Jump to content

Rapidly Decreasing Disc Space


alex_rossi1133
 Share

Recommended Posts

Hello Malwarebytes Team,

Recently my computer disc space have been maxing out on its own for some reason.  I first noticed about a couple weeks ago when my computer prompted me that my disc space was full. I thought it might be because I upgraded to the Windows 10 Anniversary update, so I enabled the option to delete old versions of windows to free up space.  Then shortly after, my disc was full again. I thought it might be from downloading torrents, so I deleted some torrent download files to free up more space. Today I finally checked in more detail.  My drive went from 5.9 gb to 4.6 to now 3.2 in about a few hours.  Does anyone know why this is happening?  I downloaded Spacesniffer and WinDerStat to see what's filling up the space, and I noticed a gms.log file that is 60 gb.  I'm not sure if that is normal? I tried google to figure out what that file is but there is very little information on it.  I ran Malwarebytes Anit-Malware Home edition last week and already deleted all the suggested files, but this is still happening. I ran it again today and it says the computer is clean with 0 infections.  I deleted some files and tried Spacesniffer again, this time going from 17.3 gb to 16.1 gb in a couple hours.  I've attached 2 screen shots of the Spacesniffer run results, so you can compare which category is draining the space. I think it is the file "pagefile.sys."  Can anyone help me figure out why my computer disc space is shrinking by the minute? If there's an older thread with this problem solved please direct me because I can't seem to find it.    Please help, thank you!

17.3.png

16.2.png

Link to post
Share on other sites

Hello and Welcome.

Hard to say what may be going on here, but we may be able to find something if you post the logs requested below.

We would need more info on the system....

Please read the following and in your next reply ATTACH the 3 requested logs - Diagnostic Logs
(the three files should be CheckResults.txt, FRST.txt and Addition.txt)

Thank You,

Firefox

Link to post
Share on other sites

Thanks for your reply.  Attached:

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016
Ran by Allen Loh (administrator) on DESKTOP-63RO6J2 (15-09-2016 00:58:45)
Running from C:\Users\Allen Loh\Desktop
Loaded Profiles: Allen Loh &  (Available Profiles: Allen Loh)
Platform: Windows 10 Enterprise Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Alibaba (China) Co., LTD. All rights reserved.) C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Alipay.com Inc. ) C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\pcas.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
() C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
(Tencent) C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe
(Alipay.com Inc. ) C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\secbizsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alipay.com Inc. ) C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\aliwssv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Flux Software LLC) C:\Users\Allen Loh\AppData\Local\FluxSoftware\Flux\flux.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Astrill) C:\Program Files (x86)\Astrill\astrill.exe
(Astrill) C:\Program Files (x86)\Astrill\ASOvpnSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Spotify Ltd) C:\Users\Allen Loh\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Emurasoft, Inc.) C:\Users\Allen Loh\AppData\Local\Programs\EmEditor\emedtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(TENCENT) C:\Program Files (x86)\Tencent\WeChat\WeChat.exe
() C:\Program Files (x86)\Tencent\WeChat\WeChatWeb.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Allen Loh\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Allen Loh\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Allen Loh\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Allen Loh\AppData\Roaming\Spotify\Spotify.exe
(阿里巴巴(中国)有限公司) C:\Users\Allen Loh\AppData\Roaming\TaobaoProtect\TaobaoProtect.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
() C:\Program Files (x86)\Astrill\asovpnc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Allen Loh\AppData\Local\Citrix\GoToMeeting\5530\g2mstart.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Allen Loh\AppData\Local\Citrix\GoToMeeting\5530\g2mcomm.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Allen Loh\AppData\Local\Citrix\GoToMeeting\5530\g2mlauncher.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Allen Loh\AppData\Local\Citrix\GoToMeeting\5530\g2mui.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Allen Loh\AppData\Local\Citrix\GoToMeeting\5530\g2mvideoconference.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8712960 2015-10-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-07] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [717744 2015-11-03] (Waves Audio Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322120 2016-04-28] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-02-28] (Power Software Ltd)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25197248 2016-08-31] (Dropbox, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [830064 2016-09-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [18536 2016-09-05] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\Run: [Spotify Web Helper] => C:\Users\Allen Loh\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-09-07] (Spotify Ltd)
HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\Run: [f.lux] => C:\Users\Allen Loh\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\Run: [QQ2009] => C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe [109888 2016-05-24] (Tencent)
HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\Run: [Spotify] => C:\Users\Allen Loh\AppData\Roaming\Spotify\Spotify.exe [6810224 2016-09-07] (Spotify Ltd)
HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe [806904 2016-08-25] (ExpressVPN)
HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\RunOnce: [Uninstall C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\RunOnce: [Uninstall C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Allen Loh\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-09-07] (Spotify Ltd)
HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [f.lux] => C:\Users\Allen Loh\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QQ2009] => C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe [109888 2016-05-24] (Tencent)
HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\Allen Loh\AppData\Roaming\Spotify\Spotify.exe [6810224 2016-09-07] (Spotify Ltd)
HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe [806904 2016-08-25] (ExpressVPN)
HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!BTSync2.3.3Done] -> {581FFA04-FC33-0003-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_128.dll [2016-02-29] ()
ShellIconOverlayIdentifiers: [!BTSync2.3.3RO] -> {581FFA03-FC33-0003-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_128.dll [2016-02-29] ()
ShellIconOverlayIdentifiers: [!BTSync2.3.3RW] -> {581FFA02-FC33-0003-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_128.dll [2016-02-29] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.3Done] -> {581FFA04-FC33-0003-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay86_128.dll [2016-02-29] ()
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.3RO] -> {581FFA03-FC33-0003-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay86_128.dll [2016-02-29] ()
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.3RW] -> {581FFA02-FC33-0003-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay86_128.dll [2016-02-29] ()
Startup: C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EmEditor.lnk [2016-09-14]
ShortcutTarget: EmEditor.lnk -> C:\Users\Allen Loh\AppData\Local\Programs\EmEditor\emedtray.exe (Emurasoft, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9-x64 01 C:\Windows\system32\ASProxy64.dll [555032 2015-09-03] (Astrill)
Winsock: Catalog9-x64 02 C:\Windows\system32\ASProxy64.dll [555032 2015-09-03] (Astrill)
Winsock: Catalog9-x64 03 C:\Windows\system32\ASProxy64.dll [555032 2015-09-03] (Astrill)
Winsock: Catalog9-x64 04 C:\Windows\system32\ASProxy64.dll [555032 2015-09-03] (Astrill)
Winsock: Catalog9-x64 05 C:\Windows\system32\ASProxy64.dll [555032 2015-09-03] (Astrill)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8ef4e5db-5675-4f13-98b3-dda189ddf628}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9ac3b93f-3f79-4947-b4fd-1824d638c125}: [DhcpNameServer] 198.18.48.1
Tcpip\..\Interfaces\{af2ebe06-3fa3-4aef-b51b-d83d8db7288b}: [DhcpNameServer] 198.18.56.1
Tcpip\..\Interfaces\{ca1dcd3c-0cea-4a52-a369-35d628c65f64}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{ec008a60-cbe9-4fbc-8d53-070ae53feba6}: [DhcpNameServer] 10.12.0.1

