Jump to content

alex_rossi1133

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks for your reply. Attached: FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016 Ran by Allen Loh (administrator) on DESKTOP-63RO6J2 (15-09-2016 00:58:45) Running from C:\Users\Allen Loh\Desktop Loaded Profiles: Allen Loh & (Available Profiles: Allen Loh) Platform: Windows 10 Enterprise Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Alibaba (China) Co., LTD. All rights reserved.) C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Alipay.com Inc. ) C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\pcas.exe (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe (Tencent) C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe (Alipay.com Inc. ) C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\secbizsrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Alipay.com Inc. ) C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\aliwssv.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe () C:\Program Files (x86)\RocketDock\RocketDock.exe (Flux Software LLC) C:\Users\Allen Loh\AppData\Local\FluxSoftware\Flux\flux.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Astrill) C:\Program Files (x86)\Astrill\astrill.exe (Astrill) C:\Program Files (x86)\Astrill\ASOvpnSvc.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Spotify Ltd) C:\Users\Allen Loh\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Emurasoft, Inc.) C:\Users\Allen Loh\AppData\Local\Programs\EmEditor\emedtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe (TENCENT) C:\Program Files (x86)\Tencent\WeChat\WeChat.exe () C:\Program Files (x86)\Tencent\WeChat\WeChatWeb.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Spotify Ltd) C:\Users\Allen Loh\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\Allen Loh\AppData\Roaming\Spotify\SpotifyCrashService.exe (Spotify Ltd) C:\Users\Allen Loh\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\Allen Loh\AppData\Roaming\Spotify\Spotify.exe (阿里巴巴(中国)有限公司) C:\Users\Allen Loh\AppData\Roaming\TaobaoProtect\TaobaoProtect.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE () C:\Program Files (x86)\Astrill\asovpnc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Allen Loh\AppData\Local\Citrix\GoToMeeting\5530\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Allen Loh\AppData\Local\Citrix\GoToMeeting\5530\g2mcomm.exe (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Allen Loh\AppData\Local\Citrix\GoToMeeting\5530\g2mlauncher.exe (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Allen Loh\AppData\Local\Citrix\GoToMeeting\5530\g2mui.exe (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Allen Loh\AppData\Local\Citrix\GoToMeeting\5530\g2mvideoconference.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8712960 2015-10-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-07] (Realtek Semiconductor) HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [717744 2015-11-03] (Waves Audio Ltd.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-15] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-15] (NVIDIA Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322120 2016-04-28] (Intel Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-02-28] (Power Software Ltd) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25197248 2016-08-31] (Dropbox, Inc.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-04-23] (Adobe Systems Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-19] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [830064 2016-09-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [18536 2016-09-05] (Avira Operations GmbH & Co. KG) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\Run: [Spotify Web Helper] => C:\Users\Allen Loh\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-09-07] (Spotify Ltd) HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\Run: [f.lux] => C:\Users\Allen Loh\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC) HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\Run: [QQ2009] => C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe [109888 2016-05-24] (Tencent) HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\Run: [Spotify] => C:\Users\Allen Loh\AppData\Roaming\Spotify\Spotify.exe [6810224 2016-09-07] (Spotify Ltd) HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe [806904 2016-08-25] (ExpressVPN) HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\RunOnce: [Uninstall C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64" HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\RunOnce: [Uninstall C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64" HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Allen Loh\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-09-07] (Spotify Ltd) HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [f.lux] => C:\Users\Allen Loh\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC) HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QQ2009] => C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe [109888 2016-05-24] (Tencent) HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\Allen Loh\AppData\Roaming\Spotify\Spotify.exe [6810224 2016-09-07] (Spotify Ltd) HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe [806904 2016-08-25] (ExpressVPN) HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64" HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64" Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [!BTSync2.3.3Done] -> {581FFA04-FC33-0003-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_128.dll [2016-02-29] () ShellIconOverlayIdentifiers: [!BTSync2.3.3RO] -> {581FFA03-FC33-0003-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_128.dll [2016-02-29] () ShellIconOverlayIdentifiers: [!BTSync2.3.3RW] -> {581FFA02-FC33-0003-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_128.dll [2016-02-29] () ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [!BTSync2.3.3Done] -> {581FFA04-FC33-0003-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay86_128.dll [2016-02-29] () ShellIconOverlayIdentifiers-x32: [!BTSync2.3.3RO] -> {581FFA03-FC33-0003-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay86_128.dll [2016-02-29] () ShellIconOverlayIdentifiers-x32: [!BTSync2.3.3RW] -> {581FFA02-FC33-0003-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay86_128.dll [2016-02-29] () Startup: C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EmEditor.lnk [2016-09-14] ShortcutTarget: EmEditor.lnk -> C:\Users\Allen Loh\AppData\Local\Programs\EmEditor\emedtray.exe (Emurasoft, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog9-x64 01 C:\Windows\system32\ASProxy64.dll [555032 2015-09-03] (Astrill) Winsock: Catalog9-x64 02 C:\Windows\system32\ASProxy64.dll [555032 2015-09-03] (Astrill) Winsock: Catalog9-x64 03 C:\Windows\system32\ASProxy64.dll [555032 2015-09-03] (Astrill) Winsock: Catalog9-x64 04 C:\Windows\system32\ASProxy64.dll [555032 2015-09-03] (Astrill) Winsock: Catalog9-x64 05 C:\Windows\system32\ASProxy64.dll [555032 2015-09-03] (Astrill) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{8ef4e5db-5675-4f13-98b3-dda189ddf628}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{9ac3b93f-3f79-4947-b4fd-1824d638c125}: [DhcpNameServer] 198.18.48.1 Tcpip\..\Interfaces\{af2ebe06-3fa3-4aef-b51b-d83d8db7288b}: [DhcpNameServer] 198.18.56.1 Tcpip\..\Interfaces\{ca1dcd3c-0cea-4a52-a369-35d628c65f64}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{ec008a60-cbe9-4fbc-8d53-070ae53feba6}: [DhcpNameServer] 10.12.0.1 Internet Explorer: ================== BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: QQMiniDL Helper Class -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll [2014-07-15] (Tencent Technology (Shenzhen) Company Limited) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\Allen Loh\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll [2016-07-03] (Tencent) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) DPF: HKLM-x32 {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} hxxps://site.cmbchina.com/download/CMBEdit.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Allen Loh\AppData\Roaming\Mozilla\Firefox\Profiles\ARzsHrG8.default FF Plugin: @alipay.com/npalicert -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npalicdo64.dll [2015-01-14] (alipay.com) FF Plugin: @alipay.com/npAliInetHealth -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npAlipaydhc64.dll [2015-01-14] (Alipay.com Inc. ) FF Plugin: @alipay.com/npAliSecCtrl -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npAliSecCtrl64.dll [2015-01-14] (Alipay.com Inc. ) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems) FF Plugin-x32: @alipay.com/npalicert -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npalicdo.dll [2015-01-14] (alipay.com) FF Plugin-x32: @alipay.com/npalidcp -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npalidcp.dll [2014-07-03] (Alipay.com co.,ltd) FF Plugin-x32: @alipay.com/npaliedit -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npaliedit.dll [2014-07-03] (Alipay.com co.,ltd) FF Plugin-x32: @alipay.com/npAliInetHealth -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npAlipaydhc.dll [2015-01-14] (Alipay.com Inc. ) FF Plugin-x32: @alipay.com/npAliSecCtrl -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npAliSecCtrl.dll [2015-01-14] (Alipay.com Inc. ) FF Plugin-x32: @alipay.com/NPComBrg701,version=1.0.2011.701 -> C:\Windows\system32\itruscert\NPComBrg701.dll [No File] FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @cmbchina.com/npcmbedit -> C:\Windows\system32\NPCMBEdit.dll [No File] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-03] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-03] (NVIDIA Corporation) FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll [2016-02-29] (Tencent) FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\npXFMiniDLPlugin.dll [2014-04-25] (Tencent Technology (Shenzhen) Company Limited) FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [2013-08-13] () FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll [2016-02-26] (Tencent) FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.4.2\Bin\npSSOAxCtrlForPTLogin.dll [2016-01-22] (Tencent) FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [2013-04-25] (Tencent) FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [2013-04-08] (Tencent Technology (Shenzhen) Company Limited) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-04-23] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems) FF Plugin HKU\S-1-5-21-412318308-364620732-2893145180-1001: @1.qq.com/npqqwebgame -> C:\Users\Allen Loh\AppData\Roaming\Tencent\WebGamePlugin\1.0.4.3\npqqwebgame.dll [2015-10-20] ( ) FF Plugin HKU\S-1-5-21-412318308-364620732-2893145180-1001: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npAliSSOLogin.dll [No File] FF Plugin HKU\S-1-5-21-412318308-364620732-2893145180-1001: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npwangwang.dll [No File] FF Plugin HKU\S-1-5-21-412318308-364620732-2893145180-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Allen Loh\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-09-15] (Citrix Online) FF Plugin HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @1.qq.com/npqqwebgame -> C:\Users\Allen Loh\AppData\Roaming\Tencent\WebGamePlugin\1.0.4.3\npqqwebgame.dll [2015-10-20] ( ) FF Plugin HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npAliSSOLogin.dll [No File] FF Plugin HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npwangwang.dll [No File] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation) FF Extension: (Avira Browser Safety) - C:\Users\Allen Loh\AppData\Roaming\Mozilla\Firefox\Profiles\ARzsHrG8.default\Extensions\abs@avira.com [2016-09-04] FF Extension: (Avira SafeSearch Plus) - C:\Users\Allen Loh\AppData\Roaming\Mozilla\Firefox\Profiles\ARzsHrG8.default\Extensions\safesearchplus2@avira.com [2016-09-04] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-07-25] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.techcrunch.com/" CHR DefaultSearchURL: Default -> hxxp://tw.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=402027&p={searchTerms} CHR DefaultSearchKeyword: Default -> yahoo.com search CHR DefaultSuggestURL: Default -> hxxp://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms} CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-27] CHR Extension: (Google Docs) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-27] CHR Extension: (Google Drive) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-27] CHR Extension: (YouTube) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-27] CHR Extension: (Google Search) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-27] CHR Extension: (Clear Cache) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [2016-02-29] CHR Extension: (Tampermonkey) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-09-05] CHR Extension: (Axure RP Extension for Chrome) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dogkpdfcklifaemcdfbildhcofnopogp [2016-02-29] CHR Extension: (Session Buddy) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-05-01] CHR Extension: (Adobe Acrobat) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-09-13] CHR Extension: (Google Calendar) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-02-29] CHR Extension: (Quote Roller) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\eonldhmaohklgbbbhpbaajfgafbdlegp [2016-02-29] CHR Extension: (Google Sheets) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-27] CHR Extension: (Full Screen Weather) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2016-02-29] CHR Extension: (Avira Browser Safety) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-13] CHR Extension: (Google Docs Offline) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (AdBlock) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-24] CHR Extension: (Muzli 2 - Stay Inspired) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcipcfhmopcgidicgdociohdoicpdfc [2016-08-29] CHR Extension: (Wappalyzer) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppongmhjkpfnbhagpmjfkannfbllamg [2016-09-05] CHR Extension: (Inspirational Quote of the Day) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\haoobbbpobmbbbljahonelppglbhapji [2016-02-29] CHR Extension: (Google Keep - notes and lists) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-09-13] CHR Extension: (Avira SafeSearch Plus) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2016-09-04] CHR Extension: (WhatFont) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2016-06-17] CHR Extension: (Throttle) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\klmapenfmenbohghcdlilacfhckhcbnn [2016-07-22] CHR Extension: (支付宝安全插件) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lapoiohkeidniicbalnfmakkbnpejgbi [2016-02-29] CHR Extension: (Product Hunt) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\likjafohlgffamccflcidmedfongmkee [2016-08-31] CHR Extension: (Google Maps) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-02-29] CHR Extension: (LINE) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\menkifleemblimdogmoihpfopnplikde [2016-09-08] CHR Extension: (Assistant.to Scheduling Assistant) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndddjdifcfcddfdgedlcmfjamionaago [2016-02-29] CHR Extension: (Chrome Web Store Payments) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07] CHR Extension: (My Chrome Theme) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-02-29] CHR Extension: (Unblock Youku) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2016-09-13] CHR Extension: (Gmail) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-27] CHR Extension: (Chrome Media Router) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-412318308-364620732-2893145180-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-04-23] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [989696 2016-09-07] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [470600 2016-09-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [470600 2016-09-07] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1454720 2016-09-07] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R3 ASOVPNHelper; C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [615672 2016-07-02] (Astrill) S3 ASProxy; C:\Program Files (x86)\Astrill\ASProxy.exe [2618104 2016-06-01] (Astrill) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [324304 2016-08-19] (Avira Operations GmbH & Co. KG) R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [26760 2016-09-12] (Avira Operations GmbH & Co. KG) R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2297104 2015-10-29] (Broadcom Corporation.) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com) S2 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [431088 2016-06-07] (Intel Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-07] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-07] (Dropbox, Inc.) R2 esifsvc; C:\Windows\SysWoW64\esif_uf.exe [1392792 2015-10-30] (Intel Corporation) R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2016-08-25] () [File not signed] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-15] (NVIDIA Corporation) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-09-13] (SurfRight B.V.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2016-04-28] (Intel Corporation) S2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [165104 2015-08-07] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [356336 2016-06-07] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-20] (Intel Corporation) [File not signed] R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel(R) Corporation) S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-20] () [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-09-05] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-15] (NVIDIA Corporation) S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-15] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-15] (NVIDIA Corporation) R2 pcas; C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\pcas.exe [589784 2015-01-14] (Alipay.com Inc. ) R2 QPCore; C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe [115520 2016-08-10] (Tencent) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-10-07] (Realtek Semiconductor) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 secbizsrv; C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\secbizsrv.exe [591320 2015-01-14] (Alipay.com Inc. ) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation) R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [26632 2016-09-05] (Avira Operations GmbH & Co. KG) R2 TBSecSvc; C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe [227296 2016-08-11] (Alibaba (China) Co., LTD. All rights reserved.) S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1831064 2015-11-04] (Intel Corporation) R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [908256 2016-07-14] (McAfee, Inc.) R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-07-14] (McAfee, Inc.) S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-07-14] (McAfee, Inc.) R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [578480 2015-09-26] (Waves Audio Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 asvpndrv; C:\Windows\System32\drivers\asvpndrv.sys [31744 2014-05-17] (Astrill) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [144664 2016-08-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [154392 2016-08-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-08-18] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-08-18] (Avira Operations GmbH & Co. KG) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [227136 2015-10-29] (Broadcom Corporation.) R3 BCMPCIEDHD63; C:\Windows\system32\DRIVERS\bcmpciedhd63.sys [1063736 2016-03-03] (Broadcom Corp) R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [55784 2015-10-30] (Intel Corporation) R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [52200 2015-10-30] (Intel Corporation) R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [260072 2015-10-30] (Intel Corporation) S3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\drivers\EvoMouseDriverFilterHidUsb.sys [29936 2016-01-29] (Evoluent) R3 HidEventFilter; C:\Windows\System32\drivers\HidEventFilter.sys [54792 2016-01-07] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-15] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 nhi; C:\Windows\system32\DRIVERS\tbt81x.sys [135160 2016-01-07] (Intel Corporation) R0 nvme; C:\Windows\System32\drivers\nvme.sys [70208 2015-05-29] (Samsung Electronic Co., Ltd) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-15] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation) S3 QDAntiDrv; C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QDAntiDrv64.sys [55416 2016-03-19] (Tencent) S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [752856 2015-06-24] (Realsil Semiconductor Corporation) R3 tapexpressvpn; C:\Windows\System32\drivers\tapexpressvpn.sys [39208 2016-08-25] (The OpenVPN Project) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-15 00:58 - 2016-09-15 00:59 - 00051775 _____ C:\Users\Allen Loh\Desktop\FRST.txt 2016-09-15 00:58 - 2016-09-15 00:58 - 01706112 _____ (Malwarebytes) C:\Users\Allen Loh\Desktop\mbam-check-2.3.2.0.exe 2016-09-15 00:58 - 2016-09-15 00:58 - 00047338 _____ C:\Users\Allen Loh\Desktop\CheckResults.txt 2016-09-15 00:58 - 2016-09-15 00:58 - 00000000 ____D C:\FRST 2016-09-15 00:57 - 2016-09-15 00:57 - 02398720 _____ (Farbar) C:\Users\Allen Loh\Desktop\FRST64.exe 2016-09-15 00:54 - 2016-09-15 00:54 - 00003888 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-412318308-364620732-2893145180-1001 2016-09-15 00:54 - 2016-09-15 00:54 - 00003792 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-412318308-364620732-2893145180-1001 2016-09-15 00:54 - 2016-09-15 00:54 - 00000714 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-412318308-364620732-2893145180-1001.job 2016-09-15 00:54 - 2016-09-15 00:54 - 00000618 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-412318308-364620732-2893145180-1001.job 2016-09-15 00:53 - 2016-09-15 00:54 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\Citrix 2016-09-14 23:13 - 2016-09-14 23:13 - 00018294 _____ C:\Users\Allen Loh\Desktop\the-shallows_HI_english-1401688.zip 2016-09-14 20:51 - 2016-09-14 20:51 - 00002151 _____ C:\Users\Public\Desktop\Avira Software Updater.lnk 2016-09-14 19:56 - 2016-09-14 19:56 - 00000000 ____D C:\ProgramData\Emurasoft 2016-09-14 19:54 - 2016-09-14 19:54 - 00002271 _____ C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EmEditor.lnk 2016-09-14 19:54 - 2016-09-14 19:54 - 00002263 _____ C:\Users\Allen Loh\Desktop\EmEditor.lnk 2016-09-14 19:54 - 2016-09-14 19:54 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\Emurasoft 2016-09-14 19:53 - 2016-09-14 19:54 - 05532864 _____ (Emurasoft, Inc.) C:\Users\Allen Loh\Desktop\emed64_16.1.4.exe 2016-09-14 15:47 - 2016-09-14 15:49 - 23786331 _____ C:\Users\Allen Loh\Desktop\trophy descriptions.pptx 2016-09-14 10:38 - 2016-09-14 10:38 - 00908703 _____ C:\Users\Allen Loh\Desktop\NBVKR3JqMRnRgzHrI0t3rPV_1473820743840.pdf 2016-09-13 23:13 - 2016-09-13 23:13 - 00001288 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk 2016-09-13 23:12 - 2016-09-14 23:13 - 00000000 ____D C:\Users\Public\Speedup Sessions 2016-09-13 23:06 - 2016-09-13 23:06 - 00000000 ____D C:\WINDOWS\Panther 2016-09-13 18:28 - 2016-09-13 18:33 - 84516864 _____ C:\Users\Allen Loh\Desktop\home.sketch 2016-09-12 20:32 - 2016-09-12 18:25 - 00000000 ____D C:\Users\Allen Loh\Desktop\ui copy 2016-09-12 20:29 - 2016-09-12 20:29 - 13559082 _____ C:\Users\Allen Loh\Desktop\ui copy.zip 2016-09-12 18:23 - 2016-09-12 18:24 - 00271418 _____ C:\Users\Allen Loh\Desktop\Thalys Template3.pdf 2016-09-12 18:23 - 2016-09-12 18:24 - 00270383 _____ C:\Users\Allen Loh\Desktop\Thalys Template4.pdf 2016-09-12 18:22 - 2016-09-12 18:23 - 00270451 _____ C:\Users\Allen Loh\Desktop\Thalys Template2.pdf 2016-09-12 18:21 - 2016-09-12 18:25 - 00932131 _____ C:\Users\Allen Loh\Desktop\Thalys Template1.pdf 2016-09-12 18:08 - 2016-09-12 18:08 - 00317513 _____ C:\Users\Allen Loh\Desktop\TCAFWF-WAN-CHEN-YANG.pdf 2016-09-12 18:08 - 2016-09-12 18:08 - 00317396 _____ C:\Users\Allen Loh\Desktop\TCAFWF-ALLEN-TSU-YUAN-LOH.pdf 2016-09-12 14:59 - 2016-09-12 14:59 - 03826240 _____ C:\Users\Allen Loh\Desktop\AdwCleaner.exe 2016-09-12 14:58 - 2016-09-12 14:58 - 01610560 _____ (Malwarebytes) C:\Users\Allen Loh\Desktop\JRT.exe 2016-09-12 14:57 - 2016-09-12 14:58 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Allen Loh\Desktop\esetonlinescanner_enu.exe 2016-09-12 13:25 - 2016-09-12 13:25 - 00001100 _____ C:\Users\Allen Loh\Desktop\WinDirStat.lnk 2016-09-12 13:25 - 2016-09-12 13:25 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat 2016-09-12 13:25 - 2016-09-12 13:25 - 00000000 ____D C:\Program Files (x86)\WinDirStat 2016-09-12 13:17 - 2016-09-12 13:17 - 00000000 ____D C:\Users\Allen Loh\Desktop\Space Sniffer 2016-09-10 14:37 - 2016-09-10 14:37 - 00011979 _____ C:\Users\Allen Loh\Desktop\Design Work - Vijayakumar v.2.xlsx 2016-09-10 11:39 - 2016-09-14 11:39 - 00028621 _____ C:\Users\Allen Loh\Desktop\99Designs (2).xlsx 2016-09-09 21:31 - 2016-09-13 21:48 - 04330281 _____ C:\Users\Allen Loh\Desktop\App Store Pages.pptx 2016-09-09 14:05 - 2016-09-09 14:09 - 00012148 _____ C:\Users\Allen Loh\Desktop\Design Work - Vijayakumar.xlsx 2016-09-09 12:16 - 2016-09-09 12:16 - 00008190 _____ C:\Users\Allen Loh\Desktop\Europe Trip Expenses.xlsx 2016-09-09 12:06 - 2016-09-09 12:06 - 00133698 _____ C:\Users\Allen Loh\Desktop\Non Profit Campaign.pptx 2016-09-08 20:43 - 2016-09-08 20:43 - 00001221 _____ C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\LINE.lnk 2016-09-08 20:43 - 2016-09-08 20:43 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LINE 2016-09-08 20:43 - 2016-09-08 20:43 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\LINE 2016-09-08 16:15 - 2016-09-08 16:15 - 05889014 _____ C:\Users\Allen Loh\Desktop\ASO_PlayBook_August_2016_EN.pdf 2016-09-07 20:21 - 2016-09-08 20:38 - 00038852 _____ C:\Users\Allen Loh\Desktop\App Store Keyword Ranking - getlooseleaf.com.xlsx 2016-09-07 19:43 - 2016-09-07 19:43 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\ExpressVPN 2016-09-07 19:43 - 2016-09-07 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN 2016-09-07 19:43 - 2016-09-07 19:43 - 00000000 ____D C:\ProgramData\ExpressVPN 2016-09-07 19:43 - 2016-09-07 19:43 - 00000000 ____D C:\Program Files (x86)\ExpressVPN 2016-09-07 11:35 - 2016-09-07 11:35 - 00003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task 2016-09-07 02:52 - 2016-09-14 22:37 - 00432894 _____ C:\WINDOWS\system32\prfh0404.dat 2016-09-07 02:52 - 2016-09-14 22:37 - 00136834 _____ C:\WINDOWS\system32\prfc0404.dat 2016-09-07 02:52 - 2016-09-07 02:51 - 00119662 _____ C:\WINDOWS\system32\prfi0404.dat 2016-09-07 02:52 - 2016-09-07 02:51 - 00033362 _____ C:\WINDOWS\system32\prfd0404.dat 2016-09-07 02:51 - 2016-09-07 02:51 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HANT 2016-09-07 02:51 - 2016-09-07 02:51 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2016-09-07 02:51 - 2016-09-07 02:51 - 00000000 ____D C:\WINDOWS\system32\zh-HANT 2016-09-07 02:49 - 2016-09-07 02:49 - 00008192 _____ C:\WINDOWS\system32\config\userdiff 2016-09-07 02:48 - 2016-09-07 02:48 - 00000000 ____D C:\Program Files\Reference Assemblies 2016-09-07 02:48 - 2016-09-07 02:48 - 00000000 ____D C:\Program Files\MSBuild 2016-09-07 02:48 - 2016-09-07 02:48 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2016-09-07 02:48 - 2016-09-07 02:48 - 00000000 ____D C:\Program Files (x86)\MSBuild 2016-09-07 02:47 - 2016-09-07 02:47 - 01349128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-09-07 02:47 - 2016-09-07 02:47 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-09-07 02:47 - 2016-09-07 02:47 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-09-07 02:47 - 2016-09-07 02:47 - 00885832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-09-07 02:47 - 2016-09-07 02:47 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2016-09-07 02:47 - 2016-05-26 06:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2016-09-07 02:47 - 2016-05-26 06:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2016-09-07 02:47 - 2016-05-26 06:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2016-09-07 02:47 - 2016-05-26 03:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2016-09-07 02:47 - 2016-05-26 03:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2016-09-07 02:47 - 2016-05-26 03:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2016-09-06 11:33 - 2016-09-06 11:33 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2016-09-06 11:32 - 2016-09-07 22:10 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\ConnectedDevicesPlatform 2016-09-06 11:32 - 2016-09-06 11:32 - 00000020 ___SH C:\Users\Allen Loh\ntuser.ini 2016-09-06 11:32 - 2016-09-06 11:32 - 00000000 ____D C:\ProgramData\USOShared 2016-09-06 11:17 - 2016-09-06 11:17 - 00000000 _SHDL C:\Users\Default\My Documents 2016-09-06 11:17 - 2016-09-06 11:17 - 00000000 _SHDL C:\Users\Default\Documents\My Videos 2016-09-06 11:17 - 2016-09-06 11:17 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures 2016-09-06 11:17 - 2016-09-06 11:17 - 00000000 _SHDL C:\Users\Default\Documents\My Music 2016-09-06 11:17 - 2016-09-06 11:17 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos 2016-09-06 11:17 - 2016-09-06 11:17 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures 2016-09-06 11:17 - 2016-09-06 11:17 - 00000000 _SHDL C:\Users\Default User\Documents\My Music 2016-09-06 11:16 - 2016-09-06 11:17 - 00007623 _____ C:\WINDOWS\diagwrn.xml 2016-09-06 11:16 - 2016-09-06 11:17 - 00007623 _____ C:\WINDOWS\diagerr.xml 2016-09-06 11:15 - 2016-09-14 11:53 - 00005260 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-63RO6J2-Allen Loh DESKTOP-63RO6J2 2016-09-06 11:15 - 2016-09-13 23:13 - 00003450 _____ C:\WINDOWS\System32\Tasks\Avira System Speedup Tray 2016-09-06 11:15 - 2016-09-13 23:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-09-06 11:15 - 2016-09-06 11:15 - 01101038 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2016-09-06 11:15 - 2016-09-06 11:15 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat 2016-09-06 11:15 - 2016-09-06 11:15 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-09-06 11:15 - 2016-09-06 11:15 - 00003460 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA 2016-09-06 11:15 - 2016-09-06 11:15 - 00003450 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-09-06 11:15 - 2016-09-06 11:15 - 00003314 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3642041D-A602-4F45-A949-6BB695B4A759} 2016-09-06 11:15 - 2016-09-06 11:15 - 00003236 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore 2016-09-06 11:15 - 2016-09-06 11:15 - 00003226 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-09-06 11:15 - 2016-09-06 11:15 - 00002996 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask 2016-09-06 11:15 - 2016-09-06 11:15 - 00002786 _____ C:\WINDOWS\System32\Tasks\AutoPico Daily Restart 2016-09-06 11:15 - 2016-09-06 11:15 - 00002778 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-63RO6J2-Allen Loh 2016-09-06 11:15 - 2016-09-06 11:15 - 00002304 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton 2016-09-06 11:15 - 2016-09-06 11:15 - 00002256 _____ C:\WINDOWS\System32\Tasks\{698B8980-0A68-4FEF-97F6-8B071F289479} 2016-09-06 11:15 - 2016-09-06 11:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking 2016-09-06 11:15 - 2016-09-06 11:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\Intel 2016-09-06 11:15 - 2016-09-06 11:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple 2016-09-06 10:59 - 2016-09-06 10:59 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-09-06 10:57 - 2016-09-06 10:59 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate 2016-09-06 10:56 - 2016-09-13 22:27 - 00000000 ____D C:\Users\Allen Loh 2016-09-06 10:56 - 2016-09-06 10:56 - 00000000 _SHDL C:\Users\Allen Loh\My Documents 2016-09-06 10:56 - 2016-09-06 10:56 - 00000000 _SHDL C:\Users\Allen Loh\Documents\My Videos 2016-09-06 10:56 - 2016-09-06 10:56 - 00000000 _SHDL C:\Users\Allen Loh\Documents\My Pictures 2016-09-06 10:56 - 2016-09-06 10:56 - 00000000 _SHDL C:\Users\Allen Loh\Documents\My Music 2016-09-06 10:56 - 2016-07-16 19:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2016-09-06 10:55 - 2016-09-13 23:06 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2016-09-06 10:55 - 2016-09-13 23:06 - 00000000 ____D C:\ProgramData\NVIDIA 2016-09-06 10:55 - 2016-09-06 10:58 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-09-06 10:55 - 2016-09-06 10:58 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-09-06 10:55 - 2016-09-06 10:58 - 00000000 ____D C:\Program Files\Intel 2016-09-06 10:55 - 2016-09-06 10:55 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat 2016-09-06 10:55 - 2016-09-06 10:55 - 00000000 ____D C:\WINDOWS\SysWOW64\sda 2016-09-06 10:55 - 2016-09-06 10:55 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin 2016-09-06 10:55 - 2016-06-07 12:41 - 00099864 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL 2016-09-06 10:55 - 2016-06-03 11:59 - 06452948 _____ C:\WINDOWS\system32\nvcoproc.bin 2016-09-06 10:55 - 2016-06-03 11:59 - 06364216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2016-09-06 10:55 - 2016-06-03 11:59 - 02455608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2016-09-06 10:55 - 2016-06-03 11:59 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2016-09-06 10:55 - 2016-06-03 11:59 - 01352760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe 2016-09-06 10:55 - 2016-06-03 11:59 - 00534072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2016-09-06 10:55 - 2016-06-03 11:59 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2016-09-06 10:55 - 2016-06-03 11:59 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2016-09-06 10:55 - 2016-06-03 11:59 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2016-09-06 10:54 - 2016-09-14 22:03 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-09-06 10:54 - 2016-09-07 22:10 - 04985176 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-09-06 10:54 - 2016-09-06 10:58 - 00000000 ____D C:\Program Files (x86)\Intel 2016-09-06 10:54 - 2016-09-06 10:54 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf 2016-09-06 10:54 - 2016-09-06 10:54 - 00000000 ____H C:\ProgramData\DP45977C.lfl 2016-09-06 10:54 - 2016-09-06 10:54 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2016-09-06 10:54 - 2016-09-06 10:54 - 00000000 ____D C:\WINDOWS\system32\SRSLabs 2016-09-06 10:54 - 2016-09-06 10:54 - 00000000 ____D C:\WINDOWS\ServiceProfiles 2016-09-06 10:54 - 2016-09-06 10:54 - 00000000 ____D C:\Program Files\Realtek 2016-09-05 13:09 - 2016-09-05 13:09 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\Avira 2016-09-05 10:03 - 2016-09-05 10:03 - 00004764 _____ C:\WINDOWS\system32\.crusader 2016-09-05 01:03 - 2016-09-05 01:03 - 00000165 ____H C:\Users\Allen Loh\Desktop\~$99Designs.xlsx 2016-09-04 16:55 - 2016-09-15 00:05 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-09-04 16:55 - 2016-09-06 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-09-04 16:55 - 2016-09-04 16:55 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-09-04 16:55 - 2016-09-04 16:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-09-04 16:55 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-09-04 16:55 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-09-04 16:55 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-09-04 16:18 - 2016-09-04 16:18 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Avira 2016-09-04 16:16 - 2016-09-04 16:16 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Mozilla 2016-09-04 16:14 - 2016-08-18 15:52 - 00154392 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2016-09-04 16:14 - 2016-08-18 15:52 - 00144664 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2016-09-04 16:14 - 2016-08-18 15:52 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2016-09-04 16:14 - 2016-08-18 15:52 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2016-09-04 16:06 - 2016-09-14 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-09-04 16:06 - 2016-09-13 23:12 - 00000000 ____D C:\Program Files (x86)\Avira 2016-09-04 16:05 - 2016-09-06 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2016-09-04 16:05 - 2016-09-04 16:20 - 00000000 ____D C:\ProgramData\Avira 2016-09-04 16:05 - 2016-09-04 16:05 - 00000000 ____D C:\Program Files\HitmanPro 2016-09-04 16:04 - 2016-09-05 10:03 - 00000000 ____D C:\ProgramData\HitmanPro 2016-09-03 20:37 - 2016-09-03 20:37 - 00008959 _____ C:\Users\Allen Loh\Desktop\PW.xlsx 2016-09-03 20:37 - 2016-09-03 20:37 - 00000165 ____H C:\Users\Allen Loh\Desktop\~$PW.xlsx 2016-09-03 09:25 - 2016-09-06 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-09-02 19:51 - 2016-09-06 02:21 - 00000000 ____D C:\Users\Allen Loh\Desktop\New folder 2016-09-01 16:10 - 2016-09-01 16:10 - 00000000 ____D C:\Users\Allen Loh\AppData\LocalLow\TENCENT 2016-08-31 17:24 - 2016-08-31 17:51 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\Bluestacks 2016-08-30 15:47 - 2016-08-30 15:47 - 00000165 ____H C:\Users\Allen Loh\Desktop\~$Development Fixes.pptx 2016-08-30 13:34 - 2016-08-30 13:34 - 00001199 _____ C:\Users\Allen Loh\Desktop\Social Media Accounts Photos - Shortcut.lnk 2016-08-30 10:59 - 2016-08-30 10:59 - 02056128 _____ C:\Users\Allen Loh\Desktop\Calculation of business trip expense_Vlad.xlsx 2016-08-30 10:46 - 2016-08-30 10:46 - 00000165 ____H C:\Users\Allen Loh\Desktop\~$Book1 (Autosaved).xlsx 2016-08-26 22:00 - 2016-08-26 22:00 - 00000165 ____H C:\Users\Allen Loh\Desktop\~$Edits 08.26.2016.pptx 2016-08-25 10:52 - 2016-08-25 10:52 - 00039208 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tapexpressvpn.sys 2016-08-23 11:20 - 2016-09-07 17:28 - 00000034 _____ C:\Users\Allen Loh\AppData\Roaming\AdobeWLCMCache.dat 2016-08-23 11:19 - 2016-08-23 11:19 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.lnk 2016-08-23 11:19 - 2016-08-23 11:19 - 00000000 ____D C:\ProgramData\ALM 2016-08-23 11:17 - 2016-08-23 11:17 - 00001615 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk 2016-08-20 13:59 - 2016-09-06 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2016-08-20 13:59 - 2016-09-06 02:18 - 00000000 ____D C:\Users\Allen Loh\Documents\Calibre Library 2016-08-20 13:59 - 2016-08-21 15:46 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\calibre-cache 2016-08-20 13:59 - 2016-08-21 15:45 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\calibre 2016-08-20 13:59 - 2016-08-20 13:59 - 00000000 ____D C:\Program Files\Calibre2 2016-08-19 13:23 - 2016-08-19 16:40 - 00002004 _____ C:\Users\Allen Loh\Desktop\Ams - Shortcut.lnk 2016-08-16 19:24 - 2016-08-19 17:39 - 00957777 _____ C:\Users\Allen Loh\Desktop\Invite Friends to Best Self.pptm 2016-08-16 12:49 - 2016-09-10 14:42 - 00023811 _____ C:\Users\Allen Loh\Desktop\99Designs.xlsx ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-15 00:51 - 2016-03-26 13:43 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\TaobaoProtect 2016-09-14 23:44 - 2016-02-27 15:58 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Spotify 2016-09-14 23:36 - 2016-02-27 16:15 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\BitComet 2016-09-14 23:14 - 2016-02-29 13:30 - 00000000 ____D C:\Torrents 2016-09-14 23:00 - 2016-02-27 16:00 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\Spotify 2016-09-14 22:37 - 2016-02-08 11:22 - 01784312 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-09-14 22:21 - 2016-04-20 23:35 - 00000000 ____D C:\Users\Allen Loh\Documents\WeChat Files 2016-09-14 16:31 - 2016-04-11 15:13 - 00000000 ____D C:\Users\Allen Loh\Desktop\BEST 2016-09-14 15:50 - 2016-02-08 11:19 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\Packages 2016-09-14 09:59 - 2016-02-28 23:15 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\Adobe 2016-09-14 09:56 - 2016-07-16 19:45 - 00000000 ____D C:\WINDOWS\INF 2016-09-13 23:10 - 2016-06-07 13:21 - 00000000 ___RD C:\Users\Allen Loh\Dropbox 2016-09-13 23:06 - 2016-02-28 05:46 - 00000000 __SHD C:\Users\Allen Loh\IntelGraphicsProfiles 2016-09-13 21:35 - 2016-03-06 13:16 - 00000000 ____D C:\Users\Allen Loh\Desktop\Background Photos 2016-09-13 11:17 - 2016-07-16 19:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-09-12 17:36 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-09-12 14:58 - 2016-03-04 13:02 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\ESET 2016-09-09 23:36 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\rescache 2016-09-09 12:13 - 2016-08-09 10:24 - 00000000 ____D C:\Users\Allen Loh\Desktop\Crazy Selena 2016-09-08 20:29 - 2016-02-29 12:09 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2016-09-07 22:10 - 2016-02-29 17:29 - 00000000 ____D C:\Users\Allen Loh\Documents\Tencent Files 2016-09-07 19:43 - 2016-02-28 04:54 - 00000000 ____D C:\ProgramData\Package Cache 2016-09-07 18:35 - 2016-06-08 17:48 - 00018792 ____H C:\Users\Allen Loh\Desktop\~WRL0546.tmp 2016-09-07 17:34 - 2016-08-10 00:53 - 00044219 _____ C:\Users\Allen Loh\Desktop\Book1 (Autosaved).xlsx 2016-09-07 11:35 - 2016-02-08 11:20 - 00002375 _____ C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-09-07 11:35 - 2016-02-08 11:20 - 00000000 ___RD C:\Users\Allen Loh\OneDrive 2016-09-07 10:43 - 2016-07-16 19:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-09-07 09:48 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\appcompat 2016-09-07 02:53 - 2016-07-16 19:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template 2016-09-07 02:51 - 2016-07-16 22:29 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2016-09-07 02:51 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm 2016-09-07 02:51 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN 2016-09-07 02:51 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr 2016-09-07 02:51 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2016-09-07 02:51 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\system32\winrm 2016-09-07 02:51 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\system32\WCN 2016-09-07 02:51 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\system32\slmgr 2016-09-07 02:51 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts 2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12 2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ___SD C:\WINDOWS\system32\F12 2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ___SD C:\WINDOWS\system32\dsc 2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs 2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe 2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI 2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Com 2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\MUI 2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\migwiz 2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\Com 2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\IME 2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files\Windows Defender 2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2016-09-07 02:51 - 2016-07-16 14:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2016-09-07 02:51 - 2016-07-16 14:04 - 00000000 ____D C:\WINDOWS\system32\Dism 2016-09-07 02:51 - 2016-07-16 14:04 - 00000000 ____D C:\WINDOWS\servicing 2016-09-06 13:19 - 2016-07-16 19:47 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-06 12:26 - 2016-02-27 15:23 - 00003696 _____ C:\WINDOWS\SysWOW64\ASProxyOff.ini 2016-09-06 12:26 - 2016-02-27 15:23 - 00003696 _____ C:\WINDOWS\system32\ASProxyOff.ini 2016-09-06 11:54 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-09-06 11:32 - 2016-07-16 19:47 - 00000000 ____D C:\ProgramData\USOPrivate 2016-09-06 11:32 - 2016-02-08 11:19 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-09-06 11:16 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2016-09-06 11:16 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\Registration 2016-09-06 11:16 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2016-09-06 11:15 - 2016-07-16 19:47 - 00000000 __RHD C:\Users\Public\Libraries 2016-09-06 11:15 - 2016-02-27 15:24 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-09-06 11:00 - 2016-07-16 14:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI 2016-09-06 10:59 - 2016-08-04 22:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2016-09-06 10:59 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-09-06 10:59 - 2016-07-04 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UmmyVideoDownloader 2016-09-06 10:59 - 2016-06-16 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-09-06 10:59 - 2016-06-14 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2016-09-06 10:59 - 2016-06-07 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiBit HD 2016-09-06 10:59 - 2016-06-07 12:52 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core 2016-09-06 10:59 - 2016-05-20 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Caesium 2016-09-06 10:59 - 2016-04-20 23:35 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeChat 2016-09-06 10:59 - 2016-03-26 13:43 - 00000000 ____D C:\WINDOWS\SysWOW64\itruscert 2016-09-06 10:59 - 2016-03-14 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico 2016-09-06 10:59 - 2016-03-14 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2016-09-06 10:59 - 2016-03-06 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS+AC3 Filter 2016-09-06 10:59 - 2016-03-01 13:23 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux 2016-09-06 10:59 - 2016-02-29 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock 2016-09-06 10:59 - 2016-02-28 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO 2016-09-06 10:59 - 2016-02-28 23:16 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2016-09-06 10:59 - 2016-02-28 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Axure 2016-09-06 10:59 - 2016-02-28 06:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbolt(TM) Software 2016-09-06 10:59 - 2016-02-28 05:49 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell 2016-09-06 10:59 - 2016-02-28 05:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2016-09-06 10:59 - 2016-02-28 05:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio 2016-09-06 10:59 - 2016-02-27 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet (64-bit) 2016-09-06 10:59 - 2016-02-27 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player 2016-09-06 10:59 - 2016-02-27 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astrill 2016-09-06 