Scribd
Upload
154 views

FRST

This document summarizes the scan results of Farbar Recovery Scan Tool on a Windows 7 system. It lists processes, registry entries, and other items in three categories: processes, registry, and internet. For each category, it identifies any suspicious or unwanted items that could potentially be removed or restored by the tool.

Uploaded by

joko marwoto
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
154 views

FRST

This document summarizes the scan results of Farbar Recovery Scan Tool on a Windows 7 system. It lists processes, registry entries, and other items in three categories: processes, registry, and internet. For each category, it identifies any suspicious or unwanted items that could potentially be removed or restored by the tool.

Uploaded by

joko marwoto
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 18

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2017 02

Ran by IT DAN UMUM (administrator) on ITDANUMUM-PC (06-11-2017 08:01:03)


Running from C:\Users\IT DAN UMUM\Downloads
Loaded Profiles: IT DAN UMUM (Available Profiles: IT DAN UMUM & Administrator)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English
(United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-
recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will
not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe


(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ZKSoftware Inc) C:\Program Files\FPSensor\bin\iZHost.exe
(Arcai.com) C:\Program Files\netcut\services\aips.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop
Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files\Common
Files\Adobe\AdobeGCClient\AGSService.exe
(CANON INC.) C:\Program Files\Canon\DIAS\CnxDIAS.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(DigitalPersona, Inc.) C:\Program Files\FPSensor\bin\DpHost.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(MSI) C:\Program Files\MSI\Super Charger\ChargeService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License
Service\PsiService_2.exe
(QUALCOMM, Inc.) C:\Program Files\QUALCOMM Incorporated\Qualcomm USB Drivers For
Windows\DriverPackage\Qualcomm\Tools\qcmtusvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\UCBrowser\Application\UCService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft
shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(SafeIP) J:\SafeIP\SafeIPS.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation)
C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Smadsoft) C:\Program Files\SMADAV\SMΔRTP.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(LAN Messenger) C:\Program Files\LAN Messenger\lmc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(HOSTJSC Inc.) C:\Program Files\WWW.HOSTJSC.NET\Internet Download Manager\IDMan.exe
() C:\Program Files\Hear\Hear.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Tonec Inc.) C:\Program Files\WWW.HOSTJSC.NET\Internet Download
Manager\IEMonitor.exe
(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Extreme Tuning
Utility\XtuService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Integrated Clock Controller
Service\ICCProxy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft
shared\OFFICE16\OLicenseHeartbeat.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
() C:\Program Files\UCBrowser\Application\7.0.6.1618\UCAgent.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to
default or removed. The file will not be moved.)

HKLM\...\Run: [USBAntivirus.exe] => K:\USBAntivirus\USBAntivirus.exe -Hide


HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [3567928
2017-11-01] (Dropbox, Inc.)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [366904
2015-06-08] (Power Software Ltd)
HKLM\...\Run: [SMΔRT-Protection] => C:\Program Files\Smadav\SMΔRTP.exe [1879152
2017-10-18] (Smadsoft)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft
Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\...\Run: [GUDelayStartup] =>
C:\Program Files\Glary Utilities 5\StartupManager.exe [44024 2017-09-15] (Glarysoft
Ltd)
HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\...\Run: [LAN Messenger] =>
C:\Program Files\LAN Messenger\lmc.exe [1721344 2012-07-25] (LAN Messenger)
HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\...\Run:
[GoogleChromeAutoLaunch_75CE8E47CEABC7FB0E7D9AE4DB654418] => C:\Program
Files\Google\Chrome\Application\chrome.exe [1249624 2017-09-21] (Google Inc.)
HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\...\Run: [IDMan] => C:\Program
Files\WWW.HOSTJSC.NET\Internet Download Manager\IDMan.exe [990720 2009-05-10]
(HOSTJSC Inc.)
HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\...\Policies\Explorer:
[DisallowRun] 1
HKU\S-1-5-21-2304584749-4152625595-3175946977-
1000\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-2304584749-4152625595-3175946977-
1000\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-2304584749-4152625595-3175946977-
1000\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\...\MountPoints2: {618f4497-
8c20-11e6-98b5-d8cb8aca779a} - L:\AutoRun.exe
HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\...\MountPoints2: {618f44a7-
8c20-11e6-98b5-d8cb8aca779a} - L:\AutoRun.exe
HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\...\Winlogon: [Userinit]
C:\Windows\system32\userinit.exe, [26624 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\...\Winlogon: [Shell]
C:\Windows\explorer.exe [2972672 2016-08-29] (Microsoft Corporation) <====
ATTENTION
ShellExecuteHooks: No Name - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hear.lnk
[2017-06-22]
ShortcutTarget: Hear.lnk -> C:\Program Files\Hear\Hear.exe ()
BootExecute: autocheck autochk *
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed


or restored to default.)