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: QQMiniDL Helper Class -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll [2014-07-15] (Tencent Technology (Shenzhen) Company Limited)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\Allen Loh\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll [2016-07-03] (Tencent)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
DPF: HKLM-x32 {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} hxxps://site.cmbchina.com/download/CMBEdit.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Allen Loh\AppData\Roaming\Mozilla\Firefox\Profiles\ARzsHrG8.default
FF Plugin: @alipay.com/npalicert -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npalicdo64.dll [2015-01-14] (alipay.com)
FF Plugin: @alipay.com/npAliInetHealth -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npAlipaydhc64.dll [2015-01-14] (Alipay.com Inc. )
FF Plugin: @alipay.com/npAliSecCtrl -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npAliSecCtrl64.dll [2015-01-14] (Alipay.com Inc. )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @alipay.com/npalicert -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npalicdo.dll [2015-01-14] (alipay.com)
FF Plugin-x32: @alipay.com/npalidcp -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npalidcp.dll [2014-07-03] (Alipay.com co.,ltd)
FF Plugin-x32: @alipay.com/npaliedit -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npaliedit.dll [2014-07-03] (Alipay.com co.,ltd)
FF Plugin-x32: @alipay.com/npAliInetHealth -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npAlipaydhc.dll [2015-01-14] (Alipay.com Inc. )
FF Plugin-x32: @alipay.com/npAliSecCtrl -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npAliSecCtrl.dll [2015-01-14] (Alipay.com Inc. )
FF Plugin-x32: @alipay.com/NPComBrg701,version=1.0.2011.701 -> C:\Windows\system32\itruscert\NPComBrg701.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @cmbchina.com/npcmbedit -> C:\Windows\system32\NPCMBEdit.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-03] (NVIDIA Corporation)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll [2016-02-29] (Tencent)
FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\npXFMiniDLPlugin.dll [2014-04-25] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [2013-08-13] ()
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll [2016-02-26] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.4.2\Bin\npSSOAxCtrlForPTLogin.dll [2016-01-22] (Tencent)
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [2013-04-25] (Tencent)
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [2013-04-08] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-412318308-364620732-2893145180-1001: @1.qq.com/npqqwebgame -> C:\Users\Allen Loh\AppData\Roaming\Tencent\WebGamePlugin\1.0.4.3\npqqwebgame.dll [2015-10-20] ( )
FF Plugin HKU\S-1-5-21-412318308-364620732-2893145180-1001: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npAliSSOLogin.dll [No File]
FF Plugin HKU\S-1-5-21-412318308-364620732-2893145180-1001: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npwangwang.dll [No File]
FF Plugin HKU\S-1-5-21-412318308-364620732-2893145180-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Allen Loh\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-09-15] (Citrix Online)
FF Plugin HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @1.qq.com/npqqwebgame -> C:\Users\Allen Loh\AppData\Roaming\Tencent\WebGamePlugin\1.0.4.3\npqqwebgame.dll [2015-10-20] ( )
FF Plugin HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npAliSSOLogin.dll [No File]
FF Plugin HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npwangwang.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Extension: (Avira Browser Safety) - C:\Users\Allen Loh\AppData\Roaming\Mozilla\Firefox\Profiles\ARzsHrG8.default\Extensions\abs@avira.com [2016-09-04]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Allen Loh\AppData\Roaming\Mozilla\Firefox\Profiles\ARzsHrG8.default\Extensions\safesearchplus2@avira.com [2016-09-04]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-07-25]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.techcrunch.com/"
CHR DefaultSearchURL: Default -> hxxp://tw.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=402027&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSuggestURL: Default -> hxxp://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-27]
CHR Extension: (Google Docs) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-27]
CHR Extension: (Google Drive) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-27]
CHR Extension: (YouTube) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-27]
CHR Extension: (Google Search) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-27]
CHR Extension: (Clear Cache) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [2016-02-29]
CHR Extension: (Tampermonkey) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-09-05]
CHR Extension: (Axure RP Extension for Chrome) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dogkpdfcklifaemcdfbildhcofnopogp [2016-02-29]
CHR Extension: (Session Buddy) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-05-01]
CHR Extension: (Adobe Acrobat) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-09-13]
CHR Extension: (Google Calendar) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-02-29]
CHR Extension: (Quote Roller) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\eonldhmaohklgbbbhpbaajfgafbdlegp [2016-02-29]
CHR Extension: (Google Sheets) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-27]
CHR Extension: (Full Screen Weather) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2016-02-29]
CHR Extension: (Avira Browser Safety) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-13]
CHR Extension: (Google Docs Offline) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-24]
CHR Extension: (Muzli 2 - Stay Inspired) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcipcfhmopcgidicgdociohdoicpdfc [2016-08-29]
CHR Extension: (Wappalyzer) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppongmhjkpfnbhagpmjfkannfbllamg [2016-09-05]
CHR Extension: (Inspirational Quote of the Day) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\haoobbbpobmbbbljahonelppglbhapji [2016-02-29]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-09-13]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2016-09-04]
CHR Extension: (WhatFont) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2016-06-17]
CHR Extension: (Throttle) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\klmapenfmenbohghcdlilacfhckhcbnn [2016-07-22]
CHR Extension: (支付宝安全插件) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lapoiohkeidniicbalnfmakkbnpejgbi [2016-02-29]
CHR Extension: (Product Hunt) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\likjafohlgffamccflcidmedfongmkee [2016-08-31]
CHR Extension: (Google Maps) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-02-29]
CHR Extension: (LINE) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\menkifleemblimdogmoihpfopnplikde [2016-09-08]
CHR Extension: (Assistant.to Scheduling Assistant) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndddjdifcfcddfdgedlcmfjamionaago [2016-02-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07]
CHR Extension: (My Chrome Theme) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-02-29]
CHR Extension: (Unblock Youku) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2016-09-13]
CHR Extension: (Gmail) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-27]
CHR Extension: (Chrome Media Router) - C:\Users\Allen Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-412318308-364620732-2893145180-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-04-23]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [989696 2016-09-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [470600 2016-09-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [470600 2016-09-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1454720 2016-09-07] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R3 ASOVPNHelper; C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [615672 2016-07-02] (Astrill)
S3 ASProxy; C:\Program Files (x86)\Astrill\ASProxy.exe [2618104 2016-06-01] (Astrill)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [324304 2016-08-19] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [26760 2016-09-12] (Avira Operations GmbH & Co. KG)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2297104 2015-10-29] (Broadcom Corporation.)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
S2 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [431088 2016-06-07] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-07] (Dropbox, Inc.)
R2 esifsvc; C:\Windows\SysWoW64\esif_uf.exe [1392792 2015-10-30] (Intel Corporation)
R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2016-08-25] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-15] (NVIDIA Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-09-13] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2016-04-28] (Intel Corporation)
S2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [165104 2015-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [356336 2016-06-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-20] (Intel Corporation) [File not signed]
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel(R) Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-20] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-09-05] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-15] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-15] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-15] (NVIDIA Corporation)
R2 pcas; C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\pcas.exe [589784 2015-01-14] (Alipay.com Inc. )
R2 QPCore; C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe [115520 2016-08-10] (Tencent)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-10-07] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 secbizsrv; C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\secbizsrv.exe [591320 2015-01-14] (Alipay.com Inc. )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [26632 2016-09-05] (Avira Operations GmbH & Co. KG)
R2 TBSecSvc; C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe [227296 2016-08-11] (Alibaba (China) Co., LTD. All rights reserved.)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1831064 2015-11-04] (Intel Corporation)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [908256 2016-07-14] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-07-14] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-07-14] (McAfee, Inc.)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [578480 2015-09-26] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 asvpndrv; C:\Windows\System32\drivers\asvpndrv.sys [31744 2014-05-17] (Astrill)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [144664 2016-08-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [154392 2016-08-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-08-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-08-18] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [227136 2015-10-29] (Broadcom Corporation.)
R3 BCMPCIEDHD63; C:\Windows\system32\DRIVERS\bcmpciedhd63.sys [1063736 2016-03-03] (Broadcom Corp)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [55784 2015-10-30] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [52200 2015-10-30] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [260072 2015-10-30] (Intel Corporation)
S3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\drivers\EvoMouseDriverFilterHidUsb.sys [29936 2016-01-29] (Evoluent)
R3 HidEventFilter; C:\Windows\System32\drivers\HidEventFilter.sys [54792 2016-01-07] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-15] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 nhi; C:\Windows\system32\DRIVERS\tbt81x.sys [135160 2016-01-07] (Intel Corporation)
R0 nvme; C:\Windows\System32\drivers\nvme.sys [70208 2015-05-29] (Samsung Electronic Co., Ltd)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 QDAntiDrv; C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QDAntiDrv64.sys [55416 2016-03-19] (Tencent)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [752856 2015-06-24] (Realsil Semiconductor Corporation)
R3 tapexpressvpn; C:\Windows\System32\drivers\tapexpressvpn.sys [39208 2016-08-25] (The OpenVPN Project)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-15 00:58 - 2016-09-15 00:59 - 00051775 _____ C:\Users\Allen Loh\Desktop\FRST.txt
2016-09-15 00:58 - 2016-09-15 00:58 - 01706112 _____ (Malwarebytes) C:\Users\Allen Loh\Desktop\mbam-check-2.3.2.0.exe
2016-09-15 00:58 - 2016-09-15 00:58 - 00047338 _____ C:\Users\Allen Loh\Desktop\CheckResults.txt
2016-09-15 00:58 - 2016-09-15 00:58 - 00000000 ____D C:\FRST
2016-09-15 00:57 - 2016-09-15 00:57 - 02398720 _____ (Farbar) C:\Users\Allen Loh\Desktop\FRST64.exe
2016-09-15 00:54 - 2016-09-15 00:54 - 00003888 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-412318308-364620732-2893145180-1001
2016-09-15 00:54 - 2016-09-15 00:54 - 00003792 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-412318308-364620732-2893145180-1001
2016-09-15 00:54 - 2016-09-15 00:54 - 00000714 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-412318308-364620732-2893145180-1001.job
2016-09-15 00:54 - 2016-09-15 00:54 - 00000618 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-412318308-364620732-2893145180-1001.job
2016-09-15 00:53 - 2016-09-15 00:54 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\Citrix
2016-09-14 23:13 - 2016-09-14 23:13 - 00018294 _____ C:\Users\Allen Loh\Desktop\the-shallows_HI_english-1401688.zip
2016-09-14 20:51 - 2016-09-14 20:51 - 00002151 _____ C:\Users\Public\Desktop\Avira Software Updater.lnk
2016-09-14 19:56 - 2016-09-14 19:56 - 00000000 ____D C:\ProgramData\Emurasoft
2016-09-14 19:54 - 2016-09-14 19:54 - 00002271 _____ C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EmEditor.lnk
2016-09-14 19:54 - 2016-09-14 19:54 - 00002263 _____ C:\Users\Allen Loh\Desktop\EmEditor.lnk
2016-09-14 19:54 - 2016-09-14 19:54 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\Emurasoft
2016-09-14 19:53 - 2016-09-14 19:54 - 05532864 _____ (Emurasoft, Inc.) C:\Users\Allen Loh\Desktop\emed64_16.1.4.exe
2016-09-14 15:47 - 2016-09-14 15:49 - 23786331 _____ C:\Users\Allen Loh\Desktop\trophy descriptions.pptx
2016-09-14 10:38 - 2016-09-14 10:38 - 00908703 _____ C:\Users\Allen Loh\Desktop\NBVKR3JqMRnRgzHrI0t3rPV_1473820743840.pdf
2016-09-13 23:13 - 2016-09-13 23:13 - 00001288 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2016-09-13 23:12 - 2016-09-14 23:13 - 00000000 ____D C:\Users\Public\Speedup Sessions
2016-09-13 23:06 - 2016-09-13 23:06 - 00000000 ____D C:\WINDOWS\Panther
2016-09-13 18:28 - 2016-09-13 18:33 - 84516864 _____ C:\Users\Allen Loh\Desktop\home.sketch
2016-09-12 20:32 - 2016-09-12 18:25 - 00000000 ____D C:\Users\Allen Loh\Desktop\ui copy
2016-09-12 20:29 - 2016-09-12 20:29 - 13559082 _____ C:\Users\Allen Loh\Desktop\ui copy.zip
2016-09-12 18:23 - 2016-09-12 18:24 - 00271418 _____ C:\Users\Allen Loh\Desktop\Thalys Template3.pdf
2016-09-12 18:23 - 2016-09-12 18:24 - 00270383 _____ C:\Users\Allen Loh\Desktop\Thalys Template4.pdf
2016-09-12 18:22 - 2016-09-12 18:23 - 00270451 _____ C:\Users\Allen Loh\Desktop\Thalys Template2.pdf
2016-09-12 18:21 - 2016-09-12 18:25 - 00932131 _____ C:\Users\Allen Loh\Desktop\Thalys Template1.pdf
2016-09-12 18:08 - 2016-09-12 18:08 - 00317513 _____ C:\Users\Allen Loh\Desktop\TCAFWF-WAN-CHEN-YANG.pdf
2016-09-12 18:08 - 2016-09-12 18:08 - 00317396 _____ C:\Users\Allen Loh\Desktop\TCAFWF-ALLEN-TSU-YUAN-LOH.pdf
2016-09-12 14:59 - 2016-09-12 14:59 - 03826240 _____ C:\Users\Allen Loh\Desktop\AdwCleaner.exe
2016-09-12 14:58 - 2016-09-12 14:58 - 01610560 _____ (Malwarebytes) C:\Users\Allen Loh\Desktop\JRT.exe
2016-09-12 14:57 - 2016-09-12 14:58 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Allen Loh\Desktop\esetonlinescanner_enu.exe
2016-09-12 13:25 - 2016-09-12 13:25 - 00001100 _____ C:\Users\Allen Loh\Desktop\WinDirStat.lnk
2016-09-12 13:25 - 2016-09-12 13:25 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2016-09-12 13:25 - 2016-09-12 13:25 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2016-09-12 13:17 - 2016-09-12 13:17 - 00000000 ____D C:\Users\Allen Loh\Desktop\Space Sniffer
2016-09-10 14:37 - 2016-09-10 14:37 - 00011979 _____ C:\Users\Allen Loh\Desktop\Design Work - Vijayakumar v.2.xlsx
2016-09-10 11:39 - 2016-09-14 11:39 - 00028621 _____ C:\Users\Allen Loh\Desktop\99Designs (2).xlsx
2016-09-09 21:31 - 2016-09-13 21:48 - 04330281 _____ C:\Users\Allen Loh\Desktop\App Store Pages.pptx
2016-09-09 14:05 - 2016-09-09 14:09 - 00012148 _____ C:\Users\Allen Loh\Desktop\Design Work - Vijayakumar.xlsx
2016-09-09 12:16 - 2016-09-09 12:16 - 00008190 _____ C:\Users\Allen Loh\Desktop\Europe Trip Expenses.xlsx
2016-09-09 12:06 - 2016-09-09 12:06 - 00133698 _____ C:\Users\Allen Loh\Desktop\Non Profit Campaign.pptx
2016-09-08 20:43 - 2016-09-08 20:43 - 00001221 _____ C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\LINE.lnk
2016-09-08 20:43 - 2016-09-08 20:43 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LINE
2016-09-08 20:43 - 2016-09-08 20:43 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\LINE
2016-09-08 16:15 - 2016-09-08 16:15 - 05889014 _____ C:\Users\Allen Loh\Desktop\ASO_PlayBook_August_2016_EN.pdf
2016-09-07 20:21 - 2016-09-08 20:38 - 00038852 _____ C:\Users\Allen Loh\Desktop\App Store Keyword Ranking - getlooseleaf.com.xlsx
2016-09-07 19:43 - 2016-09-07 19:43 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\ExpressVPN
2016-09-07 19:43 - 2016-09-07 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN
2016-09-07 19:43 - 2016-09-07 19:43 - 00000000 ____D C:\ProgramData\ExpressVPN
2016-09-07 19:43 - 2016-09-07 19:43 - 00000000 ____D C:\Program Files (x86)\ExpressVPN
2016-09-07 11:35 - 2016-09-07 11:35 - 00003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-09-07 02:52 - 2016-09-14 22:37 - 00432894 _____ C:\WINDOWS\system32\prfh0404.dat
2016-09-07 02:52 - 2016-09-14 22:37 - 00136834 _____ C:\WINDOWS\system32\prfc0404.dat
2016-09-07 02:52 - 2016-09-07 02:51 - 00119662 _____ C:\WINDOWS\system32\prfi0404.dat
2016-09-07 02:52 - 2016-09-07 02:51 - 00033362 _____ C:\WINDOWS\system32\prfd0404.dat
2016-09-07 02:51 - 2016-09-07 02:51 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HANT
2016-09-07 02:51 - 2016-09-07 02:51 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2016-09-07 02:51 - 2016-09-07 02:51 - 00000000 ____D C:\WINDOWS\system32\zh-HANT
2016-09-07 02:49 - 2016-09-07 02:49 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-09-07 02:48 - 2016-09-07 02:48 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-09-07 02:48 - 2016-09-07 02:48 - 00000000 ____D C:\Program Files\MSBuild
2016-09-07 02:48 - 2016-09-07 02:48 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-09-07 02:48 - 2016-09-07 02:48 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-09-07 02:47 - 2016-09-07 02:47 - 01349128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-09-07 02:47 - 2016-09-07 02:47 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-09-07 02:47 - 2016-09-07 02:47 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-09-07 02:47 - 2016-09-07 02:47 - 00885832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-09-07 02:47 - 2016-09-07 02:47 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2016-09-07 02:47 - 2016-05-26 06:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-09-07 02:47 - 2016-05-26 06:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-09-07 02:47 - 2016-05-26 06:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-09-07 02:47 - 2016-05-26 03:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-09-07 02:47 - 2016-05-26 03:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-09-07 02:47 - 2016-05-26 03:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-09-06 11:33 - 2016-09-06 11:33 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-09-06 11:32 - 2016-09-07 22:10 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\ConnectedDevicesPlatform
2016-09-06 11:32 - 2016-09-06 11:32 - 00000020 ___SH C:\Users\Allen Loh\ntuser.ini
2016-09-06 11:32 - 2016-09-06 11:32 - 00000000 ____D C:\ProgramData\USOShared
2016-09-06 11:17 - 2016-09-06 11:17 - 00000000 _SHDL C:\Users\Default\My Documents
2016-09-06 11:17 - 2016-09-06 11:17 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-09-06 11:17 - 2016-09-06 11:17 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-09-06 11:17 - 2016-09-06 11:17 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-09-06 11:17 - 2016-09-06 11:17 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-09-06 11:17 - 2016-09-06 11:17 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-09-06 11:17 - 2016-09-06 11:17 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-09-06 11:16 - 2016-09-06 11:17 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-09-06 11:16 - 2016-09-06 11:17 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-09-06 11:15 - 2016-09-14 11:53 - 00005260 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-63RO6J2-Allen Loh DESKTOP-63RO6J2
2016-09-06 11:15 - 2016-09-13 23:13 - 00003450 _____ C:\WINDOWS\System32\Tasks\Avira System Speedup Tray
2016-09-06 11:15 - 2016-09-13 23:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-06 11:15 - 2016-09-06 11:15 - 01101038 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-09-06 11:15 - 2016-09-06 11:15 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-09-06 11:15 - 2016-09-06 11:15 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-09-06 11:15 - 2016-09-06 11:15 - 00003460 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-09-06 11:15 - 2016-09-06 11:15 - 00003450 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-06 11:15 - 2016-09-06 11:15 - 00003314 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3642041D-A602-4F45-A949-6BB695B4A759}
2016-09-06 11:15 - 2016-09-06 11:15 - 00003236 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-09-06 11:15 - 2016-09-06 11:15 - 00003226 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-06 11:15 - 2016-09-06 11:15 - 00002996 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2016-09-06 11:15 - 2016-09-06 11:15 - 00002786 _____ C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
2016-09-06 11:15 - 2016-09-06 11:15 - 00002778 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-63RO6J2-Allen Loh
2016-09-06 11:15 - 2016-09-06 11:15 - 00002304 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton
2016-09-06 11:15 - 2016-09-06 11:15 - 00002256 _____ C:\WINDOWS\System32\Tasks\{698B8980-0A68-4FEF-97F6-8B071F289479}
2016-09-06 11:15 - 2016-09-06 11:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-09-06 11:15 - 2016-09-06 11:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\Intel
2016-09-06 11:15 - 2016-09-06 11:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-09-06 10:59 - 2016-09-06 10:59 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-06 10:57 - 2016-09-06 10:59 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-09-06 10:56 - 2016-09-13 22:27 - 00000000 ____D C:\Users\Allen Loh
2016-09-06 10:56 - 2016-09-06 10:56 - 00000000 _SHDL C:\Users\Allen Loh\My Documents
2016-09-06 10:56 - 2016-09-06 10:56 - 00000000 _SHDL C:\Users\Allen Loh\Documents\My Videos
2016-09-06 10:56 - 2016-09-06 10:56 - 00000000 _SHDL C:\Users\Allen Loh\Documents\My Pictures
2016-09-06 10:56 - 2016-09-06 10:56 - 00000000 _SHDL C:\Users\Allen Loh\Documents\My Music
2016-09-06 10:56 - 2016-07-16 19:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-09-06 10:55 - 2016-09-13 23:06 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-09-06 10:55 - 2016-09-13 23:06 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-06 10:55 - 2016-09-06 10:58 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-09-06 10:55 - 2016-09-06 10:58 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-09-06 10:55 - 2016-09-06 10:58 - 00000000 ____D C:\Program Files\Intel
2016-09-06 10:55 - 2016-09-06 10:55 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-09-06 10:55 - 2016-09-06 10:55 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-09-06 10:55 - 2016-09-06 10:55 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2016-09-06 10:55 - 2016-06-07 12:41 - 00099864 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-09-06 10:55 - 2016-06-03 11:59 - 06452948 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-09-06 10:55 - 2016-06-03 11:59 - 06364216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-09-06 10:55 - 2016-06-03 11:59 - 02455608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-09-06 10:55 - 2016-06-03 11:59 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-09-06 10:55 - 2016-06-03 11:59 - 01352760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-09-06 10:55 - 2016-06-03 11:59 - 00534072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-09-06 10:55 - 2016-06-03 11:59 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-09-06 10:55 - 2016-06-03 11:59 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-09-06 10:55 - 2016-06-03 11:59 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-09-06 10:54 - 2016-09-14 22:03 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-09-06 10:54 - 2016-09-07 22:10 - 04985176 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-06 10:54 - 2016-09-06 10:58 - 00000000 ____D C:\Program Files (x86)\Intel
2016-09-06 10:54 - 2016-09-06 10:54 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2016-09-06 10:54 - 2016-09-06 10:54 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-09-06 10:54 - 2016-09-06 10:54 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-09-06 10:54 - 2016-09-06 10:54 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-09-06 10:54 - 2016-09-06 10:54 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-09-06 10:54 - 2016-09-06 10:54 - 00000000 ____D C:\Program Files\Realtek
2016-09-05 13:09 - 2016-09-05 13:09 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\Avira
2016-09-05 10:03 - 2016-09-05 10:03 - 00004764 _____ C:\WINDOWS\system32\.crusader
2016-09-05 01:03 - 2016-09-05 01:03 - 00000165 ____H C:\Users\Allen Loh\Desktop\~$99Designs.xlsx
2016-09-04 16:55 - 2016-09-15 00:05 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-04 16:55 - 2016-09-06 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-04 16:55 - 2016-09-04 16:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-04 16:55 - 2016-09-04 16:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-04 16:55 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-04 16:55 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-04 16:55 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-04 16:18 - 2016-09-04 16:18 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Avira
2016-09-04 16:16 - 2016-09-04 16:16 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Mozilla
2016-09-04 16:14 - 2016-08-18 15:52 - 00154392 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-09-04 16:14 - 2016-08-18 15:52 - 00144664 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2016-09-04 16:14 - 2016-08-18 15:52 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2016-09-04 16:14 - 2016-08-18 15:52 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2016-09-04 16:06 - 2016-09-14 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-09-04 16:06 - 2016-09-13 23:12 - 00000000 ____D C:\Program Files (x86)\Avira
2016-09-04 16:05 - 2016-09-06 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-09-04 16:05 - 2016-09-04 16:20 - 00000000 ____D C:\ProgramData\Avira
2016-09-04 16:05 - 2016-09-04 16:05 - 00000000 ____D C:\Program Files\HitmanPro
2016-09-04 16:04 - 2016-09-05 10:03 - 00000000 ____D C:\ProgramData\HitmanPro
2016-09-03 20:37 - 2016-09-03 20:37 - 00008959 _____ C:\Users\Allen Loh\Desktop\PW.xlsx
2016-09-03 20:37 - 2016-09-03 20:37 - 00000165 ____H C:\Users\Allen Loh\Desktop\~$PW.xlsx
2016-09-03 09:25 - 2016-09-06 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-09-02 19:51 - 2016-09-06 02:21 - 00000000 ____D C:\Users\Allen Loh\Desktop\New folder
2016-09-01 16:10 - 2016-09-01 16:10 - 00000000 ____D C:\Users\Allen Loh\AppData\LocalLow\TENCENT
2016-08-31 17:24 - 2016-08-31 17:51 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\Bluestacks
2016-08-30 15:47 - 2016-08-30 15:47 - 00000165 ____H C:\Users\Allen Loh\Desktop\~$Development Fixes.pptx
2016-08-30 13:34 - 2016-08-30 13:34 - 00001199 _____ C:\Users\Allen Loh\Desktop\Social Media Accounts Photos - Shortcut.lnk
2016-08-30 10:59 - 2016-08-30 10:59 - 02056128 _____ C:\Users\Allen Loh\Desktop\Calculation of business trip expense_Vlad.xlsx
2016-08-30 10:46 - 2016-08-30 10:46 - 00000165 ____H C:\Users\Allen Loh\Desktop\~$Book1 (Autosaved).xlsx
2016-08-26 22:00 - 2016-08-26 22:00 - 00000165 ____H C:\Users\Allen Loh\Desktop\~$Edits 08.26.2016.pptx
2016-08-25 10:52 - 2016-08-25 10:52 - 00039208 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tapexpressvpn.sys
2016-08-23 11:20 - 2016-09-07 17:28 - 00000034 _____ C:\Users\Allen Loh\AppData\Roaming\AdobeWLCMCache.dat
2016-08-23 11:19 - 2016-08-23 11:19 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.lnk
2016-08-23 11:19 - 2016-08-23 11:19 - 00000000 ____D C:\ProgramData\ALM
2016-08-23 11:17 - 2016-08-23 11:17 - 00001615 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-08-20 13:59 - 2016-09-06 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2016-08-20 13:59 - 2016-09-06 02:18 - 00000000 ____D C:\Users\Allen Loh\Documents\Calibre Library
2016-08-20 13:59 - 2016-08-21 15:46 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\calibre-cache
2016-08-20 13:59 - 2016-08-21 15:45 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\calibre
2016-08-20 13:59 - 2016-08-20 13:59 - 00000000 ____D C:\Program Files\Calibre2
2016-08-19 13:23 - 2016-08-19 16:40 - 00002004 _____ C:\Users\Allen Loh\Desktop\Ams - Shortcut.lnk
2016-08-16 19:24 - 2016-08-19 17:39 - 00957777 _____ C:\Users\Allen Loh\Desktop\Invite Friends to Best Self.pptm
2016-08-16 12:49 - 2016-09-10 14:42 - 00023811 _____ C:\Users\Allen Loh\Desktop\99Designs.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-15 00:51 - 2016-03-26 13:43 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\TaobaoProtect
2016-09-14 23:44 - 2016-02-27 15:58 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Spotify
2016-09-14 23:36 - 2016-02-27 16:15 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\BitComet
2016-09-14 23:14 - 2016-02-29 13:30 - 00000000 ____D C:\Torrents
2016-09-14 23:00 - 2016-02-27 16:00 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\Spotify
2016-09-14 22:37 - 2016-02-08 11:22 - 01784312 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-14 22:21 - 2016-04-20 23:35 - 00000000 ____D C:\Users\Allen Loh\Documents\WeChat Files
2016-09-14 16:31 - 2016-04-11 15:13 - 00000000 ____D C:\Users\Allen Loh\Desktop\BEST
2016-09-14 15:50 - 2016-02-08 11:19 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\Packages
2016-09-14 09:59 - 2016-02-28 23:15 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\Adobe
2016-09-14 09:56 - 2016-07-16 19:45 - 00000000 ____D C:\WINDOWS\INF
2016-09-13 23:10 - 2016-06-07 13:21 - 00000000 ___RD C:\Users\Allen Loh\Dropbox
2016-09-13 23:06 - 2016-02-28 05:46 - 00000000 __SHD C:\Users\Allen Loh\IntelGraphicsProfiles
2016-09-13 21:35 - 2016-03-06 13:16 - 00000000 ____D C:\Users\Allen Loh\Desktop\Background Photos
2016-09-13 11:17 - 2016-07-16 19:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-12 17:36 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-09-12 14:58 - 2016-03-04 13:02 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\ESET
2016-09-09 23:36 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\rescache
2016-09-09 12:13 - 2016-08-09 10:24 - 00000000 ____D C:\Users\Allen Loh\Desktop\Crazy Selena
2016-09-08 20:29 - 2016-02-29 12:09 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-09-07 22:10 - 2016-02-29 17:29 - 00000000 ____D C:\Users\Allen Loh\Documents\Tencent Files
2016-09-07 19:43 - 2016-02-28 04:54 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-07 18:35 - 2016-06-08 17:48 - 00018792 ____H C:\Users\Allen Loh\Desktop\~WRL0546.tmp
2016-09-07 17:34 - 2016-08-10 00:53 - 00044219 _____ C:\Users\Allen Loh\Desktop\Book1 (Autosaved).xlsx
2016-09-07 11:35 - 2016-02-08 11:20 - 00002375 _____ C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-07 11:35 - 2016-02-08 11:20 - 00000000 ___RD C:\Users\Allen Loh\OneDrive
2016-09-07 10:43 - 2016-07-16 19:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-07 09:48 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-09-07 02:53 - 2016-07-16 19:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-09-07 02:51 - 2016-07-16 22:29 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2016-09-07 02:51 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-09-07 02:51 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-09-07 02:51 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-09-07 02:51 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-09-07 02:51 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-09-07 02:51 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-09-07 02:51 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-09-07 02:51 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\Com
2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\IME
2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files\Windows Defender
2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-09-07 02:51 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-09-07 02:51 - 2016-07-16 14:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-09-07 02:51 - 2016-07-16 14:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-09-07 02:51 - 2016-07-16 14:04 - 00000000 ____D C:\WINDOWS\servicing
2016-09-06 13:19 - 2016-07-16 19:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-06 12:26 - 2016-02-27 15:23 - 00003696 _____ C:\WINDOWS\SysWOW64\ASProxyOff.ini
2016-09-06 12:26 - 2016-02-27 15:23 - 00003696 _____ C:\WINDOWS\system32\ASProxyOff.ini
2016-09-06 11:54 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-06 11:32 - 2016-07-16 19:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-09-06 11:32 - 2016-02-08 11:19 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-09-06 11:16 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-09-06 11:16 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\Registration
2016-09-06 11:16 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-09-06 11:15 - 2016-07-16 19:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-09-06 11:15 - 2016-02-27 15:24 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-06 11:00 - 2016-07-16 14:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2016-09-06 10:59 - 2016-08-04 22:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-09-06 10:59 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-09-06 10:59 - 2016-07-04 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UmmyVideoDownloader
2016-09-06 10:59 - 2016-06-16 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-09-06 10:59 - 2016-06-14 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-09-06 10:59 - 2016-06-07 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiBit HD
2016-09-06 10:59 - 2016-06-07 12:52 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core
2016-09-06 10:59 - 2016-05-20 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Caesium
2016-09-06 10:59 - 2016-04-20 23:35 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeChat
2016-09-06 10:59 - 2016-03-26 13:43 - 00000000 ____D C:\WINDOWS\SysWOW64\itruscert
2016-09-06 10:59 - 2016-03-14 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2016-09-06 10:59 - 2016-03-14 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-09-06 10:59 - 2016-03-06 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS+AC3 Filter
2016-09-06 10:59 - 2016-03-01 13:23 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2016-09-06 10:59 - 2016-02-29 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
2016-09-06 10:59 - 2016-02-28 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2016-09-06 10:59 - 2016-02-28 23:16 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-09-06 10:59 - 2016-02-28 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Axure
2016-09-06 10:59 - 2016-02-28 06:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbolt(TM) Software
2016-09-06 10:59 - 2016-02-28 05:49 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2016-09-06 10:59 - 2016-02-28 05:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-09-06 10:59 - 2016-02-28 05:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio
2016-09-06 10:59 - 2016-02-27 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet (64-bit)
2016-09-06 10:59 - 2016-02-27 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2016-09-06 10:59 - 2016-02-27 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astrill
2016-09-06 10:59 - 2016-02-27 15:21 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-06 10:59 - 2016-02-27 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-06 10:59 - 2015-10-30 17:07 - 00000000 ____D C:\WINDOWS\ShellNew
2016-09-06 10:59 - 2015-10-30 14:28 - 00000000 ____D C:\Users\Default.migrated
2016-09-06 10:58 - 2016-07-25 14:18 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-09-06 10:58 - 2016-07-16 22:15 - 00000000 ____D C:\WINDOWS\OCR
2016-09-06 10:58 - 2016-07-16 19:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-09-06 10:58 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-09-06 10:58 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files\Common Files\System
2016-09-06 10:58 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-09-06 10:58 - 2016-05-30 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2016-09-06 10:58 - 2016-05-24 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2016-09-06 10:58 - 2016-03-26 13:43 - 00000000 ____D C:\WINDOWS\SysWOW64\aliedit
2016-09-06 10:58 - 2016-02-29 16:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-09-06 10:58 - 2016-02-28 05:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-09-06 10:56 - 2016-07-16 14:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-09-06 10:55 - 2016-07-16 19:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-09-06 10:55 - 2016-07-16 19:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-09-06 10:55 - 2016-07-16 19:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-09-06 10:55 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\Help
2016-09-06 10:55 - 2016-02-28 05:49 - 00000000 ____D C:\temp
2016-09-06 10:42 - 2016-02-27 15:24 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-06 10:17 - 2016-06-07 13:07 - 00000946 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-09-06 02:23 - 2016-02-29 18:21 - 00000000 ____D C:\Users\Allen Loh\Personal
2016-09-06 01:22 - 2016-03-07 16:06 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\CrashDumps
2016-09-05 22:31 - 2016-06-07 13:07 - 00000942 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-09-05 13:11 - 2016-02-28 23:06 - 00000000 ____D C:\Users\Allen Loh\AppData\Local\Axure
2016-09-05 13:08 - 2016-07-05 16:06 - 00000000 ____D C:\Users\OVRLibraryService
2016-09-04 16:12 - 2016-02-29 17:26 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\BitTorrent Sync
2016-09-04 00:11 - 2016-02-27 15:22 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Astrill
2016-09-03 15:10 - 2016-06-08 17:48 - 00017478 ____H C:\Users\Allen Loh\Desktop\~WRL3519.tmp
2016-09-03 14:37 - 2016-02-27 15:22 - 00000000 ____D C:\Program Files (x86)\Astrill
2016-09-03 09:25 - 2016-06-07 13:11 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-09-01 21:02 - 2016-07-28 14:06 - 06916421 _____ C:\Users\Allen Loh\Desktop\Growth Hacking Notes.xlsx
2016-08-29 18:53 - 2016-02-27 16:14 - 00001282 _____ C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-08-23 16:56 - 2016-02-08 11:19 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\Adobe
2016-08-23 15:54 - 2016-02-29 17:33 - 00000000 ____D C:\Users\Allen Loh\AppData\Roaming\NVIDIA
2016-08-23 11:19 - 2016-06-01 08:40 - 00000000 ____D C:\Program Files\Adobe
2016-08-23 11:19 - 2016-06-01 08:38 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-08-22 18:51 - 2016-06-08 17:48 - 00018232 ____H C:\Users\Allen Loh\Desktop\~WRL0107.tmp

