Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Defender is broken and possibly corrupt from virus!


  • This topic is locked This topic is locked
9 replies to this topic

#1 Andrew123456

Andrew123456

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 25 January 2017 - 07:16 PM

I disabled Windows Defender because I was stupid and downloaded a file thinking it was safe. Turns out it wasn't. I have successfully remove any trace of the virus and malware. The problem is I cannot reactivate my Windows Defender. When I attempt to open my Windows Defender it says "This app is turned off by group policy...To allow this app to run, contact your security administrator to enable the program via group policy." Then I take the time to install the Group Policy program because windows doesn't come with it and then I look for Windows Defender in Local Computer Policy -> Administrative Templates -> Windows Components. It is suppose to be located in that section but it is not! I know that i can still use other antivirus programs but I want to have Windows Defender running as default at all times. I have my Addition.txt file attached if that helps and my FRST is below. I also don't know if this is the right place to post this problem since I'm new to forums I'm usually decent to computers but this problem is beyond me. If anyone can solve this problem, I'll be so grateful since this is my new computer.

 

 

Attached File  Addition.txt   46.6KB   7 downloads

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017 01

Ran by Andrew Lum (administrator) on ANDREW (25-01-2017 18:52:26)
Running from C:\Users\Andrew Lum\Downloads
Loaded Profiles: Andrew Lum & DefaultAppPool (Available Profiles: Andrew Lum & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Alienware) C:\Program Files\Alienware\Graphics Amplifier\GraphicsAmplifierWindowsService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(AnimGraph) D:\Andrew Lum\Programs Files\Magic Mouse 1 - Utilities\MagicMouse1Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareTactXMacroController.exe
(Apple Inc.) D:\Andrew Lum\Programs Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Alienware Corp.) C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Alienware\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Alienware\Alienware Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell) C:\Program Files\Alienware\Dell Foundation Services\DFS.Common.Agent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16112.10211.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.XboxApp_24.24.20004.0_x64__8wekyb3d8bbwe\XboxApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [35576 2015-10-07] (Alienware)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2016-04-28] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946600 2015-10-15] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-12-10] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => D:\Andrew Lum\Programs Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [transducers] => "C:\Program Files (x86)\Southeasterly\enchantment.exe"
HKLM\...\Run: [transducerstransducers] => "C:\Program Files (x86)\Cleanser\enchantment.exe"
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Recon3Di SBX Control Panel] => c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [1131008 2015-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [3746232 2015-10-15] (Alienware Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-11-04] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [MapsGalaxy] => C:\WINDOWS\Temp\5668.tmp -start <===== ATTENTION
HKLM-x32\...\Run: [kyushu] => "C:\Program Files (x86)\Southeasterly\enchantment.exe"
HKLM-x32\...\Run: [kyushukyushu] => "C:\Program Files (x86)\Cleanser\enchantment.exe"
HKU\S-1-5-21-245923266-918571245-4289204600-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE [297024 2015-01-18] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-245923266-918571245-4289204600-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE [297024 2015-01-18] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-245923266-918571245-4289204600-1001\...\Run: [Google Update] => C:\Users\Andrew Lum\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2017-01-11] (Google Inc.)
HKU\S-1-5-21-245923266-918571245-4289204600-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe <===== ATTENTION
HKU\S-1-5-21-245923266-918571245-4289204600-1001\...\Run: [drive] => "C:\Program Files (x86)\Southeasterly\enchantment.exe"
HKU\S-1-5-21-245923266-918571245-4289204600-1001\...\Run: [drivedrive] => "C:\Program Files (x86)\Cleanser\enchantment.exe"
HKU\S-1-5-21-245923266-918571245-4289204600-1001\...\Run: [pseudoephedrine] => "C:\Program Files (x86)\Southeasterly\enchantment.exe"
HKU\S-1-5-21-245923266-918571245-4289204600-1001\...\Run: [pseudoephedrinepseudoephedrine] => "C:\Program Files (x86)\Cleanser\enchantment.exe"
HKU\S-1-5-21-245923266-918571245-4289204600-1001\...\Run: [study] => "C:\Program Files (x86)\Southeasterly\enchantment.exe"
HKU\S-1-5-21-245923266-918571245-4289204600-1001\...\Run: [GoogleChromeAutoLaunch_D882C3EED8C31114C29FA978A8C4059D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1104728 2016-12-08] (Google Inc.)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE [297024 2015-01-18] (SEIKO EPSON CORPORATION)
GroupPolicyScripts-x32: Restriction <======= ATTENTION
GroupPolicyScripts-x32\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 72.240.13.7 72.240.13.5
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0584e151-bf00-11e6-8751-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{1d1ef918-489a-4cc1-842b-d047e159ea81}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{1d1ef918-489a-4cc1-842b-d047e159ea81}: [DhcpNameServer] 72.240.13.7 72.240.13.5
Tcpip\..\Interfaces\{5181a55a-ff1e-409c-807c-44acfb126614}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5dfb934b-5088-4acc-9749-25829898b543}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{989e31bd-429e-4181-bc21-f8e4aca113fb}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{989e31bd-429e-4181-bc21-f8e4aca113fb}: [DhcpNameServer] 72.240.13.7 72.240.13.5
Tcpip\..\Interfaces\{b88edf32-fb86-4c7d-b563-48c452e52e6c}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{c6c68813-cea0-4e6c-a3c8-bab8f6d44cbf}: [NameServer] 8.8.8.8
 