Winsock: Catalog9 01 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec


Inc.)
Winsock: Catalog9 02 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
Inc.)
Winsock: Catalog9 03 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
Inc.)
Winsock: Catalog9 04 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
Inc.)
Winsock: Catalog9 05 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
Inc.)
Winsock: Catalog9 06 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
Inc.)
Winsock: Catalog9 07 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
Inc.)
Winsock: Catalog9 08 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
Inc.)
Winsock: Catalog9 09 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
Inc.)
Winsock: Catalog9 10 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
Inc.)
Winsock: Catalog9 11 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
Inc.)
Winsock: Catalog9 12 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
Inc.)
Winsock: Catalog9 13 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
Inc.)
Winsock: Catalog9 14 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
Inc.)
Winsock: Catalog9 15 C:\Windows\system32\SafeIPs.dll [384000 2015-08-03] (SafeIP)
Winsock: Catalog9 16 C:\Windows\system32\SafeIPs.dll [384000 2015-08-03] (SafeIP)
Winsock: Catalog9 17 C:\Windows\system32\SafeIPs.dll [384000 2015-08-03] (SafeIP)
Winsock: Catalog9 18 C:\Windows\system32\SafeIPs.dll [384000 2015-08-03] (SafeIP)
Winsock: Catalog9 65 C:\Windows\system32\SafeIPs.dll [384000 2015-08-03] (SafeIP)
Winsock: Catalog9 66 C:\Windows\system32\idmmbc.dll [210352 2009-03-26] (Tonec
Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{83421816-CBBB-40CE-94AF-89A354B25986}: [NameServer]
192.168.4.28 0.0.0.0
Tcpip\..\Interfaces\{8654584F-3226-4EA2-93C5-606460D803CD}: [DhcpNameServer]
192.168.1.1
Tcpip\..\Interfaces\{8E237335-217E-47D7-B547-CB2486AF8B3B}: [DhcpNameServer]
192.168.42.129
Tcpip\..\Interfaces\{B6C53F1D-3AC1-4545-818E-8A1CFF63FD06}: [DhcpNameServer]
192.168.42.129
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\Software\Microsoft\Internet
Explorer\Main,Start Page Redirect Cache = hxxp://u.msn.com/id-id/?ocid=iehp
HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\Software\Microsoft\Internet
Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?
LinkID=617912&ResetID=131507858514810812&GUID=5153EE78-DA9F-43DC-9099-D77B7BB4C97F
SearchScopes: HKU\S-1-5-21-2304584749-4152625595-3175946977-1000 -> DefaultScope
{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.bing.com/search?
q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2304584749-4152625595-3175946977-1000 -> {015DB5FA-EAFB-
4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?
gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MB649E28F-C582-41E2-8315-
49F11FBE3CEA&SearchSource=58&CUI=&UM=8&UP=SPA86D7CA4-FED8-49E4-9992-
62059B60D632&D=100916&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2304584749-4152625595-3175946977-1000 -> {0633EE93-D776-
472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2304584749-4152625595-3175946977-1000 -> {3BD44F0E-0596-
4008-AEE0-45D47E3A8F0E} URL = hxxp://www.bing.com/search?
q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2304584749-4152625595-3175946977-1000 -> {E6A356F2-D204-
4109-A6E1-08E3149A2535} URL = hxxp://www.bing.com/search?
FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
BHO: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} ->
C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft
Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program
Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program
Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 91j2b335.default-1508815780389
FF ProfilePath: C:\Users\IT DAN
UMUM\AppData\Roaming\Mozilla\Firefox\Profiles\91j2b335.default-1508815780389 [2017-
11-06]
FF HKU\S-1-5-21-2304584749-4152625595-3175946977-1000\...\Firefox\Extensions:
[[email protected]] - C:\Users\IT DAN
UMUM\AppData\Roaming\IDM\idmmzcc3
FF Extension: (IDM CC) - C:\Users\IT DAN UMUM\AppData\Roaming\IDM\idmmzcc3 [2017-
11-01] [not signed]
FF Plugin: @duomi.com/Duomi -> C:\Program Files\DuoMi\npduomi.dll [No File]
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows
Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program
Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program
Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program
Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program
Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program
Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program
Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader
DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative
Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxps://id.yahoo.com/?fr=fpc-
comodo&type=33010001006_10.0.1.6294_i_hp_sp"
CHR Profile: C:\Users\IT DAN UMUM\AppData\Local\Google\Chrome\User Data\Default
[2017-11-06]
CHR Extension: (Slides) - C:\Users\IT DAN UMUM\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\IT DAN UMUM\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\IT DAN
UMUM\AppData\Local\Google\Chrome\User
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-16]
CHR Extension: (YouTube) - C:\Users\IT DAN UMUM\AppData\Local\Google\Chrome\User
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-16]
CHR Extension: (Adobe Acrobat) - C:\Users\IT DAN
UMUM\AppData\Local\Google\Chrome\User
Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-08-16]
CHR Extension: (Panda Safe Web) - C:\Users\IT DAN
UMUM\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fagakgcelolinfnkfgekcnedpaklfcok [2017-10-26]
CHR Extension: (Sheets) - C:\Users\IT DAN UMUM\AppData\Local\Google\Chrome\User
Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (IndoXXI Companion) - C:\Users\IT DAN
UMUM\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ggmhbeannpfkiafgkfobkanlpaccfdki [2017-10-20]
CHR Extension: (Google Docs Offline) - C:\Users\IT DAN
UMUM\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-16]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\IT DAN
UMUM\AppData\Local\Google\Chrome\User
Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2017-10-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\IT DAN
UMUM\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Speedtest by Ookla) - C:\Users\IT DAN
UMUM\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2017-10-20]
CHR Extension: (Search Manager) - C:\Users\IT DAN
UMUM\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2017-08-16]
CHR Extension: (Gmail) - C:\Users\IT DAN UMUM\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-16]
CHR Extension: (Chrome Media Router) - C:\Users\IT DAN
UMUM\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-04]
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] -
hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] -
hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2304584749-4152625595-3175946977-
1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension:
[efaidnbmnnnibpcajpcglclefindmkaj] -
hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2304584749-4152625595-3175946977-
1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension:
[pilplloabdedfmialnfchjomjmpjcoej] -
hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files\Common Files\Adobe\Adobe Desktop


Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems
Incorporated)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
[2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 AIPS; C:\Program Files\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com)
[File not signed]
R2 Canon Driver Information Assist Service; C:\Program Files\Canon\DIAS\CnxDIAS.exe
[3744616 2009-07-31] (CANON INC.)
S4 Coerlasy; C:\Program Files\Qeteward\procaentvlotCollector.dll [276992 2016-10-
08] () [File not signed]
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279144 2015-05-06] (Intel
Corporation)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-17]
(Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-17]
(Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [43336 2017-11-01] (Dropbox, Inc.)
R2 DpHost; C:\Program Files\FPSensor\bin\DpHost.exe [237568 2010-08-02]
(DigitalPersona, Inc.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2166040 2017-10-23]
(ESET)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson
Corporation)
R3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller
Service\ICCProxy.exe [171480 2014-06-24] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [291432 2015-05-
06] (Intel Corporation)
R2 iZHost; C:\Program Files\FPSensor\bin\iZHost.exe [268800 2012-01-13] (ZKSoftware
Inc) [File not signed]
R2 MSI_SuperCharger; C:\Program Files\MSI\Super Charger\ChargeService.exe [163280
2015-05-18] (MSI)
S3 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [724992
2006-10-09] (Nero AG) [File not signed]
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License
Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 qcmtusvc; C:\Program Files\QUALCOMM Incorporated\Qualcomm USB Drivers For
Windows\DriverPackage\Qualcomm\Tools\qcmtusvc.exe [83456 2015-07-09] (QUALCOMM,
Inc.) [File not signed]
R3 SafeIPS; J:\SafeIP\SafeIPs.exe [4606976 2015-08-03] (SafeIP) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
[517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2017-
08-29] (TeamViewer GmbH)
R2 UCBrowserSvc; C:\Program Files\UCBrowser\Application\UCService.exe [627984 2017-
09-25] () <==== ATTENTION
S4 WeatherChiknSrvr; C:\Program Files\WeatherChickn\WeatherChickn.exe [235520 2016-
10-08] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27]
(Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files\Intel\Intel(R) Extreme Tuning
Utility\XtuService.exe [19216 2015-07-07] (Intel(R) Corporation)
S2 Kuaizip Update Checker; C:\Program Files\KuaiZip\X86\kuaizipUpdateChecker.dll
[X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles
%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)