==================== Files in the root of some directories =======

2016-03-15 23:19 - 2016-06-01 17:13 - 1719048 _____ () C:\Users\Allen Loh\AppData\Roaming\addr2line.exe
2016-05-13 17:24 - 2016-05-13 17:24 - 0000132 _____ () C:\Users\Allen Loh\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2016-08-23 11:20 - 2016-09-07 17:28 - 0000034 _____ () C:\Users\Allen Loh\AppData\Roaming\AdobeWLCMCache.dat
2016-05-24 15:10 - 2016-05-24 15:10 - 0578880 _____ () C:\Users\Allen Loh\AppData\Roaming\TXQBINSTX.DLL
2016-02-28 23:06 - 2016-02-28 23:06 - 0000032 RSHOT () C:\Users\Allen Loh\AppData\Local\t70rc.dat
2016-09-06 10:54 - 2016-09-06 10:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-04-17 13:46 - 2016-04-17 13:46 - 0000319 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\Allen Loh\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\Allen Loh\AppData\Local\Temp\ApowersoftiOSRecorder-4op0cerm.wgg.exe
C:\Users\Allen Loh\AppData\Local\Temp\avgnt.exe
C:\Users\Allen Loh\AppData\Local\Temp\GrLauncherTempSetup.exe
C:\Users\Allen Loh\AppData\Local\Temp\i4jdel0.exe
C:\Users\Allen Loh\AppData\Local\Temp\MBSetup_uvd-loader.exe
C:\Users\Allen Loh\AppData\Local\Temp\QzoneMusic.exe
C:\Users\Allen Loh\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-06 10:54