10:59 - 2016-02-27 15:21 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-09-06 10:59 - 2016-02-27 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-09-06 10:59 - 2015-10-30 17:07 - 00000000 ____D C:\WINDOWS\ShellNew 2016-09-06 10:59 - 2015-10-30 14:28 - 00000000 ____D C:\Users\Default.migrated 2016-09-06 10:58 - 2016-07-25 14:18 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2016-09-06 10:58 - 2016-07-16 22:15 - 00000000 ____D C:\WINDOWS\OCR 2016-09-06 10:58 - 2016-07-16 19:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files 2016-09-06 10:58 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\spool 2016-09-06 10:58 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files\Common Files\System 2016-09-06 10:58 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-09-06 10:58 - 2016-05-30 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft 2016-09-06 10:58 - 2016-05-24 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件 2016-09-06 10:58 - 2016-03-26 13:43 - 00000000 ____D C:\WINDOWS\SysWOW64\aliedit 2016-09-06 10:58 - 2016-02-29 16:55 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-09-06 10:58 - 2016-02-28 05:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2016-09-06 10:56 - 2016-07-16 14:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2016-09-06 10:55 - 2016-07-16 19:47 - 00000000 ___RD C:\WINDOWS\PrintDialog 2016-09-06 10:55 - 2016-07-16 19:47 - 00000000 ___RD C:\WINDOWS\MiracastView 2016-09-06 10:55 - 2016-07-16 19:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-09-06 10:55 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\Help 2016-09-06 10:55 - 2016-02-28 05:49 - 00000000 ____D C:\temp 2016-09-06 10:42 - 2016-02-27 15:24 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-06 10:17 - 2016-06-07 13:07 - 00000946 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2016-09-06 02:23 - 2016-02-29 18:21 - 00000000 ____D C:\Users\Allen Loh\Personal 2016-09-06 01:22 - 2016-03-07 16:06 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\CrashDumps 2016-09-05 22:31 - 2016-06-07 13:07 - 00000942 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2016-09-05 13:11 - 2016-02-28 23:06 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\Axure 2016-09-05 13:08 - 2016-07-05 16:06 - 00000000 ____D C:\Users\OVRLibraryService 2016-09-04 16:12 - 2016-02-29 17:26 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\BitTorrent Sync 2016-09-04 00:11 - 2016-02-27 15:22 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Astrill 2016-09-03 15:10 - 2016-06-08 17:48 - 00017478 ____H C:\Users\Allen Loh\Desktop\~WRL3519.tmp 2016-09-03 14:37 - 2016-02-27 15:22 - 00000000 ____D C:\Program Files (x86)\Astrill 2016-09-03 09:25 - 2016-06-07 13:11 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-09-01 21:02 - 2016-07-28 14:06 - 06916421 _____ C:\Users\Allen Loh\Desktop\Growth Hacking Notes.xlsx 2016-08-29 18:53 - 2016-02-27 16:14 - 00001282 _____ C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk 2016-08-23 16:56 - 2016-02-08 11:19 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Adobe 2016-08-23 15:54 - 2016-02-29 17:33 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\NVIDIA 2016-08-23 11:19 - 2016-06-01 08:40 - 00000000 ____D C:\Program Files\Adobe 2016-08-23 11:19 - 2016-06-01 08:38 - 00000000 ____D C:\Program Files\Common Files\Adobe 2016-08-22 18:51 - 2016-06-08 17:48 - 00018232 ____H C:\Users\Allen Loh\Desktop\~WRL0107.tmp ==================== Files in the root of some directories ======= 2016-03-15 23:19 - 2016-06-01 17:13 - 1719048 _____ () C:\Users\Allen Loh\AppData\Roaming\addr2line.exe 2016-05-13 17:24 - 2016-05-13 17:24 - 0000132 _____ () C:\Users\Allen Loh\AppData\Roaming\Adobe AIFF Format CS6 Prefs 2016-08-23 11:20 - 2016-09-07 17:28 - 0000034 _____ () C:\Users\Allen Loh\AppData\Roaming\AdobeWLCMCache.dat 2016-05-24 15:10 - 2016-05-24 15:10 - 0578880 _____ () C:\Users\Allen Loh\AppData\Roaming\TXQBINSTX.DLL 2016-02-28 23:06 - 2016-02-28 23:06 - 0000032 RSHOT () C:\Users\Allen Loh\AppData\Local\t70rc.dat 2016-09-06 10:54 - 2016-09-06 10:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-04-17 13:46 - 2016-04-17 13:46 - 0000319 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc Some files in TEMP: ==================== C:\Users\Allen Loh\AppData\Local\Temp\AdobeApplicationManager.exe C:\Users\Allen Loh\AppData\Local\Temp\ApowersoftiOSRecorder-4op0cerm.wgg.exe C:\Users\Allen Loh\AppData\Local\Temp\avgnt.exe C:\Users\Allen Loh\AppData\Local\Temp\GrLauncherTempSetup.exe C:\Users\Allen Loh\AppData\Local\Temp\i4jdel0.exe C:\Users\Allen Loh\AppData\Local\Temp\MBSetup_uvd-loader.exe C:\Users\Allen Loh\AppData\Local\Temp\QzoneMusic.exe C:\Users\Allen Loh\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-06 10:54 ==================== End of FRST.txt ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2016 Ran by Allen Loh (15-09-2016 00:59:19) Running from C:\Users\Allen Loh\Desktop Windows 10 Enterprise Version 1607 (X64) (2016-09-06 03:17:41) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-412318308-364620732-2893145180-500 - Administrator - Disabled) Allen Loh (S-1-5-21-412318308-364620732-2893145180-1001 - Administrator - Enabled) => C:\Users\Allen Loh DefaultAccount (S-1-5-21-412318308-364620732-2893145180-503 - Limited - Disabled) Guest (S-1-5-21-412318308-364620732-2893145180-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.16 - Adobe Systems) Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated) Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.3 - Adobe Systems Incorporated) Apowersoft Phone Manager version 2.7.3 (HKLM-x32\...\{4A00E3C4-2D0F-4AE7-9F2A-74870BE09EF8}_is1) (Version: 2.7.3 - APOWERSOFT LIMITED) Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Astrill (HKLM\...\{A77BCF74-A5A3-441B-9923-305EAD8B7976}_is1) (Version: - Astrill) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.20.59 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{82dc2ab6-088f-4e0a-8e27-bb829481d3bc}) (Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG) Hidden Avira Software Updater (HKLM-x32\...\{F2396C9D-4724-4BB9-87A0-A137C4C69524}) (Version: 1.2.3.14696 - Avira Operations GmbH & Co. KG) Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 2.6.5.2921 - Avira Operations GmbH & Co. KG) Axure RP Pro 7.0 (HKLM-x32\...\Axure RP Pro 7.0) (Version: 7.0.0.3169 - Axure Software Solutions, Inc.) Axure RP Pro 7.0 (x32 Version: 7.0.0.3169 - Axure Software Solutions, Inc.) Hidden Bitcoin Core (64-bit) (HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\Bitcoin Core (64-bit)) (Version: 0.12.1 - Bitcoin Core project) Bitcoin Core (64-bit) (HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Bitcoin Core (64-bit)) (Version: 0.12.1 - Bitcoin Core project) BitComet 1.40 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.40 - CometNetwork) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Caesium version 1.7.0 (HKLM-x32\...\{88B0F0DE-6937-440D-B5CA-6E69003E55F7}_is1) (Version: 1.7.0 - Matteo Paonessa) calibre 64bit (HKLM\...\{E57E92D4-A512-4EFD-8401-92F363EA0B23}) (Version: 2.64.0 - Kovid Goyal) Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell) Dell System Detect (HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell) Dell System Detect (HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell) Dropbox (HKLM-x32\...\Dropbox) (Version: 9.4.49 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.43.1 - Dropbox, Inc.) Hidden DTS+AC3 Filter (HKLM-x32\...\DtsFilter) (Version: - ) DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 1.566.0.0 - Dell Inc.) EmEditor (64-bit) (HKLM\...\{AE4A633B-E687-47E5-8B2F-B1D97FF4BA0F}) (Version: 16.1.4 - Emurasoft, Inc.) ExpressVPN (HKLM-x32\...\{d042da1f-5cc5-4362-aac2-fc3b63f8b8ad}) (Version: 5.3.0.726 - ExpressVPN) ExpressVPN (x32 Version: 5.3.0.726 - ExpressVPN) Hidden ExpressVPN Compatibility Checks (x32 Version: 1.0.0.0 - ExpressVPN) Hidden f.lux (HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\Flux) (Version: - ) f.lux (HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Flux) (Version: - ) GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.6.5260 - Gretech Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden GoToMeeting 7.22.1.5530 (HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\GoToMeeting) (Version: 7.22.1.5530 - CitrixOnline) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.276 - SurfRight B.V.) Intel Security True Key (HKLM\...\TrueKey) (Version: 4.4.129.1 - Intel Security) Intel(R) Chipset Device Software (x32 Version: 10.1.1.13 - Intel(R) Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.9.1053 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{64FD4757-7186-4F12-9AA8-5EE809CAB282}) (Version: 17.1.1532.1814 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.) LINE (HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\LINE) (Version: 4.9.0.1147 - LINE Corporation) LINE (HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\LINE) (Version: 4.9.0.1147 - LINE Corporation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Maxx Audio Installer (x64) (Version: 2.6.6570.2 - Waves Audio Ltd.) Hidden Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation) MultiBit HD 0.3.0 (HKLM\...\6925-4794-5772-4956) (Version: 0.3.0 - Bitcoin Solutions Ltd) NVIDIA 3D Vision Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.39 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation) NVIDIA Graphics Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.39 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) Ö§¸¶±¦°²È«¿Ø¼þ 5.1.0.3754 (HKLM-x32\...\alieditplus) (Version: 5.1.0.3754 - Alipay.com Co., Ltd.) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.94 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7628 - Realtek Semiconductor Corp.) Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 10.6.1211.2015 - Realtek) RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden Spotify (HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\Spotify) (Version: 1.0.37.150.gad02a02e - Spotify AB) Spotify (HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.37.150.gad02a02e - Spotify AB) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Thunderbolt(TM) Software (HKLM-x32\...\{B0E8A8CA-5A40-49C3-BE5E-9076664DB9AA}) (Version: 15.3.39.250 - Intel Corporation) UmmyVideoDownloader (HKLM-x32\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.7.0.0 - ) <==== ATTENTION Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.) WeChat (HKLM-x32\...\WeChat) (Version: 2.0.0.80 - 腾讯科技(深圳)有限公司) WinDirStat 1.1.2 (HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\WinDirStat) (Version: - ) WinDirStat 1.1.2 (HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WinDirStat) (Version: - ) WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) 腾讯QQ (HKLM-x32\...\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}) (Version: 8.3.18038.0 - 腾讯科技(深圳)有限公司) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-412318308-364620732-2893145180-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-412318308-364620732-2893145180-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Allen Loh\AppData\Local\Citrix\GoToMeeting\5530\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-412318308-364620732-2893145180-1001_Classes\CLSID\{D4D48C93-BDC7-4E76-B530-2E4D13B0150F}\InprocServer32 -> C:\Users\Allen Loh\AppData\Local\Programs\EmEditor\emedshl64.dll (Emurasoft, Inc.) CustomCLSID: HKU\S-1-5-21-412318308-364620732-2893145180-1001_Classes\CLSID\{DFA0CC7F-D36B-47D1-8EF5-415C1DA53F57}\InprocServer32 -> C:\Users\Allen Loh\AppData\Local\Programs\EmEditor\emedshl64.dll (Emurasoft, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0918DB23-27CF-4626-93DC-317C8700F11A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.) Task: {1DEA6C0E-C1B5-4AD9-9488-B7A190EC09D9} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-12-29] (PC-Doctor, Inc.) Task: {222F02B8-FE43-4BED-A44A-5773638EF7F0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {24509C06-0C20-4780-98EF-F4114BEBF97D} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe Task: {24FE075C-A40D-49E6-9873-F49D8BFC2F25} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-09-07] (Microsoft Corporation) Task: {2BDDDAB7-A178-4DB9-858A-8237F5F83E26} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => start ThunderboltService Task: {34BFFFC5-5EDB-4ED1-A56B-87414ECE7528} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-07] (Dropbox, Inc.) Task: {49A85C32-3C13-4220-803E-FFE52D61E3DB} - System32\Tasks\G2MUploadTask-S-1-5-21-412318308-364620732-2893145180-1001 => C:\Users\Allen Loh\AppData\Local\Citrix\GoToMeeting\5530\g2mupload.exe [2016-09-15] (Citrix Online, a division of Citrix Systems, Inc.) Task: {654F110F-3D84-48B8-99AC-0C8A880A43CA} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation) Task: {74C3BB71-1335-4F4E-BE68-8D2994A994FB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {81350A02-C453-4F1D-AE89-B5C45D404756} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-07] (Dropbox, Inc.) Task: {875EBA67-2D5A-41CD-AC00-87C98D6DBD59} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe Task: {8BF210B4-B9EC-4E13-BD90-35A25AC0FE97} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-10-07] (Realtek Semiconductor) Task: {905C4832-0C13-456C-8A9F-42B210ABCA9B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-27] (Google Inc.) Task: {93F8E84E-B4E4-4281-8292-D45694408CA1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {9BC9221F-202B-48EF-A4FB-E2CA4F685C9A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {A51F403E-4446-4A1B-B176-C9AAB35B11BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-27] (Google Inc.) Task: {B743D369-35A7-46CB-B736-8E2E991A2B65} - System32\Tasks\{698B8980-0A68-4FEF-97F6-8B071F289479} => Chrome.exe hxxp://ui.skype.com/ui/0/7.26.0.101/en/abandoninstall?page=tsProgressBar Task: {B7AEFC9B-3A2F-4315-99DB-7CFAEB9A6223} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe Task: {D299CCFD-92C4-44C8-93B4-C19E9E4ABCB1} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe Task: {D75E7203-FFE7-4C3D-B9BE-912758D85DF7} - System32\Tasks\Avira System Speedup Tray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2016-09-05] (Avira Operations GmbH & Co. KG) Task: {DCEA9087-68AC-409D-8B0A-CD85159A0EE6} - System32\Tasks\G2MUpdateTask-S-1-5-21-412318308-364620732-2893145180-1001 => C:\Users\Allen Loh\AppData\Local\Citrix\GoToMeeting\5530\g2mupdate.exe [2016-09-15] (Citrix Online, a division of Citrix Systems, Inc.) Task: {E5A4DFB7-8238-4955-8828-2EC6C650A269} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-08-12] (Microsoft Corporation) Task: {F4E3AEC7-2ABA-4AC1-AC95-4F9ECD00592E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-63RO6J2-Allen Loh DESKTOP-63RO6J2 => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation) Task: {FC1D05FD-12DD-489C-9A52-4F16B61D8186} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.) Task: {FF08B74D-50F6-4D86-9576-DA5443873981} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {FF203A41-C192-4A44-A58A-DC1E214677E4} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-63RO6J2-Allen Loh => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-412318308-364620732-2893145180-1001.job => C:\Users\Allen Loh\AppData\Local\Citrix\GoToMeeting\5530\g2mupdate.exe Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-412318308-364620732-2893145180-1001.job => C:\Users\Allen Loh\AppData\Local\Citrix\GoToMeeting\5530\g2mupload.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki ShortcutWithArgument: C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\LINE.