R3 AcpiCtlDrv; C:\Windows\System32\DRIVERS\AcpiCtlDrv.sys [22808 2012-07-17] (Intel


Corporation)
S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus.sys [15744 2014-10-09] (LG
Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23680 2014-10-09] (LG
Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [28416 2014-10-09]
(LG Electronics Inc.)
R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [32896 2011-11-28] (AnvSoft
Inc.) [File not signed]
R1 catchurl; C:\Windows\System32\drivers\catchurl.sys [43776 2017-06-19] () [File
not signed]
S3 cmnxusbser; C:\Windows\System32\DRIVERS\cmnxusbser.sys [130296 2015-11-24]
(Wireless Data Device)
S3 dpK00701; C:\Windows\System32\DRIVERS\dpK00701.sys [46592 2010-08-02]
(DigitalPersona, Inc.)
S3 eagleGet; C:\Windows\System32\Drivers\eagleGet.sys [61240 2015-04-08] (eagleGet)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [206472 2017-10-23] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [156328 2016-06-23] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [156288 2017-10-23] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [141448 2017-10-23] (ESET)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17472 2016-10-10]
(Glarysoft Ltd)
S3 GUMHFilters; C:\Program Files\Glarysoft\Malware
Hunter\Native\winxp_x86\GUMHFilter.sys [38456 2016-11-04] (GlarySoft Ltd)
R1 GUSBootStartup; C:\Windows\System32\drivers\GUSBootStartup.sys [17472 2016-11-
21] (Glarysoft Ltd)
R3 ICCWDT; C:\Windows\System32\DRIVERS\ICCWDT.sys [34616 2015-06-01] (Intel
Corporation)
R2 iocbios2; C:\Program Files\Intel\Intel(R) Extreme Tuning
Utility\Drivers\IocDriver\32bit\iocbios2.sys [28176 2015-05-28] (Intel Corporation)
S3 ipadtst; C:\Program Files\MSI\Super Charger\ipadtst.sys [14960 2013-11-11]
(Windows (R) 2000 DDK provider)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [40936 2013-01-19] ()
S3 KernelMemory; C:\Windows\system32\drivers\KernelMemory.sys [2432 2017-10-23] ()
[File not signed]
R2 KuaiZipDrive2; C:\Windows\system32\drivers\KuaiZipDrive2.sys [68128 2016-10-03]
(WinMount International Inc) <==== ATTENTION
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-01-11] (Intel Corporation)
R2 memudrv; D:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [210376 2016-01-16]
(Microvirt Corporation)
R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [28776 2011-09-14] (NT Kernel
Resources)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35088 2010-06-26] (CACE Technologies,
Inc.)
R3 NTIOLib_1_0_3; C:\Program Files\MSI\Super Charger\NTIOLib.sys [14392 2012-10-26]
(MSI)
S3 p2pfilter; C:\Program Files\p2pover\p2pfilter.sys [4524 2005-05-10] () [File not
signed]
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2012-08-20] ()
S3 qcfilter; C:\Windows\System32\DRIVERS\qcusbfilter.sys [31232 2015-07-09]
(QUALCOMM Incorporated)
S3 qcusbnet; C:\Windows\System32\DRIVERS\qcusbnet.sys [352256 2015-07-09] (QUALCOMM
Incorporated)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [207360 2015-07-09] (QUALCOMM
Incorporated)
R3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [39048 2011-11-07] ()
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114304 2015-06-08] (Power
Software Ltd)
S3 usbdpfp; C:\Windows\System32\DRIVERS\usbdpfp.sys [47104 2010-08-02]
(DigitalPersona, Inc.)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [110208 2016-07-02]
(BigNox Corporation)
R1 XQHDrv; C:\Windows\System32\DRIVERS\XQHDrv.sys [233088 2016-07-02] (BigNox
Corporation)
U0 aswVmm; no ImagePath
S1 cherimoya; system32\drivers\cherimoya.sys [X] <==== ATTENTION
S3 ComputerZ; \??\C:\Program Files\LuDaShi\ComputerZ.sys [X] <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwusb_cdcacm; system32\DRIVERS\ew_cdcacm.sys [X]
S3 hwusb_wwanecm; system32\DRIVERS\ew_wwanecm.sys [X]
S4 mchInjDrv; \??\C:\Windows\system32\Drivers\mchInjDrv.sys [X]
S3 MSICDSetup; \??\K:\CDriver.sys [X]
S3 NTIOLib_1_0_C; \??\K:\NTIOLib.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)

NETSVC: HpSvc -> no filepath.

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-06 08:00 - 2017-11-06 08:00 - 000072516 _____ C:\Users\IT DAN