==================== End of FRST.txt ============================

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2016
Ran by Allen Loh (15-09-2016 00:59:19)
Running from C:\Users\Allen Loh\Desktop
Windows 10 Enterprise Version 1607 (X64) (2016-09-06 03:17:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-412318308-364620732-2893145180-500 - Administrator - Disabled)
Allen Loh (S-1-5-21-412318308-364620732-2893145180-1001 - Administrator - Enabled) => C:\Users\Allen Loh
DefaultAccount (S-1-5-21-412318308-364620732-2893145180-503 - Limited - Disabled)
Guest (S-1-5-21-412318308-364620732-2893145180-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.16 - Adobe Systems)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.3 - Adobe Systems Incorporated)
Apowersoft Phone Manager version 2.7.3 (HKLM-x32\...\{4A00E3C4-2D0F-4AE7-9F2A-74870BE09EF8}_is1) (Version: 2.7.3 - APOWERSOFT LIMITED)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Astrill (HKLM\...\{A77BCF74-A5A3-441B-9923-305EAD8B7976}_is1) (Version:  - Astrill)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.20.59 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{82dc2ab6-088f-4e0a-8e27-bb829481d3bc}) (Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG) Hidden
Avira Software Updater (HKLM-x32\...\{F2396C9D-4724-4BB9-87A0-A137C4C69524}) (Version: 1.2.3.14696 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 2.6.5.2921 - Avira Operations GmbH & Co. KG)
Axure RP Pro 7.0 (HKLM-x32\...\Axure RP Pro 7.0) (Version: 7.0.0.3169 - Axure Software Solutions, Inc.)
Axure RP Pro 7.0 (x32 Version: 7.0.0.3169 - Axure Software Solutions, Inc.) Hidden
Bitcoin Core (64-bit) (HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\Bitcoin Core (64-bit)) (Version: 0.12.1 - Bitcoin Core project)
Bitcoin Core (64-bit) (HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Bitcoin Core (64-bit)) (Version: 0.12.1 - Bitcoin Core project)
BitComet 1.40 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.40 - CometNetwork)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Caesium version 1.7.0 (HKLM-x32\...\{88B0F0DE-6937-440D-B5CA-6E69003E55F7}_is1) (Version: 1.7.0 - Matteo Paonessa)
calibre 64bit (HKLM\...\{E57E92D4-A512-4EFD-8401-92F363EA0B23}) (Version: 2.64.0 - Kovid Goyal)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell)
Dell System Detect (HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
Dell System Detect (HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
Dropbox (HKLM-x32\...\Dropbox) (Version: 9.4.49 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.43.1 - Dropbox, Inc.) Hidden
DTS+AC3 Filter (HKLM-x32\...\DtsFilter) (Version:  - )
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 1.566.0.0 - Dell Inc.)
EmEditor (64-bit) (HKLM\...\{AE4A633B-E687-47E5-8B2F-B1D97FF4BA0F}) (Version: 16.1.4 - Emurasoft, Inc.)
ExpressVPN (HKLM-x32\...\{d042da1f-5cc5-4362-aac2-fc3b63f8b8ad}) (Version: 5.3.0.726 - ExpressVPN)
ExpressVPN (x32 Version: 5.3.0.726 - ExpressVPN) Hidden
ExpressVPN Compatibility Checks (x32 Version: 1.0.0.0 - ExpressVPN) Hidden
f.lux (HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\Flux) (Version:  - )
f.lux (HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Flux) (Version:  - )
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.6.5260 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.22.1.5530 (HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\GoToMeeting) (Version: 7.22.1.5530 - CitrixOnline)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.276 - SurfRight B.V.)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.4.129.1 - Intel Security)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.9.1053 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{64FD4757-7186-4F12-9AA8-5EE809CAB282}) (Version: 17.1.1532.1814 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
LINE (HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\LINE) (Version: 4.9.0.1147 - LINE Corporation)
LINE (HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\LINE) (Version: 4.9.0.1147 - LINE Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 2.6.6570.2 - Waves Audio Ltd.) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
MultiBit HD 0.3.0 (HKLM\...\6925-4794-5772-4956) (Version: 0.3.0 - Bitcoin Solutions Ltd)
NVIDIA 3D Vision Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.39 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.39 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Ö§¸¶±¦°²È«¿Ø¼þ 5.1.0.3754 (HKLM-x32\...\alieditplus) (Version: 5.1.0.3754 - Alipay.com Co., Ltd.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.94 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7628 - Realtek Semiconductor Corp.)
Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 10.6.1211.2015 - Realtek)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\Spotify) (Version: 1.0.37.150.gad02a02e - Spotify AB)
Spotify (HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.37.150.gad02a02e - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Thunderbolt(TM) Software (HKLM-x32\...\{B0E8A8CA-5A40-49C3-BE5E-9076664DB9AA}) (Version: 15.3.39.250 - Intel Corporation)
UmmyVideoDownloader (HKLM-x32\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.7.0.0 - ) <==== ATTENTION
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WeChat (HKLM-x32\...\WeChat) (Version: 2.0.0.80 - 腾讯科技(深圳)有限公司)
WinDirStat 1.1.2 (HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\WinDirStat) (Version:  - )
WinDirStat 1.1.2 (HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WinDirStat) (Version:  - )
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
腾讯QQ (HKLM-x32\...\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}) (Version: 8.3.18038.0 - 腾讯科技(深圳)有限公司)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-412318308-364620732-2893145180-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-412318308-364620732-2893145180-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Allen Loh\AppData\Local\Citrix\GoToMeeting\5530\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-412318308-364620732-2893145180-1001_Classes\CLSID\{D4D48C93-BDC7-4E76-B530-2E4D13B0150F}\InprocServer32 -> C:\Users\Allen Loh\AppData\Local\Programs\EmEditor\emedshl64.dll (Emurasoft, Inc.)
CustomCLSID: HKU\S-1-5-21-412318308-364620732-2893145180-1001_Classes\CLSID\{DFA0CC7F-D36B-47D1-8EF5-415C1DA53F57}\InprocServer32 -> C:\Users\Allen Loh\AppData\Local\Programs\EmEditor\emedshl64.dll (Emurasoft, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0918DB23-27CF-4626-93DC-317C8700F11A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {1DEA6C0E-C1B5-4AD9-9488-B7A190EC09D9} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-12-29] (PC-Doctor, Inc.)
Task: {222F02B8-FE43-4BED-A44A-5773638EF7F0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {24509C06-0C20-4780-98EF-F4114BEBF97D} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {24FE075C-A40D-49E6-9873-F49D8BFC2F25} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-09-07] (Microsoft Corporation)
Task: {2BDDDAB7-A178-4DB9-858A-8237F5F83E26} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => start ThunderboltService
Task: {34BFFFC5-5EDB-4ED1-A56B-87414ECE7528} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-07] (Dropbox, Inc.)
Task: {49A85C32-3C13-4220-803E-FFE52D61E3DB} - System32\Tasks\G2MUploadTask-S-1-5-21-412318308-364620732-2893145180-1001 => C:\Users\Allen Loh\AppData\Local\Citrix\GoToMeeting\5530\g2mupload.exe [2016-09-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {654F110F-3D84-48B8-99AC-0C8A880A43CA} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {74C3BB71-1335-4F4E-BE68-8D2994A994FB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {81350A02-C453-4F1D-AE89-B5C45D404756} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-07] (Dropbox, Inc.)
Task: {875EBA67-2D5A-41CD-AC00-87C98D6DBD59} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {8BF210B4-B9EC-4E13-BD90-35A25AC0FE97} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-10-07] (Realtek Semiconductor)
Task: {905C4832-0C13-456C-8A9F-42B210ABCA9B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-27] (Google Inc.)
Task: {93F8E84E-B4E4-4281-8292-D45694408CA1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {9BC9221F-202B-48EF-A4FB-E2CA4F685C9A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {A51F403E-4446-4A1B-B176-C9AAB35B11BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-27] (Google Inc.)
Task: {B743D369-35A7-46CB-B736-8E2E991A2B65} - System32\Tasks\{698B8980-0A68-4FEF-97F6-8B071F289479} => Chrome.exe hxxp://ui.skype.com/ui/0/7.26.0.101/en/abandoninstall?page=tsProgressBar
Task: {B7AEFC9B-3A2F-4315-99DB-7CFAEB9A6223} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {D299CCFD-92C4-44C8-93B4-C19E9E4ABCB1} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {D75E7203-FFE7-4C3D-B9BE-912758D85DF7} - System32\Tasks\Avira System Speedup Tray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2016-09-05] (Avira Operations GmbH & Co. KG)
Task: {DCEA9087-68AC-409D-8B0A-CD85159A0EE6} - System32\Tasks\G2MUpdateTask-S-1-5-21-412318308-364620732-2893145180-1001 => C:\Users\Allen Loh\AppData\Local\Citrix\GoToMeeting\5530\g2mupdate.exe [2016-09-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {E5A4DFB7-8238-4955-8828-2EC6C650A269} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-08-12] (Microsoft Corporation)
Task: {F4E3AEC7-2ABA-4AC1-AC95-4F9ECD00592E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-63RO6J2-Allen Loh DESKTOP-63RO6J2 => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {FC1D05FD-12DD-489C-9A52-4F16B61D8186} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {FF08B74D-50F6-4D86-9576-DA5443873981} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {FF203A41-C192-4A44-A58A-DC1E214677E4} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-63RO6J2-Allen Loh => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-412318308-364620732-2893145180-1001.job => C:\Users\Allen Loh\AppData\Local\Citrix\GoToMeeting\5530\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-412318308-364620732-2893145180-1001.job => C:\Users\Allen Loh\AppData\Local\Citrix\GoToMeeting\5530\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\LINE.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=menkifleemblimdogmoihpfopnplikde