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=menkifleemblimdogmoihpfopnplikde ==================== Loaded Modules (Whitelisted) ============== 2016-09-06 10:55 - 2016-06-03 11:59 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-08-25 10:52 - 2016-08-25 10:52 - 00331264 _____ () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe 2016-08-25 10:56 - 2016-08-25 10:56 - 10665976 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe 2016-07-16 19:42 - 2016-07-16 19:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-07-16 19:42 - 2016-07-16 19:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-09-07 11:34 - 2016-09-07 11:34 - 01864384 _____ () C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll 2012-10-01 20:36 - 2012-10-01 20:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-02-29 17:27 - 2016-02-29 17:27 - 00505856 _____ () C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_128.dll 2016-07-16 19:42 - 2016-07-16 19:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll 2016-06-07 12:41 - 2016-06-07 12:41 - 00384496 _____ () C:\WINDOWS\system32\igfxTray.exe 2016-07-16 19:42 - 2016-07-16 19:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-07-16 19:43 - 2016-07-16 19:43 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-07-16 19:43 - 2016-07-16 22:28 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-07-16 19:43 - 2016-07-16 22:28 - 01400320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-16 19:43 - 2016-07-16 22:28 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-07-16 19:43 - 2016-07-16 22:28 - 01033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-07-16 19:43 - 2016-07-16 22:28 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-07-16 19:43 - 2016-07-16 22:28 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-07-16 19:42 - 2016-07-16 19:42 - 00100864 _____ () C:\Windows\System32\InputMethod\CHS\ChsLexiconUpdateDS.dll 2016-07-16 19:42 - 2016-07-16 19:42 - 00169472 _____ () C:\Windows\System32\InputMethod\CHS\ChsProxyDS.dll 2016-02-29 12:47 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe 2016-07-16 22:34 - 2016-07-16 22:34 - 00071168 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2016-07-16 22:34 - 2016-07-16 22:34 - 00157184 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-07-16 22:34 - 2016-07-16 22:34 - 29443072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2016-08-21 00:28 - 2016-08-21 00:28 - 01576488 _____ () C:\Users\Allen Loh\AppData\Local\Programs\EmEditor\emedres.dll 2016-07-23 06:22 - 2016-07-23 06:22 - 00388648 _____ () C:\Users\Allen Loh\AppData\Local\Programs\EmEditor\mui\1033\emedloc.dll 2016-03-10 15:07 - 24248-03-13 12:20 - 00193128 _____ () C:\Program Files (x86)\Tencent\WeChat\WeChatWeb.exe 2016-07-16 19:42 - 2016-07-16 19:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2012-10-01 18:56 - 2012-10-01 18:56 - 00240256 _____ () C:\Program Files\Microsoft Office\Office15\IEAWSDC.DLL 2016-02-27 15:22 - 2016-07-06 05:14 - 00366328 _____ () C:\Program Files (x86)\Astrill\asovpnc.exe 2016-06-14 18:58 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2016-06-14 18:58 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2016-06-14 18:58 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2016-06-14 18:58 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2016-06-14 18:58 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2016-03-18 19:18 - 2016-08-10 00:58 - 00470632 _____ () C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\qpsafeplugin.dll 2016-08-25 10:56 - 2016-08-25 10:56 - 00445944 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.FilterManager.dll 2016-02-28 05:05 - 2016-06-15 04:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-02-29 12:47 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll 2016-06-07 13:20 - 2016-08-06 11:21 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2016-09-03 09:25 - 2016-08-06 11:21 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2016-09-03 09:25 - 2016-08-06 11:22 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2016-09-03 09:25 - 2016-08-06 11:21 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2016-06-07 13:20 - 2016-08-06 11:21 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2016-06-07 13:20 - 2016-08-06 11:21 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2016-06-07 13:20 - 2016-08-31 05:38 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2016-06-07 13:20 - 2016-08-06 11:21 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2016-09-03 09:25 - 2016-08-31 05:38 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2016-06-07 13:20 - 2016-08-06 11:22 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2016-09-03 09:25 - 2016-08-31 05:38 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2016-09-03 09:25 - 2016-08-31 05:38 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2016-06-07 13:20 - 2016-08-06 11:24 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2016-08-06 22:04 - 2016-08-31 05:38 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2016-09-03 09:25 - 2016-08-31 05:38 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2016-09-03 09:25 - 2016-08-31 05:38 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2016-09-03 09:25 - 2016-08-06 11:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2016-09-03 09:25 - 2016-08-06 11:24 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2016-06-07 13:20 - 2016-08-06 11:24 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2016-06-07 13:20 - 2016-08-06 11:24 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2016-06-07 13:20 - 2016-08-31 05:38 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2016-06-07 13:20 - 2016-08-06 11:24 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2016-08-06 22:04 - 2016-08-31 05:38 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2016-06-07 13:20 - 2016-08-06 11:24 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2016-06-07 13:20 - 2016-08-06 11:24 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2016-06-07 13:20 - 2016-08-06 11:24 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2016-06-07 13:20 - 2016-08-06 11:24 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2016-06-07 13:20 - 2016-08-06 11:24 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2016-06-07 13:20 - 2016-08-06 11:24 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2016-06-07 13:20 - 2016-08-06 11:24 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2016-09-03 09:25 - 2016-08-31 05:38 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2016-09-03 09:25 - 2016-08-31 05:38 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-06-07 13:20 - 2016-08-06 11:25 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2016-06-07 13:20 - 2016-08-06 11:21 - 00144848 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd 2016-08-06 22:04 - 2016-08-06 11:22 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd 2016-06-07 13:20 - 2016-08-31 05:38 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-06-07 13:20 - 2016-08-31 05:38 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd 2016-06-07 13:20 - 2016-08-31 05:38 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd 2016-09-03 09:25 - 2016-08-31 05:38 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2016-06-07 13:20 - 2016-08-31 05:38 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2016-06-07 13:20 - 2016-08-06 11:25 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2016-06-07 13:20 - 2016-08-31 05:38 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2016-09-03 09:25 - 2016-08-31 05:38 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2016-09-03 09:25 - 2016-08-06 11:18 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2016-09-03 09:25 - 2016-08-31 05:38 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd 2016-09-03 09:25 - 2016-08-31 05:13 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll 2016-09-03 09:25 - 2016-08-31 05:38 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2016-09-03 09:25 - 2016-08-31 05:38 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2016-06-07 13:20 - 2016-08-06 11:22 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2016-09-03 09:25 - 2016-08-31 05:38 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2016-09-03 09:25 - 2016-08-31 05:38 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2016-09-03 09:25 - 2016-08-31 05:38 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2016-09-03 09:25 - 2016-08-31 05:38 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2016-09-03 09:25 - 2016-08-31 05:38 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2016-09-03 09:25 - 2016-08-31 05:38 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2016-08-06 22:04 - 2016-08-31 05:38 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd 2016-06-07 13:20 - 2016-08-06 11:24 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2016-06-07 13:20 - 2016-08-31 05:38 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd 2016-08-06 22:04 - 2016-08-31 05:38 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd 2016-09-03 09:25 - 2016-08-31 05:38 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2016-09-03 09:25 - 2016-08-31 05:38 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2016-09-03 09:25 - 2016-08-31 05:38 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd 2016-09-03 09:25 - 2016-08-31 05:38 - 00168760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd 2016-09-03 09:25 - 2016-08-06 11:29 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll 2016-09-03 09:25 - 2016-08-06 11:31 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll 2016-06-07 13:20 - 2016-08-06 11:34 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll 2016-09-07 11:34 - 2016-09-07 11:34 - 01383616 _____ () C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll 2012-10-01 20:37 - 2012-10-01 20:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-02-29 17:27 - 2016-02-29 17:27 - 00455168 _____ () C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay86_128.dll 2015-09-05 12:34 - 2015-09-05 12:34 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-08-09 08:48 - 2016-08-03 07:54 - 17602240 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll 2016-03-10 15:07 - 2016-03-10 15:07 - 00352968 _____ () C:\Program Files (x86)\Tencent\WeChat\avformat-56.dll 2016-03-10 15:07 - 2016-03-10 15:07 - 01253064 _____ () C:\Program Files (x86)\Tencent\WeChat\avcodec-56.dll 2016-03-10 15:07 - 2016-03-10 15:07 - 00452296 _____ () C:\Program Files (x86)\Tencent\WeChat\swscale-3.dll 2016-03-10 15:07 - 2016-03-10 15:07 - 00366280 _____ () C:\Program Files (x86)\Tencent\WeChat\avutil-54.dll 2016-03-10 15:07 - 2016-03-10 15:07 - 00182984 _____ () C:\Program Files (x86)\Tencent\WeChat\swresample-1.dll 2016-06-01 14:29 - 29317-03-26 22:03 - 00361664 _____ () C:\Program Files (x86)\Tencent\WeChat\QbBridge.dll 2016-06-01 14:29 - 20810-07-28 05:49 - 41409128 _____ () C:\Program Files (x86)\Tencent\WeChat\qbcore.dll 2016-03-10 15:07 - 18519-01-03 11:39 - 01272424 _____ () C:\Program Files (x86)\Tencent\WeChat\libglesv2.dll 2016-03-10 15:07 - 1629-07-18 20:51 - 00090216 _____ () C:\Program Files (x86)\Tencent\WeChat\libegl.dll 2016-08-09 08:48 - 2016-08-03 08:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll 2016-08-09 08:48 - 2016-08-03 08:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll 2016-02-27 16:00 - 2016-09-07 22:10 - 51272304 _____ () C:\Users\Allen Loh\AppData\Roaming\Spotify\libcef.dll 2016-02-27 16:00 - 2016-09-07 22:10 - 01765488 _____ () C:\Users\Allen Loh\AppData\Roaming\Spotify\libglesv2.dll 2016-02-27 16:00 - 2016-09-07 22:10 - 00088176 _____ () C:\Users\Allen Loh\AppData\Roaming\Spotify\libegl.dll 2016-03-26 13:43 - 2016-03-26 13:43 - 00698152 _____ () C:\Users\Allen Loh\AppData\Roaming\TaobaoProtect\AliBench\AlibenchDLL.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\alipay.com -> hxxps://alipay.com IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\alipay.com -> hxxp://alipay.com IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\alisoft.com -> hxxps://alisoft.com IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\alisoft.com -> hxxp://alisoft.com IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\cfca.com.cn -> hxxp://www.cfca.com.cn IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\com.cn -> hxxps://cardsonline.spdbccc.com.cn IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\spdb.com.cn -> hxxps://ebank.spdb.com.cn IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\spdb.com.cn -> hxxp://ebank.spdb.com.cn IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\spdbccc.com.cn -> hxxps://cardsonline.spdbccc.com.cn IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\taobao.com -> hxxps://taobao.com IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\taobao.com -> hxxp://taobao.com IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\alipay.com -> hxxps://alipay.com IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\alipay.com -> hxxp://alipay.com IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\alisoft.com -> hxxps://alisoft.com IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\alisoft.com -> hxxp://alisoft.com IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\cfca.com.cn -> hxxp://www.cfca.com.cn IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\com.cn -> hxxps://cardsonline.spdbccc.com.cn IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\spdb.com.cn -> hxxps://ebank.spdb.com.cn IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\spdb.com.cn -> hxxp://ebank.spdb.com.cn IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\spdbccc.com.cn -> hxxps://cardsonline.spdbccc.com.cn IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\taobao.com -> hxxps://taobao.com IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\taobao.com -> hxxp://taobao.com ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 15:24 - 2016-08-23 11:25 - 00001121 ____A C:\WINDOWS\system32\Drivers\etc\hosts 192.184.41.182 astrill.com 192.184.41.182 www.astrill.com 192.184.41.182 members.astrill.com 127.0.0.1 lmlicenses.wip4.adobe.com 127.0.0.1 lm.licenses.adobe.com 127.0.0.1 na1r.services.adobe.com 127.0.0.1 hlrcv.stage.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 activate.adobe.