UMUM\Downloads\Addition.txt
2017-11-06 07:59 - 2017-11-06 08:01 - 000024832 _____ C:\Users\IT DAN
UMUM\Downloads\FRST.txt
2017-11-06 07:58 - 2017-11-06 08:01 - 000000000 ____D C:\FRST
2017-11-06 07:49 - 2017-11-06 07:49 - 001799680 _____ (Farbar) C:\Users\IT DAN
UMUM\Downloads\FRST.exe
2017-11-06 07:47 - 2017-11-06 07:47 - 000000000 ____D
C:\Users\Default\AppData\Local\Google
2017-11-06 07:47 - 2017-11-06 07:47 - 000000000 ____D C:\Users\Default
User\AppData\Local\Google
2017-11-03 09:06 - 2017-11-03 09:06 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-11-03 09:06 - 2017-11-03 09:06 - 000000000 ____D C:\Program Files\Microsoft
Works
2017-11-03 09:06 - 2017-11-03 09:06 - 000000000 ____D C:\Program Files\Microsoft
Visual Studio
2017-11-03 08:30 - 2006-07-24 10:50 - 000047920 _____ (Microsoft Corporation)
C:\Windows\system32\VBAME.DLL
2017-11-03 08:30 - 2006-07-24 10:50 - 000039728 _____ (Microsoft Corporation)
C:\Windows\system32\SCP32.DLL
2017-11-03 08:30 - 1998-03-24 13:44 - 000024848 _____ (Microsoft Corporation)
C:\Windows\system32\VBAEND32.OLB
2017-11-03 08:30 - 1998-03-24 13:44 - 000024848 _____ (Microsoft Corporation)
C:\Windows\system32\VBAEN32.OLB
2017-11-03 07:28 - 2017-11-03 07:28 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-11-01 18:58 - 2017-11-01 18:58 - 000035432 _____ (Dropbox, Inc.)
C:\Windows\system32\Drivers\dbx-dev.sys
2017-11-01 18:58 - 2017-11-01 18:58 - 000035408 _____ (Dropbox, Inc.)
C:\Windows\system32\Drivers\dbx-stable.sys
2017-11-01 18:58 - 2017-11-01 18:58 - 000035408 _____ (Dropbox, Inc.)
C:\Windows\system32\Drivers\dbx-canary.sys
2017-11-01 15:50 - 2017-11-01 15:50 - 000002033 _____
C:\Users\Public\Desktop\Internet Download Manager.lnk
2017-11-01 15:50 - 2017-11-01 15:50 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\www.hostjsc.net
2017-11-01 15:50 - 2009-03-26 22:35 - 000210352 _____ (Tonec Inc.)
C:\Windows\system32\idmmbc.dll
2017-11-01 08:11 - 2017-11-01 08:11 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2017-10-31 14:37 - 2017-10-31 14:37 - 000001123 _____ C:\Users\IT DAN
UMUM\Desktop\File Repair.lnk
2017-10-31 14:37 - 2017-10-31 14:37 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Repair
2017-10-31 14:37 - 2017-10-31 14:37 - 000000000 ____D C:\Program Files\Repair File
2017-10-31 14:04 - 2017-11-01 09:29 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Roaming\8417
2017-10-31 13:46 - 2017-10-31 13:46 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Local\Excel Repair Toolbox
2017-10-31 13:45 - 2017-10-31 13:45 - 000001109 _____ C:\Users\IT DAN
UMUM\Desktop\Excel Repair Toolbox.lnk
2017-10-30 07:27 - 2017-10-30 07:27 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Local\{C1C46F64-CDA0-44F3-B198-D652F918E413}
2017-10-27 11:01 - 2017-11-06 07:47 - 000001966 _____
C:\Users\Public\Desktop\Google Slides.lnk
2017-10-27 11:01 - 2017-11-06 07:47 - 000001964 _____
C:\Users\Public\Desktop\Google Sheets.lnk
2017-10-27 11:01 - 2017-11-06 07:47 - 000001954 _____
C:\Users\Public\Desktop\Google Docs.lnk
2017-10-27 11:01 - 2017-11-06 07:47 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2017-10-27 10:59 - 2017-10-27 10:59 - 001130328 _____ (Google Inc.) C:\Users\IT DAN
UMUM\Downloads\installbackupandsync.exe
2017-10-26 10:35 - 2017-10-26 10:35 - 000000041 _____ C:\Users\IT DAN UMUM\inst.ini
2017-10-26 10:35 - 2017-10-26 10:35 - 000000000 ____D C:\Users\IT DAN
UMUM\Nox_share
2017-10-26 10:34 - 2017-11-03 15:17 - 000000000 ____D C:\Users\IT DAN UMUM\vmlogs
2017-10-26 10:34 - 2017-11-03 15:17 - 000000000 ____D C:\Users\IT DAN UMUM\.BigNox
2017-10-26 10:34 - 2017-10-26 10:34 - 000000970 _____ C:\Users\IT DAN
UMUM\Desktop\Multi-Drive.lnk
2017-10-26 10:34 - 2017-10-26 10:34 - 000000889 _____ C:\Users\IT DAN
UMUM\Desktop\Nox.lnk
2017-10-26 10:34 - 2017-10-26 10:34 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
2017-10-26 10:34 - 2017-10-26 10:34 - 000000000 ____D C:\Program Files\Bignox
2017-10-26 10:34 - 2016-07-02 17:04 - 000110208 _____ (BigNox Corporation)
C:\Windows\system32\Drivers\VBoxUSBMon.sys
2017-10-26 10:33 - 2017-11-03 16:38 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Local\Nox
2017-10-26 10:33 - 2017-10-26 10:33 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Roaming\Nox
2017-10-24 14:11 - 2017-10-27 15:01 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Local\KompasAV
2017-10-24 10:50 - 2017-10-24 10:50 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Roaming\Dropbox
2017-10-24 10:29 - 2017-10-24 10:29 - 000000000 ____D C:\Users\IT DAN
UMUM\Desktop\Old Firefox Data
2017-10-24 10:20 - 2017-10-30 07:16 - 000000000 ____D C:\Program Files\Mozilla
Maintenance Service
2017-10-24 10:20 - 2017-10-24 10:28 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Local\Mozilla
2017-10-24 10:20 - 2017-10-24 10:25 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Roaming\Mozilla
2017-10-24 10:20 - 2017-10-24 10:20 - 000001087 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-10-24 10:20 - 2017-10-24 10:20 - 000001075 _____
C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-10-24 10:01 - 2017-10-24 10:02 - 018133228 _____ C:\Users\IT DAN
UMUM\Downloads\uc-browser-10-10-8-820 (1).apk
2017-10-24 07:31 - 2017-10-24 07:31 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Local\ESET
2017-10-23 16:20 - 2017-10-23 16:20 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-10-23 16:20 - 2017-10-23 16:20 - 000000000 ____D C:\Program Files\ESET
2017-10-23 16:11 - 2017-10-23 16:20 - 000000000 ____D C:\ProgramData\ESET
2017-10-23 14:25 - 2017-10-23 14:26 - 000000000 ____D C:\Program Files\R-Studio
2017-10-23 14:25 - 2017-10-23 14:25 - 000000000 ____D C:\Users\IT DAN
UMUM\Documents\R-TT
2017-10-23 14:25 - 2017-10-23 14:25 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Roaming\R-TT
2017-10-23 14:25 - 2017-10-23 14:25 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R-Studio
2017-10-23 09:33 - 2017-10-23 09:33 - 000002432 _____
C:\Windows\system32\Drivers\KernelMemory.sys
2017-10-23 09:06 - 2017-10-24 07:31 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Roaming\Vito
2017-10-20 14:17 - 2017-10-20 14:19 - 247542951 _____ C:\Users\IT DAN
UMUM\Downloads\[IPEENK] AVGIS17.1.3006 (x86).rar
2017-10-20 14:01 - 2017-10-20 15:32 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Local\AvgSetupLog
2017-10-20 14:01 - 2017-10-20 15:32 - 000000000 ____D C:\ProgramData\Avg
2017-10-20 14:01 - 2017-10-20 14:01 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Local\Avg
2017-10-20 13:52 - 2017-10-20 13:53 - 068742112 _____ (Microsoft Corporation)
C:\Users\IT DAN UMUM\Downloads\NDP471-KB4033342-x86-x64-AllOS-ENU.exe
2017-10-20 13:40 - 2017-11-02 16:35 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Local\CrashDumps
2017-10-18 09:01 - 2017-10-18 09:01 - 001700352 _____ (Microsoft Corporation)
C:\Windows\system32\gdiplus.dll
2017-10-18 08:17 - 2017-10-21 06:48 - 000000000 ____D C:\Program Files\Comodo
2017-10-18 08:17 - 2017-10-18 08:17 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Local\Comodo
2017-10-18 08:10 - 2017-10-18 08:10 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMADAV Antivirus
2017-10-18 07:47 - 2017-10-18 07:47 - 000000118 _____ C:\Windows\system32\
{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-10-17 22:48 - 2017-11-01 18:58 - 000043336 _____ (Dropbox, Inc.)
C:\Windows\system32\DbxSvc.exe
2017-10-17 17:01 - 2017-10-17 17:01 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Local\Ahead
2017-10-17 13:58 - 2017-10-17 14:03 - 000000000 ____D C:\ProgramData\SP_FT_Logs
2017-10-17 13:57 - 2017-10-17 13:57 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Local\Trolltech
2017-10-17 13:56 - 2017-10-17 13:56 - 000000000 ____D C:\Program Files\ClockworkMod
2017-10-12 08:27 - 2017-10-12 08:27 - 000000000 ____D C:\Users\IT DAN
UMUM\Documents\My Palettes
2017-10-11 10:55 - 2017-10-11 10:55 - 124059592 ____C (Microsoft Corporation)
C:\Windows\system32\MRT-KB890830.exe
2017-10-11 07:48 - 2017-09-08 22:10 - 001549824 _____ (Microsoft Corporation)
C:\Windows\system32\tquery.dll
2017-10-11 07:48 - 2017-09-08 21:50 - 002402304 _____ (Microsoft Corporation)
C:\Windows\system32\win32k.sys
2017-10-11 07:48 - 2017-09-08 02:10 - 000499200 _____ (Microsoft Corporation)
C:\Windows\system32\vbscript.dll
2017-10-11 07:48 - 2017-09-08 02:04 - 020267008 _____ (Microsoft Corporation)
C:\Windows\system32\mshtml.dll
2017-10-11 07:48 - 2017-09-08 02:03 - 002292736 _____ (Microsoft Corporation)
C:\Windows\system32\iertutil.dll
2017-10-11 07:48 - 2017-09-08 01:58 - 000663040 _____ (Microsoft Corporation)
C:\Windows\system32\jscript.dll
2017-10-11 07:48 - 2017-09-08 01:29 - 004547072 _____ (Microsoft Corporation)
C:\Windows\system32\jscript9.dll
2017-10-11 07:48 - 2017-09-08 01:17 - 013677568 _____ (Microsoft Corporation)
C:\Windows\system32\ieframe.dll
2017-10-11 07:48 - 2017-09-08 01:01 - 002767872 _____ (Microsoft Corporation)
C:\Windows\system32\wininet.dll
2017-10-11 07:48 - 2017-09-08 00:57 - 001316864 _____ (Microsoft Corporation)
C:\Windows\system32\urlmon.dll
2017-10-11 07:48 - 2017-08-15 00:35 - 000827904 _____ (Microsoft Corporation)
C:\Windows\system32\rdpcore.dll
2017-10-11 07:48 - 2017-08-14 04:36 - 000920064 _____ (Microsoft Corporation)
C:\Windows\system32\rdpcorets.dll
2017-10-11 07:47 - 2017-09-13 22:13 - 004001512 _____ (Microsoft Corporation)
C:\Windows\system32\ntkrnlpa.exe
2017-10-11 07:47 - 2017-09-13 22:13 - 003945704 _____ (Microsoft Corporation)
C:\Windows\system32\ntoskrnl.exe
2017-10-11 07:47 - 2017-09-13 22:13 - 000137960 _____ (Microsoft Corporation)
C:\Windows\system32\Drivers\ksecpkg.sys
2017-10-11 07:47 - 2017-09-13 22:13 - 000067304 _____ (Microsoft Corporation)
C:\Windows\system32\Drivers\ksecdd.sys
2017-10-11 07:47 - 2017-09-13 22:10 - 001310528 _____ (Microsoft Corporation)
C:\Windows\system32\ntdll.dll
2017-10-11 07:47 - 2017-09-13 22:09 - 000830464 _____ (Microsoft Corporation)
C:\Windows\system32\msctf.dll
2017-10-11 07:47 - 2017-09-13 22:09 - 000828928 _____ (Microsoft Corporation)
C:\Windows\system32\wlansvc.dll
2017-10-11 07:47 - 2017-09-13 22:09 - 000655360 _____ (Microsoft Corporation)
C:\Windows\system32\rpcrt4.dll
2017-10-11 07:47 - 2017-09-13 22:09 - 000428032 _____ (Microsoft Corporation)
C:\Windows\system32\wlanmsm.dll
2017-10-11 07:47 - 2017-09-13 22:09 - 000400896 _____ (Microsoft Corporation)
C:\Windows\system32\srcore.dll
2017-10-11 07:47 - 2017-09-13 22:09 - 000392704 _____ (Microsoft Corporation)
C:\Windows\system32\wlansec.dll
2017-10-11 07:47 - 2017-09-13 22:09 - 000261120 _____ (Microsoft Corporation)
C:\Windows\system32\msv1_0.dll
2017-10-11 07:47 - 2017-09-13 22:09 - 000254464 _____ (Microsoft Corporation)
C:\Windows\system32\schannel.dll
2017-10-11 07:47 - 2017-09-13 22:09 - 000223232 _____ (Microsoft Corporation)
C:\Windows\system32\ncrypt.dll