==================== Loaded Modules (Whitelisted) ==============

2016-09-06 10:55 - 2016-06-03 11:59 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-08-25 10:52 - 2016-08-25 10:52 - 00331264 _____ () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
2016-08-25 10:56 - 2016-08-25 10:56 - 10665976 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
2016-07-16 19:42 - 2016-07-16 19:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-16 19:42 - 2016-07-16 19:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-07 11:34 - 2016-09-07 11:34 - 01864384 _____ () C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2012-10-01 20:36 - 2012-10-01 20:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-02-29 17:27 - 2016-02-29 17:27 - 00505856 _____ () C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_128.dll
2016-07-16 19:42 - 2016-07-16 19:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-06-07 12:41 - 2016-06-07 12:41 - 00384496 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-07-16 19:42 - 2016-07-16 19:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-07-16 19:43 - 2016-07-16 19:43 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-07-16 19:43 - 2016-07-16 22:28 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-16 19:43 - 2016-07-16 22:28 - 01400320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-16 19:43 - 2016-07-16 22:28 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-07-16 19:43 - 2016-07-16 22:28 - 01033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-07-16 19:43 - 2016-07-16 22:28 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-16 19:43 - 2016-07-16 22:28 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-07-16 19:42 - 2016-07-16 19:42 - 00100864 _____ () C:\Windows\System32\InputMethod\CHS\ChsLexiconUpdateDS.dll
2016-07-16 19:42 - 2016-07-16 19:42 - 00169472 _____ () C:\Windows\System32\InputMethod\CHS\ChsProxyDS.dll
2016-02-29 12:47 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2016-07-16 22:34 - 2016-07-16 22:34 - 00071168 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-07-16 22:34 - 2016-07-16 22:34 - 00157184 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-07-16 22:34 - 2016-07-16 22:34 - 29443072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-08-21 00:28 - 2016-08-21 00:28 - 01576488 _____ () C:\Users\Allen Loh\AppData\Local\Programs\EmEditor\emedres.dll
2016-07-23 06:22 - 2016-07-23 06:22 - 00388648 _____ () C:\Users\Allen Loh\AppData\Local\Programs\EmEditor\mui\1033\emedloc.dll
2016-03-10 15:07 - 24248-03-13 12:20 - 00193128 _____ () C:\Program Files (x86)\Tencent\WeChat\WeChatWeb.exe
2016-07-16 19:42 - 2016-07-16 19:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2012-10-01 18:56 - 2012-10-01 18:56 - 00240256 _____ () C:\Program Files\Microsoft Office\Office15\IEAWSDC.DLL
2016-02-27 15:22 - 2016-07-06 05:14 - 00366328 _____ () C:\Program Files (x86)\Astrill\asovpnc.exe
2016-06-14 18:58 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-06-14 18:58 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-06-14 18:58 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-06-14 18:58 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-06-14 18:58 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-03-18 19:18 - 2016-08-10 00:58 - 00470632 _____ () C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\qpsafeplugin.dll
2016-08-25 10:56 - 2016-08-25 10:56 - 00445944 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.FilterManager.dll
2016-02-28 05:05 - 2016-06-15 04:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-02-29 12:47 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2016-06-07 13:20 - 2016-08-06 11:21 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-09-03 09:25 - 2016-08-06 11:21 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-09-03 09:25 - 2016-08-06 11:22 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-09-03 09:25 - 2016-08-06 11:21 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-06-07 13:20 - 2016-08-06 11:21 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-06-07 13:20 - 2016-08-06 11:21 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-06-07 13:20 - 2016-08-31 05:38 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-06-07 13:20 - 2016-08-06 11:21 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-09-03 09:25 - 2016-08-31 05:38 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-06-07 13:20 - 2016-08-06 11:22 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-09-03 09:25 - 2016-08-31 05:38 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-09-03 09:25 - 2016-08-31 05:38 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-06-07 13:20 - 2016-08-06 11:24 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-06 22:04 - 2016-08-31 05:38 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-09-03 09:25 - 2016-08-31 05:38 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-09-03 09:25 - 2016-08-31 05:38 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-09-03 09:25 - 2016-08-06 11:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-09-03 09:25 - 2016-08-06 11:24 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-06-07 13:20 - 2016-08-06 11:24 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-06-07 13:20 - 2016-08-06 11:24 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-06-07 13:20 - 2016-08-31 05:38 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-06-07 13:20 - 2016-08-06 11:24 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-06 22:04 - 2016-08-31 05:38 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-06-07 13:20 - 2016-08-06 11:24 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-06-07 13:20 - 2016-08-06 11:24 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-06-07 13:20 - 2016-08-06 11:24 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-06-07 13:20 - 2016-08-06 11:24 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-06-07 13:20 - 2016-08-06 11:24 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-06-07 13:20 - 2016-08-06 11:24 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-06-07 13:20 - 2016-08-06 11:24 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-09-03 09:25 - 2016-08-31 05:38 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-09-03 09:25 - 2016-08-31 05:38 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-06-07 13:20 - 2016-08-06 11:25 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-06-07 13:20 - 2016-08-06 11:21 - 00144848 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-08-06 22:04 - 2016-08-06 11:22 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-06-07 13:20 - 2016-08-31 05:38 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-06-07 13:20 - 2016-08-31 05:38 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-06-07 13:20 - 2016-08-31 05:38 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-09-03 09:25 - 2016-08-31 05:38 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-06-07 13:20 - 2016-08-31 05:38 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-06-07 13:20 - 2016-08-06 11:25 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-06-07 13:20 - 2016-08-31 05:38 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-09-03 09:25 - 2016-08-31 05:38 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-09-03 09:25 - 2016-08-06 11:18 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-09-03 09:25 - 2016-08-31 05:38 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-09-03 09:25 - 2016-08-31 05:13 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-09-03 09:25 - 2016-08-31 05:38 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-09-03 09:25 - 2016-08-31 05:38 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-06-07 13:20 - 2016-08-06 11:22 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-09-03 09:25 - 2016-08-31 05:38 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-09-03 09:25 - 2016-08-31 05:38 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-09-03 09:25 - 2016-08-31 05:38 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-09-03 09:25 - 2016-08-31 05:38 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-09-03 09:25 - 2016-08-31 05:38 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-09-03 09:25 - 2016-08-31 05:38 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-06 22:04 - 2016-08-31 05:38 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-06-07 13:20 - 2016-08-06 11:24 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-06-07 13:20 - 2016-08-31 05:38 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-08-06 22:04 - 2016-08-31 05:38 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-09-03 09:25 - 2016-08-31 05:38 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-09-03 09:25 - 2016-08-31 05:38 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-09-03 09:25 - 2016-08-31 05:38 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-09-03 09:25 - 2016-08-31 05:38 - 00168760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-09-03 09:25 - 2016-08-06 11:29 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-09-03 09:25 - 2016-08-06 11:31 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-06-07 13:20 - 2016-08-06 11:34 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-07 11:34 - 2016-09-07 11:34 - 01383616 _____ () C:\Users\Allen Loh\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2012-10-01 20:37 - 2012-10-01 20:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-02-29 17:27 - 2016-02-29 17:27 - 00455168 _____ () C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay86_128.dll
2015-09-05 12:34 - 2015-09-05 12:34 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-08-09 08:48 - 2016-08-03 07:54 - 17602240 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll
2016-03-10 15:07 - 2016-03-10 15:07 - 00352968 _____ () C:\Program Files (x86)\Tencent\WeChat\avformat-56.dll
2016-03-10 15:07 - 2016-03-10 15:07 - 01253064 _____ () C:\Program Files (x86)\Tencent\WeChat\avcodec-56.dll
2016-03-10 15:07 - 2016-03-10 15:07 - 00452296 _____ () C:\Program Files (x86)\Tencent\WeChat\swscale-3.dll
2016-03-10 15:07 - 2016-03-10 15:07 - 00366280 _____ () C:\Program Files (x86)\Tencent\WeChat\avutil-54.dll
2016-03-10 15:07 - 2016-03-10 15:07 - 00182984 _____ () C:\Program Files (x86)\Tencent\WeChat\swresample-1.dll
2016-06-01 14:29 - 29317-03-26 22:03 - 00361664 _____ () C:\Program Files (x86)\Tencent\WeChat\QbBridge.dll
2016-06-01 14:29 - 20810-07-28 05:49 - 41409128 _____ () C:\Program Files (x86)\Tencent\WeChat\qbcore.dll
2016-03-10 15:07 - 18519-01-03 11:39 - 01272424 _____ () C:\Program Files (x86)\Tencent\WeChat\libglesv2.dll
2016-03-10 15:07 - 1629-07-18 20:51 - 00090216 _____ () C:\Program Files (x86)\Tencent\WeChat\libegl.dll
2016-08-09 08:48 - 2016-08-03 08:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-09 08:48 - 2016-08-03 08:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2016-02-27 16:00 - 2016-09-07 22:10 - 51272304 _____ () C:\Users\Allen Loh\AppData\Roaming\Spotify\libcef.dll
2016-02-27 16:00 - 2016-09-07 22:10 - 01765488 _____ () C:\Users\Allen Loh\AppData\Roaming\Spotify\libglesv2.dll
2016-02-27 16:00 - 2016-09-07 22:10 - 00088176 _____ () C:\Users\Allen Loh\AppData\Roaming\Spotify\libegl.dll
2016-03-26 13:43 - 2016-03-26 13:43 - 00698152 _____ () C:\Users\Allen Loh\AppData\Roaming\TaobaoProtect\AliBench\AlibenchDLL.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\cfca.com.cn -> hxxp://www.cfca.com.cn
IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\com.cn -> hxxps://cardsonline.spdbccc.com.cn
IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\spdb.com.cn -> hxxps://ebank.spdb.com.cn
IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\spdb.com.cn -> hxxp://ebank.spdb.com.cn
IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\spdbccc.com.cn -> hxxps://cardsonline.spdbccc.com.cn
IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\taobao.com -> hxxp://taobao.com
IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\cfca.com.cn -> hxxp://www.cfca.com.cn
IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\com.cn -> hxxps://cardsonline.spdbccc.com.cn
IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\spdb.com.cn -> hxxps://ebank.spdb.com.cn
IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\spdb.com.cn -> hxxp://ebank.spdb.com.cn
IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\spdbccc.com.cn -> hxxps://cardsonline.spdbccc.com.cn
IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\taobao.com -> hxxp://taobao.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 15:24 - 2016-08-23 11:25 - 00001121 ____A C:\WINDOWS\system32\Drivers\etc\hosts

192.184.41.182 astrill.com
192.184.41.182 www.astrill.com
192.184.41.182 members.astrill.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-412318308-364620732-2893145180-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Allen Loh\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 198.18.56.1 - 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\StartupApproved\Run: => "BitTorrent Sync"
HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\StartupApproved\Run: => "QQ2009"
HKU\S-1-5-21-412318308-364620732-2893145180-1001\...\StartupApproved\Run: => "ExpressVPN4"
HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "BitTorrent Sync"
HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "QQ2009"
HKU\S-1-5-21-412318308-364620732-2893145180-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "ExpressVPN4"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C0767A37-29E4-4A99-9A10-D8878653A972}] => (Allow) C:\Program Files\HitmanPro\HitmanPro.exe
FirewallRules: [{42B33842-1DB2-4F22-9377-BEA5D281A799}] => (Allow) C:\Program Files\HitmanPro\HitmanPro.exe
FirewallRules: [{419E7614-61F5-4F97-AA44-683D88C51FFF}] => (Allow) C:\Program Files\HitmanPro\HitmanPro.exe
FirewallRules: [{2B4C6B93-DBCE-4B21-ACE5-11620749966F}] => (Allow) C:\Program Files\HitmanPro\HitmanPro.exe
FirewallRules: [{EF7E10BB-3413-44F1-AE8F-0C3450C799D8}] => (Allow) C:\Program Files (x86)\Astrill\astrill.exe
FirewallRules: [{5B8F602A-60FF-4105-8849-8FD8F1D1F291}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{E5829A15-199F-4BC7-8F4E-E03FD6BF23D9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F74EEBFC-38DB-454F-850D-69988BDF070A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [UDP Query User{1F5730F1-AC4E-4001-9BA6-0DB60E9A6C84}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe
FirewallRules: [TCP Query User{B463CE9F-B49A-4EBE-BB01-2F8240577106}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe
FirewallRules: [{9452722E-F9B4-411B-B29F-DA8309A1995B}] => (Allow) C:\Program Files (x86)\baidu\BaiduRJDownloader\1.7.0.110\ActivityAssistant.exe
FirewallRules: [{5C2B0E45-335E-4182-9B73-324CA710717B}] => (Allow) C:\Program Files (x86)\baidu\BaiduRJDownloader\1.7.0.110\ActivityAssistant.exe
FirewallRules: [{04960868-E824-4CB7-A59A-12622354A102}] => (Allow) C:\Program Files (x86)\baidu\BaiduRJDownloader\1.7.0.110\AppUpdater.exe
FirewallRules: [{40CBE7F6-A5FC-4915-9123-DFE1A19FF6DD}] => (Allow) C:\Program Files (x86)\baidu\BaiduRJDownloader\1.7.0.110\AppUpdater.exe
FirewallRules: [{3974C4AD-9FCD-4BA7-AD88-DD4E193D7F75}] => (Allow) C:\Users\Allen Loh\AppData\Roaming\baidu\BaiduYunGuanjia\BaiduYunGuanjia.exe
FirewallRules: [{244CE776-EC08-4219-AA65-996BAAE58762}] => (Allow) C:\Users\Allen Loh\AppData\Roaming\baidu\BaiduYunGuanjia\BaiduYunGuanjia.exe
FirewallRules: [{01AE5C61-2868-4606-8283-66E508F09EDE}] => (Allow) C:\Users\Allen Loh\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe
FirewallRules: [{8AB9B039-6DF2-4E03-BAA8-368BC41A3D2F}] => (Allow) C:\Users\Allen Loh\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe
FirewallRules: [{53FF7BD9-D336-40C5-B391-0ED71B11F897}] => (Allow) C:\Program Files (x86)\baidu\BaiduRJDownloader\1.7.0.110\AppUpdater.exe
FirewallRules: [{911FDE4F-5660-4B3E-96B3-7088B5A0A690}] => (Allow) C:\Program Files (x86)\baidu\BaiduRJDownloader\1.7.0.110\AppUpdater.exe
FirewallRules: [{04366897-6C39-4649-9B8E-481A60907E05}] => (Allow) C:\Program Files (x86)\baidu\BaiduRJDownloader\1.7.0.110\ActivityAssistant.exe
FirewallRules: [{DCDD618D-EF1D-4B31-A5CD-2D0EA7EBC9EA}] => (Allow) C:\Program Files (x86)\baidu\BaiduRJDownloader\1.7.0.110\ActivityAssistant.exe
FirewallRules: [UDP Query User{C9519036-FEB2-4399-A1CA-C8FAE3EED981}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe
FirewallRules: [TCP Query User{2E74A5BA-DC7C-46F4-88F9-3F8B091EC4CC}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe
FirewallRules: [{F692E7A5-7AA6-4254-AD1D-08680BE9D647}] => (Allow) C:\Users\Allen Loh\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe
FirewallRules: [{135C3BC9-02B5-487F-8253-4044C6D0A080}] => (Allow) C:\Users\Allen Loh\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe
FirewallRules: [{0198240D-C803-4AA1-BF73-DE2F968FFE6F}] => (Allow) C:\Users\Allen Loh\AppData\Roaming\baidu\BaiduYunGuanjia\BaiduYunGuanjia.exe
FirewallRules: [{29CAE76F-77B4-4CAD-87CF-848DA800E851}] => (Allow) C:\Users\Allen Loh\AppData\Roaming\baidu\BaiduYunGuanjia\BaiduYunGuanjia.exe
FirewallRules: [UDP Query User{623173BB-98E9-4D04-88CD-11B26AA99069}C:\program files\adobe\adobe photoshop cc 2014\photoshop.exe] => (Allow) C:\program files\adobe\adobe photoshop cc 2014\photoshop.exe
FirewallRules: [TCP Query User{30F75F46-468E-4B3F-8B75-50DC2BACF6CD}C:\program files\adobe\adobe photoshop cc 2014\photoshop.exe] => (Allow) C:\program files\adobe\adobe photoshop cc 2014\photoshop.exe
FirewallRules: [{32C2762A-E869-4DF9-8EEB-ABB3CD539DCE}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe
FirewallRules: [{A087A233-6BC2-4040-BF48-5CE9A56E20C1}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe
FirewallRules: [{0E889BA6-187C-45A7-951C-CDF9296609A1}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\ApowersoftAndroidDaemon.exe
FirewallRules: [{34D34444-B1D0-4DE9-8FCE-CEBB71F781A0}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\ApowersoftAndroidDaemon.exe
FirewallRules: [{E0C58C55-559E-4FF6-9763-40DC383E1F82}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\Apowersoft Phone Manager.exe
FirewallRules: [{FF0DF4BE-6796-487B-AC86-6980DF043931}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\Apowersoft Phone Manager.exe
FirewallRules: [{F379679E-A15A-45E1-8805-98163C77B684}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe
FirewallRules: [{311CF8C9-3FB8-42FB-AC40-9C29EDF1D898}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe
FirewallRules: [{B9F1231E-ECEB-424A-901F-E34CF40BA92D}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe
FirewallRules: [{557CA6FD-35EF-4C39-9D08-28E115175F52}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe
FirewallRules: [{77E32198-D68D-4D42-919E-BA5F2970A68A}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe
FirewallRules: [{DCE62D81-C01F-4847-AA7E-26DE66BF76E7}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe
FirewallRules: [{FCDF346A-3A04-4BBB-86B3-1F456616F9DE}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\ApowersoftAndroidDaemon.exe
FirewallRules: [{964DF93A-59FB-4169-BB73-CA2B9E5CD803}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\ApowersoftAndroidDaemon.exe
FirewallRules: [{64449E71-7704-45D8-A653-1F453D52DFCD}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\Apowersoft Phone Manager.exe
FirewallRules: [{C5F7EB29-7758-4359-9025-CE473FBD27D3}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\Apowersoft Phone Manager.exe
FirewallRules: [{0E3E0189-EE6F-4D56-A362-9FC4737C94C8}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQGameUpUI.exe
FirewallRules: [{297621BB-F4F0-4853-8643-45FA35D5696F}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQMiniDLUI.exe
FirewallRules: [{D91005C3-5852-4BB1-BD38-20B1FC117BFB}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\qqminidl.exe
FirewallRules: [{71BBCD94-758E-49DF-A544-169B81CA8B29}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\tencentdl.exe
FirewallRules: [{FF923CCC-1DCB-455B-AD9A-65EDCA650736}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\bugreport_xf.exe
FirewallRules: [{D0F410DC-901C-42E4-9A08-B71189A7B46D}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQGameUpUI.exe
FirewallRules: [{6BF17F19-C136-4421-AF47-EF5A7104E441}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQMiniDLUI.exe
FirewallRules: [{04379206-D79A-4676-8394-FD1142F05FE0}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\qqminidl.exe
FirewallRules: [{67838533-D69A-4557-97B8-515984114691}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\bugreport_xf.exe
FirewallRules: [{77DBFD1C-C874-4A89-893C-126F033937EE}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\tencentdl.exe
FirewallRules: [{723128E4-1782-4472-8A2C-45C71C1D49E8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{FE18454F-5A58-47F3-BD69-F2D9D46AB9F3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A09514CD-1DA9-4F55-B5D1-5BE9F7EC8928}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2529E91B-12AC-466D-A183-92932AC74742}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9E17BD47-91C6-4AC1-BD83-C7A24BBFD523}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0EC4992F-B6B7-406D-BA22-0D26ABD7523B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [UDP Query User{88320407-43C6-4835-A58C-0E7A097D1C02}C:\program files (x86)\aliwangwang\aliim.exe] => (Allow) C:\program files (x86)\aliwangwang\aliim.exe
FirewallRules: [TCP Query User{0D61BAB3-8914-4108-AE83-C2A01F293D5A}C:\program files (x86)\aliwangwang\aliim.exe] => (Allow) C:\program files (x86)\aliwangwang\aliim.exe
FirewallRules: [{661D79C2-04D7-4124-9376-4C2463EE1785}] => (Allow) LPort=1688
FirewallRules: [UDP Query User{494664AF-8C24-40A0-B0C2-E6CF6F5F50B5}C:\program files (x86)\aliwangwang\aliim.exe] => (Allow) C:\program files (x86)\aliwangwang\aliim.exe
FirewallRules: [TCP Query User{834162A1-1A93-4B6F-B7D5-C9376B0DD809}C:\program files (x86)\aliwangwang\aliim.exe] => (Allow) C:\program files (x86)\aliwangwang\aliim.exe
FirewallRules: [UDP Query User{7D41D200-00AF-46D3-BCA6-D73EE7EC00D2}C:\program files (x86)\tencent\wechat\wechat.exe] => (Allow) C:\program files (x86)\tencent\wechat\wechat.exe
FirewallRules: [TCP Query User{25DBAD85-6EDC-48D1-BF9E-0C8D8B25D07F}C:\program files (x86)\tencent\wechat\wechat.exe] => (Allow) C:\program files (x86)\tencent\wechat\wechat.exe
FirewallRules: [{9EFB3E53-B0EA-429C-9C60-BCCED04CA9B2}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{565ADFC8-F7F7-49AF-9EE4-422A59D15CE2}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{69277154-35CB-404E-A2AC-DAE894C73C17}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{472FF369-2E0E-49B4-9446-F2A0DD0515B0}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{46139212-394E-4A8C-98B9-CB8813DC7423}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{5E594865-33D3-4F24-8D6E-38A25568D593}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{784B3511-CD85-4565-9082-DD2ACB19CDAC}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{24FB98BE-E33E-4A7A-9A7A-668EDA977750}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{24E7FCD4-E27E-419C-B254-FA2D488BCFE3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{126C288A-1891-489C-B3F9-E42229AD825D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E23D2E5F-2FC1-4A21-AD98-88F7E0A4BCC4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E6EE83BF-6223-41F3-94D3-DC74D49077EA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{B5A68663-FB69-4075-9569-CAE2ABC58C08}C:\users\allen loh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\allen loh\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{FCF49085-B7D8-4125-BD47-B1263F120ABC}C:\users\allen loh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\allen loh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6B1C7C43-E014-4EC2-B7BD-EAA61A53744B}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQGameUpUI.exe
FirewallRules: [{7B98330B-D810-4EF8-9929-6276331E8D3F}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQMiniDLUI.exe
FirewallRules: [{C38A078A-DD75-487E-A7C2-C37888F48926}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\qqminidl.exe
FirewallRules: [{5F27BB88-F874-4077-B94B-FC5F2A4C2C7E}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\QzoneMusic.exe
FirewallRules: [{063D9FC4-1DC0-43A4-982A-00B557A4F366}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\QzoneMusic.exe
FirewallRules: [{737B046D-B438-4487-86DC-604F946405E0}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\tencentdl.exe
FirewallRules: [{8F966BE7-3991-411E-A673-F16C650A9FC0}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\bugreport_xf.exe
FirewallRules: [UDP Query User{AB1D37C4-84ED-4204-ADD8-1D75E7417787}C:\program files\bitcomet\bitcomet.exe] => (Allow) C:\program files\bitcomet\bitcomet.exe
FirewallRules: [TCP Query User{BBC95F4F-C074-411F-86E4-FBF4AE71D9AF}C:\program files\bitcomet\bitcomet.exe] => (Allow) C:\program files\bitcomet\bitcomet.exe
FirewallRules: [{C7BDAD78-5E0C-40F7-9691-9C291BA6B581}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\QQGameMicro.exe
FirewallRules: [{8BFEBEB8-43F4-446B-B0A6-AFBB40C44FDF}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\IEProc.exe
FirewallRules: [{24692540-2831-45D7-8D68-ED2ACFD0618C}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQGameUpUI.exe
FirewallRules: [{7EE564FB-3F63-47BD-BCB0-0AC345A2CA69}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQMiniDLUI.exe
FirewallRules: [{42B8720B-8E10-4341-8907-4F58F21BDC85}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\qqminidl.exe
FirewallRules: [{B815022F-51EB-4093-BE8F-F4A6F793330A}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\QzoneMusic.exe
FirewallRules: [{F723782F-8F55-42FD-A4B3-3DD966772391}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\QzoneMusic.exe
FirewallRules: [{9A452CBE-108B-4F5E-8975-0622778F6F39}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\tencentdl.exe
FirewallRules: [{89FECC4E-6BB3-4EED-8374-5CA271E606CB}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\bugreport_xf.exe
FirewallRules: [{A081E8D5-7898-48D9-B328-8210E01E3D65}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maUpdat.exe
FirewallRules: [{C7987A73-E1AD-4EA8-A9B1-7E91A939D46A}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maLauncher.exe
FirewallRules: [{0628E1A7-3571-45BC-B13C-1CF27E8C764D}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\SetupEx\SetupEx.exe
FirewallRules: [{4EAA959B-EE07-4552-85BD-73B0F2620546}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\txupd.exe
FirewallRules: [{B4890C94-FF25-45CD-8A7B-CB358364CC9F}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\auclt.exe
FirewallRules: [{13AA97BC-9EAC-4078-92F6-71C422BB42F9}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe
FirewallRules: [{37996E35-798D-4688-8A36-0DCC4311D7AC}] => (Allow) C:\Users\Allen Loh\AppData\Roaming\Tencent\QQ\STemp\SetupEx0\QQSetupEx.exe
FirewallRules: [{BE3F3680-3578-4DFB-82A6-C7CF7F425B16}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{57FE96D5-4779-4D2B-B29B-045157DC27D8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D8F6E564-079E-444D-9BE8-190C66DD3E7C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B2C1CDF3-E53D-4345-89FF-A5D7FDBC9F8E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{74F9A12E-A1BD-432C-8698-BC7AEF0D6BF9}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{F4230183-6154-4D63-888E-43DFC7C1A2DA}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [UDP Query User{2FE2B25B-07E4-495F-85FA-E43BDC1BDE10}C:\users\allen loh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\allen loh\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E7C5B65A-0BD8-4EBF-9395-7C55272EFC72}C:\users\allen loh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\allen loh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C4365861-F665-405C-8410-E4A7B62279DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{69BEC975-073C-416E-AD45-EF1E2226EDD2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EE715EB2-B608-4439-AE56-3CA229C353B1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{FE873A2E-DD71-4222-9772-8F95BFC59A2A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5F92AB6D-EA6C-4B87-9190-1B7BCE6EA117}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8FCFD1E9-5E6D-4FEE-8681-633CE94F7344}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C10FACD4-EE09-4D1F-9DDD-AE6F5B596B64}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2EAE8A37-7C86-4D4C-BD5D-B75AF1B45D96}] => (Allow) C:\Users\Allen Loh\AppData\Local\LINE\bin\4.9.0.1147\LINE.exe
FirewallRules: [{F4FFDE7E-493F-4CE8-AC54-2B0629A45E74}] => (Allow) C:\Users\Allen Loh\AppData\Local\LINE\bin\4.9.0.1147\LINE.exe
FirewallRules: [{9D827B39-96AC-4FA2-95FE-77D059DDDE88}] => (Allow) C:\Users\Allen Loh\AppData\Local\LINE\bin\4.9.0.1147\LineUpdater.exe
FirewallRules: [{979C5C82-FC7A-4B15-9DD4-2AD775D1F9E6}] => (Allow) C:\Users\Allen Loh\AppData\Local\LINE\bin\4.9.0.1147\LineUpdater.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

