Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • FRST

    Încărcat de

    joko marwoto
    93 vizualizări18 pagini
    This document summarizes the scan results of Farbar Recovery Scan Tool on a Windows 7 system. It lists processes, registry entries, and other items in three categories: processes, registry, and internet. For each category, it identifies any suspicious or unwanted items that could potentially be removed or restored by the tool.

    Descriere originală:

    ok

    Titlu original

    Frst

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    TXT, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    This document summarizes the scan results of Farbar Recovery Scan Tool on a Windows 7 system. It lists processes, registry entries, and other items in three categories: processes, registry, and internet. For each category, it identifies any suspicious or unwanted items that could potentially be removed or restored by the tool.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca TXT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    93 vizualizări18 pagini

    FRST

    Încărcat de

    joko marwoto
    This document summarizes the scan results of Farbar Recovery Scan Tool on a Windows 7 system. It lists processes, registry entries, and other items in three categories: processes, registry, and internet. For each category, it identifies any suspicious or unwanted items that could potentially be removed or restored by the tool.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca TXT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 18

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2017 02

    Ran by IT DAN UMUM (administrator) on ITDANUMUM-PC (06-11-2017 08:01:03)


    Running from C:\Users\IT DAN UMUM\Downloads
    Loaded Profiles: IT DAN UMUM (Available Profiles: IT DAN UMUM & Administrator)
    Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English
    (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool:
    http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-
    recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will
    not be moved.)

    (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe


    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (ZKSoftware Inc) C:\Program Files\FPSensor\bin\iZHost.exe
    (Arcai.com) C:\Program Files\netcut\services\aips.exe
    (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop
    Common\ElevationManager\AdobeUpdateService.exe
    (Adobe Systems, Incorporated) C:\Program Files\Common
    Files\Adobe\AdobeGCClient\AGSService.exe
    (CANON INC.) C:\Program Files\Canon\DIAS\CnxDIAS.exe
    (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (DigitalPersona, Inc.) C:\Program Files\FPSensor\bin\DpHost.exe
    (Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
    (MSI) C:\Program Files\MSI\Super Charger\ChargeService.exe
    (arvato digital services llc) C:\Program Files\Common Files\Protexis\License
    Service\PsiService_2.exe
    (QUALCOMM, Inc.) C:\Program Files\QUALCOMM Incorporated\Qualcomm USB Drivers For
    Windows\DriverPackage\Qualcomm\Tools\qcmtusvc.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    () C:\Program Files\UCBrowser\Application\UCService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft
    shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (SafeIP) J:\SafeIP\SafeIPS.exe
    (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    (Microsoft Corporation)
    C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    (Smadsoft) C:\Program Files\SMADAV\SMΔRTP.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    () C:\Windows\System32\igfxTray.exe
    (Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
    (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
    (LAN Messenger) C:\Program Files\LAN Messenger\lmc.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (HOSTJSC Inc.) C:\Program Files\WWW.HOSTJSC.NET\Internet Download Manager\IDMan.exe
    () C:\Program Files\Hear\Hear.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
    (Tonec Inc.) C:\Program Files\WWW.HOSTJSC.NET\Internet Download
    Manager\IEMonitor.exe
    (Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Extreme Tuning
    Utility\XtuService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Integrated Clock Controller
    Service\ICCProxy.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft
    shared\OFFICE16\OLicenseHeartbeat.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
    () C:\Program Files\UCBrowser\Application\7.0.6.1618\UCAgent.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to
    default or removed. The file will not be moved.)

    HKLM\...\Run: [USBAntivirus.exe] => K:\USBAntivirus\USBAntivirus.exe -Hide


    HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [3567928
    2017-11-01] (Dropbox, Inc.)
    HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [366904
    2015-06-08] (Power Software Ltd)
    HKLM\...\Run: [SMΔRT-Protection] => C:\Program Files\Smadav\SMΔRTP.exe [1879152
    2017-10-18] (Smadsoft)
    HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft
    Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
    HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\...\Run: [GUDelayStartup] =>
    C:\Program Files\Glary Utilities 5\StartupManager.exe [44024 2017-09-15] (Glarysoft
    Ltd)
    HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\...\Run: [LAN Messenger] =>
    C:\Program Files\LAN Messenger\lmc.exe [1721344 2012-07-25] (LAN Messenger)
    HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\...\Run:
    [GoogleChromeAutoLaunch_75CE8E47CEABC7FB0E7D9AE4DB654418] => C:\Program
    Files\Google\Chrome\Application\chrome.exe [1249624 2017-09-21] (Google Inc.)
    HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\...\Run: [IDMan] => C:\Program
    Files\WWW.HOSTJSC.NET\Internet Download Manager\IDMan.exe [990720 2009-05-10]
    (HOSTJSC Inc.)
    HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\...\Policies\Explorer:
    [DisallowRun] 1
    HKU\S-1-5-21-2304584749-4152625595-3175946977-
    1000\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
    HKU\S-1-5-21-2304584749-4152625595-3175946977-
    1000\...\Policies\Explorer\DisallowRun: [2] powershell.exe
    HKU\S-1-5-21-2304584749-4152625595-3175946977-
    1000\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
    HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\...\MountPoints2: {618f4497-
    8c20-11e6-98b5-d8cb8aca779a} - L:\AutoRun.exe
    HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\...\MountPoints2: {618f44a7-
    8c20-11e6-98b5-d8cb8aca779a} - L:\AutoRun.exe
    HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\...\Winlogon: [Userinit]
    C:\Windows\system32\userinit.exe, [26624 2010-11-21] (Microsoft Corporation)
    HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\...\Winlogon: [Shell]
    C:\Windows\explorer.exe [2972672 2016-08-29] (Microsoft Corporation) <====
    ATTENTION
    ShellExecuteHooks: No Name - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - -> No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hear.lnk
    [2017-06-22]
    ShortcutTarget: Hear.lnk -> C:\Program Files\Hear\Hear.exe ()
    BootExecute: autocheck autochk *
    GroupPolicy: Restriction ? <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed


    or restored to default.)