2017-10-11 07:47 - 2017-09-13 22:09 - 000172032 _____ (Microsoft Corporation)
C:\Windows\system32\wdigest.dll
2017-10-11 07:47 - 2017-09-13 22:09 - 000146432 _____ (Microsoft Corporation)
C:\Windows\system32\msaudite.dll
2017-10-11 07:47 - 2017-09-13 22:09 - 000141312 _____ (Microsoft Corporation)
C:\Windows\system32\rpchttp.dll
2017-10-11 07:47 - 2017-09-13 22:09 - 000099840 _____ (Microsoft Corporation)
C:\Windows\system32\sspicli.dll
2017-10-11 07:47 - 2017-09-13 22:09 - 000083968 _____ (Microsoft Corporation)
C:\Windows\system32\wlanhlp.dll
2017-10-11 07:47 - 2017-09-13 22:09 - 000080896 _____ (Microsoft Corporation)
C:\Windows\system32\wlanapi.dll
2017-10-11 07:47 - 2017-09-13 22:09 - 000065536 _____ (Microsoft Corporation)
C:\Windows\system32\TSpkg.dll
2017-10-11 07:47 - 2017-09-13 22:09 - 000060416 _____ (Microsoft Corporation)
C:\Windows\system32\msobjs.dll
2017-10-11 07:47 - 2017-09-13 22:09 - 000050176 _____ (Microsoft Corporation)
C:\Windows\system32\setbcdlocale.dll
2017-10-11 07:47 - 2017-09-13 22:09 - 000043008 _____ (Microsoft Corporation)
C:\Windows\system32\srclient.dll
2017-10-11 07:47 - 2017-09-13 22:09 - 000022016 _____ (Microsoft Corporation)
C:\Windows\system32\secur32.dll
2017-10-11 07:47 - 2017-09-13 22:08 - 001062912 _____ (Microsoft Corporation)
C:\Windows\system32\lsasrv.dll
2017-10-11 07:47 - 2017-09-13 22:08 - 000690688 _____ (Microsoft Corporation)
C:\Windows\system32\adtschema.dll
2017-10-11 07:47 - 2017-09-13 22:08 - 000644096 _____ (Microsoft Corporation)
C:\Windows\system32\advapi32.dll
2017-10-11 07:47 - 2017-09-13 22:08 - 000554496 _____ (Microsoft Corporation)
C:\Windows\system32\kerberos.dll
2017-10-11 07:47 - 2017-09-13 22:08 - 000082432 _____ (Microsoft Corporation)
C:\Windows\system32\bcrypt.dll
2017-10-11 07:47 - 2017-09-13 22:08 - 000050688 _____ (Microsoft Corporation)
C:\Windows\system32\appidapi.dll
2017-10-11 07:47 - 2017-09-13 22:08 - 000038912 _____ (Microsoft Corporation)
C:\Windows\system32\csrsrv.dll
2017-10-11 07:47 - 2017-09-13 22:08 - 000017408 _____ (Microsoft Corporation)
C:\Windows\system32\credssp.dll
2017-10-11 07:47 - 2017-09-13 22:08 - 000006656 _____ (Microsoft Corporation)
C:\Windows\system32\apisetschema.dll
2017-10-11 07:47 - 2017-09-13 21:53 - 000271360 _____ (Microsoft Corporation)
C:\Windows\system32\Drivers\nwifi.sys
2017-10-11 07:47 - 2017-09-13 21:50 - 000097792 _____ (Microsoft Corporation)
C:\Windows\system32\appidpolicyconverter.exe
2017-10-11 07:47 - 2017-09-13 21:50 - 000050688 _____ (Microsoft Corporation)
C:\Windows\system32\Drivers\appid.sys
2017-10-11 07:47 - 2017-09-13 21:50 - 000050176 _____ (Microsoft Corporation)
C:\Windows\system32\auditpol.exe
2017-10-11 07:47 - 2017-09-13 21:50 - 000029696 _____ (Microsoft Corporation)
C:\Windows\system32\appidsvc.dll
2017-10-11 07:47 - 2017-09-13 21:50 - 000016896 _____ (Microsoft Corporation)
C:\Windows\system32\appidcertstorecheck.exe
2017-10-11 07:47 - 2017-09-13 21:48 - 000262656 _____ (Microsoft Corporation)
C:\Windows\system32\rstrui.exe
2017-10-11 07:47 - 2017-09-13 21:46 - 000226304 _____ (Microsoft Corporation)
C:\Windows\system32\Drivers\mrxsmb10.sys
2017-10-11 07:47 - 2017-09-13 21:46 - 000124416 _____ (Microsoft Corporation)
C:\Windows\system32\Drivers\mrxsmb.sys
2017-10-11 07:47 - 2017-09-13 21:46 - 000098304 _____ (Microsoft Corporation)
C:\Windows\system32\Drivers\mrxsmb20.sys
2017-10-11 07:47 - 2017-09-13 21:46 - 000069632 _____ (Microsoft Corporation)
C:\Windows\system32\smss.exe
2017-10-11 07:47 - 2017-09-13 21:46 - 000036352 _____ (Microsoft Corporation)
C:\Windows\system32\cryptbase.dll
2017-10-11 07:47 - 2017-09-13 21:46 - 000022016 _____ (Microsoft Corporation)
C:\Windows\system32\lsass.exe
2017-10-11 07:47 - 2017-09-13 21:46 - 000015872 _____ (Microsoft Corporation)
C:\Windows\system32\sspisrv.dll
2017-10-11 07:47 - 2017-09-09 06:47 - 000347344 _____ (Microsoft Corporation)
C:\Windows\system32\iedkcs32.dll
2017-10-11 07:47 - 2017-09-08 22:14 - 001213672 _____ (Microsoft Corporation)
C:\Windows\system32\Drivers\ntfs.sys
2017-10-11 07:47 - 2017-09-08 22:10 - 001363968 _____ (Microsoft Corporation)
C:\Windows\system32\Query.dll
2017-10-11 07:47 - 2017-09-08 22:10 - 000109568 _____ (Microsoft Corporation)
C:\Windows\system32\t2embed.dll
2017-10-11 07:47 - 2017-09-08 22:09 - 001400320 _____ (Microsoft Corporation)
C:\Windows\system32\mssrch.dll
2017-10-11 07:47 - 2017-09-08 22:09 - 000666624 _____ (Microsoft Corporation)
C:\Windows\system32\mssvp.dll
2017-10-11 07:47 - 2017-09-08 22:09 - 000337408 _____ (Microsoft Corporation)
C:\Windows\system32\mssph.dll
2017-10-11 07:47 - 2017-09-08 22:09 - 000306688 _____ (Microsoft Corporation)
C:\Windows\system32\gdi32.dll
2017-10-11 07:47 - 2017-09-08 22:09 - 000197120 _____ (Microsoft Corporation)
C:\Windows\system32\mssphtb.dll
2017-10-11 07:47 - 2017-09-08 22:09 - 000104448 _____ (Microsoft Corporation)
C:\Windows\system32\mssitlb.dll
2017-10-11 07:47 - 2017-09-08 22:09 - 000059392 _____ (Microsoft Corporation)
C:\Windows\system32\msscntrs.dll
2017-10-11 07:47 - 2017-09-08 22:09 - 000034816 _____ (Microsoft Corporation)
C:\Windows\system32\mssprxy.dll
2017-10-11 07:47 - 2017-09-08 22:00 - 000427520 _____ (Microsoft Corporation)
C:\Windows\system32\SearchIndexer.exe
2017-10-11 07:47 - 2017-09-08 22:00 - 000164352 _____ (Microsoft Corporation)
C:\Windows\system32\SearchProtocolHost.exe