Internet Explorer:
==================
HKU\S-1-5-21-245923266-918571245-4289204600-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-245923266-918571245-4289204600-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell15.msn.com/?pc=DCTE
HKU\S-1-5-21-245923266-918571245-4289204600-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-245923266-918571245-4289204600-1001 -> DefaultScope {6281843B-6FEB-400E-A02E-2D9A305EF08F} URL = 
SearchScopes: HKU\S-1-5-21-245923266-918571245-4289204600-1001 -> {6281843B-6FEB-400E-A02E-2D9A305EF08F} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-12-08] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-21] (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [No File]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-22] (Google Inc.)
FF Plugin HKU\S-1-5-21-245923266-918571245-4289204600-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Andrew Lum\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-245923266-918571245-4289204600-1001: @talk.google.com/O1DPlugin -> C:\Users\Andrew Lum\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-245923266-918571245-4289204600-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Andrew Lum\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-245923266-918571245-4289204600-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Andrew Lum\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-11] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Andrew Lum\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Andrew Lum\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default [2017-01-25]
CHR Extension: (Google Slides) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-22]
CHR Extension: (Livestream downloader) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcociiobbpehgklomfdghmbdmclbmgl [2017-01-22]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-01-22]
CHR Extension: (Flash Video Downloader) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-01-22]
CHR Extension: (HD for YouTube™) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2017-01-22]
CHR Extension: (Always on Top) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\amclpcgcmdkdaichklckjepcjjdcmcii [2017-01-22]
CHR Extension: (PIP Video) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\anoelogknphkblfagnpdmpfpaddikbae [2017-01-22]
CHR Extension: (Google Docs) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-22]
CHR Extension: (Google Drive) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-22]
CHR Extension: (YouTube) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-22]
CHR Extension: (The Avengers) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckfllifdbmfjehnombllbaojfdkmnpdm [2017-01-22]
CHR Extension: (Smart Pause for YouTube) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcflkimagfnicklojfonbbcppnikogih [2017-01-22]
CHR Extension: (iHeartRadio) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\djfamdpdfnbdehpafbeefbpobbohmfnc [2017-01-22]
CHR Extension: (Chameleon) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpojjilddefgnhiicjcmhbkjgbbclob [2017-01-22]
CHR Extension: (Floating for YouTube™ Extension) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\egncdnniomonjgpjbapalkckojhkfddk [2017-01-22]
CHR Extension: (Video Downloader professional) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-01-22]
CHR Extension: (Google Sheets) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-22]
CHR Extension: (Google Docs Offline) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-22]
CHR Extension: (AdBlock) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-25]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2017-01-22]
CHR Extension: (Add Coupons and Cashback - Piggy!) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfapbcheiepjppjbnkphkmegjlipojba [2017-01-25]
CHR Extension: (Download and Save PutlockerIS videos ...) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\hklkpjopmcleiejmcpkmoiglimjjihgd [2017-01-22]
CHR Extension: (Floating for YouTube™) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjphmlaoffndcnecccgemfdaaoighkel [2017-01-22]
CHR Extension: (Sideplayer™) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\nicokganngdkmjiejngaacdlllkdpikn [2017-01-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-22]
CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2017-01-22]
CHR Extension: (Always on top APP ADD-ON) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\oppldakpkfhiglmfehedjgideggjhcle [2017-01-22]
CHR Extension: (Click&Clean App) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-01-22]
CHR Extension: (Gmail) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-22]
CHR Extension: (Chrome Media Router) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-22]
CHR Profile: C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-25]
CHR Extension: (Google Slides) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-22]
CHR Extension: (Google Docs) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-22]
CHR Extension: (Gom VPN - Bypass and unblock) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke [2017-01-22]
CHR Extension: (iHeartRadio) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\djfamdpdfnbdehpafbeefbpobbohmfnc [2017-01-22]
CHR Extension: (Google Sheets) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-22]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2016-12-07]
CHR Extension: (Google Docs Offline) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-08]
CHR Extension: (AdBlock) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-25]
CHR Extension: (Core) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gkhcgfdghbiidgeccbldhfceleibkkpe [2016-12-07]
CHR Extension: (Your Dashboard 
 Membean) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ifcpkjgipeejmopkbkgkoieoklficadf [2016-12-07]
CHR Extension: (Frogger) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jefgapcholmflcnkkpkedladlephgnic [2016-12-07]
CHR Extension: (PowerStudent) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlapkdomihdknaijbhjgcmhcnjebemmn [2017-01-10]
CHR Extension: (Grammarly for Chrome) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-01-23]
CHR Extension: (Adorable Hamster Pet) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khmhiilheedbaffkfhjjodneogdaehfa [2016-12-07]
CHR Extension: (Shortkeys (Custom Keyboard Shortcuts)) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\logpjaacgmcbpdkdchjiaagddngobkck [2016-12-07]
CHR Extension: (a.0 (Powerschool Enhancement)) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lopcdcbkjdojohoahkjlclfmpnfolbfa [2017-01-10]
CHR Extension: (Thesaurus: Synonym 4 Right Click) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lpkpcliecpgjbkffooidajhakoidhidh [2016-12-07]
CHR Extension: (Save Image As PNG) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nkokmeaibnajheohncaamjggkanfbphi [2017-01-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-22]
CHR Extension: (Gmail) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-07]
CHR Extension: (RocketBolt: Email Tracking for Gmail) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkapfpgbgfcojflnfmhnplkkkcdcmkfj [2017-01-06]
CHR Extension: (Chrome Media Router) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-07]
CHR Profile: C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-22]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 AtherosSvc; C:\WINDOWS\system32\AdminService.exe [355760 2016-06-26] (Windows ® Win 7 DDK provider)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2017-01-22] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [431088 2016-09-07] (Intel Corporation)
R2 CTAudSvcService; c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [429056 2013-10-28] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\WINDOWS\sysWow64\CtHdaSvc.exe [133640 2016-03-17] (Creative Technology Ltd)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Alienware\Dell Foundation Services\DFSSvc.exe [97616 2016-11-30] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1585784 2016-06-03] (Intel Corporation)
R2 GraphicsAmplifierWindowsService; C:\Program Files\Alienware\Graphics Amplifier\GraphicsAmplifierWindowsService.exe [36112 2015-07-23] (Alienware)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2016-04-28] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-09-07] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 iprip; C:\WINDOWS\System32\iprip.dll [35328 2017-01-22] (Microsoft Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation)
S3 LxssManager; C:\WINDOWS\system32\lxss\LxssManager.dll [327168 2017-01-22] (Microsoft Corporation)
R2 MagicMouse1Service; D:\Andrew Lum\Programs Files\Magic Mouse 1 - Utilities\MagicMouse1Service.exe [8594448 2016-08-21] (AnimGraph)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2016-12-12] (NVIDIA Corporation)
R2 Product Registration; C:\Program Files\Alienware\Alienware Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
S2 SkypeUpdate; D:\Andrew Lum\Programs Files\Skype\Updater\Updater.exe [324224 2016-09-20] (Skype Technologies)
R2 SNMP; C:\WINDOWS\System32\snmp.exe [53248 2017-01-22] (Microsoft Corporation)
R2 SNMP; C:\WINDOWS\SysWOW64\snmp.exe [47104 2017-01-22] (Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246376 2015-10-15] (Synaptics Incorporated)
S3 ThunderboltService; c:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1831064 2015-11-04] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [2001920 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 applebmt; C:\WINDOWS\system32\DRIVERS\applebmt.sys [52736 2017-01-03] (Apple Inc.)
R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [145736 2016-09-19] (Rivet Networks, LLC.)
R3 cthda; C:\WINDOWS\system32\drivers\cthda.sys [1076008 2016-03-17] (Creative Technology Ltd)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32464 2016-06-23] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2016-06-23] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [70208 2016-05-19] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-05-19] (Intel Corporation)