    Winsock: Catalog9 01 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec


    Inc.)
    Winsock: Catalog9 02 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
    Inc.)
    Winsock: Catalog9 03 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
    Inc.)
    Winsock: Catalog9 04 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
    Inc.)
    Winsock: Catalog9 05 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
    Inc.)
    Winsock: Catalog9 06 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
    Inc.)
    Winsock: Catalog9 07 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
    Inc.)
    Winsock: Catalog9 08 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
    Inc.)
    Winsock: Catalog9 09 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
    Inc.)
    Winsock: Catalog9 10 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
    Inc.)
    Winsock: Catalog9 11 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
    Inc.)
    Winsock: Catalog9 12 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
    Inc.)
    Winsock: Catalog9 13 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
    Inc.)
    Winsock: Catalog9 14 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
    Inc.)
    Winsock: Catalog9 15 C:\Windows\system32\SafeIPs.dll [384000 2015-08-03] (SafeIP)
    Winsock: Catalog9 16 C:\Windows\system32\SafeIPs.dll [384000 2015-08-03] (SafeIP)
    Winsock: Catalog9 17 C:\Windows\system32\SafeIPs.dll [384000 2015-08-03] (SafeIP)
    Winsock: Catalog9 18 C:\Windows\system32\SafeIPs.dll [384000 2015-08-03] (SafeIP)
    Winsock: Catalog9 65 C:\Windows\system32\SafeIPs.dll [384000 2015-08-03] (SafeIP)
    Winsock: Catalog9 66 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
    Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{83421816-CBBB-40CE-94AF-89A354B25986}: [NameServer]
    192.168.4.28 0.0.0.0
    Tcpip\..\Interfaces\{8654584F-3226-4EA2-93C5-606460D803CD}: [DhcpNameServer]
    192.168.1.1
    Tcpip\..\Interfaces\{8E237335-217E-47D7-B547-CB2486AF8B3B}: [DhcpNameServer]
    192.168.42.129
    Tcpip\..\Interfaces\{B6C53F1D-3AC1-4545-818E-8A1CFF63FD06}: [DhcpNameServer]
    192.168.42.129
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\Software\Microsoft\Internet
    Explorer\Main,Start Page Redirect Cache = hxxp://u.msn.com/id-id/?ocid=iehp
    HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\Software\Microsoft\Internet
    Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?
    LinkID=617912&ResetID=131507858514810812&GUID=5153EE78-DA9F-43DC-9099-D77B7BB4C97F
    SearchScopes: HKU\S-1-5-21-2304584749-4152625595-3175946977-1000 -> DefaultScope
    {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.bing.com/search?
    q={searchTerms}&form=MSERBM&pc=MSERT1
    SearchScopes: HKU\S-1-5-21-2304584749-4152625595-3175946977-1000 -> {015DB5FA-EAFB-
    4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?
    gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MB649E28F-C582-41E2-8315-
    49F11FBE3CEA&SearchSource=58&CUI=&UM=8&UP=SPA86D7CA4-FED8-49E4-9992-
    62059B60D632&D=100916&q={searchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-2304584749-4152625595-3175946977-1000 -> {0633EE93-D776-
    472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2304584749-4152625595-3175946977-1000 -> {3BD44F0E-0596-
    4008-AEE0-45D47E3A8F0E} URL = hxxp://www.bing.com/search?
    q={searchTerms}&form=MSERBM&pc=MSERT1
    SearchScopes: HKU\S-1-5-21-2304584749-4152625595-3175946977-1000 -> {E6A356F2-D204-
    4109-A6E1-08E3149A2535} URL = hxxp://www.bing.com/search?
    FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
    BHO: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} ->
    C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft
    Corporation)
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
    hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program
    Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program
    Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)

    FireFox:
    ========
    FF DefaultProfile: 91j2b335.default-1508815780389
    FF ProfilePath: C:\Users\IT DAN
    UMUM\AppData\Roaming\Mozilla\Firefox\Profiles\91j2b335.default-1508815780389 [2017-
    11-06]
    FF HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\...\Firefox\Extensions:
    [mozilla_cc@internetdownloadmanager.com] - C:\Users\IT DAN
    UMUM\AppData\Roaming\IDM\idmmzcc3
    FF Extension: (IDM CC) - C:\Users\IT DAN UMUM\AppData\Roaming\IDM\idmmzcc3 [2017-
    11-01] [not signed]
    FF Plugin: @duomi.com/Duomi -> C:\Program Files\DuoMi\npduomi.dll [No File]
    FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows
    Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program
    Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program
    Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program
    Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program
    Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program
    Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program
    Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader
    DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative
    Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR StartupUrls: Default -> "hxxps://id.yahoo.com/?fr=fpc-
    comodo&type=33010001006_10.0.1.6294_i_hp_sp"
    CHR Profile: C:\Users\IT DAN UMUM\AppData\Local\Google\Chrome\User Data\Default
    [2017-11-06]
    CHR Extension: (Slides) - C:\Users\IT DAN UMUM\AppData\Local\Google\Chrome\User
    Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
    CHR Extension: (Docs) - C:\Users\IT DAN UMUM\AppData\Local\Google\Chrome\User
    Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
    CHR Extension: (Google Drive) - C:\Users\IT DAN
    UMUM\AppData\Local\Google\Chrome\User
    Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-16]
    CHR Extension: (YouTube) - C:\Users\IT DAN UMUM\AppData\Local\Google\Chrome\User
    Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-16]
    CHR Extension: (Adobe Acrobat) - C:\Users\IT DAN
    UMUM\AppData\Local\Google\Chrome\User
    Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-08-16]
    CHR Extension: (Panda Safe Web) - C:\Users\IT DAN
    UMUM\AppData\Local\Google\Chrome\User
    Data\Default\Extensions\fagakgcelolinfnkfgekcnedpaklfcok [2017-10-26]
    CHR Extension: (Sheets) - C:\Users\IT DAN UMUM\AppData\Local\Google\Chrome\User
    Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
    CHR Extension: (IndoXXI Companion) - C:\Users\IT DAN
    UMUM\AppData\Local\Google\Chrome\User
    Data\Default\Extensions\ggmhbeannpfkiafgkfobkanlpaccfdki [2017-10-20]
    CHR Extension: (Google Docs Offline) - C:\Users\IT DAN
    UMUM\AppData\Local\Google\Chrome\User
    Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-16]
    CHR Extension: (Lightshot (screenshot tool)) - C:\Users\IT DAN
    UMUM\AppData\Local\Google\Chrome\User
    Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2017-10-20]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\IT DAN
    UMUM\AppData\Local\Google\Chrome\User
    Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
    CHR Extension: (Speedtest by Ookla) - C:\Users\IT DAN
    UMUM\AppData\Local\Google\Chrome\User
    Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2017-10-20]
    CHR Extension: (Search Manager) - C:\Users\IT DAN
    UMUM\AppData\Local\Google\Chrome\User
    Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2017-08-16]
    CHR Extension: (Gmail) - C:\Users\IT DAN UMUM\AppData\Local\Google\Chrome\User
    Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-16]
    CHR Extension: (Chrome Media Router) - C:\Users\IT DAN
    UMUM\AppData\Local\Google\Chrome\User
    Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-04]
    CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] -
    hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] -
    hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2304584749-4152625595-3175946977-
    1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension:
    [efaidnbmnnnibpcajpcglclefindmkaj] -
    hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2304584749-4152625595-3175946977-
    1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension:
    [pilplloabdedfmialnfchjomjmpjcoej] -
    hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The
    file will not be moved unless listed separately.)

    R2 AdobeUpdateService; C:\Program Files\Common Files\Adobe\Adobe Desktop


    Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems
    Incorporated)
    R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
    [2257016 2017-08-23] (Adobe Systems, Incorporated)
    R2 AIPS; C:\Program Files\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com)
    [File not signed]
    R2 Canon Driver Information Assist Service; C:\Program Files\Canon\DIAS\CnxDIAS.exe
    [3744616 2009-07-31] (CANON INC.)
    S4 Coerlasy; C:\Program Files\Qeteward\procaentvlotCollector.dll [276992 2016-10-
    08] () [File not signed]
    S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279144 2015-05-06] (Intel
    Corporation)
    S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-17]
    (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-17]
    (Dropbox, Inc.)
    R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [43336 2017-11-01] (Dropbox, Inc.)
    R2 DpHost; C:\Program Files\FPSensor\bin\DpHost.exe [237568 2010-08-02]
    (DigitalPersona, Inc.) [File not signed]
    R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2166040 2017-10-23]
    (ESET)
    R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson
    Corporation)
    R3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller
    Service\ICCProxy.exe [171480 2014-06-24] (Intel Corporation)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [291432 2015-05-
    06] (Intel Corporation)
    R2 iZHost; C:\Program Files\FPSensor\bin\iZHost.exe [268800 2012-01-13] (ZKSoftware
    Inc) [File not signed]
    R2 MSI_SuperCharger; C:\Program Files\MSI\Super Charger\ChargeService.exe [163280
    2015-05-18] (MSI)
    S3 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [724992
    2006-10-09] (Nero AG) [File not signed]
    R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License
    Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
    R2 qcmtusvc; C:\Program Files\QUALCOMM Incorporated\Qualcomm USB Drivers For
    Windows\DriverPackage\Qualcomm\Tools\qcmtusvc.exe [83456 2015-07-09] (QUALCOMM,
    Inc.) [File not signed]
    R3 SafeIPS; J:\SafeIP\SafeIPs.exe [4606976 2015-08-03] (SafeIP) [File not signed]
    S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2017-
    08-29] (TeamViewer GmbH)
    R2 UCBrowserSvc; C:\Program Files\UCBrowser\Application\UCService.exe [627984 2017-
    09-25] () <==== ATTENTION
    S4 WeatherChiknSrvr; C:\Program Files\WeatherChickn\WeatherChickn.exe [235520 2016-
    10-08] () [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27]
    (Microsoft Corporation)
    R2 XTU3SERVICE; C:\Program Files\Intel\Intel(R) Extreme Tuning
    Utility\XtuService.exe [19216 2015-07-07] (Intel(R) Corporation)
    S2 Kuaizip Update Checker; C:\Program Files\KuaiZip\X86\kuaizipUpdateChecker.dll
    [X]
    S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles
    %\WinPcap\rpcapd.ini" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The
    file will not be moved unless listed separately.)

    R3 AcpiCtlDrv; C:\Windows\System32\DRIVERS\AcpiCtlDrv.sys [22808 2012-07-17] (Intel


    Corporation)
    S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus.sys [15744 2014-10-09] (LG
    Electronics Inc.)
    S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23680 2014-10-09] (LG
    Electronics Inc.)
    S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [28416 2014-10-09]
    (LG Electronics Inc.)
    R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [32896 2011-11-28] (AnvSoft
    Inc.) [File not signed]
    R1 catchurl; C:\Windows\System32\drivers\catchurl.sys [43776 2017-06-19] () [File
    not signed]
    S3 cmnxusbser; C:\Windows\System32\DRIVERS\cmnxusbser.sys [130296 2015-11-24]
    (Wireless Data Device)
    S3 dpK00701; C:\Windows\System32\DRIVERS\dpK00701.sys [46592 2010-08-02]
    (DigitalPersona, Inc.)
    S3 eagleGet; C:\Windows\System32\Drivers\eagleGet.sys [61240 2015-04-08] (eagleGet)
    R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [206472 2017-10-23] (ESET)
    R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [156328 2016-06-23] (ESET)
    R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [156288 2017-10-23] (ESET)
    R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [141448 2017-10-23] (ESET)
    R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17472 2016-10-10]
    (Glarysoft Ltd)
    S3 GUMHFilters; C:\Program Files\Glarysoft\Malware
    Hunter\Native\winxp_x86\GUMHFilter.sys [38456 2016-11-04] (GlarySoft Ltd)
    R1 GUSBootStartup; C:\Windows\System32\drivers\GUSBootStartup.sys [17472 2016-11-
    21] (Glarysoft Ltd)
    R3 ICCWDT; C:\Windows\System32\DRIVERS\ICCWDT.sys [34616 2015-06-01] (Intel
    Corporation)
    R2 iocbios2; C:\Program Files\Intel\Intel(R) Extreme Tuning
    Utility\Drivers\IocDriver\32bit\iocbios2.sys [28176 2015-05-28] (Intel Corporation)
    S3 ipadtst; C:\Program Files\MSI\Super Charger\ipadtst.sys [14960 2013-11-11]
    (Windows (R) 2000 DDK provider)
    R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [40936 2013-01-19] ()
    S3 KernelMemory; C:\Windows\system32\drivers\KernelMemory.sys [2432 2017-10-23] ()
    [File not signed]
    R2 KuaiZipDrive2; C:\Windows\system32\drivers\KuaiZipDrive2.sys [68128 2016-10-03]
    (WinMount International Inc) <==== ATTENTION
    R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-01-11] (Intel Corporation)
    R2 memudrv; D:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [210376 2016-01-16]
    (Microvirt Corporation)
    R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [28776 2011-09-14] (NT Kernel
    Resources)
    S3 NPF; C:\Windows\System32\drivers\NPF.sys [35088 2010-06-26] (CACE Technologies,
    Inc.)
    R3 NTIOLib_1_0_3; C:\Program Files\MSI\Super Charger\NTIOLib.sys [14392 2012-10-26]
    (MSI)
    S3 p2pfilter; C:\Program Files\p2pover\p2pfilter.sys [4524 2005-05-10] () [File not
    signed]
    S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2012-08-20] ()
    S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2012-08-20] ()
    S3 qcfilter; C:\Windows\System32\DRIVERS\qcusbfilter.sys [31232 2015-07-09]
    (QUALCOMM Incorporated)
    S3 qcusbnet; C:\Windows\System32\DRIVERS\qcusbnet.sys [352256 2015-07-09] (QUALCOMM
    Incorporated)
    S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [207360 2015-07-09] (QUALCOMM
    Incorporated)
    R3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [39048 2011-11-07] ()
    R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114304 2015-06-08] (Power
    Software Ltd)
    S3 usbdpfp; C:\Windows\System32\DRIVERS\usbdpfp.sys [47104 2010-08-02]
    (DigitalPersona, Inc.)
    R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [110208 2016-07-02]
    (BigNox Corporation)
    R1 XQHDrv; C:\Windows\System32\DRIVERS\XQHDrv.sys [233088 2016-07-02] (BigNox
    Corporation)
    U0 aswVmm; no ImagePath
    S1 cherimoya; system32\drivers\cherimoya.sys [X] <==== ATTENTION
    S3 ComputerZ; \??\C:\Program Files\LuDaShi\ComputerZ.sys [X] <==== ATTENTION
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 hwusb_cdcacm; system32\DRIVERS\ew_cdcacm.sys [X]
    S3 hwusb_wwanecm; system32\DRIVERS\ew_wwanecm.sys [X]
    S4 mchInjDrv; \??\C:\Windows\system32\Drivers\mchInjDrv.sys [X]
    S3 MSICDSetup; \??\K:\CDriver.sys [X]
    S3 NTIOLib_1_0_C; \??\K:\NTIOLib.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The
    file will not be moved unless listed separately.)

    NETSVC: HpSvc -> no filepath.

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-11-06 08:00 - 2017-11-06 08:00 - 000072516 _____ C:\Users\IT DAN


    UMUM\Downloads\Addition.txt
    2017-11-06 07:59 - 2017-11-06 08:01 - 000024832 _____ C:\Users\IT DAN
    UMUM\Downloads\FRST.txt
    2017-11-06 07:58 - 2017-11-06 08:01 - 000000000 ____D C:\FRST
    2017-11-06 07:49 - 2017-11-06 07:49 - 001799680 _____ (Farbar) C:\Users\IT DAN
    UMUM\Downloads\FRST.exe
    2017-11-06 07:47 - 2017-11-06 07:47 - 000000000 ____D
    C:\Users\Default\AppData\Local\Google
    2017-11-06 07:47 - 2017-11-06 07:47 - 000000000 ____D C:\Users\Default
    User\AppData\Local\Google
    2017-11-03 09:06 - 2017-11-03 09:06 - 000000000 ____D
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    2017-11-03 09:06 - 2017-11-03 09:06 - 000000000 ____D C:\Program Files\Microsoft
    Works
    2017-11-03 09:06 - 2017-11-03 09:06 - 000000000 ____D C:\Program Files\Microsoft
    Visual Studio
    2017-11-03 08:30 - 2006-07-24 10:50 - 000047920 _____ (Microsoft Corporation)
    C:\Windows\system32\VBAME.DLL
    2017-11-03 08:30 - 2006-07-24 10:50 - 000039728 _____ (Microsoft Corporation)
    C:\Windows\system32\SCP32.DLL
    2017-11-03 08:30 - 1998-03-24 13:44 - 000024848 _____ (Microsoft Corporation)
    C:\Windows\system32\VBAEND32.OLB
    2017-11-03 08:30 - 1998-03-24 13:44 - 000024848 _____ (Microsoft Corporation)
    C:\Windows\system32\VBAEN32.OLB
    2017-11-03 07:28 - 2017-11-03 07:28 - 000000000 ____D
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2017-11-01 18:58 - 2017-11-01 18:58 - 000035432 _____ (Dropbox, Inc.)
    C:\Windows\system32\Drivers\dbx-dev.sys
    2017-11-01 18:58 - 2017-11-01 18:58 - 000035408 _____ (Dropbox, Inc.)
    C:\Windows\system32\Drivers\dbx-stable.sys
    2017-11-01 18:58 - 2017-11-01 18:58 - 000035408 _____ (Dropbox, Inc.)
    C:\Windows\system32\Drivers\dbx-canary.sys
    2017-11-01 15:50 - 2017-11-01 15:50 - 000002033 _____
    C:\Users\Public\Desktop\Internet Download Manager.lnk
    2017-11-01 15:50 - 2017-11-01 15:50 - 000000000 ____D
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\www.hostjsc.net
    2017-11-01 15:50 - 2009-03-26 22:35 - 000210352 _____ (Tonec Inc.)
    C:\Windows\system32\idmmbc.dll
    2017-11-01 08:11 - 2017-11-01 08:11 - 000000000 ____D
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
    2017-10-31 14:37 - 2017-10-31 14:37 - 000001123 _____ C:\Users\IT DAN
    UMUM\Desktop\File Repair.lnk
    2017-10-31 14:37 - 2017-10-31 14:37 - 000000000 ____D
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Repair
    2017-10-31 14:37 - 2017-10-31 14:37 - 000000000 ____D C:\Program Files\Repair File
    2017-10-31 14:04 - 2017-11-01 09:29 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Roaming\8417
    2017-10-31 13:46 - 2017-10-31 13:46 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Local\Excel Repair Toolbox
    2017-10-31 13:45 - 2017-10-31 13:45 - 000001109 _____ C:\Users\IT DAN
    UMUM\Desktop\Excel Repair Toolbox.lnk
    2017-10-30 07:27 - 2017-10-30 07:27 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Local\{C1C46F64-CDA0-44F3-B198-D652F918E413}
    2017-10-27 11:01 - 2017-11-06 07:47 - 000001966 _____
    C:\Users\Public\Desktop\Google Slides.lnk
    2017-10-27 11:01 - 2017-11-06 07:47 - 000001964 _____
    C:\Users\Public\Desktop\Google Sheets.lnk
    2017-10-27 11:01 - 2017-11-06 07:47 - 000001954 _____
    C:\Users\Public\Desktop\Google Docs.lnk
    2017-10-27 11:01 - 2017-11-06 07:47 - 000000000 ____D
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
    2017-10-27 10:59 - 2017-10-27 10:59 - 001130328 _____ (Google Inc.) C:\Users\IT DAN
    UMUM\Downloads\installbackupandsync.exe
    2017-10-26 10:35 - 2017-10-26 10:35 - 000000041 _____ C:\Users\IT DAN UMUM\inst.ini
    2017-10-26 10:35 - 2017-10-26 10:35 - 000000000 ____D C:\Users\IT DAN
    UMUM\Nox_share
    2017-10-26 10:34 - 2017-11-03 15:17 - 000000000 ____D C:\Users\IT DAN UMUM\vmlogs
    2017-10-26 10:34 - 2017-11-03 15:17 - 000000000 ____D C:\Users\IT DAN UMUM\.BigNox
    2017-10-26 10:34 - 2017-10-26 10:34 - 000000970 _____ C:\Users\IT DAN
    UMUM\Desktop\Multi-Drive.lnk
    2017-10-26 10:34 - 2017-10-26 10:34 - 000000889 _____ C:\Users\IT DAN
    UMUM\Desktop\Nox.lnk
    2017-10-26 10:34 - 2017-10-26 10:34 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
    2017-10-26 10:34 - 2017-10-26 10:34 - 000000000 ____D C:\Program Files\Bignox
    2017-10-26 10:34 - 2016-07-02 17:04 - 000110208 _____ (BigNox Corporation)
    C:\Windows\system32\Drivers\VBoxUSBMon.sys
    2017-10-26 10:33 - 2017-11-03 16:38 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Local\Nox
    2017-10-26 10:33 - 2017-10-26 10:33 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Roaming\Nox
    2017-10-24 14:11 - 2017-10-27 15:01 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Local\KompasAV
    2017-10-24 10:50 - 2017-10-24 10:50 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Roaming\Dropbox
    2017-10-24 10:29 - 2017-10-24 10:29 - 000000000 ____D C:\Users\IT DAN
    UMUM\Desktop\Old Firefox Data
    2017-10-24 10:20 - 2017-10-30 07:16 - 000000000 ____D C:\Program Files\Mozilla
    Maintenance Service
    2017-10-24 10:20 - 2017-10-24 10:28 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Local\Mozilla
    2017-10-24 10:20 - 2017-10-24 10:25 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Roaming\Mozilla
    2017-10-24 10:20 - 2017-10-24 10:20 - 000001087 _____
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2017-10-24 10:20 - 2017-10-24 10:20 - 000001075 _____
    C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2017-10-24 10:01 - 2017-10-24 10:02 - 018133228 _____ C:\Users\IT DAN
    UMUM\Downloads\uc-browser-10-10-8-820 (1).apk
    2017-10-24 07:31 - 2017-10-24 07:31 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Local\ESET
    2017-10-23 16:20 - 2017-10-23 16:20 - 000000000 ____D
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
    2017-10-23 16:20 - 2017-10-23 16:20 - 000000000 ____D C:\Program Files\ESET
    2017-10-23 16:11 - 2017-10-23 16:20 - 000000000 ____D C:\ProgramData\ESET
    2017-10-23 14:25 - 2017-10-23 14:26 - 000000000 ____D C:\Program Files\R-Studio
    2017-10-23 14:25 - 2017-10-23 14:25 - 000000000 ____D C:\Users\IT DAN
    UMUM\Documents\R-TT
    2017-10-23 14:25 - 2017-10-23 14:25 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Roaming\R-TT
    2017-10-23 14:25 - 2017-10-23 14:25 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R-Studio
    2017-10-23 09:33 - 2017-10-23 09:33 - 000002432 _____
    C:\Windows\system32\Drivers\KernelMemory.sys
    2017-10-23 09:06 - 2017-10-24 07:31 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Roaming\Vito
    2017-10-20 14:17 - 2017-10-20 14:19 - 247542951 _____ C:\Users\IT DAN
    UMUM\Downloads\[IPEENK] AVGIS17.1.3006 (x86).rar
    2017-10-20 14:01 - 2017-10-20 15:32 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Local\AvgSetupLog
    2017-10-20 14:01 - 2017-10-20 15:32 - 000000000 ____D C:\ProgramData\Avg
    2017-10-20 14:01 - 2017-10-20 14:01 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Local\Avg
    2017-10-20 13:52 - 2017-10-20 13:53 - 068742112 _____ (Microsoft Corporation)
    C:\Users\IT DAN UMUM\Downloads\NDP471-KB4033342-x86-x64-AllOS-ENU.exe
    2017-10-20 13:40 - 2017-11-02 16:35 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Local\CrashDumps
    2017-10-18 09:01 - 2017-10-18 09:01 - 001700352 _____ (Microsoft Corporation)
    C:\Windows\system32\gdiplus.dll
    2017-10-18 08:17 - 2017-10-21 06:48 - 000000000 ____D C:\Program Files\Comodo
    2017-10-18 08:17 - 2017-10-18 08:17 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Local\Comodo
    2017-10-18 08:10 - 2017-10-18 08:10 - 000000000 ____D
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMADAV Antivirus
    2017-10-18 07:47 - 2017-10-18 07:47 - 000000118 _____ C:\Windows\system32\
    {A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2017-10-17 22:48 - 2017-11-01 18:58 - 000043336 _____ (Dropbox, Inc.)
    C:\Windows\system32\DbxSvc.exe
    2017-10-17 17:01 - 2017-10-17 17:01 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Local\Ahead
    2017-10-17 13:58 - 2017-10-17 14:03 - 000000000 ____D C:\ProgramData\SP_FT_Logs
    2017-10-17 13:57 - 2017-10-17 13:57 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Local\Trolltech
    2017-10-17 13:56 - 2017-10-17 13:56 - 000000000 ____D C:\Program Files\ClockworkMod
    2017-10-12 08:27 - 2017-10-12 08:27 - 000000000 ____D C:\Users\IT DAN
    UMUM\Documents\My Palettes
    2017-10-11 10:55 - 2017-10-11 10:55 - 124059592 ____C (Microsoft Corporation)
    C:\Windows\system32\MRT-KB890830.exe
    2017-10-11 07:48 - 2017-09-08 22:10 - 001549824 _____ (Microsoft Corporation)
    C:\Windows\system32\tquery.dll
    2017-10-11 07:48 - 2017-09-08 21:50 - 002402304 _____ (Microsoft Corporation)
    C:\Windows\system32\win32k.sys
    2017-10-11 07:48 - 2017-09-08 02:10 - 000499200 _____ (Microsoft Corporation)
    C:\Windows\system32\vbscript.dll
    2017-10-11 07:48 - 2017-09-08 02:04 - 020267008 _____ (Microsoft Corporation)
    C:\Windows\system32\mshtml.dll
    2017-10-11 07:48 - 2017-09-08 02:03 - 002292736 _____ (Microsoft Corporation)
    C:\Windows\system32\iertutil.dll
    2017-10-11 07:48 - 2017-09-08 01:58 - 000663040 _____ (Microsoft Corporation)
    C:\Windows\system32\jscript.dll
    2017-10-11 07:48 - 2017-09-08 01:29 - 004547072 _____ (Microsoft Corporation)
    C:\Windows\system32\jscript9.dll
    2017-10-11 07:48 - 2017-09-08 01:17 - 013677568 _____ (Microsoft Corporation)
    C:\Windows\system32\ieframe.dll
    2017-10-11 07:48 - 2017-09-08 01:01 - 002767872 _____ (Microsoft Corporation)
    C:\Windows\system32\wininet.dll
    2017-10-11 07:48 - 2017-09-08 00:57 - 001316864 _____ (Microsoft Corporation)
    C:\Windows\system32\urlmon.dll
    2017-10-11 07:48 - 2017-08-15 00:35 - 000827904 _____ (Microsoft Corporation)
    C:\Windows\system32\rdpcore.dll
    2017-10-11 07:48 - 2017-08-14 04:36 - 000920064 _____ (Microsoft Corporation)
    C:\Windows\system32\rdpcorets.dll
    2017-10-11 07:47 - 2017-09-13 22:13 - 004001512 _____ (Microsoft Corporation)
    C:\Windows\system32\ntkrnlpa.exe
    2017-10-11 07:47 - 2017-09-13 22:13 - 003945704 _____ (Microsoft Corporation)
    C:\Windows\system32\ntoskrnl.exe
    2017-10-11 07:47 - 2017-09-13 22:13 - 000137960 _____ (Microsoft Corporation)
    C:\Windows\system32\Drivers\ksecpkg.sys
    2017-10-11 07:47 - 2017-09-13 22:13 - 000067304 _____ (Microsoft Corporation)
    C:\Windows\system32\Drivers\ksecdd.sys
    2017-10-11 07:47 - 2017-09-13 22:10 - 001310528 _____ (Microsoft Corporation)
    C:\Windows\system32\ntdll.dll
    2017-10-11 07:47 - 2017-09-13 22:09 - 000830464 _____ (Microsoft Corporation)
    C:\Windows\system32\msctf.dll
    2017-10-11 07:47 - 2017-09-13 22:09 - 000828928 _____ (Microsoft Corporation)
    C:\Windows\system32\wlansvc.dll
    2017-10-11 07:47 - 2017-09-13 22:09 - 000655360 _____ (Microsoft Corporation)
    C:\Windows\system32\rpcrt4.dll
    2017-10-11 07:47 - 2017-09-13 22:09 - 000428032 _____ (Microsoft Corporation)
    C:\Windows\system32\wlanmsm.dll
    2017-10-11 07:47 - 2017-09-13 22:09 - 000400896 _____ (Microsoft Corporation)
    C:\Windows\system32\srcore.dll
    2017-10-11 07:47 - 2017-09-13 22:09 - 000392704 _____ (Microsoft Corporation)
    C:\Windows\system32\wlansec.dll
    2017-10-11 07:47 - 2017-09-13 22:09 - 000261120 _____ (Microsoft Corporation)
    C:\Windows\system32\msv1_0.dll
    2017-10-11 07:47 - 2017-09-13 22:09 - 000254464 _____ (Microsoft Corporation)
    C:\Windows\system32\schannel.dll
    2017-10-11 07:47 - 2017-09-13 22:09 - 000223232 _____ (Microsoft Corporation)
    C:\Windows\system32\ncrypt.dll
    2017-10-11 07:47 - 2017-09-13 22:09 - 000172032 _____ (Microsoft Corporation)
    C:\Windows\system32\wdigest.dll
    2017-10-11 07:47 - 2017-09-13 22:09 - 000146432 _____ (Microsoft Corporation)
    C:\Windows\system32\msaudite.dll
    2017-10-11 07:47 - 2017-09-13 22:09 - 000141312 _____ (Microsoft Corporation)
    C:\Windows\system32\rpchttp.dll
    2017-10-11 07:47 - 2017-09-13 22:09 - 000099840 _____ (Microsoft Corporation)
    C:\Windows\system32\sspicli.dll
    2017-10-11 07:47 - 2017-09-13 22:09 - 000083968 _____ (Microsoft Corporation)
    C:\Windows\system32\wlanhlp.dll
    2017-10-11 07:47 - 2017-09-13 22:09 - 000080896 _____ (Microsoft Corporation)
    C:\Windows\system32\wlanapi.dll
    2017-10-11 07:47 - 2017-09-13 22:09 - 000065536 _____ (Microsoft Corporation)
    C:\Windows\system32\TSpkg.dll
    2017-10-11 07:47 - 2017-09-13 22:09 - 000060416 _____ (Microsoft Corporation)
    C:\Windows\system32\msobjs.dll
    2017-10-11 07:47 - 2017-09-13 22:09 - 000050176 _____ (Microsoft Corporation)
    C:\Windows\system32\setbcdlocale.dll
    2017-10-11 07:47 - 2017-09-13 22:09 - 000043008 _____ (Microsoft Corporation)
    C:\Windows\system32\srclient.dll
    2017-10-11 07:47 - 2017-09-13 22:09 - 000022016 _____ (Microsoft Corporation)
    C:\Windows\system32\secur32.dll
    2017-10-11 07:47 - 2017-09-13 22:08 - 001062912 _____ (Microsoft Corporation)
    C:\Windows\system32\lsasrv.dll
    2017-10-11 07:47 - 2017-09-13 22:08 - 000690688 _____ (Microsoft Corporation)
    C:\Windows\system32\adtschema.dll
    2017-10-11 07:47 - 2017-09-13 22:08 - 000644096 _____ (Microsoft Corporation)
    C:\Windows\system32\advapi32.dll
    2017-10-11 07:47 - 2017-09-13 22:08 - 000554496 _____ (Microsoft Corporation)
    C:\Windows\system32\kerberos.dll
    2017-10-11 07:47 - 2017-09-13 22:08 - 000082432 _____ (Microsoft Corporation)
    C:\Windows\system32\bcrypt.dll
    2017-10-11 07:47 - 2017-09-13 22:08 - 000050688 _____ (Microsoft Corporation)
    C:\Windows\system32\appidapi.dll
    2017-10-11 07:47 - 2017-09-13 22:08 - 000038912 _____ (Microsoft Corporation)
    C:\Windows\system32\csrsrv.dll
    2017-10-11 07:47 - 2017-09-13 22:08 - 000017408 _____ (Microsoft Corporation)
    C:\Windows\system32\credssp.dll
    2017-10-11 07:47 - 2017-09-13 22:08 - 000006656 _____ (Microsoft Corporation)
    C:\Windows\system32\apisetschema.dll
    2017-10-11 07:47 - 2017-09-13 21:53 - 000271360 _____ (Microsoft Corporation)
    C:\Windows\system32\Drivers\nwifi.sys
    2017-10-11 07:47 - 2017-09-13 21:50 - 000097792 _____ (Microsoft Corporation)
    C:\Windows\system32\appidpolicyconverter.exe
    2017-10-11 07:47 - 2017-09-13 21:50 - 000050688 _____ (Microsoft Corporation)
    C:\Windows\system32\Drivers\appid.sys
    2017-10-11 07:47 - 2017-09-13 21:50 - 000050176 _____ (Microsoft Corporation)
    C:\Windows\system32\auditpol.exe
    2017-10-11 07:47 - 2017-09-13 21:50 - 000029696 _____ (Microsoft Corporation)
    C:\Windows\system32\appidsvc.dll
    2017-10-11 07:47 - 2017-09-13 21:50 - 000016896 _____ (Microsoft Corporation)
    C:\Windows\system32\appidcertstorecheck.exe
    2017-10-11 07:47 - 2017-09-13 21:48 - 000262656 _____ (Microsoft Corporation)
    C:\Windows\system32\rstrui.exe
    2017-10-11 07:47 - 2017-09-13 21:46 - 000226304 _____ (Microsoft Corporation)
    C:\Windows\system32\Drivers\mrxsmb10.sys
    2017-10-11 07:47 - 2017-09-13 21:46 - 000124416 _____ (Microsoft Corporation)
    C:\Windows\system32\Drivers\mrxsmb.sys
    2017-10-11 07:47 - 2017-09-13 21:46 - 000098304 _____ (Microsoft Corporation)
    C:\Windows\system32\Drivers\mrxsmb20.sys
    2017-10-11 07:47 - 2017-09-13 21:46 - 000069632 _____ (Microsoft Corporation)
    C:\Windows\system32\smss.exe
    2017-10-11 07:47 - 2017-09-13 21:46 - 000036352 _____ (Microsoft Corporation)
    C:\Windows\system32\cryptbase.dll
    2017-10-11 07:47 - 2017-09-13 21:46 - 000022016 _____ (Microsoft Corporation)
    C:\Windows\system32\lsass.exe
    2017-10-11 07:47 - 2017-09-13 21:46 - 000015872 _____ (Microsoft Corporation)
    C:\Windows\system32\sspisrv.dll
    2017-10-11 07:47 - 2017-09-09 06:47 - 000347344 _____ (Microsoft Corporation)
    C:\Windows\system32\iedkcs32.dll
    2017-10-11 07:47 - 2017-09-08 22:14 - 001213672 _____ (Microsoft Corporation)
    C:\Windows\system32\Drivers\ntfs.sys
    2017-10-11 07:47 - 2017-09-08 22:10 - 001363968 _____ (Microsoft Corporation)
    C:\Windows\system32\Query.dll
    2017-10-11 07:47 - 2017-09-08 22:10 - 000109568 _____ (Microsoft Corporation)
    C:\Windows\system32\t2embed.dll
    2017-10-11 07:47 - 2017-09-08 22:09 - 001400320 _____ (Microsoft Corporation)
    C:\Windows\system32\mssrch.dll
    2017-10-11 07:47 - 2017-09-08 22:09 - 000666624 _____ (Microsoft Corporation)
    C:\Windows\system32\mssvp.dll
    2017-10-11 07:47 - 2017-09-08 22:09 - 000337408 _____ (Microsoft Corporation)
    C:\Windows\system32\mssph.dll
    2017-10-11 07:47 - 2017-09-08 22:09 - 000306688 _____ (Microsoft Corporation)
    C:\Windows\system32\gdi32.dll
    2017-10-11 07:47 - 2017-09-08 22:09 - 000197120 _____ (Microsoft Corporation)
    C:\Windows\system32\mssphtb.dll
    2017-10-11 07:47 - 2017-09-08 22:09 - 000104448 _____ (Microsoft Corporation)
    C:\Windows\system32\mssitlb.dll
    2017-10-11 07:47 - 2017-09-08 22:09 - 000059392 _____ (Microsoft Corporation)
    C:\Windows\system32\msscntrs.dll
    2017-10-11 07:47 - 2017-09-08 22:09 - 000034816 _____ (Microsoft Corporation)
    C:\Windows\system32\mssprxy.dll
    2017-10-11 07:47 - 2017-09-08 22:00 - 000427520 _____ (Microsoft Corporation)
    C:\Windows\system32\SearchIndexer.exe
    2017-10-11 07:47 - 2017-09-08 22:00 - 000164352 _____ (Microsoft Corporation)
    C:\Windows\system32\SearchProtocolHost.exe
