC to post this. I got the XP security center malware while browsing. I can not open exe files (but get no prompts like for missing associations for example, anything I have tried like Firefox, etc. I can navigate in windows explorer...
rgmm Resolved HJT Threads 16 04-09-2011 08:00 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:29 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts