Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Riskware.bitcoinminer and NET Command


  • This topic is locked This topic is locked
16 replies to this topic

#1 Pongsona

Pongsona

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 16 April 2018 - 05:37 PM

Hello. I created my first thread on Am I infected? What do I do sub-forum, but I wasn't able to solve my problems. A gentleman on the sub-forum advised me to create a new topic here after running different troubleshooting methods. Here's the link to my original thread: https://www.bleepingcomputer.com/forums/t/675517/my-computer-problems/

 

Basically I'm having trouble with three issues:

 

1. My first problem is, whenever I reboot my computer, I see this message:

Users Account Control

Do You want to allow this app to make changes to your PC?

Program Name:  Net Command

Verified Publisher:  Microsoft Windows

Program location:  "C:\Windows\sysWOW64\net.exe" start IMFservice

 

If I allow it, my computer usage goes up to 100%

 

2. My second problem is, I've been having issues with conhost.exe and riskware.bitcoinminer virus. I ran different troubleshooting but I still see the conhost.exe process when I look at under Windows Task Manager.

 

3. My last problem is, and I'm not sure if this one is related to my previous two problems, but my RAM is usually at 80-90% when I'm only running a browser. It used to be around 40% so I'm not sure what's going on

 

 

 

I was able to run FRST and will post the logs here:

 

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2018
Ran by Jung (administrator) on JUNG-PC (16-04-2018 18:28:37)
Running from D:\Users\Jung\Downloads
Loaded Profiles: Jung (Available Profiles: Jung)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Nero AG) D:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() D:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Sades 7.1CH Gaming Headset\CPL\FaceLift_x64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
(Spotify Ltd) C:\Users\Jung\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATNSOFT) D:\Program Files (x86)\ATNSOFT Key Manager\keymanager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.112.1.25\OverwolfBrowser.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.112.1.25\OverwolfBrowser.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.112.1.25\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.112.1.25\OverwolfHelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(IObit) D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13516360 2015-03-28] (Realtek Semiconductor)
HKLM\...\Run: [Cm6620Sound] => C:\Program Files\Sades 7.1CH Gaming Headset\CPL\FaceLift_x64.exe [2250240 2014-04-11] ()
HKLM\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-09] (AVAST Software)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2014-09-07] (FNet Co., Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [iTunesHelper] => D:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [835288 2014-08-13] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [BCSSync] => D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [ATNSOFT Key Manager] => D:\Program Files (x86)\ATNSOFT Key Manager\keymanager.exe [2213112 2014-02-03] (ATNSOFT)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5371168 2016-03-10] (IObit)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Run: [Aim6] => [X]
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1208648 2018-04-08] ()
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Run: [Spotify Web Helper] => C:\Users\Jung\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2018-03-06] (Spotify Ltd)
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Run: [GoogleChromeAutoLaunch_E738BA6DADA16A10C9A0F2CBA7E8FE02] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1581912 2018-02-13] (Google Inc.)
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\MountPoints2: {0a37fd54-365f-11e4-9da1-806e6f6e6963} - E:\ASRSetup.exe
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\MountPoints2: {522c0535-3647-11e4-b103-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\MountPoints2: {6b7de57a-14a5-11e5-978c-bc5ff43b5662} - K:\TL-Bootstrap.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{27A8C676-1817-443C-9D9D-32C543D27419}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7F60C536-AF96-4412-A25E-8EFF938F7DC5}: [DhcpNameServer] 192.168.42.129
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=odc179
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000 -> {6C09A5C5-E305-4b6c-8FC7-E06EFF21EB76} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-02-14] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-17] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-14] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-17] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

FireFox:
========
FF DefaultProfile: 5t0tutio.default
FF ProfilePath: C:\Users\Jung\AppData\Roaming\Mozilla\Firefox\Profiles\5t0tutio.default [2018-04-16]
FF Homepage: Mozilla\Firefox\Profiles\5t0tutio.default -> hxxp://www.google.com/
FF Extension: (Flash Video Downloader) - C:\Users\Jung\AppData\Roaming\Mozilla\Firefox\Profiles\5t0tutio.default\Extensions\artur.dubovoy@gmail.com.xpi [2018-03-27]
FF Extension: (Avast Online Security) - C:\Users\Jung\AppData\Roaming\Mozilla\Firefox\Profiles\5t0tutio.default\Extensions\wrc@avast.com.xpi [2017-10-06]
FF Extension: (Adblock Plus) - C:\Users\Jung\AppData\Roaming\Mozilla\Firefox\Profiles\5t0tutio.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Jung\AppData\Roaming\Mozilla\Firefox\Profiles\5t0tutio.default\features\{9bd183ff-effc-412a-a03e-66f5a1657912}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-04] [Legacy]
FF HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Jung\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-01-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-01-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default [2018-04-16]
CHR Extension: (Slides) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-02]
CHR Extension: (YouTube) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-02]
CHR Extension: (Play HLS M3u8) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckblfoghkjhaclegefojbgllenffajdc [2018-02-26]
CHR Extension: (Adobe Acrobat) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Video Downloader professional) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2018-04-08]
CHR Extension: (Avast SafePrice) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-03-10]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-03-09]
CHR Extension: (Google Docs Offline) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-30]
CHR Extension: (Avast Online Security) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-14]
CHR Extension: (Ace Script) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2017-09-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-02]
CHR Extension: (Chrome Media Router) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-26]
CHR HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7603408 2018-04-09] (AVAST Software)
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-09] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5708808 2018-03-30] ()
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-08-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-08-13] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-08-13] (BlueStack Systems, Inc.)
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-08] (EasyAntiCheat Ltd)
R2 HTCMonitorService; D:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [30963576 2010-01-21] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1453384 2018-04-08] (Overwolf LTD)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-29] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-17] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-12-16] (Wondershare)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2015-03-28] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [83792 2015-12-16] (Asmedia Technology)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-04-09] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-09] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-09] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-09] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-09] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [227784 2018-04-09] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-04-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [147224 2018-04-12] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111352 2018-04-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-04-09] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-04-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-04-09] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-04-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-04-09] (AVAST Software)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-08-13] (BlueStack Systems)
S3 CMUAC; C:\Windows\System32\DRIVERS\CMUAC.SYS [390656 2014-01-08] (C-Media Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-28] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
S3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [22208 2015-12-22] (IObit)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2014-09-07] (FNet Co., Ltd.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2018-04-11] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-28] (REALiX™)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2015-12-16] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2018-04-08] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-04-16] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-04-16] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-08] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2018-04-16] (Malwarebytes)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [179456 2015-12-16] (Intel Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0099.sys [38432 2016-03-06] (SoftEther Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2018-01-03] (NVIDIA Corporation)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2018-04-16] ()
S3 ALSysIO; \??\C:\USERS\JUNG\APPDATA\LOCAL\TEMP\ALSysIO64.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-16 18:28 - 2018-04-16 18:28 - 000000000 ____D C:\FRST
2018-04-16 18:07 - 2018-04-16 18:07 - 000000000 ___HD C:\Users\Jung\AppData\Local\Samsung
2018-04-15 22:07 - 2018-04-15 22:07 - 000152064 _____ C:\Windows\SysWOW64\TCHAR_x64.int
2018-04-15 21:49 - 2018-04-15 21:49 - 000001283 _____ C:\Users\Jung\Desktop\jhgjh.txt
2018-04-14 21:29 - 2018-04-14 21:29 - 000000000 ____D C:\ProgramData\Sophos
2018-04-14 21:29 - 2018-04-14 21:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2018-04-14 21:29 - 2018-04-14 21:29 - 000000000 ____D C:\Program Files (x86)\Sophos
2018-04-14 17:54 - 2018-04-14 17:54 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\166303E0.sys
2018-04-14 17:53 - 2018-04-14 18:08 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-12 06:37 - 2018-04-14 17:51 - 000000000 ___HD C:\Users\Jung\AppData\Local\Hewlett-Packard
2018-04-11 08:51 - 2018-04-14 21:35 - 000000000 ____D C:\AdwCleaner
2018-04-11 08:40 - 2018-04-11 08:40 - 000002764 _____ C:\Windows\system32\.crusader
2018-04-11 08:37 - 2018-04-11 08:41 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2018-04-11 08:36 - 2018-04-11 08:41 - 000000000 ____D C:\ProgramData\HitmanPro
2018-04-10 18:24 - 2018-03-30 22:09 - 005583040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-04-10 18:24 - 2018-03-30 22:09 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-04-10 18:24 - 2018-03-30 22:09 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-04-10 18:24 - 2018-03-30 22:09 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-04-10 18:24 - 2018-03-30 22:09 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-04-10 18:24 - 2018-03-30 21:45 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-04-10 18:24 - 2018-03-30 21:39 - 004046528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-04-10 18:24 - 2018-03-30 21:39 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-04-10 18:24 - 2018-03-30 21:38 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:12 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:06 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-04-10 18:24 - 2018-03-30 21:06 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-04-10 18:24 - 2018-03-30 21:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-04-10 18:24 - 2018-03-30 21:06 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-04-10 18:24 - 2018-03-30 21:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-04-10 18:24 - 2018-03-30 21:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-04-10 18:24 - 2018-03-30 21:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-04-10 18:24 - 2018-03-30 20:59 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-04-10 18:24 - 2018-03-30 20:58 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-04-10 18:24 - 2018-03-30 20:58 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-04-10 18:24 - 2018-03-30 20:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-04-10 18:24 - 2018-03-30 20:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-04-10 18:24 - 2018-03-30 20:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-04-10 18:24 - 2018-03-30 20:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-04-10 18:24 - 2018-03-30 20:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-04-10 18:24 - 2018-03-30 20:47 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-04-10 18:24 - 2018-03-30 20:47 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-04-10 18:24 - 2018-03-30 20:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 20:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 20:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 20:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 20:47 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-04-10 18:24 - 2018-03-28 03:30 - 003225600 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-04-10 18:24 - 2018-03-23 14:50 - 000396952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-04-10 18:24 - 2018-03-23 13:59 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-04-10 18:24 - 2018-03-22 19:00 - 025742336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-04-10 18:24 - 2018-03-22 17:32 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-04-10 18:24 - 2018-03-22 17:32 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-04-10 18:24 - 2018-03-22 17:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-04-10 18:24 - 2018-03-22 17:19 - 002901504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-04-10 18:24 - 2018-03-22 17:18 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-04-10 18:24 - 2018-03-22 17:17 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-04-10 18:24 - 2018-03-22 17:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-04-10 18:24 - 2018-03-22 17:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-04-10 18:24 - 2018-03-22 17:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-04-10 18:24 - 2018-03-22 17:15 - 005780480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-04-10 18:24 - 2018-03-22 17:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-04-10 18:24 - 2018-03-22 17:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-04-10 18:24 - 2018-03-22 17:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-04-10 18:24 - 2018-03-22 17:06 - 000794112 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-04-10 18:24 - 2018-03-22 17:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-04-10 18:24 - 2018-03-22 17:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-04-10 18:24 - 2018-03-22 17:05 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-04-10 18:24 - 2018-03-22 17:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-04-10 18:24 - 2018-03-22 16:58 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-04-10 18:24 - 2018-03-22 16:55 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-04-10 18:24 - 2018-03-22 16:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-04-10 18:24 - 2018-03-22 16:52 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-04-10 18:24 - 2018-03-22 16:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-04-10 18:24 - 2018-03-22 16:51 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-04-10 18:24 - 2018-03-22 16:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-04-10 18:24 - 2018-03-22 16:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-04-10 18:24 - 2018-03-22 16:48 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-04-10 18:24 - 2018-03-22 16:48 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-04-10 18:24 - 2018-03-22 16:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-04-10 18:24 - 2018-03-22 16:45 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-04-10 18:24 - 2018-03-22 16:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-04-10 18:24 - 2018-03-22 16:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-04-10 18:24 - 2018-03-22 16:44 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-04-10 18:24 - 2018-03-22 16:43 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-04-10 18:24 - 2018-03-22 16:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-04-10 18:24 - 2018-03-22 16:42 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-04-10 18:24 - 2018-03-22 16:42 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-04-10 18:24 - 2018-03-22 16:41 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-04-10 18:24 - 2018-03-22 16:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-04-10 18:24 - 2018-03-22 16:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-04-10 18:24 - 2018-03-22 16:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-04-10 18:24 - 2018-03-22 16:29 - 015282688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-04-10 18:24 - 2018-03-22 16:29 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-04-10 18:24 - 2018-03-22 16:29 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-04-10 18:24 - 2018-03-22 16:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-04-10 18:24 - 2018-03-22 16:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-04-10 18:24 - 2018-03-22 16:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-04-10 18:24 - 2018-03-22 16:27 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-04-10 18:24 - 2018-03-22 16:27 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-04-10 18:24 - 2018-03-22 16:25 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-04-10 18:24 - 2018-03-22 16:25 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-04-10 18:24 - 2018-03-22 16:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-04-10 18:24 - 2018-03-22 16:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-04-10 18:24 - 2018-03-22 16:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-04-10 18:24 - 2018-03-22 16:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-04-10 18:24 - 2018-03-22 16:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-04-10 18:24 - 2018-03-22 16:15 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-04-10 18:24 - 2018-03-22 16:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-04-10 18:24 - 2018-03-22 16:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-04-10 18:24 - 2018-03-22 16:14 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-04-10 18:24 - 2018-03-22 16:04 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-04-10 18:24 - 2018-03-22 15:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-04-10 18:24 - 2018-03-22 15:53 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-04-10 18:24 - 2018-03-22 15:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-04-10 18:24 - 2018-03-22 15:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-04-10 18:24 - 2018-03-10 13:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-04-10 18:24 - 2018-03-09 14:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-04-10 18:24 - 2018-03-09 14:12 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-04-10 18:24 - 2018-03-09 14:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-04-10 18:24 - 2018-03-09 14:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-04-10 18:24 - 2018-03-09 14:12 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-04-10 18:24 - 2018-03-09 14:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-04-10 18:24 - 2018-03-09 14:07 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-04-10 18:24 - 2018-03-09 14:07 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-04-10 18:24 - 2018-03-09 14:07 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-04-10 18:24 - 2018-03-09 14:06 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-04-10 18:24 - 2018-03-09 14:06 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-04-10 18:24 - 2018-03-09 13:31 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-04-10 18:24 - 2018-03-06 14:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2018-04-10 18:24 - 2018-03-06 14:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2018-04-10 18:24 - 2018-03-06 14:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2018-04-10 18:24 - 2018-03-06 14:10 - 000170176 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-04-10 18:24 - 2018-03-06 14:07 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-04-10 18:24 - 2018-03-06 14:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-04-10 18:23 - 2018-03-14 13:14 - 000135360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-10 18:23 - 2018-03-14 13:09 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-10 18:23 - 2018-03-14 09:05 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-10 18:23 - 2018-03-14 09:05 - 001559552 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-10 18:23 - 2018-03-14 09:05 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-10 18:23 - 2018-03-14 09:05 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-10 18:23 - 2018-03-14 09:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-10 18:23 - 2018-03-14 09:05 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-10 18:23 - 2018-03-14 09:05 - 000291840 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-10 18:23 - 2018-03-14 09:05 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-04-09 23:16 - 2018-04-09 23:15 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-04-09 19:14 - 2018-04-09 19:14 - 000406584 _____ C:\Windows\Minidump\040918-9578-01.dmp
2018-04-08 20:10 - 2018-04-16 18:25 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-04-08 20:10 - 2018-04-16 18:25 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-04-08 20:10 - 2018-04-16 18:25 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-04-08 20:10 - 2018-04-08 20:10 - 000193768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-04-08 20:10 - 2018-04-08 20:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-08 20:10 - 2018-04-08 20:10 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-08 20:10 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-04-08 20:09 - 2018-04-08 20:09 - 000000000 ____D C:\ProgramData\MB2Migration
2018-04-08 12:52 - 2018-04-08 12:52 - 000406536 _____ C:\Windows\Minidump\040818-9063-01.dmp
2018-04-08 08:04 - 2018-04-08 08:04 - 000406600 _____ C:\Windows\Minidump\040818-9984-01.dmp
2018-04-08 00:07 - 2018-04-10 17:59 - 000000000 ___HD C:\Users\Jung\AppData\Local\uTorrent
2018-03-31 02:21 - 2018-03-31 02:21 - 000000000 __SHD C:\82ace7d6-0197-474d-bf4b-a2043e72329b
2018-03-30 21:51 - 2018-04-16 06:09 - 000000000 ____D C:\Users\Jung\AppData\Roaming\b678f84819e69d2636fe9af0eea01692
2018-03-30 21:37 - 2018-04-16 05:37 - 000153088 _____ C:\Windows\SysWOW64\conhost64.exe
2018-03-30 21:37 - 2018-04-08 20:13 - 000000000 ___HD C:\Users\Jung\AppData\Local\BitTorrent
2018-03-27 10:37 - 2018-04-08 20:13 - 000000000 ___HD C:\Users\Jung\AppData\Local\ActiveX
2018-03-24 00:30 - 2018-04-16 07:53 - 000003922 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-23 14:07 - 2018-04-08 20:13 - 000000000 ___HD C:\Users\Jung\AppData\Local\Minidump
2018-03-17 19:38 - 2018-03-17 19:38 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-16 18:26 - 2016-11-16 21:58 - 000000000 ____D C:\Users\Jung\AppData\LocalLow\Mozilla
2018-04-16 18:26 - 2016-03-23 18:13 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-16 18:26 - 2015-10-12 20:13 - 000000000 ____D C:\Users\Jung\AppData\Local\Overwolf
2018-04-16 18:26 - 2015-06-18 16:30 - 000000000 ____D C:\Users\Jung\AppData\Local\HTC MediaHub
2018-04-16 18:26 - 2014-10-26 07:59 - 000040807 _____ C:\Users\Jung\IP_Log_Data.js
2018-04-16 18:25 - 2018-03-14 23:20 - 000094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2018-04-16 18:25 - 2014-09-07 00:34 - 000034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2018-04-16 18:25 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-16 18:24 - 2014-10-26 08:14 - 000000031 _____ C:\Users\Jung\AppData\Roaming\Network Meter_Usage.ini
2018-04-16 18:21 - 2014-09-07 02:43 - 000000000 ____D C:\Users\Jung\AppData\Roaming\Skype
2018-04-16 18:00 - 2014-10-26 08:00 - 001290126 _____ C:\Users\Jung\Network_Meter_Data.js
2018-04-16 07:59 - 2009-07-14 00:45 - 000028096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-16 07:59 - 2009-07-14 00:45 - 000028096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-16 07:53 - 2018-02-27 08:37 - 000003596 _____ C:\Windows\System32\Tasks\{66CD9826-6DA0-4D42-ADCE-6DC9809800DD}
2018-04-16 07:53 - 2018-02-27 08:37 - 000003428 _____ C:\Windows\System32\Tasks\{25D1D094-90EC-4D15-9C59-1FABBE7C1265}
2018-04-16 07:53 - 2018-01-31 20:24 - 000003454 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-Jung-PC-Jung
2018-04-16 07:53 - 2017-10-27 17:52 - 000003200 _____ C:\Windows\System32\Tasks\Adobe Uninstaller
2018-04-16 07:53 - 2017-10-27 17:00 - 000003498 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Jung-PC-Jung
2018-04-16 07:53 - 2017-09-20 04:43 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-16 07:53 - 2017-09-20 04:43 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-16 07:53 - 2017-09-20 04:43 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-16 07:53 - 2017-09-20 04:42 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-16 07:53 - 2017-09-20 04:42 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-16 07:53 - 2017-09-20 04:42 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-16 07:53 - 2017-09-20 04:42 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-16 07:53 - 2017-01-12 13:02 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-04-16 07:53 - 2017-01-12 13:02 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-04-16 07:53 - 2015-12-03 09:20 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-04-16 07:53 - 2015-08-04 14:31 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-04-16 07:53 - 2015-03-28 17:23 - 000002900 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Jung
2018-04-16 07:53 - 2014-09-07 02:06 - 000002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-04-15 21:57 - 2009-07-14 01:13 - 000784394 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-15 21:57 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-04-15 18:43 - 2017-08-26 09:39 - 000000000 ___HD C:\Users\Jung\AppData\Local\TeamViewer
2018-04-15 17:52 - 2014-09-17 07:02 - 000000000 ____D C:\Users\Jung\AppData\Local\CrashDumps
2018-04-15 00:26 - 2014-09-07 01:46 - 000000000 ____D C:\Users\Jung\AppData\Roaming\IObit
2018-04-15 00:26 - 2014-09-07 01:46 - 000000000 ____D C:\ProgramData\ProductData
2018-04-14 17:54 - 2014-09-07 02:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-14 17:51 - 2014-09-07 00:51 - 000000000 ___HD C:\Users\Jung\AppData\Local\Adobe
2018-04-12 16:40 - 2017-08-26 09:39 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-04-12 16:36 - 2015-10-12 20:13 - 000000000 ____D C:\Program Files (x86)\Overwolf
2018-04-12 11:16 - 2014-09-07 02:03 - 000147224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-04-11 13:50 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2018-04-11 08:53 - 2014-09-07 01:46 - 000000000 ____D C:\Users\Jung\AppData\LocalLow\IObit
2018-04-11 08:53 - 2014-09-07 01:46 - 000000000 ____D C:\ProgramData\IObit
2018-04-11 08:53 - 2014-09-07 01:46 - 000000000 ____D C:\Program Files (x86)\IObit
2018-04-10 18:40 - 2009-07-14 00:45 - 005031952 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-10 18:39 - 2014-12-11 08:18 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-09 23:16 - 2017-03-10 02:42 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-04-09 23:15 - 2017-12-22 13:23 - 000227784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-04-09 23:15 - 2017-11-17 07:04 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-04-09 23:15 - 2014-09-07 02:03 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-04-09 23:15 - 2014-09-07 02:03 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-04-09 23:15 - 2014-09-07 02:03 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-04-09 23:15 - 2014-09-07 02:03 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-04-09 23:15 - 2014-09-07 02:03 - 000111352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-04-09 23:15 - 2014-09-07 02:03 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-04-09 23:15 - 2014-09-07 02:03 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-04-09 19:19 - 2017-05-30 23:28 - 000000000 ____D C:\Users\Jung\AppData\Roaming\discord
2018-04-09 19:14 - 2018-03-03 05:27 - 727088237 _____ C:\Windows\MEMORY.DMP
2018-04-09 19:14 - 2016-02-15 21:53 - 000000000 ____D C:\Windows\Minidump
2018-04-08 20:13 - 2018-03-14 23:29 - 000000000 ___HD C:\Users\Jung\AppData\Local\StdVCL
2018-04-08 20:13 - 2018-03-05 02:07 - 000000000 ___HD C:\Users\Jung\AppData\Local\WebMidas
2018-04-08 20:10 - 2016-06-23 21:31 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-04 01:48 - 2017-07-09 13:18 - 000000000 ____D C:\Users\Jung\AppData\Roaming\WhatsApp
2018-04-04 01:05 - 2017-07-09 13:17 - 000000000 ____D C:\Users\Jung\AppData\Local\WhatsApp
2018-04-04 01:04 - 2017-07-09 13:18 - 000002186 _____ C:\Users\Jung\Desktop\WhatsApp.lnk
2018-04-04 01:04 - 2017-07-09 13:18 - 000000000 ____D C:\Users\Jung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2018-04-03 23:52 - 2014-09-07 02:43 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-04-03 23:52 - 2014-09-07 02:43 - 000000000 ____D C:\ProgramData\Skype
2018-03-30 21:27 - 2017-05-19 23:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-30 21:27 - 2016-06-30 05:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-28 08:16 - 2017-10-07 13:55 - 000000000 ____D C:\Users\Jung\AppData\Roaming\uTorrent
2018-03-25 20:40 - 2014-09-07 00:41 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-03-24 00:31 - 2014-09-07 00:41 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-03-24 00:30 - 2014-09-07 00:40 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-03-23 14:09 - 2015-03-28 17:15 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-22 19:52 - 2018-01-11 10:48 - 000000089 _____ C:\Users\Jung\Desktop\citylink.txt
2018-03-21 02:49 - 2017-03-16 08:27 - 000000000 ____D C:\Users\Jung\AppData\Roaming\Spotify
2018-03-21 02:49 - 2017-03-16 08:27 - 000000000 ____D C:\Users\Jung\AppData\Local\Spotify
2018-03-19 22:48 - 2015-10-12 20:13 - 000000000 ____D C:\Users\Jung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2018-03-17 02:47 - 2015-11-28 17:00 - 000000000 ____D C:\Users\Jung\AppData\Roaming\vlc

==================== Files in the root of some directories =======

2014-10-26 07:59 - 2018-04-16 18:26 - 000040807 _____ () C:\Users\Jung\IP_Log_Data.js
2014-10-26 08:00 - 2018-04-16 18:00 - 001290126 _____ () C:\Users\Jung\Network_Meter_Data.js
1623-04-04 13:34 - 1623-04-04 13:34 - 000073216 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\tIYeUYoW.exe
2015-04-09 00:20 - 2015-04-09 00:20 - 000000132 _____ () C:\Users\Jung\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-10-26 07:58 - 2014-10-26 07:58 - 000000624 _____ () C:\Users\Jung\AppData\Roaming\All CPU MeterV3_Settings.ini
2014-10-26 08:01 - 2014-10-26 08:01 - 000000839 _____ () C:\Users\Jung\AppData\Roaming\Drives Meter_Settings.ini
2014-10-26 08:03 - 2014-10-31 09:38 - 000000958 _____ () C:\Users\Jung\AppData\Roaming\Network Meter_Settings.ini
2014-10-26 08:14 - 2018-04-16 18:24 - 000000031 _____ () C:\Users\Jung\AppData\Roaming\Network Meter_Usage.ini
2016-03-06 04:27 - 2017-04-28 06:48 - 000007594 _____ () C:\Users\Jung\AppData\Local\Resmon.ResmonCfg
2014-09-08 23:37 - 2014-09-08 23:37 - 000000003 _____ () C:\Users\Jung\AppData\Local\updater.log
2014-09-08 23:37 - 2017-05-07 03:58 - 000000425 _____ () C:\Users\Jung\AppData\Local\UserProducts.xml
2014-09-07 00:35 - 2014-09-07 00:35 - 000000003 _____ () C:\Users\Jung\AppData\Local\user_data.ini
2018-02-27 08:37 - 2018-02-27 08:37 - 000000003 _____ () C:\Users\Jung\AppData\Local\wbem.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-08 10:45

==================== End of FRST.txt ============================

 

 

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by Jung (16-04-2018 18:29:15)
Running from D:\Users\Jung\Downloads
Windows 7 Professional Service Pack 1 (X64) (2014-09-07 04:21:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1213258055-3130736596-3601825316-500 - Administrator - Disabled)
Guest (S-1-5-21-1213258055-3130736596-3601825316-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1213258055-3130736596-3601825316-1003 - Limited - Enabled)
Jung (S-1-5-21-1213258055-3130736596-3601825316-1000 - Administrator - Enabled) => C:\Users\Jung

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: IObit Malware Fighter (Disabled - Out of date) {4D381C57-3C7A-6F22-07EB-639F49E836D4}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.159 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
AIM 6 (HKLM-x32\...\AIM_6) (Version:  - )
Apowersoft Online Launcher version 1.7.0 (HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.7.0 - APOWERSOFT LIMITED)
Apowersoft Screen Recorder Pro V2.1.9 (HKLM-x32\...\{dc9006db-6b05-4f0f-833b-79ef3f284c24}_is1) (Version: 2.1.9 - APOWERSOFT LIMITED)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version:  - )
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
ASRock eXtreme Tuner v0.1.181 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock InstantBoot v1.29 (HKLM-x32\...\ASRock InstantBoot_is1) (Version:  - )
ASRock SmartConnect v1.0.6 (HKLM\...\ASRock SmartConnect_is1) (Version:  - ASRock Inc.)
ASRock XFast RAM v2.0.9 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.3.2333 - AVAST Software)
Blackboard Collaborate Launcher (HKLM-x32\...\{AEED1D32-C837-405A-8009-6660E3883C9E}) (Version: 1.6.4.0 - Blackboard)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.1.4057 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{981B38A6-E4D0-4D94-98C2-75AC645755F5}) (Version: 0.9.1.4057 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Charles (HKLM-x32\...\Charles_XK72) (Version:  - )
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Core Temp version 0.99.7 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 0.99.7 - Arthur Liberman)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Discord) (Version: 0.0.300 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 390.65 - NVIDIA Corporation) Hidden
Driver Booster 4.3 (HKLM-x32\...\Driver Booster_is1) (Version: 4.3.0 - IObit)
Epic Games Launcher (HKLM-x32\...\{8FEB5B5F-0777-4E9D-8705-06F0A2295544}) (Version: 1.1.143.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EVGA OC Scanner X 3.5.1.0 (64-bit) (HKLM\...\{CC520CF6-B02E-49AA-8192-C1DDC159E0AA}}_is1) (Version:  - EVGA)
EVGA PrecisionX 16 (HKLM-x32\...\{DF31774D-B479-47D9-82F4-6ED733A7A341}) (Version: 5.2.4 - EVGA Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.167 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hextech Repair Tool (HKLM-x32\...\{7F9A97E6-E666-11E5-B582-B88687E82322}) (Version: 1.1.14 - Riot Games, Inc.)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.46.0 - HTC)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® Smart Connect Technology 2.0 x64 (HKLM\...\{D1B033E8-A077-4B0D-9831-5798E19E861E}) (Version: 2.0.1083.0 - Intel)
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® SSD Toolbox (HKLM-x32\...\{06D085C8-1F00-11B2-96A7-8f0CE39193ED}) (Version: 3.4.6.400 - Intel Corporation)
IObit Malware Fighter 4 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 4.0 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.6.101 - IObit)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Key Manager v1.9 (HKLM-x32\...\Key Manager_is1) (Version: 1.9 - ATNSOFT)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Medieval Kingdoms 1212 Part 1 (HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Medieval Kingdoms 1212 Part 1) (Version:  - )
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Build Tools 2015 (HKLM-x32\...\{d21da0dd-4ba4-4838-ba58-64cf7a77131a}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 390.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 390.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 390.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 390.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
osu! (HKLM-x32\...\{aa10969d-51fa-44d6-b633-f195681385af}) (Version: latest - ppy Pty Ltd)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.112.1.25 - Overwolf Ltd.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6875 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Sades 7.1CH Gaming Headset (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006620}) (Version: 1.00.0010 - SHENZHEN SADES DIGITAL TECHNOLOGY CO.,LTD)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Sid Meier's Civilization 5 (HKLM-x32\...\Sid Meier's Civilization 5_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.4 - IObit)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Spotify (HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Spotify) (Version: 1.0.72.117.g6bd7cc73 - Spotify AB)
SRWare Iron version SRWare Iron 37.2000.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 37.2000.0 - SRWare)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.3 - IObit)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.82216 - TeamViewer)
THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited)
Twitch (HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Vivaldi (HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Vivaldi) (Version: 1.7.735.46 - Vivaldi)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Web Launch Recorder (HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\WebLaunchRecorder) (Version: 2.0 - )
WhatsApp (HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\WhatsApp) (Version: 0.2.8691 - WhatsApp)
WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
XFast LAN v6.61 (HKLM\...\XFast LAN) (Version: 6.61 - cFos Software GmbH, Bonn)
XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.28 - ASRock Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-12-23] (IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-11-12] (IObit)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\system32\IObitSmartDefragExtension.dll [2015-01-10] (IObit)
ContextMenuHandlers1: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [2015-03-28] (IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext64.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-12-23] (IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-11-12] (IObit)
ContextMenuHandlers4: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [2015-03-28] (IObit)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-01-03] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-12-23] (IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-11-12] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\system32\IObitSmartDefragExtension.dll [2015-01-10] (IObit)
ContextMenuHandlers6: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [2015-03-28] (IObit)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext64.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02257A25-4611-4DA3-8DDD-B1B539F2457C} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2018-04-08] (Overwolf LTD)
Task: {05C3F14E-974F-4BAC-81CD-1AF0C9032B7C} - System32\Tasks\AdobeAAMUpdater-1.0-Jung-PC-Jung => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {10F6762B-B4DC-4B3B-BFBE-3B0FAEC26DD4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {18549EB8-CAE2-45B7-8C9B-26CF24D5B84C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {1DC0C1CB-1355-4E7F-994F-83E280102EE0} - System32\Tasks\update-S-1-5-21-1213258055-3130736596-3601825316-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {217D33C1-8ADB-4A62-BC68-DA60AD8BC18B} - System32\Tasks\Driver Booster SkipUAC (Jung) => C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe [2017-03-16] (IObit)
Task: {240D8887-83B5-42EF-AB27-6989FFE347B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-12] (Google Inc.)
Task: {2945AD49-D50A-4545-92B4-F49172BFA301} - System32\Tasks\SmartDefrag4_Update => D:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2016-01-28] (IObit)
Task: {2BEB110B-6806-4BB0-8CFC-ECBEFA67449E} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-03-14] (NVIDIA Corporation)
Task: {2FE3AF18-5DBC-4992-AC7C-A142BE182FA9} - System32\Tasks\AdobeGCInvoker-1.0-Jung-PC-Jung => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {3356999A-D06F-4E85-B0E2-EDCCA82137F5} - System32\Tasks\{AF535F39-DDB3-4C60-9E83-4D9FD0AD36C2} => C:\Windows\system32\pcalua.exe -a C:\Windows\System32\msiexec.exe -d "D:\Program Files (x86)\Steam\steamapps\common\blacklightretribution" -c /passive /I "C:\Program Files (x86)\Common Files\Wise Installation Wizard\WIS3F5C371F8EA24F259D3DD0B4526E3AEA_9_10_0513.MSI" WISE_SETUP_EXE_PATH="D:\Program Files (x86)\Steam\steamapps\comm (the data entry has 67 more characters).
Task: {35A73630-3031-47D1-90CF-1E81F76C2A25} - System32\Tasks\{25D1D094-90EC-4D15-9C59-1FABBE7C1265} => C:\Program Files (x86)\Common Files\tIYeUYoW.exe [1623-04-04] (Microsoft Corporation)
Task: {4AE3ADAA-AC03-419C-96A3-A7FCBA377AE2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {69A21663-93AC-4300-99CD-4A0E7878756A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {6DE3333F-3F6D-42A8-AACD-52451F35D8E9} - System32\Tasks\Uninstaller_SkipUac_Jung => D:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-03-04] (IObit)
Task: {6FFBE7AA-014B-4FA4-8B06-B5F836C59D9B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {72B712CA-B4C6-40A3-B7E9-123FA917B0C7} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-03-14] (NVIDIA Corporation)
Task: {7BA10E20-F4FD-4EB4-BB91-9094A5225AC9} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Task: {A07EF219-478A-4E0A-B077-91A3E0B82983} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {AB4596A9-BA57-471B-BAE7-B00B0370E19D} - System32\Tasks\SmartDefrag4_Startup => D:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2016-02-17] (IObit)
Task: {AD6576B1-0974-4395-B0BE-A9B63AE3B317} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-04-13] (AVAST Software)
Task: {B5F8A1BB-CC1C-4916-BFC2-D308F65170B1} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {BD8DB47E-2A5F-4BC1-B8A1-9FF0A2247936} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {C4DD5C27-FC57-42DA-AEBA-9DB87275CCF4} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {D424E2F8-AF3D-41CC-8E19-0128B18B86A0} - System32\Tasks\Avast Emergency Update => D:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-04-09] (AVAST Software)
Task: {D54A7390-96FB-4476-9065-C027C982DB62} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-12] (Google Inc.)
Task: {D5A6CF0A-5ECC-4426-BE1F-E1015C6651A1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_170_pepper.exe [2017-10-19] (Adobe Systems Incorporated)
Task: {D747147A-8108-4A8D-967B-89813C47FC46} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-03-14] (NVIDIA Corporation)
Task: {DA075888-C8B7-4748-8ED6-8D134DCE3162} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-03-14] (NVIDIA Corporation)
Task: {DCCC6881-CB76-4670-919B-D15ECDB6F060} - System32\Tasks\Uninstaller_SkipUac_Administrator => D:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-03-04] (IObit)
Task: {DEFEB059-9153-4CB9-A8D6-12049E45E43D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {DF9E930C-9973-4D34-AE05-83EE7DBA2DA4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-11] (Adobe Systems Incorporated)
Task: {E54C7FD3-6819-41F5-BCA1-588E20874B28} - System32\Tasks\{66CD9826-6DA0-4D42-ADCE-6DC9809800DD} => C:\Windows\FigmVIulQlqiu.exe [1623-04-04] (Microsoft Corporation)
Task: {E5E0B247-8047-4A30-B53F-B2E910671833} - System32\Tasks\SafeZone scheduled Autoupdate 1475621474 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\update-S-1-5-21-1213258055-3130736596-3601825316-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Jung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Jung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2018-01-11 11:59 - 2018-01-03 21:39 - 000544056 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2012-02-09 16:26 - 2012-02-09 16:26 - 000133632 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2012-02-09 16:26 - 2012-02-09 16:26 - 000048128 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2012-02-09 16:26 - 2012-02-09 16:26 - 000036864 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetDetect.dll
2017-09-26 02:52 - 2017-09-26 02:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 008794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-09-20 04:42 - 2018-03-14 09:05 - 001267648 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 000166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-11-29 02:19 - 2014-11-29 02:25 - 000076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2018-04-08 20:10 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-08 20:10 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-04-13 15:44 - 2015-04-13 15:44 - 000821600 _____ () D:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2014-09-07 00:36 - 2011-05-19 09:58 - 000246784 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2015-12-26 17:59 - 2014-04-11 00:31 - 002250240 ____N () C:\Program Files\Sades 7.1CH Gaming Headset\CPL\FaceLift_x64.exe
2014-10-26 07:56 - 2014-10-26 07:56 - 000012520 _____ () C:\Users\Jung\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
2014-10-26 07:56 - 2014-10-26 07:56 - 000015080 _____ () C:\Users\Jung\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
2014-10-26 07:56 - 2014-10-26 07:56 - 000014056 _____ () C:\Users\Jung\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
2018-02-13 20:57 - 2018-02-13 00:25 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.167\libglesv2.dll
2018-02-13 20:57 - 2018-02-13 00:25 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.167\libegl.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000728792 _____ () d:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000920280 _____ () D:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000348888 _____ () d:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000349912 _____ () D:\Program Files\AVAST Software\Avast\streamback_avast.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000295640 _____ () D:\Program Files\AVAST Software\Avast\streamback.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000282840 _____ () D:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-04-16 03:10 - 2018-04-16 03:10 - 005816976 _____ () D:\Program Files\AVAST Software\Avast\defs\18041600\algo.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000763608 _____ () D:\Program Files\AVAST Software\Avast\ffl2.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000911064 _____ () D:\Program Files\AVAST Software\Avast\anen.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000172760 _____ () D:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000969944 _____ () D:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000501464 _____ () D:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-04-16 18:26 - 2018-04-16 18:26 - 005816976 _____ () D:\Program Files\AVAST Software\Avast\defs\18041604\algo.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 000073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 001044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-13 15:43 - 2015-04-13 15:43 - 000031080 _____ () D:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2015-04-13 15:43 - 2015-04-13 15:43 - 000607376 _____ () D:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2015-04-13 15:44 - 2015-04-13 15:44 - 000059752 _____ () D:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2015-04-13 15:44 - 2015-04-13 15:44 - 000036216 _____ () D:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2015-04-13 15:44 - 2015-04-13 15:44 - 000080248 _____ () D:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2015-04-13 15:45 - 2015-04-13 15:45 - 000129376 _____ () D:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2015-04-13 15:47 - 2015-04-13 15:47 - 000223592 _____ () D:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2017-09-20 04:42 - 2018-03-14 09:05 - 001041344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-03-09 09:47 - 2018-03-09 09:47 - 067126928 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000281816 _____ () D:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2018-04-08 10:46 - 2018-04-08 10:46 - 069441864 _____ () C:\Program Files (x86)\Overwolf\0.112.1.25\libcef.DLL
2017-09-20 04:43 - 2018-03-14 09:04 - 081563584 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-04-08 10:46 - 2018-04-08 10:46 - 003110216 _____ () C:\Program Files (x86)\Overwolf\0.112.1.25\libglesv2.dll
2018-04-08 10:46 - 2018-04-08 10:46 - 000086856 _____ () C:\Program Files (x86)\Overwolf\0.112.1.25\libegl.dll
2018-03-24 00:30 - 2018-03-14 09:04 - 002478016 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-03-24 00:30 - 2018-03-14 09:04 - 000125376 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
2014-09-07 01:46 - 2015-12-23 18:32 - 000190240 _____ () D:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2014-09-07 01:46 - 2015-12-23 18:32 - 000057632 _____ () D:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2018-02-15 18:51 - 2018-02-15 18:51 - 000016384 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\99a7f1bbdd8308a09900171880b90375\PSIClient.ni.dll
2014-09-07 00:29 - 2012-07-18 06:55 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Public\AppData:CSM [478]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-07-25 21:29 - 000000822 ____R C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jung\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{13EE3010-AE9A-4165-8A13-AF37B5933243}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{925D7BFB-5633-4AFA-A919-1F86FDC07699}D:\program files (x86)\charles\charles.exe] => (Allow) D:\program files (x86)\charles\charles.exe
FirewallRules: [UDP Query User{73ED3435-CBBA-4DA2-BC62-945B45D667C6}D:\program files (x86)\charles\charles.exe] => (Allow) D:\program files (x86)\charles\charles.exe
FirewallRules: [{BD4659AC-8525-4245-8640-247CC3F41B78}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{61CFE7B4-F2C2-43D1-8F3A-A44A9BE8517A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F2388604-00A2-4862-8D50-1E1E501D177C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F5452F58-97C2-4110-B58C-5FAAAF7A8499}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C7DF6128-729D-40B0-AFCD-8563A2674162}] => (Allow) D:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{C49F355C-96DE-4883-A709-DB1597FCDFD8}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4C46941B-9C8D-4A8A-B8BE-783137EBA22A}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C4AFA8D8-C254-40C2-A894-006BB3083FCA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{06A3F5FC-5D8E-4C08-92C7-C6AB5BDCD3BA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
FirewallRules: [TCP Query User{B875B1A0-0CF0-424B-A5C5-E7E107CD5FE5}D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{45D3A049-BE3C-4289-9A5F-D2E079CC1EF9}D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{7CD62A46-E939-40C5-834F-1092CDBFAF0F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A3378131-0B98-4D64-9356-061FE56E04CF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{42B3FD3B-761C-496A-A800-BF676DC8213E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{EB7BC00B-CC99-4CB9-860F-3CDB98B0D1E2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3DBCB322-A509-45FB-BB2C-04E34FCB931C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{A9EA4AF6-C5AB-44A6-A9DA-2287F0374207}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{A6A68F1B-A105-4D66-9AEA-023BD49C7025}] => (Allow) C:\Program Files (x86)\AIM6\aim6.exe
FirewallRules: [{E834141F-07AF-49C3-83C4-0485DF7BECAC}] => (Allow) C:\Program Files (x86)\AIM6\aim6.exe
FirewallRules: [{3AEE4F09-06CD-4E63-9ACC-8C81DFC125E5}] => (Allow) D:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{E008DC35-AFDC-4FB9-942A-14836610F826}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AAEF16CA-BBF4-4C74-83A6-D90CC2AA50F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{08FF43F9-9BEF-4E05-8F01-43D9D634D24A}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{90C3DC5D-78FD-401E-A372-F193451FBA13}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{E99651FD-86EE-4E3B-B082-99A188948FD9}C:\users\jung\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jung\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{68E63EF6-7A97-4534-A464-40EE706307B7}C:\users\jung\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jung\appdata\roaming\spotify\spotify.exe
FirewallRules: [{AAEA69B2-109B-454A-87BB-1BDEC4310421}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{262046DF-2674-4881-8FB8-530EC8455280}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E3598E82-9730-422B-BD0E-B861597F6D13}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{95607DDF-51B8-4BCB-B8B7-2C44250E3C30}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C8FDA7E6-16AD-4C0E-B130-13000A7F0FF7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E8B70783-2BB4-4B4A-B602-E40893D4EB95}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{2B17DF6C-9E48-45B3-B356-49CEFDA03236}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{46C03B3A-D7FF-4647-AFDF-F5E7DFF5F424}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{8C926CFF-2839-4574-B042-7D8BD731C82A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7A2BD7D5-7CBA-4150-8B61-87D2CF073C36}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [TCP Query User{B76196DD-064D-4FA5-A048-1B4502A314CB}C:\users\jung\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jung\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{EFF013AF-D889-4B31-BE6D-498F2CEE721A}C:\users\jung\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jung\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{4B942C9C-BB79-4E98-A94F-A2F10CBEDB72}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{DA46928B-4502-435B-ABBF-DBA1778E587E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [TCP Query User{030B0964-219D-47C6-AA5C-830AC31FD05C}D:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [UDP Query User{9F59E011-A3AC-4798-A812-53F58422E047}D:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [{46D81B06-3B90-40B0-8CF3-7115CE221FEC}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
FirewallRules: [{27F0C864-809A-46DB-A092-39D84828F69F}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
FirewallRules: [{7AD9E786-E6C8-42A3-8E24-518A94F7A5B7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{1CA93EDD-3A6F-4C2E-A19B-BCCE56C15191}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{B986476E-0D12-4BA7-8DF3-579027977A7D}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{A4367F48-83F9-4EE7-A9B0-D28CE77B61B3}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{2ED83E8B-315A-4FD5-A86C-8E9DC1C57EDC}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{FA8203DD-322B-4FC4-B98B-86003126173E}D:\program files (x86)\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\program files (x86)\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{8A260B2D-658C-4ADF-95DA-83173DCD92EA}D:\program files (x86)\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\program files (x86)\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{C6E42C4C-EF8A-416B-9B1B-AA163ED96AD2}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [UDP Query User{DC4B94DB-3B6F-435F-B9E7-51A259447265}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [TCP Query User{B0520A69-4800-4797-A590-00CC5C223C98}C:\users\jung\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Allow) C:\users\jung\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [UDP Query User{2A8003AD-AF68-47AE-8578-BE7938D0AD6F}C:\users\jung\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Allow) C:\users\jung\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [TCP Query User{BDBEDB93-44C5-4D7A-A883-DA83D294593B}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [UDP Query User{183817D9-B2F4-4FB6-9D8B-CB7590EA0221}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [{BA61BFDC-998D-4C12-B3D0-91F238A7059C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{9F34FD7D-5C00-46F9-BD9B-C6FDE9397707}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{95F8F08E-C563-4DDE-A7D7-F0EB0AD16BB7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E21F9DF0-5649-45BF-8EC3-EDD398781E3E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{4C5B7D42-49F4-417B-A3C0-4364F2BB4DBF}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [UDP Query User{09CE659E-ABB2-4DA9-A343-7DA511CC3528}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [TCP Query User{E2128C4F-881D-4CA5-83C5-7F82FD848ACE}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [UDP Query User{FB91CE6B-92A7-43DF-A135-F1FB5E23412D}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2018 06:25:51 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/16/2018 06:25:46 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (04/16/2018 12:20:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program League of Legends.exe version 8.7.224.3213 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3e20

Start Time: 01d3d53a12629a4d

Termination Time: 4

Application Path: D:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.212\deploy\League of Legends.exe

Report Id: 856f2a59-412d-11e8-bfd7-00ac30c13fef

Error: (04/15/2018 09:49:22 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/15/2018 09:49:15 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (04/15/2018 08:02:06 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/15/2018 08:01:59 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (04/15/2018 06:53:08 PM) (Source: MsiInstaller) (EventID: 11704) (User: Jung-PC)
Description: Продукт: IC__iPackage -- Ошибка 1704. Установка "IC__iPackage" приостановлена. Для продолжения необходимо отменить изменения, сделанные приостановленной установкой. Произвести отмену изменений?


System errors:
=============
Error: (04/16/2018 06:25:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
An exception occurred in the service when handling the control request.

Error: (04/16/2018 06:07:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/16/2018 03:37:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/16/2018 01:07:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/16/2018 10:37:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/16/2018 08:07:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/16/2018 05:37:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/16/2018 03:07:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 47%
Total physical RAM: 8154.38 MB
Available physical RAM: 4295.96 MB
Total Virtual: 16306.93 MB
Available Virtual: 12216.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:49.07 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:639.35 GB) NTFS
Drive j: (OFFICE14) (CDROM) (Total:0.71 GB) (Free:0 GB) UDF

\\?\Volume{0a37fd4f-365f-11e4-9da1-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: BD290A63)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 193E19B9)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 Pongsona

Pongsona
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 17 April 2018 - 12:01 PM

Any help? :(



#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,852 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:57 AM

Posted 17 April 2018 - 12:37 PM

Pongsona:
 
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time.   Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.
 
I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs.  That could take a day or two, but I do hope to respond possibly later today with an initial FRST "fixlist" script.  If not today, then tomorrow.  These Forums are quite busy and there are only a limited number of qualified malware removal specialists available to handle the logs submitted by users.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
One thing I noticed in quickly scanning your FRST logs is that you have both Malwarebytes and IOBIT Malware Fighter installed in the computer.  I would recommend that you remove the IOBIT product, since it is showing as disabled, but make sure that you save any licence keys and the installer file, in case you decide later to reinstall it.  Also, there are reports that IOBIT Malware Fighter can cause that reboot prompt that you are seeing, when combined with Avast being set to do a boot-time scan.  Please see this link.  My guess is that uninstalling the IOBIT product will resolve that problem.  Either that, or disable the Avast boot-time scan.
 
Thank you and have a great day.
 
Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,852 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:57 AM

Posted 17 April 2018 - 02:41 PM

Pongsona:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues. Also you should be aware that some of the tools and scripts that will be used, will remove malware detected, without notice.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: Please let me know whether you uninstalled the IOBIT Malware Fighter program?

.

:step2: I see that you have the following program installed:
 

Driver Booster 4.3 (HKLM-x32\...\Driver Booster_is1) (Version: 4.3.0 - IObit)

 

I recommend that you uninstall that program. Bleeping Computer does recommend the use of registry cleaners, system optimizers, and driver updaters. Please see this link and this link for more information.

.

:step3: In going over your logs I noticed that you have µTorrent installed. Please consider the following advice to reduce the possibility of being infected when surfing the web.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, your computer will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

.

:step4: I want to analyze the ADS entries that I saw in your FRST "Addition.txt" log file.

  • Please download the NoVirusThanks Stream Detector software at this link.
  • Please go to the folder to which it was downloaded and then double-click it to install the software and agree to all of the prompts.
  • Launch the program and press the "Scan" button.
  • If you notice any lines highlighted in "red", please let me know when you post the results.
  • When the scan completes, and it could take more than 30 minutes, or more, please click the "Export" button to export the scan results file to a folder of your choice.
  • Please copy and paste the contents of the scan results file into your next post.

.

:step5: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Run: [Aim6] => [X]
Toolbar: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Extension: (Flash Video Downloader) - C:\Users\Jung\AppData\Roaming\Mozilla\Firefox\Profiles\5t0tutio.default\Extensions\artur.dubovoy@gmail.com.xpi [2018-03-27]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Jung\AppData\Roaming\Mozilla\Firefox\Profiles\5t0tutio.default\features\{9bd183ff-effc-412a-a03e-66f5a1657912}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-04] [Legacy]
FF HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Jung\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
CHR Extension: (Ace Script) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2017-09-13]
CHR HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
S3 ALSysIO; \??\C:\USERS\JUNG\APPDATA\LOCAL\TEMP\ALSysIO64.sys [X] <==== ATTENTION
2018-04-16 18:26 - 2014-10-26 07:59 - 000040807 _____ C:\Users\Jung\IP_Log_Data.js
2018-04-16 18:00 - 2014-10-26 08:00 - 001290126 _____ C:\Users\Jung\Network_Meter_Data.js
1623-04-04 13:34 - 1623-04-04 13:34 - 000073216 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\tIYeUYoW.exe
Task: {35A73630-3031-47D1-90CF-1E81F76C2A25} - System32\Tasks\{25D1D094-90EC-4D15-9C59-1FABBE7C1265} => C:\Program Files (x86)\Common Files\tIYeUYoW.exe [1623-04-04] (Microsoft Corporation)
Task: {E54C7FD3-6819-41F5-BCA1-588E20874B28} - System32\Tasks\{66CD9826-6DA0-4D42-ADCE-6DC9809800DD} => C:\Windows\FigmVIulQlqiu.exe [1623-04-04] (Microsoft Corporation)
C:\Windows\FigmVIulQlqiu.exe
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#5 Pongsona

Pongsona
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 18 April 2018 - 01:59 AM

Hello. Thanks for helping me.

 

I've uninstalled uTorrent and all the iObit programs.

 

When I ran NoVirusThanks Stream Detector, I didn't notice any lines highlighted in red.

 

Here are the logs:

 

NoVirusThanks Stream Detector:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/15/18
Scan Time: 9:27 PM
Log File: 615da0e2-4115-11e8-8a11-00ac30c13fef.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4744
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jung-PC\Jung

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 362845
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 19 min, 22 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
RiskWare.BitCoinMiner, C:\USERS\JUNG\APPDATA\LOCAL\MICROSOFT.NET\000001N.ZIP, Quarantined, [914], [467508],1.0.4744

Physical Sector: 0
(No malicious items detected)


(end)

 

 

FRST:

Fix result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by Jung (18-04-2018 02:52:43) Run:1
Running from D:\Users\Jung\Downloads
Loaded Profiles: Jung (Available Profiles: Jung)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Run: [Aim6] => [X]
Toolbar: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Extension: (Flash Video Downloader) - C:\Users\Jung\AppData\Roaming\Mozilla\Firefox\Profiles\5t0tutio.default\Extensions\artur.dubovoy@gmail.com.xpi [2018-03-27]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Jung\AppData\Roaming\Mozilla\Firefox\Profiles\5t0tutio.default\features\{9bd183ff-effc-412a-a03e-66f5a1657912}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-04] [Legacy]
FF HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Jung\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
CHR Extension: (Ace Script) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2017-09-13]
CHR HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
S3 ALSysIO; \??\C:\USERS\JUNG\APPDATA\LOCAL\TEMP\ALSysIO64.sys [X] <==== ATTENTION
2018-04-16 18:26 - 2014-10-26 07:59 - 000040807 _____ C:\Users\Jung\IP_Log_Data.js
2018-04-16 18:00 - 2014-10-26 08:00 - 001290126 _____ C:\Users\Jung\Network_Meter_Data.js
1623-04-04 13:34 - 1623-04-04 13:34 - 000073216 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\tIYeUYoW.exe
Task: {35A73630-3031-47D1-90CF-1E81F76C2A25} - System32\Tasks\{25D1D094-90EC-4D15-9C59-1FABBE7C1265} => C:\Program Files (x86)\Common Files\tIYeUYoW.exe [1623-04-04] (Microsoft Corporation)
Task: {E54C7FD3-6819-41F5-BCA1-588E20874B28} - System32\Tasks\{66CD9826-6DA0-4D42-ADCE-6DC9809800DD} => C:\Windows\FigmVIulQlqiu.exe [1623-04-04] (Microsoft Corporation)
C:\Windows\FigmVIulQlqiu.exe

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockXTU" => removed successfully
"HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\Software\Microsoft\Windows\CurrentVersion\Run\\zASRockInstantBoot" => removed successfully
"HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Aim6" => removed successfully
"HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => not found
"HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
C:\Users\Jung\AppData\Roaming\Mozilla\Firefox\Profiles\5t0tutio.default\Extensions\artur.dubovoy@gmail.com.xpi => moved successfully
C:\Users\Jung\AppData\Roaming\Mozilla\Firefox\Profiles\5t0tutio.default\features\{9bd183ff-effc-412a-a03e-66f5a1657912}\tls13-rollout-bug1442042@mozilla.org.xpi => moved successfully
"HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\Software\Mozilla\Firefox\Extensions\\acewebextension_unlisted@acestream.org" => removed successfully
CHR Extension: (Ace Script) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2017-09-13] => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\SOFTWARE\Google\Chrome\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => removed successfully
"HKLM\System\CurrentControlSet\Services\ALSysIO" => removed successfully
ALSysIO => service removed successfully
C:\Users\Jung\IP_Log_Data.js => moved successfully
C:\Users\Jung\Network_Meter_Data.js => moved successfully
C:\Program Files (x86)\Common Files\tIYeUYoW.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{35A73630-3031-47D1-90CF-1E81F76C2A25}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35A73630-3031-47D1-90CF-1E81F76C2A25}" => removed successfully
C:\Windows\System32\Tasks\{25D1D094-90EC-4D15-9C59-1FABBE7C1265} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{25D1D094-90EC-4D15-9C59-1FABBE7C1265}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E54C7FD3-6819-41F5-BCA1-588E20874B28}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E54C7FD3-6819-41F5-BCA1-588E20874B28}" => removed successfully
C:\Windows\System32\Tasks\{66CD9826-6DA0-4D42-ADCE-6DC9809800DD} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{66CD9826-6DA0-4D42-ADCE-6DC9809800DD}" => removed successfully
C:\Windows\FigmVIulQlqiu.exe => moved successfully


The system needed a reboot.

==== End of Fixlog 02:53:02 ====



#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,852 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:57 AM

Posted 18 April 2018 - 12:58 PM

Pongsona:
 
Thank you for your post.  I didn't ask you to run a Malwarebytes scan, but no harm done.  Thank for running the Stream Detector software.  The FRST "fixlog.txt" file looks good.
 
.
 
:step1: Did uninstalling the IOBIT programs and rebooting your computer solve that User Account Control boot message?
 
.
 
:step2: ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected. There will be no log, if no threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step3: zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop.
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users).
  • Accept the EULA (I accept), then click on Scan.
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button.
    5ace519a6ff4a_Dashboard-firstrun.png.567
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, please do so.
  • After the restart, a log will open when logging in. Please copy and paste the contents of that log into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#7 Pongsona

Pongsona
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 18 April 2018 - 09:40 PM

Again, thank you for all the help. Uninstalling iObit programs did solve the User Account Control boot message.

 

ESET

C:\Windows\SysWOW64\conhost64.exe    a variant of Win64/HackTool.Agent.E trojan    cleaned by deleting
C:\Windows\SysWOW64\TCHAR_x64.int    a variant of Win64/HackTool.Agent.E trojan    cleaned by deleting
D:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    cleaned by deleting
D:\Temporary Files\is360511915\07294683_stp.MSI    a variant of Win32/Systweak.L potentially unwanted application    deleted
D:\Users\Jung\Downloads\advanced-systemcare-setup.exe    a variant of Win32/Toolbar.Widgi.N potentially unwanted application    cleaned by deleting
D:\Users\Jung\Downloads\cbsidlm-cbsi213-CPUZ-SEO-10050423.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    cleaned by deleting
D:\Users\Jung\Downloads\cbsidlm-cbsi213-EatCam_Webcam_Recorder_for_Yahoo_Messenger-SEO-10856619.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    cleaned by deleting
D:\Users\Jung\Downloads\cbsidlm-cbsi213-Free_Webcam_Recorder-SEO-75984393.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    cleaned by deleting
D:\Users\Jung\Downloads\cbsidlm-cbsi213-Key_Remapper-SEO-10908576(1).exe    a variant of Win32/CNETInstaller.B potentially unwanted application    cleaned by deleting
D:\Users\Jung\Downloads\ccsetup504.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
D:\Users\Jung\Downloads\cc_setup.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
D:\Users\Jung\Downloads\CoreTemp.zip    a variant of Win32/Complitly.A potentially unwanted application    deleted
D:\Users\Jung\Downloads\Divinity Original Sin V1.0.219.0 Trainer+12 MrAntiFun.zip    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    deleted
D:\Users\Jung\Downloads\IObit-Malware-Fighter-Setup.exe    Win32/MyPCBackup.C potentially unwanted application    cleaned by deleting
D:\Users\Jung\Downloads\ManyCamWebInstaller(2).exe    a variant of Win32/Visicom.B potentially unwanted application    cleaned by deleting
D:\Users\Jung\Downloads\ManyCamWebInstaller.exe    a variant of Win32/Visicom.B potentially unwanted application    cleaned by deleting
D:\Users\Jung\Downloads\Total War Attila V1.6.0 Build 9824 Trainer +19 2017 MrAntiFun.zip    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    deleted
D:\Users\Jung\Downloads\Total War Attila V1.6.0 Build 9824 Trainer +19 MrAntiFun.zip    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    deleted
D:\Users\Jung\Downloads\uTorrent.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    cleaned by deleting
D:\Users\Jung\Downloads\winzip18-dl.exe    Win32/InstallCore.Gen.A potentially unwanted application    cleaned by deleting
D:\Users\Jung\Downloads\A\Loader.exe    a variant of Generik.MRXAEEE trojan    cleaned by deleting
 

 

 

ADWCleaner

# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build:    04-12-2018
# Database: 2018-04-18.4
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-18-2018
# Duration: 00:00:00
# OS:       Windows 7 Professional
# Cleaned:  1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\Jung\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************


########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 


Edited by Pongsona, 19 April 2018 - 04:10 AM.


#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,852 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:57 AM

Posted 19 April 2018 - 05:00 AM

Pongsona:
 
Thank you for your post and for copying and pasting the ESET and  AdwCleaner scan logs.  They look good. :thumbup2:
 
.
 
:step1: How is your computer working now?  If it is working fine, then we will clean up the tools that we used to disinfect it.
 
.

If there are any anti-malware tools that you want to keep, please let me know, although it is always advisable to download the latest versions of those tools, since they are updated so frequently.

If you have ESET installed on your computer, you may keep it, or you can go to the Control Panel and uninstall that program. Please let me know what you decide to do.

If you have Malwarebytes installed, I would suggest that you keep it. If you don't want to keep Malwarebytes installed on your computer, please go to this link to download the latest version of MB-Clean.exe and run it to remove all traces of Malwarebytes. Please let me know if you did uninstall Malwarebytes. Once you have run the MB-Clean.exe tool successfully, you can manually delete that file as well.

:step2: Please provide me with a fresh set of FRST logs. I would like to make a final reconnaisance of your computer and I also want to identify the anti-malware scanners and cleaners that we used, so that we can delete them in the next post.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#9 Pongsona

Pongsona
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 19 April 2018 - 08:15 PM

Ah. Yes. It looks like everything is working fine. Thank you so much!

 

Here's the fresh FRST logs:

 

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2018
Ran by Jung (administrator) on JUNG-PC (19-04-2018 21:13:20)
Running from D:\Users\Jung\Downloads
Loaded Profiles: Jung (Available Profiles: Jung)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Nero AG) D:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() D:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Sades 7.1CH Gaming Headset\CPL\FaceLift_x64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
(Spotify Ltd) C:\Users\Jung\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Discord Inc.) C:\Users\Jung\AppData\Local\Discord\app-0.0.300\Discord.exe
(Discord Inc.) C:\Users\Jung\AppData\Local\Discord\app-0.0.300\Discord.exe
(Discord Inc.) C:\Users\Jung\AppData\Local\Discord\app-0.0.300\Discord.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13516360 2015-03-28] (Realtek Semiconductor)
HKLM\...\Run: [Cm6620Sound] => C:\Program Files\Sades 7.1CH Gaming Headset\CPL\FaceLift_x64.exe [2250240 2014-04-11] ()
HKLM\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-09] (AVAST Software)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2014-09-07] (FNet Co., Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [iTunesHelper] => D:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [835288 2014-08-13] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [BCSSync] => D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [ATNSOFT Key Manager] => D:\Program Files (x86)\ATNSOFT Key Manager\keymanager.exe [2213112 2014-02-03] (ATNSOFT)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\RunOnce: [SBrowserCheck] => C:\ProgramData\Avast Software\Avast\SecureBrowser\avast_browser_setup_checker.exe [4788840 2018-04-04] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1208648 2018-04-08] ()
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Run: [Spotify Web Helper] => C:\Users\Jung\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2018-03-06] (Spotify Ltd)
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Run: [GoogleChromeAutoLaunch_E738BA6DADA16A10C9A0F2CBA7E8FE02] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1581912 2018-02-13] (Google Inc.)
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\MountPoints2: {0a37fd54-365f-11e4-9da1-806e6f6e6963} - E:\ASRSetup.exe
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\MountPoints2: {522c0535-3647-11e4-b103-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\MountPoints2: {6b7de57a-14a5-11e5-978c-bc5ff43b5662} - K:\TL-Bootstrap.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{27A8C676-1817-443C-9D9D-32C543D27419}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7F60C536-AF96-4412-A25E-8EFF938F7DC5}: [DhcpNameServer] 192.168.42.129
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=odc179
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000 -> {6C09A5C5-E305-4b6c-8FC7-E06EFF21EB76} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-02-14] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-17] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-14] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-17] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 5t0tutio.default
FF ProfilePath: C:\Users\Jung\AppData\Roaming\Mozilla\Firefox\Profiles\5t0tutio.default [2018-04-19]
FF Homepage: Mozilla\Firefox\Profiles\5t0tutio.default -> hxxp://www.google.com/
FF Extension: (Avast Online Security) - C:\Users\Jung\AppData\Roaming\Mozilla\Firefox\Profiles\5t0tutio.default\Extensions\wrc@avast.com.xpi [2017-10-06]
FF Extension: (Adblock Plus) - C:\Users\Jung\AppData\Roaming\Mozilla\Firefox\Profiles\5t0tutio.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-01-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-01-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default [2018-04-19]
CHR Extension: (Slides) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-02]
CHR Extension: (YouTube) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-02]
CHR Extension: (Play HLS M3u8) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckblfoghkjhaclegefojbgllenffajdc [2018-02-26]
CHR Extension: (Adobe Acrobat) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Video Downloader professional) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2018-04-08]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-03-09]
CHR Extension: (Google Docs Offline) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-30]
CHR Extension: (Avast Online Security) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-02]
CHR Extension: (Chrome Media Router) - C:\Users\Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-26]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7603408 2018-04-09] (AVAST Software)
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-09] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5708808 2018-03-30] ()
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-08-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-08-13] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-08-13] (BlueStack Systems, Inc.)
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-08] (EasyAntiCheat Ltd)
R2 HTCMonitorService; D:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [30963576 2010-01-21] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1453384 2018-04-08] (Overwolf LTD)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-29] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-17] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-12-16] (Wondershare)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2015-03-28] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [83792 2015-12-16] (Asmedia Technology)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-04-09] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-09] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-09] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-09] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-09] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [227784 2018-04-09] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-04-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [147224 2018-04-12] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111352 2018-04-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-04-09] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-04-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-04-09] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-04-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-04-09] (AVAST Software)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-08-13] (BlueStack Systems)
S3 CMUAC; C:\Windows\System32\DRIVERS\CMUAC.SYS [390656 2014-01-08] (C-Media Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-28] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2014-09-07] (FNet Co., Ltd.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2018-04-11] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-28] (REALiX™)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2015-12-16] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2018-04-08] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-04-18] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-04-18] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-08] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2018-04-19] (Malwarebytes)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [179456 2015-12-16] (Intel Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0099.sys [38432 2016-03-06] (SoftEther Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2018-01-03] (NVIDIA Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2018-04-18] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-18 03:00 - 2018-04-19 21:00 - 000001583 _____ C:\Users\Jung\Network_Meter_Data.js
2018-04-18 02:53 - 2018-04-18 22:37 - 000000268 _____ C:\Users\Jung\IP_Log_Data.js
2018-04-18 02:33 - 2018-04-18 02:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoVirusThanks
2018-04-18 02:33 - 2018-04-18 02:33 - 000000000 ____D C:\Program Files\NoVirusThanks
2018-04-16 18:28 - 2018-04-19 21:13 - 000000000 ____D C:\FRST
2018-04-16 18:07 - 2018-04-18 00:07 - 000000000 ___HD C:\Users\Jung\AppData\Local\Samsung
2018-04-14 21:29 - 2018-04-14 21:29 - 000000000 ____D C:\ProgramData\Sophos
2018-04-14 21:29 - 2018-04-14 21:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2018-04-14 21:29 - 2018-04-14 21:29 - 000000000 ____D C:\Program Files (x86)\Sophos
2018-04-14 17:54 - 2018-04-14 17:54 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\166303E0.sys
2018-04-14 17:53 - 2018-04-14 18:08 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-12 06:37 - 2018-04-14 17:51 - 000000000 ___HD C:\Users\Jung\AppData\Local\Hewlett-Packard
2018-04-11 08:51 - 2018-04-14 21:35 - 000000000 ____D C:\AdwCleaner
2018-04-11 08:40 - 2018-04-11 08:40 - 000002764 _____ C:\Windows\system32\.crusader
2018-04-11 08:37 - 2018-04-11 08:41 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2018-04-11 08:36 - 2018-04-11 08:41 - 000000000 ____D C:\ProgramData\HitmanPro
2018-04-10 18:24 - 2018-03-30 22:09 - 005583040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-04-10 18:24 - 2018-03-30 22:09 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-04-10 18:24 - 2018-03-30 22:09 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-04-10 18:24 - 2018-03-30 22:09 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-04-10 18:24 - 2018-03-30 22:09 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-04-10 18:24 - 2018-03-30 21:45 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-04-10 18:24 - 2018-03-30 21:39 - 004046528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-04-10 18:24 - 2018-03-30 21:39 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-04-10 18:24 - 2018-03-30 21:38 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:12 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 21:06 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-04-10 18:24 - 2018-03-30 21:06 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-04-10 18:24 - 2018-03-30 21:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-04-10 18:24 - 2018-03-30 21:06 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-04-10 18:24 - 2018-03-30 21:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-04-10 18:24 - 2018-03-30 21:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-04-10 18:24 - 2018-03-30 21:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-04-10 18:24 - 2018-03-30 20:59 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-04-10 18:24 - 2018-03-30 20:58 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-04-10 18:24 - 2018-03-30 20:58 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-04-10 18:24 - 2018-03-30 20:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-04-10 18:24 - 2018-03-30 20:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-04-10 18:24 - 2018-03-30 20:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-04-10 18:24 - 2018-03-30 20:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-04-10 18:24 - 2018-03-30 20:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-04-10 18:24 - 2018-03-30 20:47 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-04-10 18:24 - 2018-03-30 20:47 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-04-10 18:24 - 2018-03-30 20:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 20:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 20:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 20:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-04-10 18:24 - 2018-03-30 20:47 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-04-10 18:24 - 2018-03-28 03:30 - 003225600 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-04-10 18:24 - 2018-03-23 14:50 - 000396952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-04-10 18:24 - 2018-03-23 13:59 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-04-10 18:24 - 2018-03-22 19:00 - 025742336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-04-10 18:24 - 2018-03-22 17:32 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-04-10 18:24 - 2018-03-22 17:32 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-04-10 18:24 - 2018-03-22 17:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-04-10 18:24 - 2018-03-22 17:19 - 002901504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-04-10 18:24 - 2018-03-22 17:18 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-04-10 18:24 - 2018-03-22 17:17 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-04-10 18:24 - 2018-03-22 17:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-04-10 18:24 - 2018-03-22 17:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-04-10 18:24 - 2018-03-22 17:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-04-10 18:24 - 2018-03-22 17:15 - 005780480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-04-10 18:24 - 2018-03-22 17:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-04-10 18:24 - 2018-03-22 17:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-04-10 18:24 - 2018-03-22 17:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-04-10 18:24 - 2018-03-22 17:06 - 000794112 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-04-10 18:24 - 2018-03-22 17:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-04-10 18:24 - 2018-03-22 17:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-04-10 18:24 - 2018-03-22 17:05 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-04-10 18:24 - 2018-03-22 17:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-04-10 18:24 - 2018-03-22 16:58 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-04-10 18:24 - 2018-03-22 16:55 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-04-10 18:24 - 2018-03-22 16:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-04-10 18:24 - 2018-03-22 16:52 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-04-10 18:24 - 2018-03-22 16:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-04-10 18:24 - 2018-03-22 16:51 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-04-10 18:24 - 2018-03-22 16:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-04-10 18:24 - 2018-03-22 16:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-04-10 18:24 - 2018-03-22 16:48 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-04-10 18:24 - 2018-03-22 16:48 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-04-10 18:24 - 2018-03-22 16:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-04-10 18:24 - 2018-03-22 16:45 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-04-10 18:24 - 2018-03-22 16:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-04-10 18:24 - 2018-03-22 16:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-04-10 18:24 - 2018-03-22 16:44 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-04-10 18:24 - 2018-03-22 16:43 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-04-10 18:24 - 2018-03-22 16:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-04-10 18:24 - 2018-03-22 16:42 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-04-10 18:24 - 2018-03-22 16:42 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-04-10 18:24 - 2018-03-22 16:41 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-04-10 18:24 - 2018-03-22 16:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-04-10 18:24 - 2018-03-22 16:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-04-10 18:24 - 2018-03-22 16:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-04-10 18:24 - 2018-03-22 16:29 - 015282688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-04-10 18:24 - 2018-03-22 16:29 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-04-10 18:24 - 2018-03-22 16:29 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-04-10 18:24 - 2018-03-22 16:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-04-10 18:24 - 2018-03-22 16:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-04-10 18:24 - 2018-03-22 16:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-04-10 18:24 - 2018-03-22 16:27 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-04-10 18:24 - 2018-03-22 16:27 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-04-10 18:24 - 2018-03-22 16:25 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-04-10 18:24 - 2018-03-22 16:25 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-04-10 18:24 - 2018-03-22 16:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-04-10 18:24 - 2018-03-22 16:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-04-10 18:24 - 2018-03-22 16:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-04-10 18:24 - 2018-03-22 16:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-04-10 18:24 - 2018-03-22 16:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-04-10 18:24 - 2018-03-22 16:15 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-04-10 18:24 - 2018-03-22 16:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-04-10 18:24 - 2018-03-22 16:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-04-10 18:24 - 2018-03-22 16:14 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-04-10 18:24 - 2018-03-22 16:04 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-04-10 18:24 - 2018-03-22 15:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-04-10 18:24 - 2018-03-22 15:53 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-04-10 18:24 - 2018-03-22 15:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-04-10 18:24 - 2018-03-22 15:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-04-10 18:24 - 2018-03-10 13:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-04-10 18:24 - 2018-03-09 14:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-04-10 18:24 - 2018-03-09 14:12 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-04-10 18:24 - 2018-03-09 14:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-04-10 18:24 - 2018-03-09 14:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-04-10 18:24 - 2018-03-09 14:12 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-04-10 18:24 - 2018-03-09 14:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-04-10 18:24 - 2018-03-09 14:07 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-04-10 18:24 - 2018-03-09 14:07 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-04-10 18:24 - 2018-03-09 14:07 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-04-10 18:24 - 2018-03-09 14:06 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-04-10 18:24 - 2018-03-09 14:06 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-04-10 18:24 - 2018-03-09 13:31 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-04-10 18:24 - 2018-03-06 14:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2018-04-10 18:24 - 2018-03-06 14:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2018-04-10 18:24 - 2018-03-06 14:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2018-04-10 18:24 - 2018-03-06 14:10 - 000170176 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-04-10 18:24 - 2018-03-06 14:07 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-04-10 18:24 - 2018-03-06 14:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-04-10 18:24 - 2018-01-25 10:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-04-10 18:23 - 2018-03-14 13:14 - 000135360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-10 18:23 - 2018-03-14 13:09 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-10 18:23 - 2018-03-14 09:05 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-10 18:23 - 2018-03-14 09:05 - 001559552 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-10 18:23 - 2018-03-14 09:05 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-10 18:23 - 2018-03-14 09:05 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-10 18:23 - 2018-03-14 09:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-10 18:23 - 2018-03-14 09:05 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-10 18:23 - 2018-03-14 09:05 - 000291840 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-10 18:23 - 2018-03-14 09:05 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-04-09 23:16 - 2018-04-09 23:15 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-04-09 19:14 - 2018-04-09 19:14 - 000406584 _____ C:\Windows\Minidump\040918-9578-01.dmp
2018-04-08 20:10 - 2018-04-19 19:44 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-04-08 20:10 - 2018-04-18 22:36 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-04-08 20:10 - 2018-04-18 22:36 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-04-08 20:10 - 2018-04-08 20:10 - 000193768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-04-08 20:10 - 2018-04-08 20:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-08 20:10 - 2018-04-08 20:10 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-08 20:10 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-04-08 20:09 - 2018-04-08 20:09 - 000000000 ____D C:\ProgramData\MB2Migration
2018-04-08 12:52 - 2018-04-08 12:52 - 000406536 _____ C:\Windows\Minidump\040818-9063-01.dmp
2018-04-08 08:04 - 2018-04-08 08:04 - 000406600 _____ C:\Windows\Minidump\040818-9984-01.dmp
2018-04-08 00:07 - 2018-04-10 17:59 - 000000000 ___HD C:\Users\Jung\AppData\Local\uTorrent
2018-03-31 02:21 - 2018-03-31 02:21 - 000000000 __SHD C:\82ace7d6-0197-474d-bf4b-a2043e72329b
2018-03-30 21:51 - 2018-04-16 20:08 - 000000000 ____D C:\Users\Jung\AppData\Roaming\b678f84819e69d2636fe9af0eea01692
2018-03-30 21:37 - 2018-04-08 20:13 - 000000000 ___HD C:\Users\Jung\AppData\Local\BitTorrent
2018-03-27 10:37 - 2018-04-08 20:13 - 000000000 ___HD C:\Users\Jung\AppData\Local\ActiveX
2018-03-24 00:30 - 2018-04-18 23:50 - 000003922 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-23 14:07 - 2018-04-08 20:13 - 000000000 ___HD C:\Users\Jung\AppData\Local\Minidump

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-19 20:56 - 2014-09-07 02:43 - 000000000 ____D C:\Users\Jung\AppData\Roaming\Skype
2018-04-19 12:25 - 2016-03-23 18:13 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-19 04:26 - 2009-07-14 00:45 - 000028096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-19 04:26 - 2009-07-14 00:45 - 000028096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-18 23:50 - 2018-01-31 20:24 - 000003454 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-Jung-PC-Jung
2018-04-18 23:50 - 2017-10-27 17:52 - 000003200 _____ C:\Windows\System32\Tasks\Adobe Uninstaller
2018-04-18 23:50 - 2017-10-27 17:00 - 000003498 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Jung-PC-Jung
2018-04-18 23:50 - 2017-09-20 04:43 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-18 23:50 - 2017-09-20 04:43 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-18 23:50 - 2017-09-20 04:43 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-18 23:50 - 2017-09-20 04:42 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-18 23:50 - 2017-09-20 04:42 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-18 23:50 - 2017-09-20 04:42 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-18 23:50 - 2017-09-20 04:42 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-18 23:50 - 2017-01-12 13:02 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-04-18 23:50 - 2017-01-12 13:02 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-04-18 23:50 - 2015-12-03 09:20 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-04-18 23:50 - 2015-08-04 14:31 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-04-18 23:50 - 2014-09-07 02:06 - 000002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-04-18 22:48 - 2016-11-16 21:58 - 000000000 ____D C:\Users\Jung\AppData\LocalLow\Mozilla
2018-04-18 22:45 - 2009-07-14 01:13 - 000784394 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-18 22:45 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-04-18 22:37 - 2015-10-12 20:13 - 000000000 ____D C:\Users\Jung\AppData\Local\Overwolf
2018-04-18 22:37 - 2015-06-18 16:30 - 000000000 ____D C:\Users\Jung\AppData\Local\HTC MediaHub
2018-04-18 22:36 - 2018-03-14 23:20 - 000094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2018-04-18 22:36 - 2014-09-07 00:34 - 000034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2018-04-18 22:36 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-18 21:02 - 2014-10-26 08:14 - 000000031 _____ C:\Users\Jung\AppData\Roaming\Network Meter_Usage.ini
2018-04-18 03:00 - 2014-09-07 00:21 - 000000000 ____D C:\Users\Jung
2018-04-18 02:32 - 2017-10-07 13:55 - 000000000 ____D C:\Users\Jung\AppData\Roaming\uTorrent
2018-04-18 02:29 - 2014-09-07 01:46 - 000000000 ____D C:\ProgramData\ProductData
2018-04-16 22:56 - 2015-11-28 17:00 - 000000000 ____D C:\Users\Jung\AppData\Roaming\vlc
2018-04-15 18:43 - 2017-08-26 09:39 - 000000000 ___HD C:\Users\Jung\AppData\Local\TeamViewer
2018-04-15 17:52 - 2014-09-17 07:02 - 000000000 ____D C:\Users\Jung\AppData\Local\CrashDumps
2018-04-15 00:26 - 2014-09-07 01:46 - 000000000 ____D C:\Users\Jung\AppData\Roaming\IObit
2018-04-14 17:54 - 2014-09-07 02:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-14 17:51 - 2014-09-07 00:51 - 000000000 ___HD C:\Users\Jung\AppData\Local\Adobe
2018-04-12 16:40 - 2017-08-26 09:39 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-04-12 16:36 - 2015-10-12 20:13 - 000000000 ____D C:\Program Files (x86)\Overwolf
2018-04-12 11:16 - 2014-09-07 02:03 - 000147224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-04-11 13:50 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2018-04-11 08:53 - 2014-09-07 01:46 - 000000000 ____D C:\Users\Jung\AppData\LocalLow\IObit
2018-04-11 08:53 - 2014-09-07 01:46 - 000000000 ____D C:\ProgramData\IObit
2018-04-11 08:53 - 2014-09-07 01:46 - 000000000 ____D C:\Program Files (x86)\IObit
2018-04-10 18:40 - 2009-07-14 00:45 - 005031952 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-10 18:39 - 2014-12-11 08:18 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-09 23:16 - 2017-03-10 02:42 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-04-09 23:15 - 2017-12-22 13:23 - 000227784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-04-09 23:15 - 2017-11-17 07:04 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-04-09 23:15 - 2014-09-07 02:03 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-04-09 23:15 - 2014-09-07 02:03 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-04-09 23:15 - 2014-09-07 02:03 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-04-09 23:15 - 2014-09-07 02:03 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-04-09 23:15 - 2014-09-07 02:03 - 000111352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-04-09 23:15 - 2014-09-07 02:03 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-04-09 23:15 - 2014-09-07 02:03 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-04-09 19:19 - 2017-05-30 23:28 - 000000000 ____D C:\Users\Jung\AppData\Roaming\discord
2018-04-09 19:14 - 2018-03-03 05:27 - 727088237 _____ C:\Windows\MEMORY.DMP
2018-04-09 19:14 - 2016-02-15 21:53 - 000000000 ____D C:\Windows\Minidump
2018-04-08 20:13 - 2018-03-14 23:29 - 000000000 ___HD C:\Users\Jung\AppData\Local\StdVCL
2018-04-08 20:13 - 2018-03-05 02:07 - 000000000 ___HD C:\Users\Jung\AppData\Local\WebMidas
2018-04-08 20:10 - 2016-06-23 21:31 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-04 01:48 - 2017-07-09 13:18 - 000000000 ____D C:\Users\Jung\AppData\Roaming\WhatsApp
2018-04-04 01:05 - 2017-07-09 13:17 - 000000000 ____D C:\Users\Jung\AppData\Local\WhatsApp
2018-04-04 01:04 - 2017-07-09 13:18 - 000002186 _____ C:\Users\Jung\Desktop\WhatsApp.lnk
2018-04-04 01:04 - 2017-07-09 13:18 - 000000000 ____D C:\Users\Jung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2018-04-03 23:52 - 2014-09-07 02:43 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-04-03 23:52 - 2014-09-07 02:43 - 000000000 ____D C:\ProgramData\Skype
2018-03-30 21:27 - 2017-05-19 23:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-30 21:27 - 2016-06-30 05:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-25 20:40 - 2014-09-07 00:41 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-03-24 00:31 - 2014-09-07 00:41 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-03-24 00:30 - 2014-09-07 00:40 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-03-23 14:09 - 2015-03-28 17:15 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-22 19:52 - 2018-01-11 10:48 - 000000089 _____ C:\Users\Jung\Desktop\citylink.txt
2018-03-21 02:49 - 2017-03-16 08:27 - 000000000 ____D C:\Users\Jung\AppData\Roaming\Spotify
2018-03-21 02:49 - 2017-03-16 08:27 - 000000000 ____D C:\Users\Jung\AppData\Local\Spotify

==================== Files in the root of some directories =======

2018-04-18 02:53 - 2018-04-18 22:37 - 000000268 _____ () C:\Users\Jung\IP_Log_Data.js
2018-04-18 03:00 - 2018-04-19 21:00 - 000001583 _____ () C:\Users\Jung\Network_Meter_Data.js
2015-04-09 00:20 - 2015-04-09 00:20 - 000000132 _____ () C:\Users\Jung\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-10-26 07:58 - 2014-10-26 07:58 - 000000624 _____ () C:\Users\Jung\AppData\Roaming\All CPU MeterV3_Settings.ini
2014-10-26 08:01 - 2014-10-26 08:01 - 000000839 _____ () C:\Users\Jung\AppData\Roaming\Drives Meter_Settings.ini
2014-10-26 08:03 - 2014-10-31 09:38 - 000000958 _____ () C:\Users\Jung\AppData\Roaming\Network Meter_Settings.ini
2014-10-26 08:14 - 2018-04-18 21:02 - 000000031 _____ () C:\Users\Jung\AppData\Roaming\Network Meter_Usage.ini
2016-03-06 04:27 - 2017-04-28 06:48 - 000007594 _____ () C:\Users\Jung\AppData\Local\Resmon.ResmonCfg
2014-09-08 23:37 - 2014-09-08 23:37 - 000000003 _____ () C:\Users\Jung\AppData\Local\updater.log
2014-09-08 23:37 - 2017-05-07 03:58 - 000000425 _____ () C:\Users\Jung\AppData\Local\UserProducts.xml
2014-09-07 00:35 - 2014-09-07 00:35 - 000000003 _____ () C:\Users\Jung\AppData\Local\user_data.ini
2018-02-27 08:37 - 2018-02-27 08:37 - 000000003 _____ () C:\Users\Jung\AppData\Local\wbem.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-18 03:45

==================== End of FRST.txt ============================

 

 

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2018
Ran by Jung (19-04-2018 21:13:50)
Running from D:\Users\Jung\Downloads
Windows 7 Professional Service Pack 1 (X64) (2014-09-07 04:21:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1213258055-3130736596-3601825316-500 - Administrator - Disabled)
Guest (S-1-5-21-1213258055-3130736596-3601825316-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1213258055-3130736596-3601825316-1003 - Limited - Enabled)
Jung (S-1-5-21-1213258055-3130736596-3601825316-1000 - Administrator - Enabled) => C:\Users\Jung

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.159 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
AIM 6 (HKLM-x32\...\AIM_6) (Version:  - )
Apowersoft Online Launcher version 1.7.0 (HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.7.0 - APOWERSOFT LIMITED)
Apowersoft Screen Recorder Pro V2.1.9 (HKLM-x32\...\{dc9006db-6b05-4f0f-833b-79ef3f284c24}_is1) (Version: 2.1.9 - APOWERSOFT LIMITED)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version:  - )
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
ASRock eXtreme Tuner v0.1.181 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock InstantBoot v1.29 (HKLM-x32\...\ASRock InstantBoot_is1) (Version:  - )
ASRock SmartConnect v1.0.6 (HKLM\...\ASRock SmartConnect_is1) (Version:  - ASRock Inc.)
ASRock XFast RAM v2.0.9 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.3.2333 - AVAST Software)
Blackboard Collaborate Launcher (HKLM-x32\...\{AEED1D32-C837-405A-8009-6660E3883C9E}) (Version: 1.6.4.0 - Blackboard)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.1.4057 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{981B38A6-E4D0-4D94-98C2-75AC645755F5}) (Version: 0.9.1.4057 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Charles (HKLM-x32\...\Charles_XK72) (Version:  - )
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Core Temp version 0.99.7 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 0.99.7 - Arthur Liberman)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Discord) (Version: 0.0.300 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 390.65 - NVIDIA Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{8FEB5B5F-0777-4E9D-8705-06F0A2295544}) (Version: 1.1.143.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EVGA OC Scanner X 3.5.1.0 (64-bit) (HKLM\...\{CC520CF6-B02E-49AA-8192-C1DDC159E0AA}}_is1) (Version:  - EVGA)
EVGA PrecisionX 16 (HKLM-x32\...\{DF31774D-B479-47D9-82F4-6ED733A7A341}) (Version: 5.2.4 - EVGA Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.167 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hextech Repair Tool (HKLM-x32\...\{7F9A97E6-E666-11E5-B582-B88687E82322}) (Version: 1.1.14 - Riot Games, Inc.)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.46.0 - HTC)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® Smart Connect Technology 2.0 x64 (HKLM\...\{D1B033E8-A077-4B0D-9831-5798E19E861E}) (Version: 2.0.1083.0 - Intel)
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® SSD Toolbox (HKLM-x32\...\{06D085C8-1F00-11B2-96A7-8f0CE39193ED}) (Version: 3.4.6.400 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Key Manager v1.9 (HKLM-x32\...\Key Manager_is1) (Version: 1.9 - ATNSOFT)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Medieval Kingdoms 1212 Part 1 (HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Medieval Kingdoms 1212 Part 1) (Version:  - )
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Build Tools 2015 (HKLM-x32\...\{d21da0dd-4ba4-4838-ba58-64cf7a77131a}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NoVirusThanks Stream Detector v1.2 (HKLM\...\NoVirusThanks Stream Detector_is1) (Version: 1.2.0.0 - NoVirusThanks Company Srl)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 390.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 390.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 390.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 390.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
osu! (HKLM-x32\...\{aa10969d-51fa-44d6-b633-f195681385af}) (Version: latest - ppy Pty Ltd)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.112.1.25 - Overwolf Ltd.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6875 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Sades 7.1CH Gaming Headset (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006620}) (Version: 1.00.0010 - SHENZHEN SADES DIGITAL TECHNOLOGY CO.,LTD)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Sid Meier's Civilization 5 (HKLM-x32\...\Sid Meier's Civilization 5_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Spotify (HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Spotify) (Version: 1.0.72.117.g6bd7cc73 - Spotify AB)
SRWare Iron version SRWare Iron 37.2000.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 37.2000.0 - SRWare)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.82216 - TeamViewer)
THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited)
Twitch (HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Vivaldi (HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\Vivaldi) (Version: 1.7.735.46 - Vivaldi)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Web Launch Recorder (HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\WebLaunchRecorder) (Version: 2.0 - )
WhatsApp (HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\WhatsApp) (Version: 0.2.8691 - WhatsApp)
WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
XFast LAN v6.61 (HKLM\...\XFast LAN) (Version: 6.61 - cFos Software GmbH, Bonn)
XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.28 - ASRock Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers1: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [2015-03-28] (IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext64.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers4: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [2015-03-28] (IObit)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-01-03] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [2015-03-28] (IObit)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext64.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02257A25-4611-4DA3-8DDD-B1B539F2457C} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2018-04-08] (Overwolf LTD)
Task: {05C3F14E-974F-4BAC-81CD-1AF0C9032B7C} - System32\Tasks\AdobeAAMUpdater-1.0-Jung-PC-Jung => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {10F6762B-B4DC-4B3B-BFBE-3B0FAEC26DD4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {18549EB8-CAE2-45B7-8C9B-26CF24D5B84C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {1DC0C1CB-1355-4E7F-994F-83E280102EE0} - System32\Tasks\update-S-1-5-21-1213258055-3130736596-3601825316-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {240D8887-83B5-42EF-AB27-6989FFE347B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-12] (Google Inc.)
Task: {2BEB110B-6806-4BB0-8CFC-ECBEFA67449E} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-03-14] (NVIDIA Corporation)
Task: {2FE3AF18-5DBC-4992-AC7C-A142BE182FA9} - System32\Tasks\AdobeGCInvoker-1.0-Jung-PC-Jung => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {3356999A-D06F-4E85-B0E2-EDCCA82137F5} - System32\Tasks\{AF535F39-DDB3-4C60-9E83-4D9FD0AD36C2} => C:\Windows\system32\pcalua.exe -a C:\Windows\System32\msiexec.exe -d "D:\Program Files (x86)\Steam\steamapps\common\blacklightretribution" -c /passive /I "C:\Program Files (x86)\Common Files\Wise Installation Wizard\WIS3F5C371F8EA24F259D3DD0B4526E3AEA_9_10_0513.MSI" WISE_SETUP_EXE_PATH="D:\Program Files (x86)\Steam\steamapps\comm (the data entry has 67 more characters).
Task: {4AE3ADAA-AC03-419C-96A3-A7FCBA377AE2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {69A21663-93AC-4300-99CD-4A0E7878756A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {6FFBE7AA-014B-4FA4-8B06-B5F836C59D9B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {72B712CA-B4C6-40A3-B7E9-123FA917B0C7} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-03-14] (NVIDIA Corporation)
Task: {7BA10E20-F4FD-4EB4-BB91-9094A5225AC9} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Task: {A07EF219-478A-4E0A-B077-91A3E0B82983} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {AD6576B1-0974-4395-B0BE-A9B63AE3B317} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-04-13] (AVAST Software)
Task: {B5F8A1BB-CC1C-4916-BFC2-D308F65170B1} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {BD8DB47E-2A5F-4BC1-B8A1-9FF0A2247936} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {C4DD5C27-FC57-42DA-AEBA-9DB87275CCF4} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {D424E2F8-AF3D-41CC-8E19-0128B18B86A0} - System32\Tasks\Avast Emergency Update => D:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-04-09] (AVAST Software)
Task: {D54A7390-96FB-4476-9065-C027C982DB62} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-12] (Google Inc.)
Task: {D5A6CF0A-5ECC-4426-BE1F-E1015C6651A1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_170_pepper.exe [2017-10-19] (Adobe Systems Incorporated)
Task: {D747147A-8108-4A8D-967B-89813C47FC46} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-03-14] (NVIDIA Corporation)
Task: {DA075888-C8B7-4748-8ED6-8D134DCE3162} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-03-14] (NVIDIA Corporation)
Task: {DCCC6881-CB76-4670-919B-D15ECDB6F060} - System32\Tasks\Uninstaller_SkipUac_Administrator => D:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {DEFEB059-9153-4CB9-A8D6-12049E45E43D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {DF9E930C-9973-4D34-AE05-83EE7DBA2DA4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-11] (Adobe Systems Incorporated)
Task: {E5E0B247-8047-4A30-B53F-B2E910671833} - System32\Tasks\SafeZone scheduled Autoupdate 1475621474 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\update-S-1-5-21-1213258055-3130736596-3601825316-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Jung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Jung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2018-01-11 11:59 - 2018-01-03 21:39 - 000544056 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2018-01-11 11:59 - 2018-01-03 19:50 - 000134448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-02-09 16:26 - 2012-02-09 16:26 - 000133632 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2012-02-09 16:26 - 2012-02-09 16:26 - 000048128 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2012-02-09 16:26 - 2012-02-09 16:26 - 000036864 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetDetect.dll
2017-09-20 04:42 - 2018-03-14 09:05 - 001267648 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 000166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-11-29 02:19 - 2014-11-29 02:25 - 000076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2018-04-08 20:10 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-08 20:10 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-09-26 02:52 - 2017-09-26 02:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 008794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-07-15 00:44 - 2010-07-15 00:44 - 000020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2015-04-13 15:44 - 2015-04-13 15:44 - 000821600 _____ () D:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2014-09-07 00:36 - 2011-05-19 09:58 - 000246784 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2015-12-26 17:59 - 2014-04-11 00:31 - 002250240 ____N () C:\Program Files\Sades 7.1CH Gaming Headset\CPL\FaceLift_x64.exe
2014-10-26 07:56 - 2014-10-26 07:56 - 000012520 _____ () C:\Users\Jung\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
2014-10-26 07:56 - 2014-10-26 07:56 - 000015080 _____ () C:\Users\Jung\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
2014-10-26 07:56 - 2014-10-26 07:56 - 000014056 _____ () C:\Users\Jung\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000728792 _____ () d:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000920280 _____ () D:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000348888 _____ () d:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000329432 _____ () D:\Program Files\AVAST Software\Avast\x64\tasks_core.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000349912 _____ () D:\Program Files\AVAST Software\Avast\streamback_avast.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000295640 _____ () D:\Program Files\AVAST Software\Avast\streamback.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000282840 _____ () D:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000763608 _____ () D:\Program Files\AVAST Software\Avast\ffl2.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000911064 _____ () D:\Program Files\AVAST Software\Avast\anen.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000172760 _____ () D:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000969944 _____ () D:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000501464 _____ () D:\Program Files\AVAST Software\Avast\gui_cache.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 004254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 008793952 _____ () D:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-04-19 14:38 - 2018-04-19 14:38 - 005817488 _____ () D:\Program Files\AVAST Software\Avast\defs\18041904\algo.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 000073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 001044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-13 15:43 - 2015-04-13 15:43 - 000031080 _____ () D:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2015-04-13 15:43 - 2015-04-13 15:43 - 000607376 _____ () D:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2015-04-13 15:44 - 2015-04-13 15:44 - 000059752 _____ () D:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2015-04-13 15:44 - 2015-04-13 15:44 - 000036216 _____ () D:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2015-04-13 15:44 - 2015-04-13 15:44 - 000080248 _____ () D:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2015-04-13 15:45 - 2015-04-13 15:45 - 000129376 _____ () D:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2015-04-13 15:47 - 2015-04-13 15:47 - 000223592 _____ () D:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2017-09-20 04:42 - 2018-03-14 09:05 - 001041344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-03-09 09:47 - 2018-03-09 09:47 - 067126928 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll
2018-04-09 23:15 - 2018-04-09 23:15 - 000281816 _____ () D:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-09-20 04:43 - 2018-03-14 09:04 - 081563584 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-03-24 00:30 - 2018-03-14 09:04 - 002478016 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-03-24 00:30 - 2018-03-14 09:04 - 000125376 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
2018-02-15 18:51 - 2018-02-15 18:51 - 000016384 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\99a7f1bbdd8308a09900171880b90375\PSIClient.ni.dll
2014-09-07 00:29 - 2012-07-18 06:55 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2017-09-26 22:22 - 2017-09-26 22:22 - 001984000 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2018-01-11 12:14 - 2018-01-08 18:52 - 001891832 _____ () C:\Users\Jung\AppData\Local\Discord\app-0.0.300\ffmpeg.dll
2018-01-11 12:14 - 2018-02-15 18:20 - 001780216 _____ () \\?\C:\Users\Jung\AppData\Roaming\discord\0.0.300\modules\discord_overlay2\discord_overlay2.node
2018-01-11 12:14 - 2018-01-08 18:52 - 001937912 _____ () C:\Users\Jung\AppData\Local\Discord\app-0.0.300\libglesv2.dll
2018-01-11 12:14 - 2018-01-08 18:52 - 000095736 _____ () C:\Users\Jung\AppData\Local\Discord\app-0.0.300\libegl.dll
2018-01-11 12:14 - 2018-01-11 12:14 - 002662904 _____ () \\?\C:\Users\Jung\AppData\Roaming\discord\0.0.300\modules\discord_rpc\discord_rpc.node
2018-01-11 12:14 - 2018-03-21 01:28 - 009623896 _____ () \\?\C:\Users\Jung\AppData\Roaming\discord\0.0.300\modules\discord_voice\discord_voice.node
2018-01-11 12:14 - 2018-02-09 18:15 - 001508344 _____ () \\?\C:\Users\Jung\AppData\Roaming\discord\0.0.300\modules\discord_utils\discord_utils.node
2018-01-11 12:14 - 2018-01-11 12:14 - 000513016 _____ () \\?\C:\Users\Jung\AppData\Roaming\discord\0.0.300\modules\discord_erlpack\discord_erlpack.node
2018-01-11 12:14 - 2018-03-14 23:34 - 001517560 _____ () \\?\C:\Users\Jung\AppData\Roaming\discord\0.0.300\modules\discord_game_utils\discord_game_utils.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Public\AppData:CSM [478]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-07-25 21:29 - 000000822 ____R C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1213258055-3130736596-3601825316-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jung\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{13EE3010-AE9A-4165-8A13-AF37B5933243}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{925D7BFB-5633-4AFA-A919-1F86FDC07699}D:\program files (x86)\charles\charles.exe] => (Allow) D:\program files (x86)\charles\charles.exe
FirewallRules: [UDP Query User{73ED3435-CBBA-4DA2-BC62-945B45D667C6}D:\program files (x86)\charles\charles.exe] => (Allow) D:\program files (x86)\charles\charles.exe
FirewallRules: [{BD4659AC-8525-4245-8640-247CC3F41B78}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{61CFE7B4-F2C2-43D1-8F3A-A44A9BE8517A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F2388604-00A2-4862-8D50-1E1E501D177C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F5452F58-97C2-4110-B58C-5FAAAF7A8499}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C7DF6128-729D-40B0-AFCD-8563A2674162}] => (Allow) D:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{C49F355C-96DE-4883-A709-DB1597FCDFD8}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4C46941B-9C8D-4A8A-B8BE-783137EBA22A}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C4AFA8D8-C254-40C2-A894-006BB3083FCA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{06A3F5FC-5D8E-4C08-92C7-C6AB5BDCD3BA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
FirewallRules: [TCP Query User{B875B1A0-0CF0-424B-A5C5-E7E107CD5FE5}D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{45D3A049-BE3C-4289-9A5F-D2E079CC1EF9}D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{7CD62A46-E939-40C5-834F-1092CDBFAF0F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A3378131-0B98-4D64-9356-061FE56E04CF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{42B3FD3B-761C-496A-A800-BF676DC8213E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{EB7BC00B-CC99-4CB9-860F-3CDB98B0D1E2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3DBCB322-A509-45FB-BB2C-04E34FCB931C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{A9EA4AF6-C5AB-44A6-A9DA-2287F0374207}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{A6A68F1B-A105-4D66-9AEA-023BD49C7025}] => (Allow) C:\Program Files (x86)\AIM6\aim6.exe
FirewallRules: [{E834141F-07AF-49C3-83C4-0485DF7BECAC}] => (Allow) C:\Program Files (x86)\AIM6\aim6.exe
FirewallRules: [{3AEE4F09-06CD-4E63-9ACC-8C81DFC125E5}] => (Allow) D:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{E008DC35-AFDC-4FB9-942A-14836610F826}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AAEF16CA-BBF4-4C74-83A6-D90CC2AA50F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{08FF43F9-9BEF-4E05-8F01-43D9D634D24A}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{90C3DC5D-78FD-401E-A372-F193451FBA13}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{E99651FD-86EE-4E3B-B082-99A188948FD9}C:\users\jung\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jung\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{68E63EF6-7A97-4534-A464-40EE706307B7}C:\users\jung\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jung\appdata\roaming\spotify\spotify.exe
FirewallRules: [{AAEA69B2-109B-454A-87BB-1BDEC4310421}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{262046DF-2674-4881-8FB8-530EC8455280}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E3598E82-9730-422B-BD0E-B861597F6D13}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{95607DDF-51B8-4BCB-B8B7-2C44250E3C30}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C8FDA7E6-16AD-4C0E-B130-13000A7F0FF7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E8B70783-2BB4-4B4A-B602-E40893D4EB95}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{2B17DF6C-9E48-45B3-B356-49CEFDA03236}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{46C03B3A-D7FF-4647-AFDF-F5E7DFF5F424}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{8C926CFF-2839-4574-B042-7D8BD731C82A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7A2BD7D5-7CBA-4150-8B61-87D2CF073C36}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [TCP Query User{B76196DD-064D-4FA5-A048-1B4502A314CB}C:\users\jung\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jung\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{EFF013AF-D889-4B31-BE6D-498F2CEE721A}C:\users\jung\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jung\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{4B942C9C-BB79-4E98-A94F-A2F10CBEDB72}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{DA46928B-4502-435B-ABBF-DBA1778E587E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [TCP Query User{030B0964-219D-47C6-AA5C-830AC31FD05C}D:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [UDP Query User{9F59E011-A3AC-4798-A812-53F58422E047}D:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [{46D81B06-3B90-40B0-8CF3-7115CE221FEC}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
FirewallRules: [{27F0C864-809A-46DB-A092-39D84828F69F}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
FirewallRules: [{7AD9E786-E6C8-42A3-8E24-518A94F7A5B7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{1CA93EDD-3A6F-4C2E-A19B-BCCE56C15191}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{B986476E-0D12-4BA7-8DF3-579027977A7D}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{A4367F48-83F9-4EE7-A9B0-D28CE77B61B3}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{2ED83E8B-315A-4FD5-A86C-8E9DC1C57EDC}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{FA8203DD-322B-4FC4-B98B-86003126173E}D:\program files (x86)\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\program files (x86)\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{8A260B2D-658C-4ADF-95DA-83173DCD92EA}D:\program files (x86)\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\program files (x86)\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{C6E42C4C-EF8A-416B-9B1B-AA163ED96AD2}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [UDP Query User{DC4B94DB-3B6F-435F-B9E7-51A259447265}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [TCP Query User{B0520A69-4800-4797-A590-00CC5C223C98}C:\users\jung\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Allow) C:\users\jung\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [UDP Query User{2A8003AD-AF68-47AE-8578-BE7938D0AD6F}C:\users\jung\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Allow) C:\users\jung\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [TCP Query User{BDBEDB93-44C5-4D7A-A883-DA83D294593B}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [UDP Query User{183817D9-B2F4-4FB6-9D8B-CB7590EA0221}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [{BA61BFDC-998D-4C12-B3D0-91F238A7059C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{9F34FD7D-5C00-46F9-BD9B-C6FDE9397707}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{95F8F08E-C563-4DDE-A7D7-F0EB0AD16BB7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E21F9DF0-5649-45BF-8EC3-EDD398781E3E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{4C5B7D42-49F4-417B-A3C0-4364F2BB4DBF}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [UDP Query User{09CE659E-ABB2-4DA9-A343-7DA511CC3528}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [TCP Query User{E2128C4F-881D-4CA5-83C5-7F82FD848ACE}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [UDP Query User{FB91CE6B-92A7-43DF-A135-F1FB5E23412D}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [TCP Query User{75A3EA50-6D3E-4F19-AF68-5B21A764D131}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe
FirewallRules: [UDP Query User{488809CA-8DE5-4EA9-A0DE-43B6155F6D81}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe

==================== Restore Points =========================

17-04-2018 18:29:36 Scheduled Checkpoint
18-04-2018 02:52:44 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2018 10:36:54 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/18/2018 10:36:49 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (04/18/2018 10:35:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "D:\Users\Jung\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/18/2018 09:07:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "D:\Users\Jung\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/18/2018 09:07:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "D:\Users\Jung\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/18/2018 09:07:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "D:\Users\Jung\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/18/2018 09:03:41 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/18/2018 09:03:36 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2


System errors:
=============
Error: (04/19/2018 03:05:34 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (04/19/2018 01:27:05 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (04/18/2018 10:36:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
An exception occurred in the service when handling the control request.

Error: (04/18/2018 10:36:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/18/2018 10:36:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® ME Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/18/2018 10:36:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/18/2018 10:36:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The cFosSpeed System Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/18/2018 10:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 55%
Total physical RAM: 8154.38 MB
Available physical RAM: 3657.79 MB
Total Virtual: 16306.93 MB
Available Virtual: 11628.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:44.16 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:638.11 GB) NTFS
Drive j: (OFFICE14) (CDROM) (Total:0.71 GB) (Free:0 GB) UDF

\\?\Volume{0a37fd4f-365f-11e4-9da1-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: BD290A63)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 193E19B9)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,852 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:57 AM

Posted 20 April 2018 - 02:26 PM

Pongsona:

Your computer appears clean!

Are you having any computer problems now? If so, please let me know. Otherwise, ENJOY your repaired computer :thumbsup:

.

:step1: You can uninstall the following program using the Control Panel, Add/Remove Programs, unless you want to keep it.



NoVirusThanks Stream Detector v1.2 (HKLM\...\NoVirusThanks Stream Detector_is1) (Version: 1.2.0.0 - NoVirusThanks Company Srl)


.

:step2: We will now remove the anti-malware tools that we used to scan and clean your computer using a final FRST "fixlist" script. I will also remove some "orphaned" IOBIT and Torrent program remnants for you.

Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CloseProcesses:
DeleteQuarantine:
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
C:\Program Files (x86)\IObit
2018-04-11 08:51 - 2018-04-14 21:35 - 000000000 ____D C:\AdwCleaner
2018-04-08 00:07 - 2018-04-10 17:59 - 000000000 ___HD C:\Users\Jung\AppData\Local\uTorrent
2018-03-30 21:37 - 2018-04-08 20:13 - 000000000 ___HD C:\Users\Jung\AppData\Local\BitTorrent
2018-04-18 02:32 - 2017-10-07 13:55 - 000000000 ____D C:\Users\Jung\AppData\Roaming\uTorrent
2018-04-15 00:26 - 2014-09-07 01:46 - 000000000 ____D C:\Users\Jung\AppData\Roaming\IObit
2018-04-11 08:53 - 2014-09-07 01:46 - 000000000 ____D C:\Users\Jung\AppData\LocalLow\IObit
2018-04-11 08:53 - 2014-09-07 01:46 - 000000000 ____D C:\ProgramData\IObit
ContextMenuHandlers1: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [2015-03-28] (IObit)
ContextMenuHandlers4: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [2015-03-28] (IObit)
ContextMenuHandlers6: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [2015-03-28] (IObit)
Task: {DCCC6881-CB76-4670-919B-D15ECDB6F060} - System32\Tasks\Uninstaller_SkipUac_Administrator => D:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
FirewallRules: [TCP Query User{B76196DD-064D-4FA5-A048-1B4502A314CB}C:\users\jung\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jung\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{EFF013AF-D889-4B31-BE6D-498F2CEE721A}C:\users\jung\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jung\appdata\roaming\utorrent\utorrent.exe
CreateRestorePoint:
EmptyTemp:
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST/FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply, before deleting it in the next step.

.

:step3: Please manually delete the following files/folders:

  • C:\FRST
  • D:\Users\Jung\Downloads\FRST64.exe.
  • D:\Users\Jung\Downloads\fixlog.txt.
  • All desktop shortcut icons related to the anti-malware scanners/cleaners that we used.

.

:step4: . . . Some Final Advice . . .

The most common cause of an infected machine is the Trojan Horse, or programs which appear to be legitimate but which contain malicious payloads, or which are simply malicious in and of themselves. No antivirus, firewall, host-based intrusion prevention system (HIPS), or other security software can fully protect you against this kind of attack. The best way to project yourself is not to run email attachments from untrusted sources, and avoid software downloaded from the internet wherever possible. Remember, when you run an application, you are giving that application permission to do to your machine anything you can do to the machine, including create, modify, or destroy files or other data. In the Windows (and most other systems' such as Unix) security model, applications don't have privileges, users do.

The second most common cause of infection is out of date software. Leaving your system unpatched leaves holes through which attackers can execute code on your behalf without your consent. This goes for far more than common targets such as Windows and Internet Explorer. Most recent threats target other third party software, such as Adobe's Adobe Reader, Shockwave Player, or Flash Player, or Oracle's Java browser plugins. You can check your system for out of date software manually, or by using automated software tools, such as Adlice Software UCheck. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out-of-date lists mean no detection of newer malware.

Finally, occasionally you will be forced to run some potentially infected binary, or attackers will use a hole which is unpatched by software vendors, so a last line of defense is needed. That means turning on a firewall (Windows Firewall included with Windows Vista or later is fine) and leaving it on, and using and keeping up-to-date an antivirus solution such as Bitdefender. Antiviral solutions don't even have to cost money; later versions of Windows Defender provide perfectly acceptable protection for free. If for some reason you don't like Windows Defender, there are other free products available as well or you can purchase a security product or products.

  • Avira (shows nag screen to purchase full product when updating, home use only)
  • Bitdefender Free (home use only)

Personally I use Bitdefender 2018 Total Security, along with Malwarebytes Premium. Another paid product worth considering is Emsisoft Anti-Malware, which combines the Bitdefender virus scanning engine with their own anti-malware engine, so that you essentially get two computer security products, totally integrated, for the price of one. Please consult this link for more information on choosing a computer security product.

If you want more information about the methods that malware uses to infect your computer, please consider browsing our How did I get infected? topic.

.

It has been a pleasure assisting you and I hope that you will avoid any further infections in the future. Your most important protection step is to ALWAYS HAVE MORE THAN ONE RECENT BACKUP OF YOUR ENTIRE SYSTEM on an external drive that is only connected to your computer long enough to backup or restore. I do system images weekly. With the free backup software out there (Easeus ToDo Backup Home, Macrium Reflect, etc.), and the very reasonable prices for external USB hard drives, there is no reason to not have a backup.

.

On behalf of the Bleeping Computer (BC) community, thank you for choosing BC to assist you with your computer issues, stay safe out there in cyberspace, and have a great day. I will await the final FRST "fixlog.txt" results before concluding your topic.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#11 Pongsona

Pongsona
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 21 April 2018 - 03:44 AM

Hello. For some reason, I wasn't able to delete the C:\FRST folder.

Here's the screenshot. http://prntscr.com/j85utf If I right click on the folder, go to properties and security, everything is checked under the Allow column.

 

Here's the final log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2018
Ran by Jung (21-04-2018 04:31:16) Run:2
Running from D:\Users\Jung\Downloads
Loaded Profiles: Jung (Available Profiles: Jung)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
DeleteQuarantine:
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
C:\Program Files (x86)\IObit
2018-04-11 08:51 - 2018-04-14 21:35 - 000000000 ____D C:\AdwCleaner
2018-04-08 00:07 - 2018-04-10 17:59 - 000000000 ___HD C:\Users\Jung\AppData\Local\uTorrent
2018-03-30 21:37 - 2018-04-08 20:13 - 000000000 ___HD C:\Users\Jung\AppData\Local\BitTorrent
2018-04-18 02:32 - 2017-10-07 13:55 - 000000000 ____D C:\Users\Jung\AppData\Roaming\uTorrent
2018-04-15 00:26 - 2014-09-07 01:46 - 000000000 ____D C:\Users\Jung\AppData\Roaming\IObit
2018-04-11 08:53 - 2014-09-07 01:46 - 000000000 ____D C:\Users\Jung\AppData\LocalLow\IObit
2018-04-11 08:53 - 2014-09-07 01:46 - 000000000 ____D C:\ProgramData\IObit
ContextMenuHandlers1: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [2015-03-28] (IObit)
ContextMenuHandlers4: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [2015-03-28] (IObit)
ContextMenuHandlers6: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [2015-03-28] (IObit)
Task: {DCCC6881-CB76-4670-919B-D15ECDB6F060} - System32\Tasks\Uninstaller_SkipUac_Administrator => D:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
FirewallRules: [TCP Query User{B76196DD-064D-4FA5-A048-1B4502A314CB}C:\users\jung\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jung\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{EFF013AF-D889-4B31-BE6D-498F2CEE721A}C:\users\jung\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jung\appdata\roaming\utorrent\utorrent.exe
CreateRestorePoint:
EmptyTemp:

*****************

Processes closed successfully.
"C:\FRST\Quarantine" => removed successfully
"HKLM\System\CurrentControlSet\Services\LiveUpdateSvc" => removed successfully
LiveUpdateSvc => service removed successfully
C:\Program Files (x86)\IObit => moved successfully
C:\AdwCleaner => moved successfully
C:\Users\Jung\AppData\Local\uTorrent => moved successfully
C:\Users\Jung\AppData\Local\BitTorrent => moved successfully
C:\Users\Jung\AppData\Roaming\uTorrent => moved successfully
C:\Users\Jung\AppData\Roaming\IObit => moved successfully
C:\Users\Jung\AppData\LocalLow\IObit => moved successfully
C:\ProgramData\IObit => moved successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UnLockerMenu" => removed successfully
"HKLM\Software\Classes\CLSID\{A6FF0E3A-8437-482C-8E04-4F9E15C57538}" => removed successfully
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\UnLockerMenu" => removed successfully
HKLM\Software\Classes\CLSID\{A6FF0E3A-8437-482C-8E04-4F9E15C57538} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UnLockerMenu" => removed successfully
HKLM\Software\Classes\CLSID\{A6FF0E3A-8437-482C-8E04-4F9E15C57538} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCCC6881-CB76-4670-919B-D15ECDB6F060}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCCC6881-CB76-4670-919B-D15ECDB6F060}" => removed successfully
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Administrator" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B76196DD-064D-4FA5-A048-1B4502A314CB}C:\users\jung\appdata\roaming\utorrent\utorrent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EFF013AF-D889-4B31-BE6D-498F2CEE721A}C:\users\jung\appdata\roaming\utorrent\utorrent.exe" => removed successfully
Restore point was successfully created.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10480402 B
Java, Flash, Steam htmlcache => 755406887 B
Windows/system/drivers => 178932042 B
Edge => 0 B
Chrome => 173259067 B
Firefox => 432650001 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 49990 B
LocalService => 66228 B
NetworkService => 66228 B
Jung => 82296826 B
UpdatusUser => 0 B

RecycleBin => 0 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 04:34:42 ====

 

 

Again, thank you for all your help.


Edited by Pongsona, 21 April 2018 - 03:45 AM.


#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,852 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:57 AM

Posted 21 April 2018 - 12:35 PM

Pongsona:
 
Thank you for your post and for copying and pasting the results of the final FRST "fixlog.txt" script.  That looks great! :thumbup2:
 
I am not sure why you can't delete the C:\FRST folder.  My guess is that the FRST program might have that folder locked.
 
.
 
:step1: Warm booting does not completely clear the computer and reset everything. See this article. It is amazing to me how many really weird problems are resolved by a power reset of your computer. Power resets are my first diagnostic step. If you launch the "Windows Repair (All In One)" tool by Tweaking.com, you will see that power resets is the first of their preliminary diagnostic steps. That tool is available for download here at Bleeping Computer.

With laptops, it also necessary not just to unplug them, but also to remove the battery to ensure that the motherboard loses power, causing components to reset to their default state. Press and hold the "Power" button down for 10 to 20 seconds, when all power sources have been unplugged from the computer/laptop. This ensures that the capacitors on the motherboard, and other boards, such as GPU, drive controllers, etc., also lose any residual electrical power and are reset back to default states. The only thing that doesn't lose power is the BIOS CMOS, because it has its own battery, and removing that is not usually desirable, since the BIOS loses any custom configuration information, as well as the date and time.

Once you have done the power reset, then reinsert the laptop battery, if you have a laptop, and plug the computer back in. Press the "Power" button and the computer should boot normally, with all memory and capacitors cleared by the power reset. This often solves a lot of computer issues by itself.

Now reboot and try again to delete the file. If the file still cannot be deleted, please move on to the next step(s); otherwise, if you successfully delete the file, please skip the remaining steps and report back.

.

:step2: Please boot your computer into Safe Mode, and attempt to delete the file.

 

.

 

:step3: Download and install Malwarebytes FileASSASSIN.  Please use FileASSASSIN to delete the folder.

 

.

 

Please let me know you make out.  Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#13 Pongsona

Pongsona
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 22 April 2018 - 04:37 AM

Hello. I was able to remove the file. :bananas:



#14 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,852 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:57 AM

Posted 22 April 2018 - 05:25 AM

Pongsona:

 

Thank you for your post.  That is great news! :thumbup2:  Which option worked for you?  I ask because it will help other people in the future who have the same difficulty.

 

Do you have any other questions or concerns; or, can I conclude your topic?

 

Thank you and have a great day.

 

Regards,

-Phil


Edited by garioch7, 22 April 2018 - 05:26 AM.
Correct typo

Graduate of the Bleeping Computer Malware Removal Study Hall


#15 Pongsona

Pongsona
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 22 April 2018 - 06:52 AM

Safe mode worked for me.

 

You can conclude the topic. Again, thanks for all your help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users