    2017-10-11 07:47 - 2017-09-08 21:59 - 000086528 _____ (Microsoft Corporation)
    C:\Windows\system32\SearchFilterHost.exe
    2017-10-11 07:47 - 2017-09-08 21:59 - 000009728 _____ (Microsoft Corporation)
    C:\Windows\system32\msshooks.dll
    2017-10-11 07:47 - 2017-09-08 21:20 - 000640512 _____ (Microsoft Corporation)
    C:\Windows\system32\mswstr10.dll
    2017-10-11 07:47 - 2017-09-08 21:20 - 000345088 _____ (Microsoft Corporation)
    C:\Windows\system32\msexcl40.dll
    2017-10-11 07:47 - 2017-09-08 21:20 - 000008704 _____ (Microsoft Corporation)
    C:\Windows\system32\msjint40.dll
    2017-10-11 07:47 - 2017-09-08 02:27 - 002724864 _____ (Microsoft Corporation)
    C:\Windows\system32\mshtml.tlb
    2017-10-11 07:47 - 2017-09-08 02:26 - 000004096 _____ (Microsoft Corporation)
    C:\Windows\system32\ieetwcollectorres.dll
    2017-10-11 07:47 - 2017-09-08 02:11 - 000062464 _____ (Microsoft Corporation)
    C:\Windows\system32\iesetup.dll
    2017-10-11 07:47 - 2017-09-08 02:10 - 000341504 _____ (Microsoft Corporation)
    C:\Windows\system32\html.iec
    2017-10-11 07:47 - 2017-09-08 02:10 - 000047616 _____ (Microsoft Corporation)
    C:\Windows\system32\ieetwproxystub.dll
    2017-10-11 07:47 - 2017-09-08 02:09 - 000064000 _____ (Microsoft Corporation)
    C:\Windows\system32\MshtmlDac.dll
    2017-10-11 07:47 - 2017-09-08 02:03 - 000047104 _____ (Microsoft Corporation)
    C:\Windows\system32\jsproxy.dll
    2017-10-11 07:47 - 2017-09-08 02:02 - 000030720 _____ (Microsoft Corporation)
    C:\Windows\system32\iernonce.dll
    2017-10-11 07:47 - 2017-09-08 01:59 - 000476160 _____ (Microsoft Corporation)
    C:\Windows\system32\ieui.dll
    2017-10-11 07:47 - 2017-09-08 01:58 - 000620032 _____ (Microsoft Corporation)
    C:\Windows\system32\jscript9diag.dll
    2017-10-11 07:47 - 2017-09-08 01:58 - 000115712 _____ (Microsoft Corporation)
    C:\Windows\system32\ieUnatt.exe
    2017-10-11 07:47 - 2017-09-08 01:58 - 000104960 _____ (Microsoft Corporation)
    C:\Windows\system32\ieetwcollector.exe
    2017-10-11 07:47 - 2017-09-08 01:52 - 000667648 _____ (Microsoft Corporation)
    C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-10-11 07:47 - 2017-09-08 01:49 - 000416256 _____ (Microsoft Corporation)
    C:\Windows\system32\dxtmsft.dll
    2017-10-11 07:47 - 2017-09-08 01:44 - 000073216 _____ (Microsoft Corporation)
    C:\Windows\system32\tdc.ocx
    2017-10-11 07:47 - 2017-09-08 01:44 - 000060416 _____ (Microsoft Corporation)
    C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-10-11 07:47 - 2017-09-08 01:43 - 000091136 _____ (Microsoft Corporation)
    C:\Windows\system32\inseng.dll
    2017-10-11 07:47 - 2017-09-08 01:40 - 000168960 _____ (Microsoft Corporation)
    C:\Windows\system32\msrating.dll
    2017-10-11 07:47 - 2017-09-08 01:39 - 000076288 _____ (Microsoft Corporation)
    C:\Windows\system32\mshtmled.dll
    2017-10-11 07:47 - 2017-09-08 01:37 - 000279040 _____ (Microsoft Corporation)
    C:\Windows\system32\dxtrans.dll
    2017-10-11 07:47 - 2017-09-08 01:36 - 000130048 _____ (Microsoft Corporation)
    C:\Windows\system32\occache.dll
    2017-10-11 07:47 - 2017-09-08 01:29 - 000230400 _____ (Microsoft Corporation)
    C:\Windows\system32\webcheck.dll
    2017-10-11 07:47 - 2017-09-08 01:26 - 000694784 _____ (Microsoft Corporation)
    C:\Windows\system32\msfeeds.dll
    2017-10-11 07:47 - 2017-09-08 01:26 - 000690688 _____ (Microsoft Corporation)
    C:\Windows\system32\ie4uinit.exe
    2017-10-11 07:47 - 2017-09-08 01:25 - 002058752 _____ (Microsoft Corporation)
    C:\Windows\system32\inetcpl.cpl
    2017-10-11 07:47 - 2017-09-08 01:25 - 001155072 _____ (Microsoft Corporation)
    C:\Windows\system32\mshtmlmedia.dll
    2017-10-11 07:47 - 2017-09-08 00:57 - 000710144 _____ (Microsoft Corporation)
    C:\Windows\system32\ieapfltr.dll
    2017-10-11 07:47 - 2017-09-07 22:12 - 002755072 _____ (Microsoft Corporation)
    C:\Windows\system32\themeui.dll
    2017-10-11 07:47 - 2017-09-07 21:48 - 000313856 _____ (Microsoft Corporation)
    C:\Windows\system32\Drivers\srv2.sys
    2017-10-11 07:47 - 2017-09-07 21:48 - 000312320 _____ (Microsoft Corporation)
    C:\Windows\system32\Drivers\srv.sys
    2017-10-11 07:47 - 2017-09-07 21:48 - 000115712 _____ (Microsoft Corporation)
    C:\Windows\system32\Drivers\srvnet.sys
    2017-10-11 07:47 - 2017-08-19 22:10 - 003209216 _____ (Microsoft Corporation)
    C:\Windows\system32\mf.dll
    2017-10-11 07:47 - 2017-08-19 22:10 - 000103424 _____ (Microsoft Corporation)
    C:\Windows\system32\mfps.dll
    2017-10-11 07:47 - 2017-08-19 22:10 - 000002048 _____ (Microsoft Corporation)
    C:\Windows\system32\mferror.dll
    2017-10-11 07:47 - 2017-08-19 21:57 - 000050176 _____ (Microsoft Corporation)
    C:\Windows\system32\rrinstaller.exe
    2017-10-11 07:47 - 2017-08-19 21:57 - 000023040 _____ (Microsoft Corporation)
    C:\Windows\system32\mfpmp.exe
    2017-10-11 07:47 - 2017-08-15 00:35 - 000015872 _____ (Microsoft Corporation)
    C:\Windows\system32\icaapi.dll
    2017-10-11 07:47 - 2017-08-14 04:36 - 000134656 _____ (Microsoft Corporation)
    C:\Windows\system32\rdpudd.dll
    2017-10-11 07:47 - 2017-08-14 04:35 - 000031744 _____ (Microsoft Corporation)
    C:\Windows\system32\Drivers\tssecsrv.sys
    2017-10-11 07:47 - 2017-08-14 04:35 - 000015872 _____ (Microsoft Corporation)
    C:\Windows\system32\Drivers\rdpvideominiport.sys
    2017-10-10 08:20 - 2017-10-10 08:20 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Local\{0F376500-DFBE-47DE-A1F0-B86761A82BF2}
    2017-10-10 08:17 - 2017-10-10 08:20 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Local\UmmyVideoDownloader
    2017-10-10 08:17 - 2017-10-10 08:17 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UmmyVideoDownloader