R0 EMSC; C:\WINDOWS\System32\drivers\EMSC.SYS [36424 2015-07-13] ()
R0 EMSC; C:\Windows\SysWOW64\drivers\EMSC.SYS [33864 2015-07-13] ()
S3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [343608 2016-05-19] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [162120 2016-09-16] (Qualcomm Atheros, Inc.)
R3 kiox_ff_driver; C:\WINDOWS\system32\DRIVERS\kiox_ff_driver.sys [51304 2015-10-02] (Kionix, Inc.)
R0 lxss; C:\WINDOWS\System32\drivers\lxss.sys [15712 2017-01-22] (Microsoft Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2017-01-22] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2017-01-24] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-24] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-24] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-24] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_abcfc5746cfa0cc0\nvlddmkm.sys [14200880 2016-12-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation)
R3 Qcamain10x64; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2336768 2016-07-16] (Qualcomm Atheros, Inc.)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [752856 2015-05-29] (Realsil Semiconductor Corporation)
R3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
R3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42600 2015-10-15] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-01-22] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-01-22] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: LxssManager -> C:\Windows\system32\lxss\LxssManager.dll (Microsoft Corporation)
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-25 18:29 - 2017-01-25 18:30 - 00047596 _____ C:\Users\Andrew Lum\Desktop\Addition.txt
2017-01-25 18:28 - 2017-01-25 18:52 - 00039165 _____ C:\Users\Andrew Lum\Downloads\FRST.txt
2017-01-25 18:28 - 2017-01-25 18:52 - 00000000 ____D C:\FRST
2017-01-25 18:23 - 2017-01-25 18:27 - 02420736 _____ (Farbar) C:\Users\Andrew Lum\Downloads\FRST64.exe
2017-01-24 18:42 - 2017-01-24 18:42 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-24 18:41 - 2017-01-24 18:41 - 00000000 ___HD C:\OneDriveTemp
2017-01-24 18:32 - 2017-01-24 18:32 - 01048576 _____ C:\WINDOWS\system32\defltbase.sdb
2017-01-24 18:32 - 2017-01-24 18:32 - 00016384 _____ C:\WINDOWS\system32\defltbase.jfm
2017-01-24 18:28 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-24 18:28 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-23 18:31 - 2017-01-23 18:32 - 00897024 _____ C:\Users\Andrew Lum\Downloads\xpadmsetup.msi
2017-01-23 18:31 - 2017-01-23 18:32 - 00752128 _____ C:\Users\Andrew Lum\Downloads\2003admsetup.msi
2017-01-23 18:31 - 2017-01-23 18:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Group Policy
2017-01-23 18:31 - 2017-01-23 18:31 - 00797184 _____ C:\Users\Andrew Lum\Downloads\2000admsetup.msi
2017-01-23 17:32 - 2017-01-23 17:32 - 00001365 _____ C:\Users\Andrew Lum\Downloads\Windefend.zip
2017-01-23 17:23 - 2017-01-23 17:23 - 00541696 _____ (TheWindowsClub.com) C:\Users\Andrew Lum\Downloads\FixWin v 1.2.exe
2017-01-23 16:43 - 2017-01-23 16:43 - 00000000 ____D C:\Users\Andrew Lum\Downloads\add_gpedit_msc_by_jwils876-d3kh6vm
2017-01-23 16:23 - 2017-01-23 16:44 - 00002586 _____ C:\WINDOWS\unins000.dat
2017-01-23 16:23 - 2017-01-23 16:43 - 00707354 _____ C:\WINDOWS\unins000.exe
2017-01-23 16:22 - 2017-01-23 16:23 - 00901344 _____ (Richard ) C:\Users\Andrew Lum\Downloads\setup.exe
2017-01-22 21:10 - 2017-01-22 21:10 - 00000000 ____D C:\WINDOWS\system32\GPBAK
2017-01-22 20:59 - 2017-01-22 21:00 - 00000000 ____D C:\Users\Andrew Lum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-01-22 20:35 - 2017-01-22 20:51 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-22 20:34 - 2017-01-22 20:35 - 11581544 _____ (SurfRight B.V.) C:\Users\Andrew Lum\Downloads\hitmanpro_x64.exe
2017-01-22 20:26 - 2017-01-25 18:52 - 00280334 _____ C:\WINDOWS\ZAM.krnl.trace
2017-01-22 20:26 - 2017-01-25 18:52 - 00249822 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-01-22 20:26 - 2017-01-22 20:26 - 05248448 _____ (Zemana Ltd.) C:\Users\Andrew Lum\Downloads\Zemana.AntiMalware.Portable.exe
2017-01-22 20:26 - 2017-01-22 20:26 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-01-22 20:26 - 2017-01-22 20:26 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-01-22 20:26 - 2017-01-22 20:26 - 00000000 ____D C:\Users\Andrew Lum\AppData\Local\Zemana
2017-01-22 20:20 - 2017-01-23 21:15 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-22 20:20 - 2017-01-22 20:20 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-01-22 20:20 - 2017-01-22 20:20 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2017-01-22 20:20 - 2017-01-22 20:20 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2017-01-22 20:20 - 2017-01-22 20:20 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2017-01-22 20:20 - 2017-01-22 20:20 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2017-01-22 20:14 - 2017-01-22 20:14 - 00000008 __RSH C:\Users\Andrew Lum\ntuser.pol
2017-01-22 19:47 - 2017-01-22 19:47 - 00000000 ___SD C:\WINDOWS\system32\lxss
2017-01-22 19:47 - 2017-01-22 19:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2017-01-22 19:47 - 2017-01-22 19:47 - 00000000 ____D C:\WINDOWS\system32\msmq
2017-01-22 19:47 - 2017-01-22 19:47 - 00000000 ____D C:\Program Files\Windows Identity Foundation
2017-01-22 19:47 - 2017-01-22 19:47 - 00000000 ____D C:\inetpub
2017-01-22 19:05 - 2017-01-22 19:05 - 00001047 _____ C:\Users\Andrew Lum\Downloads\x86x64.zip
2017-01-22 19:03 - 2001-08-23 13:00 - 00034871 _____ C:\WINDOWS\system32\gpedit.msc
2017-01-22 18:48 - 2017-01-22 18:48 - 00000000 ____D C:\ProgramData\Sophos
2017-01-22 18:47 - 2017-01-22 21:11 - 00000000 ____D C:\WINDOWS\SysWOW64\GPBAK
2017-01-22 18:47 - 2017-01-22 18:47 - 00875012 _____ C:\Users\Andrew Lum\Downloads\add_gpedit_msc_by_jwils876-d3kh6vm.zip
2017-01-22 18:47 - 2017-01-22 18:47 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-01-22 18:47 - 2017-01-22 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-01-22 18:47 - 2017-01-22 18:47 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-01-22 18:47 - 2015-09-18 16:34 - 00040016 _____ (Kionix, Inc.) C:\WINDOWS\system32\Drivers\kxdiskprot.sys
2017-01-22 18:47 - 2008-04-14 02:11 - 00295936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2017-01-22 18:47 - 2001-08-23 13:00 - 00034871 _____ C:\WINDOWS\SysWOW64\gpedit.msc
2017-01-22 18:43 - 2017-01-22 18:46 - 161072776 _____ (Sophos Limited) C:\Users\Andrew Lum\Downloads\Sophos Virus Removal Tool.exe
2017-01-22 18:41 - 2017-01-22 18:49 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-22 18:41 - 2017-01-22 18:49 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-22 18:41 - 2017-01-22 18:41 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-22 18:25 - 2017-01-24 19:41 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-22 18:25 - 2017-01-24 18:20 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-22 18:25 - 2017-01-24 18:19 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-22 18:25 - 2017-01-24 18:19 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-22 18:25 - 2017-01-22 18:25 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-22 18:25 - 2017-01-22 18:25 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-22 18:25 - 2017-01-22 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-22 18:25 - 2017-01-22 18:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-22 18:25 - 2017-01-22 18:25 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-22 18:25 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-22 18:24 - 2017-01-22 18:24 - 54199488 _____ (Malwarebytes ) C:\Users\Andrew Lum\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2017-01-22 18:04 - 2017-01-22 18:04 - 00000000 ___HD C:\$SysReset
2017-01-22 18:01 - 2017-01-22 18:01 - 01065376 _____ (Google Inc.) C:\Users\Andrew Lum\Downloads\ChromeSetup.exe
2017-01-22 17:05 - 2017-01-22 20:32 - 00000000 ___HD C:\Program Files (x86)\Cleanser
2017-01-22 17:05 - 2017-01-22 20:31 - 00000000 ___HD C:\Program Files (x86)\Southeasterly
2017-01-22 17:05 - 2017-01-22 20:29 - 00000000 ___HD C:\Program Files (x86)\dogg
2017-01-22 17:05 - 2017-01-22 17:05 - 00003714 _____ C:\WINDOWS\System32\Tasks\Sak6025987k6025987
2017-01-22 17:04 - 2017-01-22 17:14 - 00000000 ____D C:\Users\Andrew Lum\AppData\Local\app
2017-01-22 17:03 - 2017-01-22 17:25 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-01-22 17:03 - 2017-01-22 17:03 - 00140288 _____ C:\Users\Andrew Lum\AppData\Roaming\Installer.dat
2017-01-22 17:03 - 2017-01-22 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\sstmp
2017-01-22 17:03 - 2017-01-22 17:03 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-01-22 17:03 - 2017-01-22 17:03 - 00000000 ____D C:\Users\Andrew Lum\AppData\Roaming\Macromedia
2017-01-22 17:03 - 2017-01-22 17:03 - 00000000 ____D C:\Users\Andrew Lum\AppData\Local\CrashRpt
2017-01-22 16:34 - 2017-01-22 16:34 - 00001699 _____ C:\Users\Andrew Lum\Desktop\1click.cmd
2017-01-22 05:25 - 2017-01-22 05:25 - 00009216 _____ (Enchantment) C:\WINDOWS\monopolizes.exe
2017-01-21 20:12 - 2017-01-21 20:12 - 00000000 _____ C:\Users\Andrew Lum\cd
2017-01-18 20:03 - 2017-01-18 20:03 - 22406516 _____ C:\Users\Andrew Lum\Downloads\Infinitive expressions VT.mp4
2017-01-18 20:02 - 2017-01-18 20:02 - 00028392 _____ C:\Users\Andrew Lum\Downloads\Expresiones con el infinitivo.pdf
2017-01-15 21:59 - 2017-01-24 18:45 - 00860472 _____ C:\WINDOWS\system32\prfh0804.dat
2017-01-15 21:59 - 2017-01-24 18:45 - 00264198 _____ C:\WINDOWS\system32\prfc0804.dat
2017-01-15 21:59 - 2017-01-15 21:59 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HANS
2017-01-15 21:59 - 2017-01-15 21:59 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-01-15 21:59 - 2017-01-15 21:59 - 00000000 ____D C:\WINDOWS\system32\zh-HANS
2017-01-15 21:59 - 2017-01-15 21:58 - 00113094 _____ C:\WINDOWS\system32\prfi0804.dat
2017-01-15 21:59 - 2017-01-15 21:58 - 00033362 _____ C:\WINDOWS\system32\prfd0804.dat
2017-01-15 21:54 - 2017-01-15 21:54 - 00001696 _____ C:\WINDOWS\SysWOW64\NOISE.CHS
2017-01-15 21:54 - 2017-01-15 21:54 - 00001696 _____ C:\WINDOWS\system32\NOISE.CHS
2017-01-15 21:53 - 2017-01-15 21:53 - 00001049 _____ C:\Users\Andrew Lum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2017-01-15 21:53 - 2016-07-15 19:29 - 02963968 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Models0804.dll
2017-01-15 21:53 - 2016-07-15 19:29 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Lexicons0804.dll
2017-01-15 21:53 - 2016-07-15 19:25 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB70804.dll
2017-01-15 21:53 - 2016-07-15 19:17 - 03430912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Data0804.dll
2017-01-15 21:53 - 2016-07-15 18:39 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWB70804.dll
2017-01-15 21:53 - 2016-07-15 18:36 - 03361792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NL7Data0804.dll
2017-01-15 17:47 - 2017-01-15 17:47 - 00000897 _____ C:\Users\Andrew Lum\Desktop\Impactor - Shortcut.lnk
2017-01-15 15:55 - 2017-01-15 15:55 - 00000000 ____D C:\Users\Andrew Lum\.android
2017-01-11 21:43 - 2017-01-11 21:43 - 00008202 _____ C:\Users\Andrew Lum\Downloads\uninstalled.php
2017-01-11 15:40 - 2017-01-11 15:40 - 00000000 ____D C:\Users\Andrew Lum\AppData\Roaming\Mozilla
2017-01-11 15:39 - 2017-01-11 15:47 - 00003682 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-245923266-918571245-4289204600-1001UA
2017-01-11 15:39 - 2017-01-11 15:47 - 00003414 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-245923266-918571245-4289204600-1001Core
2017-01-11 15:39 - 2017-01-11 15:39 - 01065376 _____ (Google Inc.) C:\Users\Andrew Lum\Downloads\GoogleVoiceAndVideoSetup.exe
2017-01-10 17:14 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 17:14 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 17:14 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 17:14 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 17:14 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 17:14 - 2016-12-21 02:45 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-10 17:14 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 17:14 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 17:14 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 17:14 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 17:14 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 17:14 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 17:14 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 17:14 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 17:14 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 17:14 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 17:14 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 17:14 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 17:14 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 17:14 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 17:14 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 17:14 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 17:14 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 17:14 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 17:14 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 17:14 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 17:14 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 17:14 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 17:14 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 17:14 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 17:14 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 17:14 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 17:14 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 17:14 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 17:14 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 17:14 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 17:14 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 17:14 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 17:14 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 17:14 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 17:14 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 17:14 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 17:14 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 17:14 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 17:14 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 17:14 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 17:14 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 17:14 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 17:14 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 17:14 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 17:14 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 17:14 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 17:14 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 17:14 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 17:14 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 17:14 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 17:14 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 17:14 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 17:14 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 17:14 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 17:14 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 17:14 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 17:14 - 2016-12-21 00:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2017-01-10 17:14 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 17:14 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 17:14 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 17:14 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 17:14 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 17:14 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 17:14 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 17:14 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 17:14 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 17:14 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 17:14 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 17:14 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 17:14 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 17:14 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 17:14 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 17:14 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 17:14 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 17:14 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 17:14 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 17:14 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 17:14 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 17:14 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 17:14 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 17:14 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 17:14 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 17:14 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 17:14 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 17:14 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 17:14 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 17:14 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 17:14 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 17:14 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 17:14 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 17:14 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 17:14 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 17:14 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 17:14 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 17:14 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 17:14 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 17:14 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 17:14 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 17:14 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 17:14 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 17:14 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 17:14 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 17:14 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 17:14 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 17:14 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 17:14 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 17:14 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 17:14 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 17:14 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 17:14 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 17:14 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 17:14 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 17:14 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 17:14 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 17:14 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 17:14 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 17:14 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 17:14 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 17:14 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 17:14 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 17:14 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 17:14 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 17:14 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 17:14 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 17:14 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 17:14 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 17:14 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 17:14 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 17:14 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 17:14 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 17:14 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 17:14 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 17:14 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 17:14 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 17:14 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 17:14 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 17:14 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 17:14 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 17:14 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 17:14 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 17:14 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 17:14 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 17:14 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 17:14 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 17:14 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 17:14 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 17:14 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 17:14 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 17:14 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 17:14 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 17:14 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 17:14 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 17:14 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 17:14 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 17:14 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 17:14 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 17:14 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 17:14 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 17:14 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 17:14 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 17:14 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-10 17:14 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-09 20:54 - 2017-01-09 20:54 - 25521328 _____ C:\Users\Andrew Lum\Downloads\Regular -er-ir verbs VT.mp4
2017-01-07 17:42 - 2017-01-07 17:42 - 00555108 _____ C:\WINDOWS\Minidump\010717-14000-01.dmp
2017-01-03 16:45 - 2017-01-03 16:45 - 00000000 ____D C:\Users\Andrew Lum\AppData\LocalLow\Plotagon
2017-01-03 16:44 - 2017-01-03 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plotagon
2017-01-03 16:44 - 2017-01-03 16:44 - 00000000 ____D C:\ProgramData\Caphyon
2017-01-03 16:42 - 2017-01-03 16:44 - 00000000 ____D C:\Users\Andrew Lum\AppData\Roaming\Plotagon
2017-01-03 16:26 - 2017-01-12 17:45 - 00000074 _____ C:\Users\Andrew Lum\AppData\Roaming\Magic Mouse 1 Utilities - 64 bit.ini
2017-01-03 16:23 - 2017-01-03 16:23 - 01919968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01005.dll
2017-01-03 16:23 - 2017-01-03 16:23 - 00052736 _____ (Apple Inc.) C:\WINDOWS\system32\Drivers\applebmt.sys
2017-01-03 16:23 - 2017-01-03 16:23 - 00005090 _____ C:\ProgramData\pelcjmdl.brh
2017-01-03 16:23 - 2017-01-03 16:23 - 00000016 _____ C:\ProgramData\mntemp
2017-01-03 16:23 - 2017-01-03 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Mouse 1 - Utilities
2017-01-01 10:02 - 2017-01-21 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-01-01 10:02 - 2017-01-21 13:10 - 00000000 ____D C:\Program Files\Java
2016-12-31 07:49 - 2017-01-21 13:09 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-12-31 07:49 - 2016-12-31 07:49 - 00000000 ____D C:\Users\Andrew Lum\.oracle_jre_usage
2016-12-31 07:48 - 2016-12-31 07:48 - 00000000 ____D C:\Users\Andrew Lum\AppData\LocalLow\Oracle
2016-12-31 07:23 - 2016-12-31 07:23 - 00000000 ____D C:\Users\Andrew Lum\Desktop\game
2016-12-29 11:23 - 2016-12-29 11:23 - 00000000 ____D C:\Users\Andrew Lum\AppData\Local\Programs
2016-12-29 05:50 - 2016-12-29 05:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-12-29 05:50 - 2016-12-29 05:50 - 00000000 ____D C:\Program Files (x86)\Skype
2016-12-29 05:33 - 2016-12-29 05:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-12-29 05:33 - 2016-12-29 05:33 - 00000000 ____D C:\Program Files\iPod
2016-12-29 05:24 - 2016-12-29 05:24 - 177044296 _____ (Apple Inc.) C:\Users\Andrew Lum\Downloads\iTunes6464Setup.exe
2016-12-28 21:54 - 2016-12-28 21:54 - 00000000 ____D C:\Users\Andrew Lum\Documents\Alienware TactX
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-25 17:53 - 2016-12-10 12:42 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-25 15:47 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-25 15:42 - 2016-12-12 18:34 - 00000000 ____D C:\Users\Andrew Lum\AppData\Local\ElevatedDiagnostics
2017-01-25 15:35 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-25 15:35 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-25 15:34 - 2016-12-10 12:44 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-24 18:52 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 18:45 - 2016-04-25 15:04 - 03448292 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-24 18:43 - 2016-12-10 12:45 - 00000000 ____D C:\Users\Andrew Lum
2017-01-24 18:41 - 2016-12-07 18:56 - 00000000 ___RD C:\Users\Andrew Lum\OneDrive
2017-01-24 18:40 - 2016-12-10 12:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-24 18:40 - 2016-12-10 12:43 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-24 18:40 - 2016-12-07 18:54 - 00000000 __SHD C:\Users\Andrew Lum\IntelGraphicsProfiles
2017-01-24 18:40 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-24 18:39 - 2016-12-22 17:32 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-01-24 18:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-23 17:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-23 16:58 - 2016-12-08 18:18 - 00000000 ____D C:\Users\Andrew Lum\AppData\Roaming\Epson
2017-01-23 16:47 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-01-23 15:32 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-22 21:38 - 2016-12-12 19:15 - 00000000 ____D C:\Users\Andrew Lum\AppData\Local\CrashDumps
2017-01-22 20:25 - 2016-06-21 07:45 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-22 19:47 - 2016-12-10 15:39 - 00791904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lxcore.sys
2017-01-22 19:47 - 2016-12-10 15:39 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\LxRun.exe
2017-01-22 19:47 - 2016-12-10 15:39 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bash.exe
2017-01-22 19:47 - 2016-12-10 15:39 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
2017-01-22 19:47 - 2016-12-10 15:39 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmp.exe
2017-01-22 19:47 - 2016-12-10 15:39 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-01-22 19:47 - 2016-12-10 15:39 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-01-22 19:47 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-01-22 19:47 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-01-22 19:47 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-22 19:47 - 2016-07-16 06:44 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2017-01-22 19:47 - 2016-07-16 06:44 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2017-01-22 19:47 - 2016-07-16 06:44 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2017-01-22 19:47 - 2016-07-16 06:44 - 00194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmpsnap.dll
2017-01-22 19:47 - 2016-07-16 06:44 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-01-22 19:47 - 2016-07-16 06:44 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2017-01-22 19:47 - 2016-07-16 06:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntwin.exe
2017-01-22 19:47 - 2016-07-16 06:44 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntwin.exe
2017-01-22 19:47 - 2016-07-16 06:44 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntagnt.dll
2017-01-22 19:47 - 2016-07-16 06:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2017-01-22 19:47 - 2016-07-16 06:44 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2017-01-22 19:47 - 2016-07-16 06:44 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntagnt.dll
2017-01-22 19:47 - 2016-07-16 06:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2017-01-22 19:47 - 2016-07-16 06:44 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hostmib.dll
2017-01-22 19:47 - 2016-07-16 06:44 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-01-22 19:47 - 2016-07-16 06:44 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\lmmib2.dll
2017-01-22 19:47 - 2016-07-16 06:44 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hostmib.dll
2017-01-22 19:47 - 2016-07-16 06:44 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lmmib2.dll
2017-01-22 19:47 - 2016-07-16 06:44 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2017-01-22 19:47 - 2016-07-16 06:44 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntcmd.exe
2017-01-22 19:47 - 2016-07-16 06:44 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-01-22 19:47 - 2016-07-16 06:44 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntcmd.exe
2017-01-22 19:47 - 2016-07-16 06:44 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64mib.dll
2017-01-22 19:47 - 2016-07-16 06:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-01-22 19:47 - 2016-07-16 06:44 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2017-01-22 19:47 - 2016-07-16 06:44 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmpmib.dll
2017-01-22 19:47 - 2016-07-16 06:44 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-01-22 19:47 - 2016-07-16 06:44 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmpmib.dll
2017-01-22 19:47 - 2016-07-16 06:44 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2017-01-22 19:47 - 2016-07-16 06:44 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2017-01-22 19:47 - 2016-07-16 06:43 - 01414144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2017-01-22 19:47 - 2016-07-16 06:43 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2017-01-22 19:47 - 2016-07-16 06:43 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2017-01-22 19:47 - 2016-07-16 06:43 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2017-01-22 19:47 - 2016-07-16 06:43 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmpsnap.dll
2017-01-22 19:47 - 2016-07-16 06:43 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2017-01-22 19:47 - 2016-07-16 06:43 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-01-22 19:47 - 2016-07-16 06:43 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2017-01-22 19:47 - 2016-07-16 06:43 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\telnet.exe
2017-01-22 19:47 - 2016-07-16 06:43 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2017-01-22 19:47 - 2016-07-16 06:43 - 00107882 _____ C:\WINDOWS\SysWOW64\mib_ii.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00107882 _____ C:\WINDOWS\system32\mib_ii.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2017-01-22 19:47 - 2016-07-16 06:43 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2017-01-22 19:47 - 2016-07-16 06:43 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2017-01-22 19:47 - 2016-07-16 06:43 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-01-22 19:47 - 2016-07-16 06:43 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-01-22 19:47 - 2016-07-16 06:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2017-01-22 19:47 - 2016-07-16 06:43 - 00048593 _____ C:\WINDOWS\SysWOW64\hostmib.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00048593 _____ C:\WINDOWS\system32\hostmib.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2017-01-22 19:47 - 2016-07-16 06:43 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprip.dll
2017-01-22 19:47 - 2016-07-16 06:43 - 00034317 _____ C:\WINDOWS\SysWOW64\msiprip2.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00034317 _____ C:\WINDOWS\system32\msiprip2.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00030448 _____ C:\WINDOWS\SysWOW64\mcastmib.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00030448 _____ C:\WINDOWS\system32\mcastmib.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspperf.dll
2017-01-22 19:47 - 2016-07-16 06:43 - 00026236 _____ C:\WINDOWS\SysWOW64\wins.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00026236 _____ C:\WINDOWS\system32\wins.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2017-01-22 19:47 - 2016-07-16 06:43 - 00026100 _____ C:\WINDOWS\SysWOW64\lmmib2.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00026100 _____ C:\WINDOWS\system32\lmmib2.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspperf.dll
2017-01-22 19:47 - 2016-07-16 06:43 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TFTP.EXE
2017-01-22 19:47 - 2016-07-16 06:43 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\simptcp.dll
2017-01-22 19:47 - 2016-07-16 06:43 - 00022462 _____ C:\WINDOWS\SysWOW64\rfc2571.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00022462 _____ C:\WINDOWS\system32\rfc2571.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00021271 _____ C:\WINDOWS\SysWOW64\http.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00021271 _____ C:\WINDOWS\system32\http.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-01-22 19:47 - 2016-07-16 06:43 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2017-01-22 19:47 - 2016-07-16 06:43 - 00015799 _____ C:\WINDOWS\SysWOW64\ipforwd.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00015799 _____ C:\WINDOWS\system32\ipforwd.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-01-22 19:47 - 2016-07-16 06:43 - 00015032 _____ C:\WINDOWS\SysWOW64\authserv.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00015032 _____ C:\WINDOWS\system32\authserv.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00014032 _____ C:\WINDOWS\SysWOW64\accserv.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00014032 _____ C:\WINDOWS\system32\accserv.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00013767 _____ C:\WINDOWS\SysWOW64\msipbtp.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00013767 _____ C:\WINDOWS\system32\msipbtp.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-01-22 19:47 - 2016-07-16 06:43 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2017-01-22 19:47 - 2016-07-16 06:43 - 00006179 _____ C:\WINDOWS\SysWOW64\ftp.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00006179 _____ C:\WINDOWS\system32\ftp.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00004597 _____ C:\WINDOWS\SysWOW64\dhcp.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00004597 _____ C:\WINDOWS\system32\dhcp.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00004411 _____ C:\WINDOWS\SysWOW64\smi.mib
2017-01-22 19:47 - 2016-07-16 06:43 - 00004411 _____ C:\WINDOWS\system32\smi.mib
2017-01-22 19:47 - 2016-07-16 06:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lxss.sys
2017-01-22 18:41 - 2016-12-07 18:57 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-22 17:14 - 2016-12-10 12:42 - 00363880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-22 17:05 - 2016-12-07 18:54 - 00000000 ____D C:\Users\Andrew Lum\AppData\Local\Packages
2017-01-21 13:16 - 2016-12-07 19:26 - 00000000 ____D C:\ProgramData\Oracle
2017-01-21 13:16 - 2016-12-07 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-21 13:10 - 2016-12-07 19:26 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-21 13:08 - 2016-12-07 19:26 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-01-20 20:57 - 2016-12-15 19:40 - 00003282 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-20 20:57 - 2016-12-07 18:56 - 00002380 _____ C:\Users\Andrew Lum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-16 09:30 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-15 21:59 - 2016-07-16 09:14 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-01-15 21:59 - 2016-07-16 09:14 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-01-15 21:59 - 2016-07-16 09:14 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-01-15 21:59 - 2016-07-16 09:14 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-01-15 21:59 - 2016-07-16 09:14 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-01-15 21:59 - 2016-07-16 09:14 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-01-15 21:59 - 2016-07-16 09:14 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-01-15 21:59 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-01-15 21:59 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-01-15 21:59 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-01-15 21:59 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-01-15 21:59 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-01-15 21:59 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-01-15 21:59 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-01-15 21:59 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-01-15 21:58 - 2016-07-16 09:14 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-01-15 21:58 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-01-15 21:58 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2017-01-15 21:58 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-01-15 21:58 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-01-15 21:58 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-15 21:58 - 2016-07-16 06:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-01-15 21:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-15 21:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-01-15 21:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-01-15 21:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Com
2017-01-15 21:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\IME
2017-01-15 21:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Help
2017-01-15 21:58 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-01-15 21:58 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Common Files\System
2017-01-15 21:58 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-01-15 21:58 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-01-15 21:58 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-01-15 21:58 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\servicing
2017-01-15 21:54 - 2016-07-16 09:15 - 00000000 ____D C:\WINDOWS\OCR
2017-01-15 18:28 - 2016-12-07 18:56 - 00000000 ____D C:\Users\Andrew Lum\AppData\Roaming\Skype
2017-01-15 15:51 - 2016-12-19 05:59 - 00000000 ____D C:\Users\Andrew Lum\AppData\Roaming\Apple Computer
2017-01-12 20:52 - 2016-12-17 16:14 - 00000000 ____D C:\Users\Andrew Lum\AppData\Roaming\Mp3tag
2017-01-11 15:40 - 2016-12-07 18:57 - 00000000 ____D C:\Users\Andrew Lum\AppData\Local\Google
2017-01-10 18:41 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-10 18:41 - 2016-04-25 15:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-10 18:23 - 2016-04-25 15:52 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-10 18:11 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-10 18:11 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-10 18:11 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-10 17:25 - 2016-12-08 19:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 17:23 - 2016-12-08 19:04 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-07 17:42 - 2016-12-12 18:41 - 917166184 _____ C:\WINDOWS\MEMORY.DMP
2017-01-07 17:42 - 2016-12-12 18:41 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-05 16:06 - 2016-12-22 22:42 - 00000000 ____D C:\Users\Andrew Lum\AppData\Local\Razer
2016-12-31 21:48 - 2016-12-10 11:41 - 00000000 ____D C:\Users\Andrew Lum\AppData\Roaming\.minecraft
2016-12-31 15:06 - 2016-12-07 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-12-30 14:06 - 2016-12-09 21:36 - 00000000 ____D C:\Users\Andrew Lum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-12-29 06:00 - 2016-06-21 07:54 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-12-29 05:50 - 2016-12-08 20:00 - 00000000 ____D C:\ProgramData\Skype
2016-12-29 05:29 - 2016-12-19 05:58 - 00000000 ____D C:\Program Files\Common Files\Apple
 
==================== Files in the root of some directories =======
 
2017-01-22 17:03 - 2017-01-22 17:03 - 0140288 _____ () C:\Users\Andrew Lum\AppData\Roaming\Installer.dat
2017-01-03 16:26 - 2017-01-12 17:45 - 0000074 _____ () C:\Users\Andrew Lum\AppData\Roaming\Magic Mouse 1 Utilities - 64 bit.ini
2016-12-08 19:23 - 2016-12-12 19:14 - 0000000 _____ () C:\Users\Andrew Lum\AppData\Local\Driver_11ACPresent.flag
2016-12-08 19:23 - 2016-12-12 19:14 - 0000000 _____ () C:\Users\Andrew Lum\AppData\Local\Driver_1535Present.flag
2016-12-08 19:23 - 2016-12-12 19:14 - 0000000 _____ () C:\Users\Andrew Lum\AppData\Local\Driver_LOM_8171Present.flag
2017-01-03 16:23 - 2017-01-03 16:23 - 0000016 _____ () C:\ProgramData\mntemp
2016-12-22 17:32 - 2017-01-25 15:31 - 0005195 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-22 17:32 - 2017-01-24 18:39 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
2017-01-03 16:23 - 2017-01-03 16:23 - 0005090 _____ () C:\ProgramData\pelcjmdl.brh
 