2017-10-11 07:47 - 2017-09-08 21:59 - 000086528 _____ (Microsoft Corporation)
C:\Windows\system32\SearchFilterHost.exe
2017-10-11 07:47 - 2017-09-08 21:59 - 000009728 _____ (Microsoft Corporation)
C:\Windows\system32\msshooks.dll
2017-10-11 07:47 - 2017-09-08 21:20 - 000640512 _____ (Microsoft Corporation)
C:\Windows\system32\mswstr10.dll
2017-10-11 07:47 - 2017-09-08 21:20 - 000345088 _____ (Microsoft Corporation)
C:\Windows\system32\msexcl40.dll
2017-10-11 07:47 - 2017-09-08 21:20 - 000008704 _____ (Microsoft Corporation)
C:\Windows\system32\msjint40.dll
2017-10-11 07:47 - 2017-09-08 02:27 - 002724864 _____ (Microsoft Corporation)
C:\Windows\system32\mshtml.tlb
2017-10-11 07:47 - 2017-09-08 02:26 - 000004096 _____ (Microsoft Corporation)
C:\Windows\system32\ieetwcollectorres.dll
2017-10-11 07:47 - 2017-09-08 02:11 - 000062464 _____ (Microsoft Corporation)
C:\Windows\system32\iesetup.dll
2017-10-11 07:47 - 2017-09-08 02:10 - 000341504 _____ (Microsoft Corporation)
C:\Windows\system32\html.iec
2017-10-11 07:47 - 2017-09-08 02:10 - 000047616 _____ (Microsoft Corporation)
C:\Windows\system32\ieetwproxystub.dll
2017-10-11 07:47 - 2017-09-08 02:09 - 000064000 _____ (Microsoft Corporation)
C:\Windows\system32\MshtmlDac.dll
2017-10-11 07:47 - 2017-09-08 02:03 - 000047104 _____ (Microsoft Corporation)
C:\Windows\system32\jsproxy.dll
2017-10-11 07:47 - 2017-09-08 02:02 - 000030720 _____ (Microsoft Corporation)
C:\Windows\system32\iernonce.dll
2017-10-11 07:47 - 2017-09-08 01:59 - 000476160 _____ (Microsoft Corporation)
C:\Windows\system32\ieui.dll
2017-10-11 07:47 - 2017-09-08 01:58 - 000620032 _____ (Microsoft Corporation)
C:\Windows\system32\jscript9diag.dll
2017-10-11 07:47 - 2017-09-08 01:58 - 000115712 _____ (Microsoft Corporation)
C:\Windows\system32\ieUnatt.exe
2017-10-11 07:47 - 2017-09-08 01:58 - 000104960 _____ (Microsoft Corporation)
C:\Windows\system32\ieetwcollector.exe
2017-10-11 07:47 - 2017-09-08 01:52 - 000667648 _____ (Microsoft Corporation)
C:\Windows\system32\MsSpellCheckingFacility.exe
2017-10-11 07:47 - 2017-09-08 01:49 - 000416256 _____ (Microsoft Corporation)
C:\Windows\system32\dxtmsft.dll
2017-10-11 07:47 - 2017-09-08 01:44 - 000073216 _____ (Microsoft Corporation)
C:\Windows\system32\tdc.ocx
2017-10-11 07:47 - 2017-09-08 01:44 - 000060416 _____ (Microsoft Corporation)
C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-10-11 07:47 - 2017-09-08 01:43 - 000091136 _____ (Microsoft Corporation)
C:\Windows\system32\inseng.dll
2017-10-11 07:47 - 2017-09-08 01:40 - 000168960 _____ (Microsoft Corporation)
C:\Windows\system32\msrating.dll
2017-10-11 07:47 - 2017-09-08 01:39 - 000076288 _____ (Microsoft Corporation)
C:\Windows\system32\mshtmled.dll
2017-10-11 07:47 - 2017-09-08 01:37 - 000279040 _____ (Microsoft Corporation)
C:\Windows\system32\dxtrans.dll
2017-10-11 07:47 - 2017-09-08 01:36 - 000130048 _____ (Microsoft Corporation)
C:\Windows\system32\occache.dll
2017-10-11 07:47 - 2017-09-08 01:29 - 000230400 _____ (Microsoft Corporation)
C:\Windows\system32\webcheck.dll
2017-10-11 07:47 - 2017-09-08 01:26 - 000694784 _____ (Microsoft Corporation)
C:\Windows\system32\msfeeds.dll
2017-10-11 07:47 - 2017-09-08 01:26 - 000690688 _____ (Microsoft Corporation)
C:\Windows\system32\ie4uinit.exe
2017-10-11 07:47 - 2017-09-08 01:25 - 002058752 _____ (Microsoft Corporation)
C:\Windows\system32\inetcpl.cpl
2017-10-11 07:47 - 2017-09-08 01:25 - 001155072 _____ (Microsoft Corporation)
C:\Windows\system32\mshtmlmedia.dll
2017-10-11 07:47 - 2017-09-08 00:57 - 000710144 _____ (Microsoft Corporation)
C:\Windows\system32\ieapfltr.dll
2017-10-11 07:47 - 2017-09-07 22:12 - 002755072 _____ (Microsoft Corporation)
C:\Windows\system32\themeui.dll
2017-10-11 07:47 - 2017-09-07 21:48 - 000313856 _____ (Microsoft Corporation)
C:\Windows\system32\Drivers\srv2.sys
2017-10-11 07:47 - 2017-09-07 21:48 - 000312320 _____ (Microsoft Corporation)
C:\Windows\system32\Drivers\srv.sys
2017-10-11 07:47 - 2017-09-07 21:48 - 000115712 _____ (Microsoft Corporation)
C:\Windows\system32\Drivers\srvnet.sys
2017-10-11 07:47 - 2017-08-19 22:10 - 003209216 _____ (Microsoft Corporation)
C:\Windows\system32\mf.dll
2017-10-11 07:47 - 2017-08-19 22:10 - 000103424 _____ (Microsoft Corporation)
C:\Windows\system32\mfps.dll
2017-10-11 07:47 - 2017-08-19 22:10 - 000002048 _____ (Microsoft Corporation)
C:\Windows\system32\mferror.dll
2017-10-11 07:47 - 2017-08-19 21:57 - 000050176 _____ (Microsoft Corporation)
C:\Windows\system32\rrinstaller.exe
2017-10-11 07:47 - 2017-08-19 21:57 - 000023040 _____ (Microsoft Corporation)
C:\Windows\system32\mfpmp.exe
2017-10-11 07:47 - 2017-08-15 00:35 - 000015872 _____ (Microsoft Corporation)
C:\Windows\system32\icaapi.dll
2017-10-11 07:47 - 2017-08-14 04:36 - 000134656 _____ (Microsoft Corporation)
C:\Windows\system32\rdpudd.dll
2017-10-11 07:47 - 2017-08-14 04:35 - 000031744 _____ (Microsoft Corporation)
C:\Windows\system32\Drivers\tssecsrv.sys
2017-10-11 07:47 - 2017-08-14 04:35 - 000015872 _____ (Microsoft Corporation)
C:\Windows\system32\Drivers\rdpvideominiport.sys
2017-10-10 08:20 - 2017-10-10 08:20 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Local\{0F376500-DFBE-47DE-A1F0-B86761A82BF2}
2017-10-10 08:17 - 2017-10-10 08:20 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Local\UmmyVideoDownloader
2017-10-10 08:17 - 2017-10-10 08:17 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UmmyVideoDownloader