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-412318308-364620732-2893145180-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 198.18.56.1 - 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\StartupApproved\Run: => "BitTorrent Sync" HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\StartupApproved\Run: => "QQ2009" HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\StartupApproved\Run: => "ExpressVPN4" HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "BitTorrent Sync" HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "QQ2009" HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "ExpressVPN4" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{C0767A37-29E4-4A99-9A10-D8878653A972}] => (Allow) C:\Program Files\HitmanPro\HitmanPro.exe FirewallRules: [{42B33842-1DB2-4F22-9377-BEA5D281A799}] => (Allow) C:\Program Files\HitmanPro\HitmanPro.exe FirewallRules: [{419E7614-61F5-4F97-AA44-683D88C51FFF}] => (Allow) C:\Program Files\HitmanPro\HitmanPro.exe FirewallRules: [{2B4C6B93-DBCE-4B21-ACE5-11620749966F}] => (Allow) C:\Program Files\HitmanPro\HitmanPro.exe FirewallRules: [{EF7E10BB-3413-44F1-AE8F-0C3450C799D8}] => (Allow) C:\Program Files (x86)\Astrill\astrill.exe FirewallRules: [{5B8F602A-60FF-4105-8849-8FD8F1D1F291}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{E5829A15-199F-4BC7-8F4E-E03FD6BF23D9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{F74EEBFC-38DB-454F-850D-69988BDF070A}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [UDP Query User{1F5730F1-AC4E-4001-9BA6-0DB60E9A6C84}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe FirewallRules: [TCP Query User{B463CE9F-B49A-4EBE-BB01-2F8240577106}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe FirewallRules: [{9452722E-F9B4-411B-B29F-DA8309A1995B}] => (Allow) C:\Program Files (x86)\baidu\BaiduRJDownloader\1.7.0.110\ActivityAssistant.exe FirewallRules: [{5C2B0E45-335E-4182-9B73-324CA710717B}] => (Allow) C:\Program Files (x86)\baidu\BaiduRJDownloader\1.7.0.110\ActivityAssistant.exe FirewallRules: [{04960868-E824-4CB7-A59A-12622354A102}] => (Allow) C:\Program Files (x86)\baidu\BaiduRJDownloader\1.7.0.110\AppUpdater.exe FirewallRules: [{40CBE7F6-A5FC-4915-9123-DFE1A19FF6DD}] => (Allow) C:\Program Files (x86)\baidu\BaiduRJDownloader\1.7.0.110\AppUpdater.exe FirewallRules: [{3974C4AD-9FCD-4BA7-AD88-DD4E193D7F75}] => (Allow) C:\Users\Allen Loh\AppData\Roaming\baidu\BaiduYunGuanjia\BaiduYunGuanjia.exe FirewallRules: [{244CE776-EC08-4219-AA65-996BAAE58762}] => (Allow) C:\Users\Allen Loh\AppData\Roaming\baidu\BaiduYunGuanjia\BaiduYunGuanjia.exe FirewallRules: [{01AE5C61-2868-4606-8283-66E508F09EDE}] => (Allow) C:\Users\Allen Loh\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe FirewallRules: [{8AB9B039-6DF2-4E03-BAA8-368BC41A3D2F}] => (Allow) C:\Users\Allen Loh\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe FirewallRules: [{53FF7BD9-D336-40C5-B391-0ED71B11F897}] => (Allow) C:\Program Files (x86)\baidu\BaiduRJDownloader\1.7.0.110\AppUpdater.exe FirewallRules: [{911FDE4F-5660-4B3E-96B3-7088B5A0A690}] => (Allow) C:\Program Files (x86)\baidu\BaiduRJDownloader\1.7.0.110\AppUpdater.exe FirewallRules: [{04366897-6C39-4649-9B8E-481A60907E05}] => (Allow) C:\Program Files (x86)\baidu\BaiduRJDownloader\1.7.0.110\ActivityAssistant.exe FirewallRules: [{DCDD618D-EF1D-4B31-A5CD-2D0EA7EBC9EA}] => (Allow) C:\Program Files (x86)\baidu\BaiduRJDownloader\1.7.0.110\ActivityAssistant.exe FirewallRules: [UDP Query User{C9519036-FEB2-4399-A1CA-C8FAE3EED981}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe FirewallRules: [TCP Query User{2E74A5BA-DC7C-46F4-88F9-3F8B091EC4CC}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe FirewallRules: [{F692E7A5-7AA6-4254-AD1D-08680BE9D647}] => (Allow) C:\Users\Allen Loh\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe FirewallRules: [{135C3BC9-02B5-487F-8253-4044C6D0A080}] => (Allow) C:\Users\Allen Loh\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe FirewallRules: [{0198240D-C803-4AA1-BF73-DE2F968FFE6F}] => (Allow) C:\Users\Allen Loh\AppData\Roaming\baidu\BaiduYunGuanjia\BaiduYunGuanjia.exe FirewallRules: [{29CAE76F-77B4-4CAD-87CF-848DA800E851}] => (Allow) C:\Users\Allen Loh\AppData\Roaming\baidu\BaiduYunGuanjia\BaiduYunGuanjia.exe FirewallRules: [UDP Query User{623173BB-98E9-4D04-88CD-11B26AA99069}C:\program files\adobe\adobe photoshop cc 2014\photoshop.exe] => (Allow) C:\program files\adobe\adobe photoshop cc 2014\photoshop.exe FirewallRules: [TCP Query User{30F75F46-468E-4B3F-8B75-50DC2BACF6CD}C:\program files\adobe\adobe photoshop cc 2014\photoshop.exe] => (Allow) C:\program files\adobe\adobe photoshop cc 2014\photoshop.exe FirewallRules: [{32C2762A-E869-4DF9-8EEB-ABB3CD539DCE}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe FirewallRules: [{A087A233-6BC2-4040-BF48-5CE9A56E20C1}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe FirewallRules: [{0E889BA6-187C-45A7-951C-CDF9296609A1}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\ApowersoftAndroidDaemon.exe FirewallRules: [{34D34444-B1D0-4DE9-8FCE-CEBB71F781A0}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\ApowersoftAndroidDaemon.exe FirewallRules: [{E0C58C55-559E-4FF6-9763-40DC383E1F82}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\Apowersoft Phone Manager.exe FirewallRules: [{FF0DF4BE-6796-487B-AC86-6980DF043931}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\Apowersoft Phone Manager.exe FirewallRules: [{F379679E-A15A-45E1-8805-98163C77B684}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe FirewallRules: [{311CF8C9-3FB8-42FB-AC40-9C29EDF1D898}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe FirewallRules: [{B9F1231E-ECEB-424A-901F-E34CF40BA92D}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe FirewallRules: [{557CA6FD-35EF-4C39-9D08-28E115175F52}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe FirewallRules: [{77E32198-D68D-4D42-919E-BA5F2970A68A}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe FirewallRules: [{DCE62D81-C01F-4847-AA7E-26DE66BF76E7}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe FirewallRules: [{FCDF346A-3A04-4BBB-86B3-1F456616F9DE}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\ApowersoftAndroidDaemon.exe FirewallRules: [{964DF93A-59FB-4169-BB73-CA2B9E5CD803}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\ApowersoftAndroidDaemon.exe FirewallRules: [{64449E71-7704-45D8-A653-1F453D52DFCD}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\Apowersoft Phone Manager.exe FirewallRules: [{C5F7EB29-7758-4359-9025-CE473FBD27D3}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\Apowersoft Phone Manager.exe FirewallRules: [{0E3E0189-EE6F-4D56-A362-9FC4737C94C8}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQGameUpUI.exe FirewallRules: [{297621BB-F4F0-4853-8643-45FA35D5696F}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQMiniDLUI.exe FirewallRules: [{D91005C3-5852-4BB1-BD38-20B1FC117BFB}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\qqminidl.exe FirewallRules: [{71BBCD94-758E-49DF-A544-169B81CA8B29}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\tencentdl.exe FirewallRules: [{FF923CCC-1DCB-455B-AD9A-65EDCA650736}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\bugreport_xf.exe FirewallRules: [{D0F410DC-901C-42E4-9A08-B71189A7B46D}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQGameUpUI.exe FirewallRules: [{6BF17F19-C136-4421-AF47-EF5A7104E441}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQMiniDLUI.exe FirewallRules: [{04379206-D79A-4676-8394-FD1142F05FE0}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\qqminidl.exe FirewallRules: [{67838533-D69A-4557-97B8-515984114691}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\bugreport_xf.exe FirewallRules: [{77DBFD1C-C874-4A89-893C-126F033937EE}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\tencentdl.exe FirewallRules: [{723128E4-1782-4472-8A2C-45C71C1D49E8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{FE18454F-5A58-47F3-BD69-F2D9D46AB9F3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{A09514CD-1DA9-4F55-B5D1-5BE9F7EC8928}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{2529E91B-12AC-466D-A183-92932AC74742}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{9E17BD47-91C6-4AC1-BD83-C7A24BBFD523}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{0EC4992F-B6B7-406D-BA22-0D26ABD7523B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe FirewallRules: [UDP Query User{88320407-43C6-4835-A58C-0E7A097D1C02}C:\program files (x86)\aliwangwang\aliim.exe] => (Allow) C:\program files (x86)\aliwangwang\aliim.exe FirewallRules: [TCP Query User{0D61BAB3-8914-4108-AE83-C2A01F293D5A}C:\program files (x86)\aliwangwang\aliim.exe] => (Allow) C:\program files (x86)\aliwangwang\aliim.exe FirewallRules: [{661D79C2-04D7-4124-9376-4C2463EE1785}] => (Allow) LPort=1688 FirewallRules: [UDP Query User{494664AF-8C24-40A0-B0C2-E6CF6F5F50B5}C:\program files (x86)\aliwangwang\aliim.exe] => (Allow) C:\program files (x86)\aliwangwang\aliim.exe FirewallRules: [TCP Query User{834162A1-1A93-4B6F-B7D5-C9376B0DD809}C:\program files (x86)\aliwangwang\aliim.exe] => (Allow) C:\program files (x86)\aliwangwang\aliim.exe FirewallRules: [UDP Query User{7D41D200-00AF-46D3-BCA6-D73EE7EC00D2}C:\program files (x86)\tencent\wechat\wechat.exe] => (Allow) C:\program files (x86)\tencent\wechat\wechat.exe FirewallRules: [TCP Query User{25DBAD85-6EDC-48D1-BF9E-0C8D8B25D07F}C:\program files (x86)\tencent\wechat\wechat.exe] => (Allow) C:\program files (x86)\tencent\wechat\wechat.exe FirewallRules: [{9EFB3E53-B0EA-429C-9C60-BCCED04CA9B2}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{565ADFC8-F7F7-49AF-9EE4-422A59D15CE2}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{69277154-35CB-404E-A2AC-DAE894C73C17}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{472FF369-2E0E-49B4-9446-F2A0DD0515B0}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{46139212-394E-4A8C-98B9-CB8813DC7423}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{5E594865-33D3-4F24-8D6E-38A25568D593}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{784B3511-CD85-4565-9082-DD2ACB19CDAC}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{24FB98BE-E33E-4A7A-9A7A-668EDA977750}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{24E7FCD4-E27E-419C-B254-FA2D488BCFE3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{126C288A-1891-489C-B3F9-E42229AD825D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{E23D2E5F-2FC1-4A21-AD98-88F7E0A4BCC4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{E6EE83BF-6223-41F3-94D3-DC74D49077EA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [UDP Query User{B5A68663-FB69-4075-9569-CAE2ABC58C08}C:\users\allen loh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\allen loh\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{FCF49085-B7D8-4125-BD47-B1263F120ABC}C:\users\allen loh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\allen loh\appdata\roaming\spotify\spotify.exe FirewallRules: [{6B1C7C43-E014-4EC2-B7BD-EAA61A53744B}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQGameUpUI.exe FirewallRules: [{7B98330B-D810-4EF8-9929-6276331E8D3F}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQMiniDLUI.exe FirewallRules: [{C38A078A-DD75-487E-A7C2-C37888F48926}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\qqminidl.exe FirewallRules: [{5F27BB88-F874-4077-B94B-FC5F2A4C2C7E}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\QzoneMusic.exe FirewallRules: [{063D9FC4-1DC0-43A4-982A-00B557A4F366}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\QzoneMusic.exe FirewallRules: [{737B046D-B438-4487-86DC-604F946405E0}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\tencentdl.exe FirewallRules: [{8F966BE7-3991-411E-A673-F16C650A9FC0}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\bugreport_xf.exe FirewallRules: [UDP Query User{AB1D37C4-84ED-4204-ADD8-1D75E7417787}C:\program files\bitcomet\bitcomet.exe] => (Allow) C:\program files\bitcomet\bitcomet.exe FirewallRules: [TCP Query User{BBC95F4F-C074-411F-86E4-FBF4AE71D9AF}C:\program files\bitcomet\bitcomet.exe] => (Allow) C:\program files\bitcomet\bitcomet.exe FirewallRules: [{C7BDAD78-5E0C-40F7-9691-9C291BA6B581}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\QQGameMicro.exe FirewallRules: [{8BFEBEB8-43F4-446B-B0A6-AFBB40C44FDF}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\IEProc.exe FirewallRules: [{24692540-2831-45D7-8D68-ED2ACFD0618C}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQGameUpUI.exe FirewallRules: [{7EE564FB-3F63-47BD-BCB0-0AC345A2CA69}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQMiniDLUI.exe FirewallRules: [{42B8720B-8E10-4341-8907-4F58F21BDC85}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\qqminidl.exe FirewallRules: [{B815022F-51EB-4093-BE8F-F4A6F793330A}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\QzoneMusic.exe FirewallRules: [{F723782F-8F55-42FD-A4B3-3DD966772391}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\QzoneMusic.exe FirewallRules: [{9A452CBE-108B-4F5E-8975-0622778F6F39}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\tencentdl.exe FirewallRules: [{89FECC4E-6BB3-4EED-8374-5CA271E606CB}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\bugreport_xf.exe FirewallRules: [{A081E8D5-7898-48D9-B328-8210E01E3D65}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maUpdat.exe FirewallRules: [{C7987A73-E1AD-4EA8-A9B1-7E91A939D46A}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maLauncher.exe FirewallRules: [{0628E1A7-3571-45BC-B13C-1CF27E8C764D}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\SetupEx\SetupEx.exe FirewallRules: [{4EAA959B-EE07-4552-85BD-73B0F2620546}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\txupd.exe FirewallRules: [{B4890C94-FF25-45CD-8A7B-CB358364CC9F}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\auclt.exe FirewallRules: [{13AA97BC-9EAC-4078-92F6-71C422BB42F9}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe FirewallRules: [{37996E35-798D-4688-8A36-0DCC4311D7AC}] => (Allow) C:\Users\Allen Loh\AppData\Roaming\Tencent\QQ\STemp\SetupEx0\QQSetupEx.exe FirewallRules: [{BE3F3680-3578-4DFB-82A6-C7CF7F425B16}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{57FE96D5-4779-4D2B-B29B-045157DC27D8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{D8F6E564-079E-444D-9BE8-190C66DD3E7C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{B2C1CDF3-E53D-4345-89FF-A5D7FDBC9F8E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{74F9A12E-A1BD-432C-8698-BC7AEF0D6BF9}] => (Allow) C:\Program Files\BitComet\BitComet.exe FirewallRules: [{F4230183-6154-4D63-888E-43DFC7C1A2DA}] => (Allow) C:\Program Files\BitComet\BitComet.exe FirewallRules: [UDP Query User{2FE2B25B-07E4-495F-85FA-E43BDC1BDE10}C:\users\allen loh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\allen loh\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{E7C5B65A-0BD8-4EBF-9395-7C55272EFC72}C:\users\allen loh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\allen loh\appdata\roaming\spotify\spotify.exe FirewallRules: [{C4365861-F665-405C-8410-E4A7B62279DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{69BEC975-073C-416E-AD45-EF1E2226EDD2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{EE715EB2-B608-4439-AE56-3CA229C353B1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{FE873A2E-DD71-4222-9772-8F95BFC59A2A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{5F92AB6D-EA6C-4B87-9190-1B7BCE6EA117}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{8FCFD1E9-5E6D-4FEE-8681-633CE94F7344}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{C10FACD4-EE09-4D1F-9DDD-AE6F5B596B64}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{2EAE8A37-7C86-4D4C-BD5D-B75AF1B45D96}] => (Allow) C:\Users\Allen Loh\AppData\Local\LINE\bin\4.9.0.1147\LINE.exe FirewallRules: [{F4FFDE7E-493F-4CE8-AC54-2B0629A45E74}] => (Allow) C:\Users\Allen Loh\AppData\Local\LINE\bin\4.9.0.1147\LINE.exe FirewallRules: [{9D827B39-96AC-4FA2-95FE-77D059DDDE88}] => (Allow) C:\Users\Allen Loh\AppData\Local\LINE\bin\4.9.0.1147\LineUpdater.exe FirewallRules: [{979C5C82-FC7A-4B15-9DD4-2AD775D1F9E6}] => (Allow) C:\Users\Allen Loh\AppData\Local\LINE\bin\4.9.0.1147\LineUpdater.