Some files in TEMP:
====================
2016-12-12 19:18 - 2016-12-12 20:24 - 0234946 _____ (Microsoft) C:\Users\Andrew Lum\AppData\Local\Temp\CustomActions.NET.CA.dll
2017-01-21 13:08 - 2017-01-21 13:08 - 0739904 _____ (Oracle Corporation) C:\Users\Andrew Lum\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-06-21 07:54 - 2016-02-01 14:12 - 0715784 _____ (NVIDIA Corporation) C:\Users\Andrew Lum\AppData\Local\Temp\nvSCPAPI.dll
2016-06-21 07:54 - 2016-02-01 14:12 - 0835776 _____ (NVIDIA Corporation) C:\Users\Andrew Lum\AppData\Local\Temp\nvSCPAPI64.dll
2016-12-10 14:53 - 2016-12-01 12:04 - 0353336 _____ (NVIDIA Corporation) C:\Users\Andrew Lum\AppData\Local\Temp\nvStInst.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-18 22:12
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:22 PM

Posted 30 January 2017 - 05:39 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***




Copy FRST / FSRT64.exe to your desktop!

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt



Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [MapsGalaxy] => C:\WINDOWS\Temp\5668.tmp -start <===== ATTENTION
C:\WINDOWS\Temp\5668.tmptart <===== ATTENTION
HKLM-x32\...\Run: [MapsGalaxy] => C:\WINDOWS\Temp\5668.tmptart <===== ATTENTION
HKU\S-1-5-21-245923266-918571245-4289204600-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe <===== ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
GroupPolicyScripts-x32\User: Restriction <======= ATTENTION
HKU\S-1-5-21-245923266-918571245-4289204600-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Flash Video Downloader) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-01-22]
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-245923266-918571245-4289204600-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Andrew Lum\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
EmptyTemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:22 PM

Posted 01 February 2017 - 02:06 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Thread will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#4 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:22 PM

Posted 04 February 2017 - 06:20 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:22 PM

Posted 27 February 2017 - 05:36 PM

Topic re-opened.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 Andrew123456

Andrew123456
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 27 February 2017 - 06:55 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01
Ran by Andrew Lum (27-02-2017 17:20:46) Run:2
Running from C:\Users\Andrew Lum\Desktop
Loaded Profiles: Andrew Lum (Available Profiles: Andrew Lum & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [MapsGalaxy] => C:\WINDOWS\Temp\5668.tmp -start <===== ATTENTION
C:\WINDOWS\Temp\5668.tmptart <===== ATTENTION
HKLM-x32\...\Run: [MapsGalaxy] => C:\WINDOWS\Temp\5668.tmptart <===== ATTENTION
HKU\S-1-5-21-245923266-918571245-4289204600-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe <===== ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
GroupPolicyScripts-x32\User: Restriction <======= ATTENTION
HKU\S-1-5-21-245923266-918571245-4289204600-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Flash Video Downloader) - C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-01-22]
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-245923266-918571245-4289204600-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Andrew Lum\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
EmptyTemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MapsGalaxy => value removed successfully
"C:\WINDOWS\Temp\5668.tmptart <===== ATTENTION" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MapsGalaxy => value not found.
HKU\S-1-5-21-245923266-918571245-4289204600-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value removed successfully
C:\WINDOWS\SysWOW64\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\User => moved successfully
HKU\S-1-5-21-245923266-918571245-4289204600-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent => value removed successfully
HKU\S-1-5-21-245923266-918571245-4289204600-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 63142 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 28516686 B
Java, Flash, Steam htmlcache => 83814132 B
Windows/system/drivers => 30298535 B
Edge => 59904 B
Chrome => 1246075589 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 22142 B
NetworkService => 161176 B
Andrew Lum => 426507338 B
DefaultAppPool => 0 B
 
RecycleBin => 7709963614 B
EmptyTemp: => 8.9 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:22:41 ====


#7 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:22 PM

Posted 28 February 2017 - 07:14 AM

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 Andrew123456

Andrew123456
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 01 March 2017 - 07:18 PM

checkup.txt

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 121  
 Java version 32-bit out of Date! 
 Google Chrome (56.0.2924.87) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Windows Defender MSASCuiL.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
 
Malwarebytes None
 
 
 
AdwCleaner

# AdwCleaner v6.044 - Logfile created 01/03/2017 at 17:45:23
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-01.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Andrew Lum - ANDREW
# Running from : C:\Users\Andrew Lum\Desktop\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\ProgramData\a021941d-982b-4051-9176-84452aa35536
Folder Found:  C:\Users\Andrew Lum\AppData\Local\app
Folder Found:  C:\WINDOWS\SysWoW64\sstmp
Folder Found:  C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpojjilddefgnhiicjcmhbkjgbbclob
Folder Found:  C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmpojjilddefgnhiicjcmhbkjgbbclob
 
 
***** [ Files ] *****
 
File Found:  C:\Users\Andrew Lum\AppData\Roaming\Installer.dat
File Found:  C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found:  C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found:  C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.metrolyrics.com_0.localstorage
File Found:  C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
Key Found:  HKU\S-1-5-21-245923266-918571245-4289204600-1001\Software\APN PIP
Key Found:  HKCU\Software\APN PIP
Key Found:  HKLM\SOFTWARE\IDOT
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
Key Found:  [x64] HKCU\Software\APN PIP
Key Found:  [x64] HKLM\SOFTWARE\IDOT
Key Found:  [x64] HKLM\SOFTWARE\HDWallpaper
Key Found:  HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
Key Found:  HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\coupontime.co
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\reimageplus.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.coupontime
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.reimageplus.c
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\coupontime.co
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\reimageplus.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.coupontime00.
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.reimageplus.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\coupontime.co
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\reimageplus.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.c
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.couponti
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.reimageplus
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\coupontime.co
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\reimageplus.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.coupontime0
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.reimageplus.co
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Andrew Lum\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - dmpojjilddefgnhiicjcmhbkjgbbclob
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [9041 Bytes] - [01/03/2017 17:45:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9114 Bytes] ##########
 


#9 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:22 PM

Posted 02 March 2017 - 07:33 AM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Double click mbar.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


:step4: How the computer is running now?


***


:step5: FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the box next to Addition.txt and press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:22 PM

Posted 07 March 2017 - 03:50 AM

Due to the lack of feedback, this topic is now closed.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users