14-09-2016 19:54:19 Installed EmEditor (64-bit)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2016 11:44:56 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/14/2016 11:44:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/14/2016 11:44:14 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/14/2016 11:44:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-63RO6J2)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023673 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/14/2016 10:35:14 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/14/2016 10:35:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/14/2016 10:34:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/14/2016 10:34:24 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/14/2016 10:34:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/14/2016 10:33:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1140


System errors:
=============
Error: (09/14/2016 11:43:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/14/2016 10:34:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/14/2016 09:12:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/14/2016 10:05:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/14/2016 12:44:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/13/2016 11:37:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/13/2016 11:06:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/13/2016 11:06:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Content Protection HDCP Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/13/2016 11:06:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/13/2016 11:06:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 51%
Total physical RAM: 15954.12 MB
Available physical RAM: 7683.34 MB
Total Virtual: 28754.12 MB
Available Virtual: 14458.03 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:475.98 GB) (Free:67.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 9B6E2D6C)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=476 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=475 MB) - (Type=27)

==================== End of Addition.txt ============================

 

Checkresults.txt

Potential issues:
==============================

LAN Settings: No Settings are Set        <--NOT DETECTING SETTING AUTOMATICALLY


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

mbam-check result log version:     2.3.2.0
========================================

User Account type:                 Administrator
DomainComputer:                    No
OS:                                Windows 10  64 bit Operating System
Current Version and Build:         10.0.14393 OS Product Info: Professional


Malwarebytes Anti-Malware:         2.2.1.1043
Installed On:                      2016/09/04
Malware Database:                  2016.09.14.07
Rootkit Database:                  2016.08.15.01
Remediation Database:              2016.08.31.01
IP Database:                       2016.09.14.01
Domain Database:                   2016.09.14.03
License:                           Trial
Malware Protection:                4 (The service is running.)
Malicious Website Protection:      4 (The service is running.)
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2016/09/15 00:58:55

User Information for Local System:
===========================================
User Account: Administrator
    Account Level: Admin
User Account: Allen Loh
    Account Level: Admin
User Account: DefaultAccount
    Account Level: Guest
User Account: Guest
    Account Level: Guest
Total # of user entries: 4

UAC Settings:
===================
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    DWORD    1    Status: ON
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    DWORD    5    Status: ON

AntiVirus Information:
===================
AntiVirus Software Installed:    "Avira Antivirus"
AntiVirus Software Installed:    "Windows Defender"

FireWall Information:
===================
NO 3rd Party Firewall Software Installed

AntiSpyware Information:
===================
AntiSpyware Software Installed:    "Avira Antivirus"
AntiSpyware Software Installed:    "Windows Defender"
AntiSpyware Software Installed:    "Spybot - Search and Destroy"

Machine Information
===============================================
Machine ID:    6cabb1f4dad6ea14bd5ca822b1d81bb06e82e6d1
Installation Token:    FBpvcdBVn8hxtgZiNSEu1472979338
System has been up for:     25.8772 Hours
Current Date:    2016-Sep-14 16:58:55.992959
Date Booted:    2016-Sep-13 15:58:55.992959

Detection and Protection Settings
===============================================
Use Advanced Heuristics Engine (Shuriken):            true
Scan for rootkits:                                    false
Scan within archives:                                 true
PUP (Potentially Unwanted Program) detections:        Treat Detections as Malware
PUM (Potentially Unwanted Modification) detections:   Treat Detections as Malware

Compatibility Flag Settings:
=================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
    C:\Program Files (x86)\Astrill\tapinstall.exeREG_SZ        RUNASADMIN


Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:

MBAM Startup Entries: 
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Malwarebytes Anti-Malware Service and Driver Status:
=======================================================

--------------Driver File Info:--------------
C:\WINDOWS\system32\drivers\mbam.sys
File Size: 27008     BYTES    FileVersion: 0.1.16.0    MD5: [78bff5425e044086e74e78650a359fbb]
C:\WINDOWS\system32\drivers\mwac.sys
File Size: 65408     BYTES    FileVersion: 1.0.6.0    MD5: [898415ac0b5f1d2a9a48abcb68a6dc4b]
C:\WINDOWS\system32\drivers\mbamswissarmy.sys
File Size: 192216    BYTES    FileVersion: 0.3.0.4    MD5: [78488af2ab2111d67b3c4044707a519b]
C:\WINDOWS\system32\drivers\mbamchameleon.sys
File Size: 140672    BYTES    FileVersion: 1.1.22.0    MD5: [1239597bab7eed2bb16d035af87e65d9]

--------------MBAMProtector:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


--------------MBAMService:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


--------------MBAMScheduler:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMWebAccessControl:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


Required Dependencies:
======================

--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
    DisplayName                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1001
    ErrorControl                  REG_DWORD        1
    Group                         REG_SZ        NetworkProvider
    ImagePath                     REG_EXPAND_SZ    %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
    Start                         REG_DWORD        2
    Type                          REG_DWORD        32
    Description                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1002
    DependOnService               REG_MULTI_SZ    RpcSs

    ObjectName                    REG_SZ        NT AUTHORITY\LocalService
    ServiceSidType                REG_DWORD        3
    RequiredPrivileges            REG_MULTI_SZ    SeAuditPrivilege

    FailureActions                REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
    ServiceDll                    REG_EXPAND_SZ    %SystemRoot%\System32\bfe.dll
    ServiceDllUnloadOnStop        REG_DWORD        1
    ServiceMain                   REG_SZ        BfeServiceMain

--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
    AttachWhenLoaded              REG_DWORD        1
    DisplayName                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
    ErrorControl                  REG_DWORD        3
    Group                         REG_SZ        FSFilter Infrastructure
    ImagePath                     REG_EXPAND_SZ    system32\drivers\fltmgr.sys
    Start                         REG_DWORD        0
    Tag                           REG_DWORD        1
    Type                          REG_DWORD        2
    Description                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10000


C:\WINDOWS\system32\drivers\fltmgr.sys
File Size: 377696    BYTES    FileVersion: 6.2.14393.0    MD5: [fda72aca14d516d18c33afcd0fd9260f]
C:\WINDOWS\SysWoW64\olepro32.dll
File Size: 90112     BYTES    FileVersion: 6.2.14393.0    MD5: [29cbdb71b0558448282df4aaeb79105d]


MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced: 
    AutomaticQuarantine:                                       true 
    AutostartProtection:                                       true 
    LimitedMode:                                               false 
    StartSilentMode:                                           false 
    StartupDelay:                                              -15 
ApplicationState: 
    First-Run-After-Installation:                              false 
General: 
    DaysUntilNotifyExpiration:                                 5 
    Language:                                                  en 
    RightClickAccess:                                          true 
    SilentErrors:                                              false 
Logging: 
    ExportLog:                                                 true 
Marketing: 
    LastPostScanMarketingIndex:                                2 
Notification: 
ProtectionTray: 
    DisplayMilliseconds:                                       3000 
ScanHistory: 
    Duration_Complete:                                         70074 
    Duration_Driver:                                           0 
    Duration_Filesystem:                                       39 
    Duration_Heuristics:                                       2313229 
    Duration_Loading:                                          0 
    Duration_MasterBootRecord:                                 0 
    Duration_Memory:                                           40000 
    Duration_PreScan:                                          30803 
    Duration_Registry:                                         6229 
    Duration_Sector:                                           0 
    Duration_Startup:                                          17073 
    ItemCount_Complete:                                        283353 
    ItemCount_Driver:                                          0 
    ItemCount_Filesystem:                                      49668 
    ItemCount_Heuristics:                                      369518 
    ItemCount_Loading:                                         0 
    ItemCount_MasterBootRecord:                                0 
    ItemCount_Memory:                                          2797 
    ItemCount_PreScan:                                         30750 
    ItemCount_Registry:                                        847 
    ItemCount_Sector:                                          0 
    ItemCount_Startup:                                         6321 
    LastRemovalRequiredDOR:                                    false 
    LastScanDateEpoch:                                         1473818186614 
    LastScanType:                                              1 (Threat Scan)
    QuarantineCompletedCount:                                  2 
Update: 
    LastUpdate:                                                2016-09-14T16:05:22 
    NotifyInstallReady:                                        true 
    NotifyOutdatedDatabase:                                    7 
    ProxyPassword:                                              
    ProxyPort:                                                 0 
    ProxyServer:                                                
    ProxyUsername:                                              
    UseProxy:                                                  false 
    UseProxyAuthentication:                                    false 
    CheckProgramUpdates:                          true
--------------Account:--------------
  Account Status:                                              Trial 
  Expiration Time:                                             2016/09/18 08:55:40 
  Activation Time:                                             2016/09/04 16:55:34 
  Trial Used:                                                  true 
--------------Access Policies:--------------

Scheduler Queue:
================

tasks: 
    6c9e1ed1-ee7f-4e15-8f17-a66ac7dca009:                       
      parameters:                                               
        NotifyWhenUpdateCompletes:                             false 
        TaskType:                                              3 
      triggers:                                                 
        71243cee-a174-40d0-a300-3cb5645d5563:                   
          dateinterval:                                        0:0:0 (Days:Months:Years) 
          lastscheduled:                                       Thu, 15 Sep 2016 00:04:56.024929 +0800 
          lasttriggered:                                       Thu, 15 Sep 2016 00:04:56.024929 +0800 
          nextscheduled:                                       Thu, 15 Sep 2016 01:10:28.025074 +0800 
          recovery:                                            00:00:00 (Hours:Minutes:Seconds) 
          start:                                               Sun, 04 Sep 2016 16:58:46.025074 +0800 
          timeinterval:                                        01:00:00 (Hours:Minutes:Seconds) 
          type:                                                Hourly 
          uuid:                                                71243cee-a174-40d0-a300-3cb5645d5563 
      type:                                                    update 
      uuid:                                                    6c9e1ed1-ee7f-4e15-8f17-a66ac7dca009 
    fa536db9-6b7b-49b3-bd6f-359ef3b6b3bf:                       
      parameters:                                               
        AutoDelete:                                            false 
        CheckForUpdatesBeforeScanStart:                        true 
        ProcessLaunchedFromScheduler:                          true 
        ScanConfig:                                             
          ExportLog:                                           true 
          FileSystemOption:                                    true 
          Quarantine:                                          Prompt 
          RebootSystemWhenMalwareDetected:                     false 
          ScanArchives:                                        true 
          ScanExtra:                                           true 
          ScanHeuristic:                                       true 
          ScanMemoryObjects:                                   true 
          ScanPUM:                                             Treat Detections as Malware 
          ScanPUP:                                             Treat Detections as Malware 
          ScanRegistry:                                        true 
          ScanRootkits:                                        false 
          ScanSource:                                          1 
          ScanStartup:                                         true 
          ScanTargets:                                          
          ScanType:                                            1 (Threat Scan)
          Silent:                                              true 
        StartTaskFromSystemAccount:                            false 
        TaskType:                                              0 
      triggers:                                                 
        fb276c74-b9eb-404b-a789-5114d463ffae:                   
          dateinterval:                                        1:0:0 (Days:Months:Years) 
          lastscheduled:                                       Wed, 14 Sep 2016 09:56:02.256434 +0800 
          lasttriggered:                                       Wed, 14 Sep 2016 09:56:02.256434 +0800 
          nextscheduled:                                       Thu, 15 Sep 2016 02:40:34 +0800 
          recovery:                                            23:00:00 (Hours:Minutes:Seconds) 
          start:                                               Mon, 05 Sep 2016 02:32:34 +0800 
          timeinterval:                                        00:00:00 (Hours:Minutes:Seconds) 
          type:                                                Daily 
          uuid:                                                fb276c74-b9eb-404b-a789-5114d463ffae 
      type:                                                    scan 
      uuid:                                                    fa536db9-6b7b-49b3-bd6f-359ef3b6b3bf 

Pending File Rename Operations: 
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
Pending File Rename Operations: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
    PendingFileRenameOperations    REG_MULTI_SZ    \??\C:\Program Files (x86)\Avira\Antivirus\aegen.dll.tmp

MBAMProtector Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
    WOW64                         REG_DWORD        1
    Type                          REG_DWORD        2
    Start                         REG_DWORD        3
    ErrorControl                  REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    \??\C:\Windows\system32\drivers\mbam.sys
    DisplayName                   REG_SZ        MBAMProtector
    Group                         REG_SZ        FSFilter Anti-Virus
    DependOnService               REG_MULTI_SZ    FltMgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
    DefaultInstance               REG_SZ        MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
    Altitude                      REG_SZ        328800
    Flags                         REG_DWORD        0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters
    PassThruFile                  REG_SZ        mbampt.exe
    ProductPath                   REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware

MBAMService Registry Values:
============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
    WOW64                         REG_DWORD        1
    Description                   REG_SZ        Malwarebytes Anti-Malware service
    DelayedAutostart              REG_DWORD        0
    Type                          REG_DWORD        16
    Start                         REG_DWORD        2
    ErrorControl                  REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
    DisplayName                   REG_SZ        MBAMService
    DependOnService               REG_MULTI_SZ    MBAMProtector

    ObjectName                    REG_SZ        LocalSystem

MBAMScheduler Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler
    WOW64                         REG_DWORD        1
    Description                   REG_SZ        Malwarebytes Anti-Malware scheduler
    Type                          REG_DWORD        16
    Start                         REG_DWORD        2
    ErrorControl                  REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
    DisplayName                   REG_SZ        MBAMScheduler
    ObjectName                    REG_SZ        LocalSystem

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


TermService Start is set to: 3 (Manual Startup)

Proxy Status: No proxy is Set

Proxy Override: 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
    ProxyOverride    REG_SZ        <local>

LAN Settings:
=============

No Settings are Set        <--NOT DETECTING SETTING AUTOMATICALLY

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
    SystemPartition    REG_SZ        \Device\HarddiskVolume1

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
        h:mm:ss tt
        AM 
        PM 
        :

Currently:
REG_SZ        h:mm:ss tt
REG_SZ        AM
REG_SZ        PM
REG_SZ        :

Language and Regional Settings:
===============================

ACP:     Language is English (United States)
MACCP:     Language is English (United States)
OEMCP:     Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's Startup Folder Exists.


Context Menu Entries:
=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}


HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
    (Default):                    REG_SZ        IMBAMShlExt
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
    (Default):                    REG_SZ        {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
    (Default):                    REG_SZ        {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
    Version                       REG_SZ        1.0
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
    ThreadingModel                REG_SZ        Apartment
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
    (Default):                    REG_SZ        {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
    (Default):                    REG_SZ        MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
    (Default):                    REG_SZ        0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
    (Default):                    REG_SZ        MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
    (Default):                    REG_SZ        0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware


List of MBAM Related Directories:
=================================

C:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll                                      File Size: 922080    BYTES    FileVersion:  9.20.0.0       MD5: [14079a2411fa2bb7f78bc100c92bbcc2]
changes.txt                                 File Size: 1596      BYTES    FileVersion:  N/A            MD5: [09371a0c8bd9e9554571da257d554d3e]
cloud-enumeration.dll                       File Size: 287200    BYTES    FileVersion:  1.0.1.0        MD5: [84ac20b9327dbd4d94039be93384dad5]
cloud.dll                                   File Size: 352736    BYTES    FileVersion:  1.0.1.0        MD5: [5659790448fb136a80be407c4a0dbb50]
license.rtf                                 File Size: 38870     BYTES    FileVersion:  N/A            MD5: [ed36ea764c3a452334416713c8cf1eed]
master.conf                                 File Size: 1258      BYTES    FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                    File Size: 609760    BYTES    FileVersion:  1.0.40.0       MD5: [c4a51c1cb174066fdaf383c09f0d574b]
mbam.exe                                    File Size: 9926112   BYTES    FileVersion:  2.3.173.0      MD5: [8e98e3ec16d2641005b4748cd330fb45]
mbamcore.dll                                File Size: 2127840   BYTES    FileVersion:  1.3.24.0       MD5: [63ce66ef2b30a09308eafe29baec6a75]
mbamdor.exe                                 File Size: 55264     BYTES    FileVersion:  1.0.2.0        MD5: [297c1bdcc26adb339d4c0f0550e434d6]
mbamext.dll                                 File Size: 431072    BYTES    FileVersion:  3.1.1.0        MD5: [67a6ec1735c77c2623b49cc1f284c8a0]
mbampt.exe                                  File Size: 40928     BYTES    FileVersion:  1.0.57.0       MD5: [04d0b942b0ad4a5d2eee45d9b7d6545b]
mbamresearch.exe                            File Size: 1949152   BYTES    FileVersion:  1.1.1.0        MD5: [e601f9ca6a72493bc8185bedda17eee8]
mbamscheduler.exe                           File Size: 1514464   BYTES    FileVersion:  3.1.7.0        MD5: [9611577752e293259c7dce19e9026362]
mbamservice.exe                             File Size: 1136608   BYTES    FileVersion:  3.2.21.0       MD5: [f1a89a34388b5626f1548d393b23ecb1]
mbamsrv.dll                                 File Size: 3863008   BYTES    FileVersion:  2.1.10.0       MD5: [a33629c51295570fe9f252a39ddcea93]
mbamtoast.dll                               File Size: 98272     BYTES    FileVersion:  1.70.0.0       MD5: [b55f6f7b61ae6070a6e023e11fda92ee]
msvcp100.dll                                File Size: 422880    BYTES    FileVersion:  10.0.40219.325 MD5: [53a5f1b984f585997968cd0dfb27400c]
msvcr100.dll                                File Size: 775648    BYTES    FileVersion:  10.0.40219.325 MD5: [dc0213118e61e5ca865092109860792c]
Qt5Core.dll                                 File Size: 4646880   BYTES    FileVersion:  5.4.1.0        MD5: [91c7c50b2a290b82604163b5a679ea24]
Qt5Gui.dll                                  File Size: 4640224   BYTES    FileVersion:  5.4.1.0        MD5: [1d59b3e632aef8e24cc1707fd411113b]
Qt5Network.dll                              File Size: 673248    BYTES    FileVersion:  5.4.1.0        MD5: [e089635a8cbed229ec30cdbe29748c08]
Qt5Widgets.dll                              File Size: 4474848   BYTES    FileVersion:  5.4.1.0        MD5: [33881dda0ccc3898facadf1e4d1df237]
unins000.dat                                File Size: 37905     BYTES    FileVersion:  N/A            MD5: [43681fa49b2de4145bc812fd3cf3bed1]
unins000.exe                                File Size: 720085    BYTES    FileVersion:  51.52.0.0      MD5: [f1505d347325c77e3eeef418495e1f57]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                               File Size: 235882    BYTES    FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.exe                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.pif                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.scr                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
iexplore.exe                                File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.com                          File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.exe                          File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.pif                          File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.scr                          File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-killer.exe                             File Size: 1504736   BYTES    FileVersion:  3.0.15.0       MD5: [b79d3c2fca170c4dd15d7316067a1fd3]
rundll32.exe                                File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
svchost.exe                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
windows.exe                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
winlogon.exe                                File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
qgif.dll                                    File Size: 29664     BYTES    FileVersion:  5.4.1.0        MD5: [0b528e4c9bbd9efdea9bc8ac6a967d6d]
qico.dll                                    File Size: 29664     BYTES    FileVersion:  5.4.1.0        MD5: [7b36d94db81b8b0dfd9323228dd96b51]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_ar.qm                                  File Size: 87404     BYTES    FileVersion:  N/A            MD5: [269d3107ca72a75fe154ce4ff718af50]
lang_bg.qm                                  File Size: 133911    BYTES    FileVersion:  N/A            MD5: [376ad1e4ad206bc32da09b12b564ecc4]
lang_ca.qm                                  File Size: 92634     BYTES    FileVersion:  N/A            MD5: [2d35f58b0c2db44ad2717f4a4526a085]
lang_cs.qm                                  File Size: 105193    BYTES    FileVersion:  N/A            MD5: [2c191de828d5e05fd7afa27ee1245023]
lang_da.qm                                  File Size: 88039     BYTES    FileVersion:  N/A            MD5: [f8a4941d5d388160d252832a77ab584f]
lang_de.qm                                  File Size: 139276    BYTES    FileVersion:  N/A            MD5: [b55f37281f0fcadfae67aecf0bf4cca5]
lang_el.qm                                  File Size: 126897    BYTES    FileVersion:  N/A            MD5: [bd671253e071bac626beea63393abcda]
lang_en.qm                                  File Size: 3081      BYTES    FileVersion:  N/A            MD5: [e2790b3cd9fdd9d3e266e9623fe477af]
lang_es.qm                                  File Size: 138468    BYTES    FileVersion:  N/A            MD5: [cc4f3aab63d933d5964e2bba62df4277]
lang_et.qm                                  File Size: 107794    BYTES    FileVersion:  N/A            MD5: [aa4845cd64b20377cea0ebc66eed4a42]
lang_fi.qm                                  File Size: 130793    BYTES    FileVersion:  N/A            MD5: [00653d1fb2f790817aef991025c176aa]
lang_fr.qm                                  File Size: 141996    BYTES    FileVersion:  N/A            MD5: [e06db8ef6b826b75ec5859913651ed44]
lang_he.qm                                  File Size: 98928     BYTES    FileVersion:  N/A            MD5: [2954e902664f2e129f8a8d8238e90552]
lang_hu.qm                                  File Size: 132359    BYTES    FileVersion:  N/A            MD5: [6bf3b8c78fd393ef2811a19742518b9a]
lang_id.qm                                  File Size: 129135    BYTES    FileVersion:  N/A            MD5: [6be058072a90897595c6f097a3caa797]
lang_it.qm                                  File Size: 134154    BYTES    FileVersion:  N/A            MD5: [183990148beec433023688db65a7bf2e]
lang_ja.qm                                  File Size: 73762     BYTES    FileVersion:  N/A            MD5: [f6bfd643cb92fa760ae6ec64344ee7e1]
lang_ko.qm                                  File Size: 85731     BYTES    FileVersion:  N/A            MD5: [53b5a94eb309d69993a5bc3cd43a85e4]
lang_lt.qm                                  File Size: 90799     BYTES    FileVersion:  N/A            MD5: [eecd8edca1fb068ad3bd88aa711bdae2]
lang_lv.qm                                  File Size: 90659     BYTES    FileVersion:  N/A            MD5: [683950904e725821740217824df440ff]
lang_nl.qm                                  File Size: 133514    BYTES    FileVersion:  N/A            MD5: [442a6cf7e07e6f676d8b5ae41637549c]
lang_no.qm                                  File Size: 129833    BYTES    FileVersion:  N/A            MD5: [8949e21e367e5a32ca9f36d8d22c9771]
lang_pl.qm                                  File Size: 133827    BYTES    FileVersion:  N/A            MD5: [48379f4ac164adfc8d448bf53c8e2df8]
lang_pt_BR.qm                               File Size: 136918    BYTES    FileVersion:  N/A            MD5: [b1ea2002cf5362b24ca0a026f448e3f1]
lang_pt_PT.qm                               File Size: 136982    BYTES    FileVersion:  N/A            MD5: [5e23b66cb6d8d9894b991cc8f33658af]
lang_ro.qm                                  File Size: 90458     BYTES    FileVersion:  N/A            MD5: [bcf524020255c4f7a6fdbae8df2bfe81]
lang_ru.qm                                  File Size: 137874    BYTES    FileVersion:  N/A            MD5: [5e28394fbd12f21301e2b7e1a9dbac94]
lang_sk.qm                                  File Size: 131080    BYTES    FileVersion:  N/A            MD5: [68e0e95e7131d101188a57e3a413dee5]
lang_sl.qm                                  File Size: 107631    BYTES    FileVersion:  N/A            MD5: [83755001a3f1bd527d0b4b7a77d0b37d]
lang_sv.qm                                  File Size: 129135    BYTES    FileVersion:  N/A            MD5: [b3c38242beb63f895fabcc14bbc6807a]
lang_tr.qm                                  File Size: 88838     BYTES    FileVersion:  N/A            MD5: [1e4a3c0dcd7074ad4a3971ce67762cda]
lang_vi.qm                                  File Size: 133386    BYTES    FileVersion:  N/A            MD5: [586de19c023986bf884ad56fc29c8f5e]
lang_zh_TW.qm                               File Size: 87797     BYTES    FileVersion:  N/A            MD5: [e120a014cf077bdcbcdcbf98c3438188]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\platforms
qwindows.dll                                File Size: 929760    BYTES    FileVersion:  5.4.1.0        MD5: [6c54d2ebeaacbe9b56816536041c8281]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                               File Size: 823776    BYTES    FileVersion:  1.4.0.1001     MD5: [bbfc25590af3e45d8cca1fab95648b40]