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= 14-09-2016 19:54:19 Installed EmEditor (64-bit) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/14/2016 11:44:56 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable Error: (09/14/2016 11:44:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable Error: (09/14/2016 11:44:14 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable Error: (09/14/2016 11:44:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-63RO6J2) Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023673 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/14/2016 10:35:14 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable Error: (09/14/2016 10:35:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable Error: (09/14/2016 10:34:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable Error: (09/14/2016 10:34:24 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable Error: (09/14/2016 10:34:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable Error: (09/14/2016 10:33:48 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1140 System errors: ============= Error: (09/14/2016 11:43:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/14/2016 10:34:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/14/2016 09:12:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/14/2016 10:05:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/14/2016 12:44:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/13/2016 11:37:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/13/2016 11:06:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/13/2016 11:06:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Content Protection HDCP Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/13/2016 11:06:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/13/2016 11:06:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz Percentage of memory in use: 51% Total physical RAM: 15954.12 MB Available physical RAM: 7683.34 MB Total Virtual: 28754.12 MB Available Virtual: 14458.03 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:475.98 GB) (Free:67.21 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 9B6E2D6C) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=476 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=475 MB) - (Type=27) ==================== End of Addition.txt ============================ Checkresults.txt Potential issues: ============================== LAN Settings: No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ mbam-check result log version: 2.3.2.0 ======================================== User Account type: Administrator DomainComputer: No OS: Windows 10 64 bit Operating System Current Version and Build: 10.0.14393 OS Product Info: Professional Malwarebytes Anti-Malware: 2.2.1.1043 Installed On: 2016/09/04 Malware Database: 2016.09.14.07 Rootkit Database: 2016.08.15.01 Remediation Database: 2016.08.31.01 IP Database: 2016.09.14.01 Domain Database: 2016.09.14.03 License: Trial Malware Protection: 4 (The service is running.) Malicious Website Protection: 4 (The service is running.) Chameleon: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon Log Created: 2016/09/15 00:58:55 User Information for Local System: =========================================== User Account: Administrator Account Level: Admin User Account: Allen Loh Account Level: Admin User Account: DefaultAccount Account Level: Guest User Account: Guest Account Level: Guest Total # of user entries: 4 UAC Settings: =================== SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA DWORD 1 Status: ON SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin DWORD 5 Status: ON AntiVirus Information: =================== AntiVirus Software Installed: "Avira Antivirus" AntiVirus Software Installed: "Windows Defender" FireWall Information: =================== NO 3rd Party Firewall Software Installed AntiSpyware Information: =================== AntiSpyware Software Installed: "Avira Antivirus" AntiSpyware Software Installed: "Windows Defender" AntiSpyware Software Installed: "Spybot - Search and Destroy" Machine Information =============================================== Machine ID: 6cabb1f4dad6ea14bd5ca822b1d81bb06e82e6d1 Installation Token: FBpvcdBVn8hxtgZiNSEu1472979338 System has been up for: 25.8772 Hours Current Date: 2016-Sep-14 16:58:55.992959 Date Booted: 2016-Sep-13 15:58:55.992959 Detection and Protection Settings =============================================== Use Advanced Heuristics Engine (Shuriken): true Scan for rootkits: false Scan within archives: true PUP (Potentially Unwanted Program) detections: Treat Detections as Malware PUM (Potentially Unwanted Modification) detections: Treat Detections as Malware Compatibility Flag Settings: ================================= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\Program Files (x86)\Astrill\tapinstall.exeREG_SZ RUNASADMIN Malwarebytes Anti-Malware Shell Extension Block Check: ====================================================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked: MBAM Startup Entries: ===================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Malwarebytes Anti-Malware Service and Driver Status: ======================================================= --------------Driver File Info:-------------- C:\WINDOWS\system32\drivers\mbam.sys File Size: 27008 BYTES FileVersion: 0.1.16.0 MD5: [78bff5425e044086e74e78650a359fbb] C:\WINDOWS\system32\drivers\mwac.sys File Size: 65408 BYTES FileVersion: 1.0.6.0 MD5: [898415ac0b5f1d2a9a48abcb68a6dc4b] C:\WINDOWS\system32\drivers\mbamswissarmy.sys File Size: 192216 BYTES FileVersion: 0.3.0.4 MD5: [78488af2ab2111d67b3c4044707a519b] C:\WINDOWS\system32\drivers\mbamchameleon.sys File Size: 140672 BYTES FileVersion: 1.1.22.0 MD5: [1239597bab7eed2bb16d035af87e65d9] --------------MBAMProtector:-------------- Type: 2 State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 --------------MBAMService:-------------- Type: 16 State: 4 (The service is running.) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 --------------MBAMScheduler:-------------- Type: 16 State: 4 (The service is running.) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 --------------MBAMChameleon:-------------- Type: N/A State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon WIN32_EXIT_CODE: N/A SERVICE_EXIT_CODE: N/A CHECKPOINT: N/A WAIT_HINT: N/A --------------MBAMWebAccessControl:-------------- Type: 2 State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 Required Dependencies: ====================== --------------BFE:-------------- Type: 32 State: 4 (The service is running.) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE DisplayName REG_SZ @%SystemRoot%\system32\bfe.dll,-1001 ErrorControl REG_DWORD 1 Group REG_SZ NetworkProvider ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork Start REG_DWORD 2 Type REG_DWORD 32 Description REG_SZ @%SystemRoot%\system32\bfe.dll,-1002 DependOnService REG_MULTI_SZ RpcSs ObjectName REG_SZ NT AUTHORITY\LocalService ServiceSidType REG_DWORD 3 RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege FailureActions REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll ServiceDllUnloadOnStop REG_DWORD 1 ServiceMain REG_SZ BfeServiceMain --------------fltmgr:-------------- Type: 2 State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr AttachWhenLoaded REG_DWORD 1 DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001 ErrorControl REG_DWORD 3 Group REG_SZ FSFilter Infrastructure ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys Start REG_DWORD 0 Tag REG_DWORD 1 Type REG_DWORD 2 Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000 C:\WINDOWS\system32\drivers\fltmgr.sys File Size: 377696 BYTES FileVersion: 6.2.14393.0 MD5: [fda72aca14d516d18c33afcd0fd9260f] C:\WINDOWS\SysWoW64\olepro32.dll File Size: 90112 BYTES FileVersion: 6.2.14393.0 MD5: [29cbdb71b0558448282df4aaeb79105d] MBAM Registry Settings and License Info: ======================================== --------------Settings:-------------- Advanced: AutomaticQuarantine: true AutostartProtection: true LimitedMode: false StartSilentMode: false StartupDelay: -15 ApplicationState: First-Run-After-Installation: false General: DaysUntilNotifyExpiration: 5 Language: en RightClickAccess: true SilentErrors: false Logging: ExportLog: true Marketing: LastPostScanMarketingIndex: 2 Notification: ProtectionTray: DisplayMilliseconds: 3000 ScanHistory: Duration_Complete: 70074 Duration_Driver: 0 Duration_Filesystem: 39 Duration_Heuristics: 2313229 Duration_Loading: 0 Duration_MasterBootRecord: 0 Duration_Memory: 40000 Duration_PreScan: 30803 Duration_Registry: 6229 Duration_Sector: 0 Duration_Startup: 17073 ItemCount_Complete: 283353 ItemCount_Driver: 0 ItemCount_Filesystem: 49668 ItemCount_Heuristics: 369518 ItemCount_Loading: 0 ItemCount_MasterBootRecord: 0 ItemCount_Memory: 2797 ItemCount_PreScan: 30750 ItemCount_Registry: 847 ItemCount_Sector: 0 ItemCount_Startup: 6321 LastRemovalRequiredDOR: false LastScanDateEpoch: 1473818186614 LastScanType: 1 (Threat Scan) QuarantineCompletedCount: 2 Update: LastUpdate: 2016-09-14T16:05:22 NotifyInstallReady: true NotifyOutdatedDatabase: 7 ProxyPassword: ProxyPort: 0 ProxyServer: ProxyUsername: UseProxy: false UseProxyAuthentication: false CheckProgramUpdates: true --------------Account:-------------- Account Status: Trial Expiration Time: 2016/09/18 08:55:40 Activation Time: 2016/09/04 16:55:34 Trial Used: true --------------Access Policies:-------------- Scheduler Queue: ================ tasks: 6c9e1ed1-ee7f-4e15-8f17-a66ac7dca009: parameters: NotifyWhenUpdateCompletes: false TaskType: 3 triggers: 71243cee-a174-40d0-a300-3cb5645d5563: dateinterval: 0:0:0 (Days:Months:Years) lastscheduled: Thu, 15 Sep 2016 00:04:56.024929 +0800 lasttriggered: Thu, 15 Sep 2016 00:04:56.024929 +0800 nextscheduled: Thu, 15 Sep 2016 01:10:28.025074 +0800 recovery: 00:00:00 (Hours:Minutes:Seconds) start: Sun, 04 Sep 2016 16:58:46.025074 +0800 timeinterval: 01:00:00 (Hours:Minutes:Seconds) type: Hourly uuid: 71243cee-a174-40d0-a300-3cb5645d5563 type: update uuid: 6c9e1ed1-ee7f-4e15-8f17-a66ac7dca009 fa536db9-6b7b-49b3-bd6f-359ef3b6b3bf: parameters: AutoDelete: false CheckForUpdatesBeforeScanStart: true ProcessLaunchedFromScheduler: true ScanConfig: ExportLog: true FileSystemOption: true Quarantine: Prompt RebootSystemWhenMalwareDetected: false ScanArchives: true ScanExtra: true ScanHeuristic: true ScanMemoryObjects: true ScanPUM: Treat Detections as Malware ScanPUP: Treat Detections as Malware ScanRegistry: true ScanRootkits: false ScanSource: 1 ScanStartup: true ScanTargets: ScanType: 1 (Threat Scan) Silent: true StartTaskFromSystemAccount: false TaskType: 0 triggers: fb276c74-b9eb-404b-a789-5114d463ffae: dateinterval: 1:0:0 (Days:Months:Years) lastscheduled: Wed, 14 Sep 2016 09:56:02.256434 +0800 lasttriggered: Wed, 14 Sep 2016 09:56:02.256434 +0800 nextscheduled: Thu, 15 Sep 2016 02:40:34 +0800 recovery: 23:00:00 (Hours:Minutes:Seconds) start: Mon, 05 Sep 2016 02:32:34 +0800 timeinterval: 00:00:00 (Hours:Minutes:Seconds) type: Daily uuid: fb276c74-b9eb-404b-a789-5114d463ffae type: scan uuid: fa536db9-6b7b-49b3-bd6f-359ef3b6b3bf Pending File Rename Operations: ================================ If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation. Pending File Rename Operations: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\ PendingFileRenameOperations REG_MULTI_SZ \??\C:\Program Files (x86)\Avira\Antivirus\aegen.dll.tmp MBAMProtector Registry Values: ============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector WOW64 REG_DWORD 1 Type REG_DWORD 2 Start REG_DWORD 3 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ \??\C:\Windows\system32\drivers\mbam.sys DisplayName REG_SZ MBAMProtector Group REG_SZ FSFilter Anti-Virus DependOnService REG_MULTI_SZ FltMgr HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances DefaultInstance REG_SZ MBAMProtector Instance HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance Altitude REG_SZ 328800 Flags REG_DWORD 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters PassThruFile REG_SZ mbampt.exe ProductPath REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware MBAMService Registry Values: ============================ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService WOW64 REG_DWORD 1 Description REG_SZ Malwarebytes Anti-Malware service DelayedAutostart REG_DWORD 0 Type REG_DWORD 16 Start REG_DWORD 2 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" DisplayName REG_SZ MBAMService DependOnService REG_MULTI_SZ MBAMProtector ObjectName REG_SZ LocalSystem MBAMScheduler Registry Values: ============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler WOW64 REG_DWORD 1 Description REG_SZ Malwarebytes Anti-Malware scheduler Type REG_DWORD 16 Start REG_DWORD 2 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" DisplayName REG_SZ MBAMScheduler ObjectName REG_SZ LocalSystem Terminal Services Status for (null) entries in PM logs and GetUserToken errors: =============================================================================== --------------TERMService:-------------- Type: 32 State: 1 (The service is not running.) (State is stopped) WIN32_EXIT_CODE: 1077 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 TermService Start is set to: 3 (Manual Startup) Proxy Status: No proxy is Set Proxy Override: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ ProxyOverride REG_SZ <local> LAN Settings: ============= No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY SystemPartition: ================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\ SystemPartition REG_SZ \Device\HarddiskVolume1 Balloon Tips Status: ==================== Enabled Time Format Settings: ===================== Should be: h:mm:ss tt AM PM : Currently: REG_SZ h:mm:ss tt REG_SZ AM REG_SZ PM REG_SZ : Language and Regional Settings: =============================== ACP: Language is English (United States) MACCP: Language is English (United States) OEMCP: Language is English (United States) Startup Folders for Error_Expanding_Variables Check: ==================================================== All Users Startup Folder Exists. Current User's Startup Folder Exists. Context Menu Entries: ===================== HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1 (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE} (Default): REG_SZ IMBAMShlExt HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID (Default): REG_SZ MBAMExt.MBAMShlExt HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware List of MBAM Related Directories: ================================= C:\Program Files (x86)\Malwarebytes Anti-Malware\ 7z.dll File Size: 922080 BYTES FileVersion: 9.20.0.0 MD5: [14079a2411fa2bb7f78bc100c92bbcc2] changes.txt File Size: 1596 BYTES FileVersion: N/A MD5: [09371a0c8bd9e9554571da257d554d3e] cloud-enumeration.dll File Size: 287200 BYTES FileVersion: 1.0.1.0 MD5: [84ac20b9327dbd4d94039be93384dad5] cloud.dll File Size: 352736 BYTES FileVersion: 1.0.1.0 MD5: [5659790448fb136a80be407c4a0dbb50] license.rtf File Size: 38870 BYTES FileVersion: N/A MD5: [ed36ea764c3a452334416713c8cf1eed] master.conf File Size: 1258 BYTES FileVersion: N/A MD5: [9702ca5e82d3756c6d8af34a2ababaea] mbam.dll File Size: 609760 BYTES FileVersion: 1.0.40.0 MD5: [c4a51c1cb174066fdaf383c09f0d574b] mbam.exe File Size: 9926112 BYTES FileVersion: 2.3.173.0 MD5: [8e98e3ec16d2641005b4748cd330fb45] mbamcore.dll File Size: 2127840 BYTES FileVersion: 1.3.24.0 MD5: [63ce66ef2b30a09308eafe29baec6a75] mbamdor.exe File Size: 55264 BYTES FileVersion: 1.0.2.0 MD5: [297c1bdcc26adb339d4c0f0550e434d6] mbamext.dll File Size: 431072 BYTES FileVersion: 3.1.1.0 MD5: [67a6ec1735c77c2623b49cc1f284c8a0] mbampt.exe File Size: 40928 BYTES FileVersion: 1.0.57.0 MD5: [04d0b942b0ad4a5d2eee45d9b7d6545b] mbamresearch.exe File Size: 1949152 BYTES FileVersion: 1.1.1.0 MD5: [e601f9ca6a72493bc8185bedda17eee8] mbamscheduler.exe File Size: 1514464 BYTES FileVersion: 3.1.7.0 MD5: [9611577752e293259c7dce19e9026362] mbamservice.exe File Size: 1136608 BYTES FileVersion: 3.2.21.0 MD5: [f1a89a34388b5626f1548d393b23ecb1] mbamsrv.dll File Size: 3863008 BYTES FileVersion: 2.1.10.0 MD5: [a33629c51295570fe9f252a39ddcea93] mbamtoast.dll File Size: 98272 BYTES FileVersion: 1.70.0.0 MD5: [b55f6f7b61ae6070a6e023e11fda92ee] msvcp100.dll File Size: 422880 BYTES FileVersion: 10.0.40219.325 MD5: [53a5f1b984f585997968cd0dfb27400c] msvcr100.dll File Size: 775648 BYTES FileVersion: 10.0.40219.325 MD5: [dc0213118e61e5ca865092109860792c] Qt5Core.dll File Size: 4646880 BYTES FileVersion: 5.4.1.0 MD5: [91c7c50b2a290b82604163b5a679ea24] Qt5Gui.dll File Size: 4640224 BYTES FileVersion: 5.4.1.0 MD5: [1d59b3e632aef8e24cc1707fd411113b] Qt5Network.dll File Size: 673248 BYTES FileVersion: 5.4.1.0 MD5: [e089635a8cbed229ec30cdbe29748c08] Qt5Widgets.dll File Size: 4474848 BYTES FileVersion: 5.4.1.0 MD5: [33881dda0ccc3898facadf1e4d1df237] unins000.dat File Size: 37905 BYTES FileVersion: N/A MD5: [43681fa49b2de4145bc812fd3cf3bed1] unins000.exe File Size: 720085 BYTES FileVersion: 51.52.0.0 MD5: [f1505d347325c77e3eeef418495e1f57] C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows chameleon.chm File Size: 235882 BYTES FileVersion: N/A MD5: [c4190b71f037714aa77aba294434ba5b] firefox.com File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] firefox.