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-11-06 07:55 - 2016-10-17 10:59 - 000001052 _____


    C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
    2017-11-06 07:51 - 2009-07-14 11:34 - 000026352 ____H C:\Windows\system32\7B296FB0-
    376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-11-06 07:51 - 2009-07-14 11:34 - 000026352 ____H C:\Windows\system32\7B296FB0-
    376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-11-06 07:49 - 2017-08-16 08:21 - 000000456 _____
    C:\Windows\Tasks\UCBrowserUpdater.job
    2017-11-06 07:41 - 2010-11-21 04:01 - 000781790 _____
    C:\Windows\system32\PerfStringBackup.INI
    2017-11-06 07:41 - 2009-07-14 09:37 - 000000000 ____D C:\Windows\inf
    2017-11-06 07:39 - 2016-10-07 14:20 - 000000000 ____D C:\Program Files\Glary
    Utilities 5
    2017-11-06 07:37 - 2017-01-09 21:17 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\LocalLow\Mozilla
    2017-11-06 07:36 - 2017-08-16 08:21 - 000000292 _____
    C:\Windows\Tasks\UCBrowserUpdaterCore.job
    2017-11-06 07:36 - 2017-08-16 08:08 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Roaming\DMCache
    2017-11-06 07:36 - 2017-07-26 11:03 - 000000332 _____ C:\Windows\Tasks\Connect.job
    2017-11-06 07:36 - 2016-10-03 11:21 - 000000000 __SHD C:\Users\IT DAN
    UMUM\IntelGraphicsProfiles
    2017-11-06 07:35 - 2016-10-17 10:59 - 000001048 _____
    C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
    2017-11-06 07:35 - 2016-10-03 10:53 - 000000276 _____
    C:\Windows\Tasks\RtlNetworkGenieVistaStart.job
    2017-11-06 07:35 - 2009-07-14 11:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2017-11-03 15:18 - 2016-10-06 17:21 - 000000000 ____D C:\Users\IT DAN UMUM\.android
    2017-11-03 09:12 - 2017-08-16 08:09 - 000941152 _____ C:\Users\IT DAN
    UMUM\AppData\Local\GDIPFONTCACHEV1.DAT
    2017-11-03 09:07 - 2016-10-08 08:31 - 005768888 _____
    C:\Windows\system32\FNTCACHE.DAT
    2017-11-03 09:06 - 2016-10-03 11:06 - 000000000 ____D C:\Program Files\Common
    Files\DESIGNER
    2017-11-03 09:06 - 2016-10-03 11:04 - 000000000 ____D C:\Program Files\Microsoft
    Office
    2017-11-03 09:06 - 2010-11-21 07:46 - 000000000 ____D C:\Windows\ShellNew
    2017-11-03 09:06 - 2009-07-14 11:52 - 000000000 ____D C:\Program Files\MSBuild
    2017-11-03 09:06 - 2009-07-14 09:37 - 000000000 ____D C:\Program Files\Common
    Files\microsoft shared
    2017-11-03 08:27 - 2009-07-14 09:37 - 000000000 ____D C:\Program Files\Common
    Files\System
    2017-11-03 08:27 - 2009-07-14 09:04 - 000000478 _____ C:\Windows\win.ini
    2017-11-03 08:25 - 2009-07-14 11:52 - 000000000 ____D C:\Windows\system32\FxsTmp
    2017-11-03 07:32 - 2017-08-16 08:09 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Roaming\GlarySoft
    2017-11-03 07:28 - 2016-10-17 10:59 - 000000000 ____D C:\Program Files\Dropbox
    2017-11-03 07:08 - 2017-05-30 11:45 - 000000000 ____D
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker
    2017-11-02 16:23 - 2016-10-03 11:01 - 000000000 ____D C:\Users\IT DAN
    UMUM\Documents\Received Files
    2017-11-01 15:50 - 2016-12-15 17:44 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Roaming\IDM
    2017-11-01 15:19 - 2016-10-03 11:00 - 000000000 ____D C:\Program Files\Internet
    Download Manager
    2017-11-01 11:16 - 2017-07-28 10:56 - 000000000 ____D
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arcai.com
    2017-11-01 11:11 - 2016-10-07 14:21 - 000001020 _____
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
    2017-11-01 11:11 - 2016-10-07 14:21 - 000001008 _____ C:\Users\Public\Desktop\Glary
    Utilities 5.lnk
    2017-11-01 10:48 - 2017-07-28 10:56 - 000000000 ____D C:\Program Files\netcut
    2017-11-01 10:48 - 2017-07-10 07:24 - 000000000 __SHD C:\[Smad-Cage]
    2017-11-01 08:19 - 2017-08-16 08:10 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Roaming\Hear
    2017-11-01 08:11 - 2017-01-03 17:04 - 000000000 ____D C:\Users\IT DAN
    UMUM\Downloads\Compressed
    2017-11-01 08:11 - 2016-10-03 17:20 - 000000000 ____D C:\Program Files\WinPcap
    2017-10-31 13:45 - 2016-11-23 18:13 - 000000000 ____D
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel Repair Toolbox
    2017-10-31 13:45 - 2016-11-23 18:13 - 000000000 ____D C:\Program Files\Excel Repair
    Toolbox
    2017-10-30 08:39 - 2017-08-16 08:42 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Roaming\vlc
    2017-10-30 07:16 - 2017-05-31 15:55 - 000000000 ____D C:\Program Files\Mozilla
    Firefox
    2017-10-27 11:01 - 2017-07-07 14:40 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Local\Google
    2017-10-27 11:01 - 2016-10-03 10:52 - 000000000 ____D C:\Program Files\Google
    2017-10-27 10:44 - 2017-08-16 08:07 - 003791083 ____H C:\Users\IT DAN
    UMUM\AppData\Local\IconCache.db.backup
    2017-10-26 13:36 - 2017-08-16 08:47 - 000000000 ____D C:\Users\IT DAN
    UMUM\.MemuHyperv
    2017-10-26 10:35 - 2016-10-03 10:45 - 000000000 ____D C:\Users\IT DAN UMUM
    2017-10-26 10:33 - 2009-07-14 09:37 - 000000000 ____D C:\Windows\Registration
    2017-10-26 08:30 - 2017-09-13 08:30 - 005250048 _____ (Adobe Systems Incorporated)
    C:\Windows\system32\FlashPlayerInstaller.exe
    2017-10-26 08:30 - 2016-10-03 14:45 - 000803328 _____ (Adobe Systems Incorporated)
    C:\Windows\system32\FlashPlayerApp.exe
    2017-10-26 08:30 - 2016-10-03 14:45 - 000144896 _____ (Adobe Systems Incorporated)
    C:\Windows\system32\FlashPlayerCPLApp.cpl
    2017-10-26 08:30 - 2016-10-03 14:37 - 000000000 ____D C:\Windows\system32\Macromed
    2017-10-24 07:33 - 2017-08-29 07:49 - 000000000 ____D
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC Browser
    2017-10-23 16:41 - 2016-06-23 14:31 - 000206472 _____ (ESET)
    C:\Windows\system32\Drivers\eamonm.sys
    2017-10-23 16:41 - 2016-06-23 14:31 - 000156288 _____ (ESET)
    C:\Windows\system32\Drivers\ehdrv.sys
    2017-10-23 16:41 - 2016-06-23 14:31 - 000141448 _____ (ESET)
    C:\Windows\system32\Drivers\epfwwfpr.sys
    2017-10-23 16:18 - 2016-10-03 11:34 - 000000000 ____D C:\Program Files\SMADAV
    2017-10-23 16:15 - 2017-06-19 14:53 - 000000000 ____D C:\ProgramData\Kaspersky Lab
    Setup Files
    2017-10-20 16:12 - 2017-09-20 11:08 - 000002211 _____ C:\Users\IT DAN
    UMUM\Desktop\WhatsApp.lnk
    2017-10-20 16:12 - 2017-09-20 11:08 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Roaming\WhatsApp
    2017-10-20 16:12 - 2017-09-20 11:08 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
    2017-10-20 16:12 - 2017-09-20 11:08 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Local\WhatsApp
    2017-10-20 16:11 - 2017-09-20 11:08 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Local\SquirrelTemp
    2017-10-20 07:37 - 2016-10-17 11:04 - 000000000 ___RD C:\Users\IT DAN UMUM\Dropbox
    2017-10-18 16:37 - 2017-09-19 13:57 - 000000000 ____D C:\Users\IT DAN
    UMUM\Desktop\DRIVER MATHERBOARD
    2017-10-18 08:56 - 2016-10-03 15:05 - 000000000 ____D C:\Windows\Minidump
    2017-10-18 08:18 - 2017-02-01 11:10 - 000000000 ____D C:\Users\IT DAN
    UMUM\Desktop\DATA HARIAN 2017
    2017-10-18 08:11 - 2017-06-02 09:00 - 000000692 _____
    C:\Users\Public\Desktop\SMADΔV.lnk
    2017-10-18 08:10 - 2017-08-16 08:09 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Roaming\Smadav
    2017-10-18 07:40 - 2017-07-21 07:37 - 000000000 __SHD
    C:\Users\Administrator\IntelGraphicsProfiles
    2017-10-13 15:04 - 2017-09-26 13:29 - 000000000 ____D C:\Users\IT DAN
    UMUM\AppData\Local\Microsoft Help
    2017-10-13 07:22 - 2017-03-20 15:20 - 000000000 ____D C:\Program Files\TeamViewer
    2017-10-11 12:24 - 2009-07-14 09:37 - 000000000 ____D C:\Windows\rescache
    2017-10-11 11:02 - 2016-10-13 10:32 - 000000000 ____D C:\Windows\system32\MRT
    2017-10-11 10:55 - 2016-10-13 10:31 - 124059592 ____C (Microsoft Corporation)
    C:\Windows\system32\MRT.exe
    2017-10-10 08:17 - 2017-08-01 18:31 - 000001218 _____ C:\Users\IT DAN
    UMUM\Desktop\UmmyVideoDownloader.lnk

    ==================== Files in the root of some directories =======

    2016-10-04 14:14 - 2016-10-04 14:18 - 000003032 _____ () C:\Program


    Files\UpdateCfg.ini
    2017-08-23 15:55 - 2017-08-23 15:55 - 000000001 _____ () C:\Users\IT DAN
    UMUM\AppData\Local\llftool.4.12.agreement
    2017-08-15 15:26 - 2017-08-15 15:26 - 000000057 _____ () C:\ProgramData\Ament.ini
    2016-10-03 10:51 - 2016-10-03 10:51 - 000000000 ____H ()
    C:\ProgramData\DP45977C.lfl

    Some files in TEMP:


    ====================
    2017-11-03 09:13 - 2017-11-03 09:14 - 017080664 _____ () C:\Users\IT DAN
    UMUM\AppData\Local\Temp\gusetup4.exe
    2017-11-03 09:13 - 2017-11-03 09:14 - 017080664 _____ () C:\Users\IT DAN
    UMUM\AppData\Local\Temp\gusetup5.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed


    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-10-30 13:59

    ==================== End of FRST.txt ============================

    S-ar putea să vă placă și