C:\Users\Allen Loh\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                                 File Size: 9122      BYTES    FileVersion:  N/A            MD5: [935e965ff99eece3f7a2c5baeedacd33]
akadomains.ref                              File Size: 92        BYTES    FileVersion:  N/A            MD5: [73d5774cbd8df165274a0691ae264808]
akaips.ref                                  File Size: 92        BYTES    FileVersion:  N/A            MD5: [2a6869d1f91f0a0b87b1d27bd30ccc5c]
domains.ref                                 File Size: 978419    BYTES    FileVersion:  N/A            MD5: [8ec9ca66e5646ec3ba8efb4f02dc98c8]
exclusions.dat                              File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref                                     File Size: 189079    BYTES    FileVersion:  N/A            MD5: [87ccc49bc62867af3c35d40c2bca3832]
rules.ref                                   File Size: 10570153  BYTES    FileVersion:  N/A            MD5: [71e909408214625b80015ec34c1a39a0]
S-1-5-18-0-ntuser.dat                   S-1-5-18-0-ntuser.dat.LOG1              S-1-5-18-0-ntuser.dat.LOG2              S-1-5-18-0-ntuser.dat{a160649b-79ce-11e6-a917-48e244f4fb60}.TM.blfS-1-5-18-0-ntuser.dat{a160649b-79ce-11e6-a917-48e244f4fb60}.TMContainer00000000000000000001.regtrans-msS-1-5-18-0-ntuser.dat{a160649b-79ce-11e6-a917-48e244f4fb60}.TMContainer00000000000000000002.regtrans-msS-1-5-18-1-ntuser.dat                       File Size: 266240    BYTES    FileVersion:  N/A            MD5: [a2300630ee2935d7ce0f7578c10844f9]
S-1-5-18-1-ntuser.dat.LOG1                  File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
S-1-5-18-1-ntuser.dat.LOG2                  File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
S-1-5-19-0-ntuser.dat                   S-1-5-19-0-ntuser.dat.LOG1              S-1-5-19-0-ntuser.dat.LOG2              S-1-5-19-0-ntuser.dat{a16064a1-79ce-11e6-a917-48e244f4fb60}.TM.blfS-1-5-19-0-ntuser.dat{a16064a1-79ce-11e6-a917-48e244f4fb60}.TMContainer00000000000000000001.regtrans-msS-1-5-19-0-ntuser.dat{a16064a1-79ce-11e6-a917-48e244f4fb60}.TMContainer00000000000000000002.regtrans-msS-1-5-19-1-ntuser.dat                       File Size: 180224    BYTES    FileVersion:  N/A            MD5: [63586e288a6d984e17b7ee366e07e8d5]
S-1-5-19-1-ntuser.dat.LOG1                  File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
S-1-5-19-1-ntuser.dat.LOG2                  File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
S-1-5-20-0-ntuser.dat                   S-1-5-20-0-ntuser.dat.LOG1              S-1-5-20-0-ntuser.dat.LOG2              S-1-5-20-0-ntuser.dat{a16064a7-79ce-11e6-a917-48e244f4fb60}.TM.blfS-1-5-20-0-ntuser.dat{a16064a7-79ce-11e6-a917-48e244f4fb60}.TMContainer00000000000000000001.regtrans-msS-1-5-20-0-ntuser.dat{a16064a7-79ce-11e6-a917-48e244f4fb60}.TMContainer00000000000000000002.regtrans-msS-1-5-20-1-ntuser.dat                       File Size: 180224    BYTES    FileVersion:  N/A            MD5: [6512f2c08c7ac1d15aa15cf0af6d6638]
S-1-5-20-1-ntuser.dat.LOG1                  File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
S-1-5-20-1-ntuser.dat.LOG2                  File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
S-1-5-21-412318308-364620732-2893145180-1001-0-ntuser.datS-1-5-21-412318308-364620732-2893145180-1001-0-ntuser.dat.LOG1S-1-5-21-412318308-364620732-2893145180-1001-0-ntuser.dat.LOG2S-1-5-21-412318308-364620732-2893145180-1001-0-ntuser.dat{a16064ad-79ce-11e6-a917-48e244f4fb60}.TM.blfS-1-5-21-412318308-364620732-2893145180-1001-0-ntuser.dat{a16064ad-79ce-11e6-a917-48e244f4fb60}.TMContainer00000000000000000001.regtrans-msS-1-5-21-412318308-364620732-2893145180-1001-0-ntuser.dat{a16064ad-79ce-11e6-a917-48e244f4fb60}.TMContainer00000000000000000002.regtrans-msS-1-5-21-412318308-364620732-2893145180-1001-1-ntuser.dat    File Size: 4366336   BYTES    FileVersion:  N/A            MD5: [aba9ae4022cfca27cec56663ce55644e]
S-1-5-21-412318308-364620732-2893145180-1001-1-ntuser.dat.LOG1    File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
S-1-5-21-412318308-364620732-2893145180-1001-1-ntuser.dat.LOG2    File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
swissarmy.ref                               File Size: 28321     BYTES    FileVersion:  N/A            MD5: [eb97c9c4941dc1cb6b1d54ca08074986]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                                  File Size: 4600      BYTES    FileVersion:  N/A            MD5: [fb22cde62a430731e92b55e60262fbe7]
database.conf                               File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                                File Size: 1620      BYTES    FileVersion:  N/A            MD5: [3e4356e59ebe1d80b895b55222e45399]
manifest.conf                               File Size: 3411      BYTES    FileVersion:  N/A            MD5: [b4e4ce7b3d79a2ffe8f2362eb63a3618]
marketing.conf                              File Size: 7326      BYTES    FileVersion:  N/A            MD5: [214bcc8b1c5b41ec594541fbe4dcd69c]
net.conf                                    File Size: 7340      BYTES    FileVersion:  N/A            MD5: [d5c908c2586004c7e34a7425de7f38c5]
notifications.conf                          File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                              File Size: 2160      BYTES    FileVersion:  N/A            MD5: [b0c903b9479fa51147f7d9d285025820]
settings.conf                               File Size: 2124      BYTES    FileVersion:  N/A            MD5: [63906e3b6a37dc3cdbe3c6b89baae8f0]
statistics.conf                             File Size: 513       BYTES    FileVersion:  N/A            MD5: [013bdf2d03ea570deb3bbd9438600a7f]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore
build.conf                                  File Size: 4179      BYTES    FileVersion:  N/A            MD5: [20d9566b3cf94f1e395de8f40046fc68]
database.conf                               File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                                File Size: 23        BYTES    FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                               File Size: 3171      BYTES    FileVersion:  N/A            MD5: [a6e5576f7723acab40490fb9e64dfc1c]
marketing.conf                              File Size: 6974      BYTES    FileVersion:  N/A            MD5: [53bbca93e7bbeb7f5dca1ef9419ccb28]
net.conf                                    File Size: 6530      BYTES    FileVersion:  N/A            MD5: [9fb4acfdc11c7af48a760db4c7bfebf0]
notifications.conf                          File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                              File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                               File Size: 1724      BYTES    FileVersion:  N/A            MD5: [e27b42126b89352fdaae8f1630b9a8d8]
statistics.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
mbam-log-2016-09-04 (17-11-40).xml          File Size: 3342      BYTES    FileVersion:  N/A            MD5: [eae8b565388076bfe44623fbe5981a4c]
mbam-log-2016-09-05 (02-46-32).xml          File Size: 2600      BYTES    FileVersion:  N/A            MD5: [d79ed0657f3985dcb449ca657ef12d43]
mbam-log-2016-09-06 (02-34-47).xml          File Size: 2600      BYTES    FileVersion:  N/A            MD5: [679cad78e4be0be61643b9766400f3cd]
mbam-log-2016-09-07 (09-45-08).xml          File Size: 2628      BYTES    FileVersion:  N/A            MD5: [96b2895c6149d277a6581dfa7aedfea9]
mbam-log-2016-09-08 (09-53-03).xml          File Size: 2630      BYTES    FileVersion:  N/A            MD5: [2e75f1e65362311d3a2b54ee71d0411d]
mbam-log-2016-09-12 (14-54-30).xml          File Size: 2628      BYTES    FileVersion:  N/A            MD5: [fc64dcf303c64ddd9adbc5050ac02285]
mbam-log-2016-09-12 (17-29-16).xml          File Size: 2628      BYTES    FileVersion:  N/A            MD5: [e89764d2cdce65995bd079a1f9d12d9a]
mbam-log-2016-09-13 (09-46-02).xml          File Size: 2628      BYTES    FileVersion:  N/A            MD5: [18ef7fc0c621366167ca0f8d95b77ff5]
protection-log-2016-09-04.xml               File Size: 9124      BYTES    FileVersion:  N/A            MD5: [755c52e9b506b79dc38d7b0dc55a522a]
protection-log-2016-09-05.xml               File Size: 10858     BYTES    FileVersion:  N/A            MD5: [44cb647b582bbd671d1e1c9cce7ad62b]
protection-log-2016-09-06.xml               File Size: 24014     BYTES    FileVersion:  N/A            MD5: [d6f8c9ae5dbe0786d00fe4202653ed69]
protection-log-2016-09-07.xml               File Size: 16280     BYTES    FileVersion:  N/A            MD5: [a7c6013a978c5aeb77daf3f9031b6899]
protection-log-2016-09-08.xml               File Size: 17610     BYTES    FileVersion:  N/A            MD5: [7a02e295362747e73db5381c5d944923]
protection-log-2016-09-12.xml               File Size: 12195     BYTES    FileVersion:  N/A            MD5: [cb5fa4a9753444a5730f195b80c21119]
protection-log-2016-09-13.xml               File Size: 24631     BYTES    FileVersion:  N/A            MD5: [9f7ec7e2fdc71a4fc767e7f5ca5a2579]
protection-log-2016-09-14.xml               File Size: 15876     BYTES    FileVersion:  N/A            MD5: [a7b62188a7f6bc5d8edbda97cb5333c2]
protection-log-2016-09-15.xml               File Size: 2455      BYTES    FileVersion:  N/A            MD5: [de453f27ec7dd92fd154c460e5413c48]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
3049387638.data                             File Size: 713       BYTES    FileVersion:  N/A            MD5: [5983e7f1c032f1c339941c5e873a64a0]
3049387638.quar                             File Size: 4381762   BYTES    FileVersion:  N/A            MD5: [df79b60c184c2c2c8b02b1a29e68c7bf]
8739465845.data                             File Size: 708       BYTES    FileVersion:  N/A            MD5: [b3f6b7be84ba9cf9ebc596f3ba6d54c6]
8739465845.quar                             File Size: 71324     BYTES    FileVersion:  N/A            MD5: [885495bf5f02a26f3669e864771cf27f]

Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
Vendor: Trojan.Agent.CK, Date: 2016/09/04 09:12:00, Type: File, Location: C:\Users\Allen Loh\AppData\Local\Temp\Rar$DRa0.445\TNOD.rar
Vendor: Trojan.Agent.CK, Date: 2016/09/04 09:12:00, Type: File, Location: C:\Users\Allen Loh\AppData\Local\Temp\~nsu.tmp\Au_.exe
===============================================================
END OF FILE


 

 

Link to post
Share on other sites

  • Root Admin

In most cases, the WinSXS folder is to blame. Aside from a worm, I've never seen malware take up space.

How to address disk space issues that are caused by a large Windows component store (WinSxS) directory

How to Reduce the Size of Your WinSXS Folder on Windows 7 or 8

I'd look into those issues for trying to recover some disk space. It's always in flux growing and shrinking, but over time always growing.

Also, please note the logs indicate that the hosts file has been modified for the purposes of avoiding licensing from Adobe. There are also signs of the OS possibly being modified to bypass Microsoft's licensing. Not sure you're aware, but I'd look into that and remove any possibly pirated items or speak to anyone that might have been using the computer to install such things.

Cheers

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.