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] firefox.pif File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] firefox.scr File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] iexplore.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.com File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.pif File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.scr File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-killer.exe File Size: 1504736 BYTES FileVersion: 3.0.15.0 MD5: [b79d3c2fca170c4dd15d7316067a1fd3] rundll32.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] svchost.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] windows.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] winlogon.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats qgif.dll File Size: 29664 BYTES FileVersion: 5.4.1.0 MD5: [0b528e4c9bbd9efdea9bc8ac6a967d6d] qico.dll File Size: 29664 BYTES FileVersion: 5.4.1.0 MD5: [7b36d94db81b8b0dfd9323228dd96b51] C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages lang_ar.qm File Size: 87404 BYTES FileVersion: N/A MD5: [269d3107ca72a75fe154ce4ff718af50] lang_bg.qm File Size: 133911 BYTES FileVersion: N/A MD5: [376ad1e4ad206bc32da09b12b564ecc4] lang_ca.qm File Size: 92634 BYTES FileVersion: N/A MD5: [2d35f58b0c2db44ad2717f4a4526a085] lang_cs.qm File Size: 105193 BYTES FileVersion: N/A MD5: [2c191de828d5e05fd7afa27ee1245023] lang_da.qm File Size: 88039 BYTES FileVersion: N/A MD5: [f8a4941d5d388160d252832a77ab584f] lang_de.qm File Size: 139276 BYTES FileVersion: N/A MD5: [b55f37281f0fcadfae67aecf0bf4cca5] lang_el.qm File Size: 126897 BYTES FileVersion: N/A MD5: [bd671253e071bac626beea63393abcda] lang_en.qm File Size: 3081 BYTES FileVersion: N/A MD5: [e2790b3cd9fdd9d3e266e9623fe477af] lang_es.qm File Size: 138468 BYTES FileVersion: N/A MD5: [cc4f3aab63d933d5964e2bba62df4277] lang_et.qm File Size: 107794 BYTES FileVersion: N/A MD5: [aa4845cd64b20377cea0ebc66eed4a42] lang_fi.qm File Size: 130793 BYTES FileVersion: N/A MD5: [00653d1fb2f790817aef991025c176aa] lang_fr.qm File Size: 141996 BYTES FileVersion: N/A MD5: [e06db8ef6b826b75ec5859913651ed44] lang_he.qm File Size: 98928 BYTES FileVersion: N/A MD5: [2954e902664f2e129f8a8d8238e90552] lang_hu.qm File Size: 132359 BYTES FileVersion: N/A MD5: [6bf3b8c78fd393ef2811a19742518b9a] lang_id.qm File Size: 129135 BYTES FileVersion: N/A MD5: [6be058072a90897595c6f097a3caa797] lang_it.qm File Size: 134154 BYTES FileVersion: N/A MD5: [183990148beec433023688db65a7bf2e] lang_ja.qm File Size: 73762 BYTES FileVersion: N/A MD5: [f6bfd643cb92fa760ae6ec64344ee7e1] lang_ko.qm File Size: 85731 BYTES FileVersion: N/A MD5: [53b5a94eb309d69993a5bc3cd43a85e4] lang_lt.qm File Size: 90799 BYTES FileVersion: N/A MD5: [eecd8edca1fb068ad3bd88aa711bdae2] lang_lv.qm File Size: 90659 BYTES FileVersion: N/A MD5: [683950904e725821740217824df440ff] lang_nl.qm File Size: 133514 BYTES FileVersion: N/A MD5: [442a6cf7e07e6f676d8b5ae41637549c] lang_no.qm File Size: 129833 BYTES FileVersion: N/A MD5: [8949e21e367e5a32ca9f36d8d22c9771] lang_pl.qm File Size: 133827 BYTES FileVersion: N/A MD5: [48379f4ac164adfc8d448bf53c8e2df8] lang_pt_BR.qm File Size: 136918 BYTES FileVersion: N/A MD5: [b1ea2002cf5362b24ca0a026f448e3f1] lang_pt_PT.qm File Size: 136982 BYTES FileVersion: N/A MD5: [5e23b66cb6d8d9894b991cc8f33658af] lang_ro.qm File Size: 90458 BYTES FileVersion: N/A MD5: [bcf524020255c4f7a6fdbae8df2bfe81] lang_ru.qm File Size: 137874 BYTES FileVersion: N/A MD5: [5e28394fbd12f21301e2b7e1a9dbac94] lang_sk.qm File Size: 131080 BYTES FileVersion: N/A MD5: [68e0e95e7131d101188a57e3a413dee5] lang_sl.qm File Size: 107631 BYTES FileVersion: N/A MD5: [83755001a3f1bd527d0b4b7a77d0b37d] lang_sv.qm File Size: 129135 BYTES FileVersion: N/A MD5: [b3c38242beb63f895fabcc14bbc6807a] lang_tr.qm File Size: 88838 BYTES FileVersion: N/A MD5: [1e4a3c0dcd7074ad4a3971ce67762cda] lang_vi.qm File Size: 133386 BYTES FileVersion: N/A MD5: [586de19c023986bf884ad56fc29c8f5e] lang_zh_TW.qm File Size: 87797 BYTES FileVersion: N/A MD5: [e120a014cf077bdcbcdcbf98c3438188] C:\Program Files (x86)\Malwarebytes Anti-Malware\\platforms qwindows.dll File Size: 929760 BYTES FileVersion: 5.4.1.0 MD5: [6c54d2ebeaacbe9b56816536041c8281] C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins fixdamage.exe File Size: 823776 BYTES FileVersion: 1.4.0.1001 MD5: [bbfc25590af3e45d8cca1fab95648b40] C:\Users\Allen Loh\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware actions.ref File Size: 9122 BYTES FileVersion: N/A MD5: [935e965ff99eece3f7a2c5baeedacd33] akadomains.ref File Size: 92 BYTES FileVersion: N/A MD5: [73d5774cbd8df165274a0691ae264808] akaips.ref File Size: 92 BYTES FileVersion: N/A MD5: [2a6869d1f91f0a0b87b1d27bd30ccc5c] domains.ref File Size: 978419 BYTES FileVersion: N/A MD5: [8ec9ca66e5646ec3ba8efb4f02dc98c8] exclusions.dat File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e] ips.ref File Size: 189079 BYTES FileVersion: N/A MD5: [87ccc49bc62867af3c35d40c2bca3832] rules.ref File Size: 10570153 BYTES FileVersion: N/A MD5: [71e909408214625b80015ec34c1a39a0] S-1-5-18-0-ntuser.dat S-1-5-18-0-ntuser.dat.LOG1 S-1-5-18-0-ntuser.dat.LOG2 S-1-5-18-0-ntuser.dat{a160649b-79ce-11e6-a917-48e244f4fb60}.TM.blfS-1-5-18-0-ntuser.dat{a160649b-79ce-11e6-a917-48e244f4fb60}.TMContainer00000000000000000001.regtrans-msS-1-5-18-0-ntuser.dat{a160649b-79ce-11e6-a917-48e244f4fb60}.TMContainer00000000000000000002.regtrans-msS-1-5-18-1-ntuser.dat File Size: 266240 BYTES FileVersion: N/A MD5: [a2300630ee2935d7ce0f7578c10844f9] S-1-5-18-1-ntuser.dat.LOG1 File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e] S-1-5-18-1-ntuser.dat.LOG2 File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e] S-1-5-19-0-ntuser.dat S-1-5-19-0-ntuser.dat.LOG1 S-1-5-19-0-ntuser.dat.LOG2 S-1-5-19-0-ntuser.dat{a16064a1-79ce-11e6-a917-48e244f4fb60}.TM.blfS-1-5-19-0-ntuser.dat{a16064a1-79ce-11e6-a917-48e244f4fb60}.TMContainer00000000000000000001.regtrans-msS-1-5-19-0-ntuser.dat{a16064a1-79ce-11e6-a917-48e244f4fb60}.TMContainer00000000000000000002.regtrans-msS-1-5-19-1-ntuser.dat File Size: 180224 BYTES FileVersion: N/A MD5: [63586e288a6d984e17b7ee366e07e8d5] S-1-5-19-1-ntuser.dat.LOG1 File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e] S-1-5-19-1-ntuser.dat.LOG2 File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e] S-1-5-20-0-ntuser.dat S-1-5-20-0-ntuser.dat.LOG1 S-1-5-20-0-ntuser.dat.LOG2 S-1-5-20-0-ntuser.dat{a16064a7-79ce-11e6-a917-48e244f4fb60}.TM.blfS-1-5-20-0-ntuser.dat{a16064a7-79ce-11e6-a917-48e244f4fb60}.TMContainer00000000000000000001.regtrans-msS-1-5-20-0-ntuser.dat{a16064a7-79ce-11e6-a917-48e244f4fb60}.TMContainer00000000000000000002.regtrans-msS-1-5-20-1-ntuser.dat File Size: 180224 BYTES FileVersion: N/A MD5: [6512f2c08c7ac1d15aa15cf0af6d6638] S-1-5-20-1-ntuser.dat.LOG1 File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e] S-1-5-20-1-ntuser.dat.LOG2 File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e] S-1-5-21-412318308-364620732-2893145180-1001-0-ntuser.datS-1-5-21-412318308-364620732-2893145180-1001-0-ntuser.dat.LOG1S-1-5-21-412318308-364620732-2893145180-1001-0-ntuser.dat.LOG2S-1-5-21-412318308-364620732-2893145180-1001-0-ntuser.dat{a16064ad-79ce-11e6-a917-48e244f4fb60}.TM.blfS-1-5-21-412318308-364620732-2893145180-1001-0-ntuser.dat{a16064ad-79ce-11e6-a917-48e244f4fb60}.TMContainer00000000000000000001.regtrans-msS-1-5-21-412318308-364620732-2893145180-1001-0-ntuser.dat{a16064ad-79ce-11e6-a917-48e244f4fb60}.TMContainer00000000000000000002.regtrans-msS-1-5-21-412318308-364620732-2893145180-1001-1-ntuser.dat File Size: 4366336 BYTES FileVersion: N/A MD5: [aba9ae4022cfca27cec56663ce55644e] S-1-5-21-412318308-364620732-2893145180-1001-1-ntuser.dat.LOG1 File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e] S-1-5-21-412318308-364620732-2893145180-1001-1-ntuser.dat.LOG2 File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e] swissarmy.ref File Size: 28321 BYTES FileVersion: N/A MD5: [eb97c9c4941dc1cb6b1d54ca08074986] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration build.conf File Size: 4600 BYTES FileVersion: N/A MD5: [fb22cde62a430731e92b55e60262fbe7] database.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] gatekeeper.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] license.conf File Size: 1620 BYTES FileVersion: N/A MD5: [3e4356e59ebe1d80b895b55222e45399] manifest.conf File Size: 3411 BYTES FileVersion: N/A MD5: [b4e4ce7b3d79a2ffe8f2362eb63a3618] marketing.conf File Size: 7326 BYTES FileVersion: N/A MD5: [214bcc8b1c5b41ec594541fbe4dcd69c] net.conf File Size: 7340 BYTES FileVersion: N/A MD5: [d5c908c2586004c7e34a7425de7f38c5] notifications.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] scheduler.conf File Size: 2160 BYTES FileVersion: N/A MD5: [b0c903b9479fa51147f7d9d285025820] settings.conf File Size: 2124 BYTES FileVersion: N/A MD5: [63906e3b6a37dc3cdbe3c6b89baae8f0] statistics.conf File Size: 513 BYTES FileVersion: N/A MD5: [013bdf2d03ea570deb3bbd9438600a7f] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore build.conf File Size: 4179 BYTES FileVersion: N/A MD5: [20d9566b3cf94f1e395de8f40046fc68] database.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] gatekeeper.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] license.conf File Size: 23 BYTES FileVersion: N/A MD5: [0ec01df616b565180556881d8042255b] manifest.conf File Size: 3171 BYTES FileVersion: N/A MD5: [a6e5576f7723acab40490fb9e64dfc1c] marketing.conf File Size: 6974 BYTES FileVersion: N/A MD5: [53bbca93e7bbeb7f5dca1ef9419ccb28] net.conf File Size: 6530 BYTES FileVersion: N/A MD5: [9fb4acfdc11c7af48a760db4c7bfebf0] notifications.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] scheduler.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] settings.conf File Size: 1724 BYTES FileVersion: N/A MD5: [e27b42126b89352fdaae8f1630b9a8d8] statistics.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs mbam-log-2016-09-04 (17-11-40).xml File Size: 3342 BYTES FileVersion: N/A MD5: [eae8b565388076bfe44623fbe5981a4c] mbam-log-2016-09-05 (02-46-32).xml File Size: 2600 BYTES FileVersion: N/A MD5: [d79ed0657f3985dcb449ca657ef12d43] mbam-log-2016-09-06 (02-34-47).xml File Size: 2600 BYTES FileVersion: N/A MD5: [679cad78e4be0be61643b9766400f3cd] mbam-log-2016-09-07 (09-45-08).xml File Size: 2628 BYTES FileVersion: N/A MD5: [96b2895c6149d277a6581dfa7aedfea9] mbam-log-2016-09-08 (09-53-03).xml File Size: 2630 BYTES FileVersion: N/A MD5: [2e75f1e65362311d3a2b54ee71d0411d] mbam-log-2016-09-12 (14-54-30).xml File Size: 2628 BYTES FileVersion: N/A MD5: [fc64dcf303c64ddd9adbc5050ac02285] mbam-log-2016-09-12 (17-29-16).xml File Size: 2628 BYTES FileVersion: N/A MD5: [e89764d2cdce65995bd079a1f9d12d9a] mbam-log-2016-09-13 (09-46-02).xml File Size: 2628 BYTES FileVersion: N/A MD5: [18ef7fc0c621366167ca0f8d95b77ff5] protection-log-2016-09-04.xml File Size: 9124 BYTES FileVersion: N/A MD5: [755c52e9b506b79dc38d7b0dc55a522a] protection-log-2016-09-05.xml File Size: 10858 BYTES FileVersion: N/A MD5: [44cb647b582bbd671d1e1c9cce7ad62b] protection-log-2016-09-06.xml File Size: 24014 BYTES FileVersion: N/A MD5: [d6f8c9ae5dbe0786d00fe4202653ed69] protection-log-2016-09-07.xml File Size: 16280 BYTES FileVersion: N/A MD5: [a7c6013a978c5aeb77daf3f9031b6899] protection-log-2016-09-08.xml File Size: 17610 BYTES FileVersion: N/A MD5: [7a02e295362747e73db5381c5d944923] protection-log-2016-09-12.xml File Size: 12195 BYTES FileVersion: N/A MD5: [cb5fa4a9753444a5730f195b80c21119] protection-log-2016-09-13.xml File Size: 24631 BYTES FileVersion: N/A MD5: [9f7ec7e2fdc71a4fc767e7f5ca5a2579] protection-log-2016-09-14.xml File Size: 15876 BYTES FileVersion: N/A MD5: [a7b62188a7f6bc5d8edbda97cb5333c2] protection-log-2016-09-15.xml File Size: 2455 BYTES FileVersion: N/A MD5: [de453f27ec7dd92fd154c460e5413c48] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine 3049387638.data File Size: 713 BYTES FileVersion: N/A MD5: [5983e7f1c032f1c339941c5e873a64a0] 3049387638.quar File Size: 4381762 BYTES FileVersion: N/A MD5: [df79b60c184c2c2c8b02b1a29e68c7bf] 8739465845.data File Size: 708 BYTES FileVersion: N/A MD5: [b3f6b7be84ba9cf9ebc596f3ba6d54c6] 8739465845.quar File Size: 71324 BYTES FileVersion: N/A MD5: [885495bf5f02a26f3669e864771cf27f] Malware Exclusions: =================== Web Exclusions: ================ Quarantined Items: =================== Vendor: Trojan.Agent.CK, Date: 2016/09/04 09:12:00, Type: File, Location: C:\Users\Allen Loh\AppData\Local\Temp\Rar$DRa0.445\TNOD.rar Vendor: Trojan.Agent.CK, Date: 2016/09/04 09:12:00, Type: File, Location: C:\Users\Allen Loh\AppData\Local\Temp\~nsu.tmp\Au_.exe =============================================================== END OF FILE
  2. Hello Malwarebytes Team, Recently my computer disc space have been maxing out on its own for some reason. I first noticed about a couple weeks ago when my computer prompted me that my disc space was full. I thought it might be because I upgraded to the Windows 10 Anniversary update, so I enabled the option to delete old versions of windows to free up space. Then shortly after, my disc was full again. I thought it might be from downloading torrents, so I deleted some torrent download files to free up more space. Today I finally checked in more detail. My drive went from 5.9 gb to 4.6 to now 3.2 in about a few hours. Does anyone know why this is happening? I downloaded Spacesniffer and WinDerStat to see what's filling up the space, and I noticed a gms.log file that is 60 gb. I'm not sure if that is normal? I tried google to figure out what that file is but there is very little information on it. I ran Malwarebytes Anit-Malware Home edition last week and already deleted all the suggested files, but this is still happening. I ran it again today and it says the computer is clean with 0 infections. I deleted some files and tried Spacesniffer again, this time going from 17.3 gb to 16.1 gb in a couple hours. I've attached 2 screen shots of the Spacesniffer run results, so you can compare which category is draining the space. I think it is the file "pagefile.sys." Can anyone help me figure out why my computer disc space is shrinking by the minute? If there's an older thread with this problem solved please direct me because I can't seem to find it. Please help, thank you!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.