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-06 07:55 - 2016-10-17 10:59 - 000001052 _____


C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-11-06 07:51 - 2009-07-14 11:34 - 000026352 ____H C:\Windows\system32\7B296FB0-
376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-06 07:51 - 2009-07-14 11:34 - 000026352 ____H C:\Windows\system32\7B296FB0-
376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-06 07:49 - 2017-08-16 08:21 - 000000456 _____
C:\Windows\Tasks\UCBrowserUpdater.job
2017-11-06 07:41 - 2010-11-21 04:01 - 000781790 _____
C:\Windows\system32\PerfStringBackup.INI
2017-11-06 07:41 - 2009-07-14 09:37 - 000000000 ____D C:\Windows\inf
2017-11-06 07:39 - 2016-10-07 14:20 - 000000000 ____D C:\Program Files\Glary
Utilities 5
2017-11-06 07:37 - 2017-01-09 21:17 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\LocalLow\Mozilla
2017-11-06 07:36 - 2017-08-16 08:21 - 000000292 _____
C:\Windows\Tasks\UCBrowserUpdaterCore.job
2017-11-06 07:36 - 2017-08-16 08:08 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Roaming\DMCache
2017-11-06 07:36 - 2017-07-26 11:03 - 000000332 _____ C:\Windows\Tasks\Connect.job
2017-11-06 07:36 - 2016-10-03 11:21 - 000000000 __SHD C:\Users\IT DAN
UMUM\IntelGraphicsProfiles
2017-11-06 07:35 - 2016-10-17 10:59 - 000001048 _____
C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-11-06 07:35 - 2016-10-03 10:53 - 000000276 _____
C:\Windows\Tasks\RtlNetworkGenieVistaStart.job
2017-11-06 07:35 - 2009-07-14 11:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-03 15:18 - 2016-10-06 17:21 - 000000000 ____D C:\Users\IT DAN UMUM\.android
2017-11-03 09:12 - 2017-08-16 08:09 - 000941152 _____ C:\Users\IT DAN
UMUM\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-03 09:07 - 2016-10-08 08:31 - 005768888 _____
C:\Windows\system32\FNTCACHE.DAT
2017-11-03 09:06 - 2016-10-03 11:06 - 000000000 ____D C:\Program Files\Common
Files\DESIGNER
2017-11-03 09:06 - 2016-10-03 11:04 - 000000000 ____D C:\Program Files\Microsoft
Office
2017-11-03 09:06 - 2010-11-21 07:46 - 000000000 ____D C:\Windows\ShellNew
2017-11-03 09:06 - 2009-07-14 11:52 - 000000000 ____D C:\Program Files\MSBuild
2017-11-03 09:06 - 2009-07-14 09:37 - 000000000 ____D C:\Program Files\Common
Files\microsoft shared
2017-11-03 08:27 - 2009-07-14 09:37 - 000000000 ____D C:\Program Files\Common
Files\System
2017-11-03 08:27 - 2009-07-14 09:04 - 000000478 _____ C:\Windows\win.ini
2017-11-03 08:25 - 2009-07-14 11:52 - 000000000 ____D C:\Windows\system32\FxsTmp
2017-11-03 07:32 - 2017-08-16 08:09 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Roaming\GlarySoft
2017-11-03 07:28 - 2016-10-17 10:59 - 000000000 ____D C:\Program Files\Dropbox
2017-11-03 07:08 - 2017-05-30 11:45 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker
2017-11-02 16:23 - 2016-10-03 11:01 - 000000000 ____D C:\Users\IT DAN
UMUM\Documents\Received Files
2017-11-01 15:50 - 2016-12-15 17:44 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Roaming\IDM
2017-11-01 15:19 - 2016-10-03 11:00 - 000000000 ____D C:\Program Files\Internet
Download Manager
2017-11-01 11:16 - 2017-07-28 10:56 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arcai.com
2017-11-01 11:11 - 2016-10-07 14:21 - 000001020 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2017-11-01 11:11 - 2016-10-07 14:21 - 000001008 _____ C:\Users\Public\Desktop\Glary
Utilities 5.lnk
2017-11-01 10:48 - 2017-07-28 10:56 - 000000000 ____D C:\Program Files\netcut
2017-11-01 10:48 - 2017-07-10 07:24 - 000000000 __SHD C:\[Smad-Cage]
2017-11-01 08:19 - 2017-08-16 08:10 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Roaming\Hear
2017-11-01 08:11 - 2017-01-03 17:04 - 000000000 ____D C:\Users\IT DAN
UMUM\Downloads\Compressed
2017-11-01 08:11 - 2016-10-03 17:20 - 000000000 ____D C:\Program Files\WinPcap
2017-10-31 13:45 - 2016-11-23 18:13 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel Repair Toolbox
2017-10-31 13:45 - 2016-11-23 18:13 - 000000000 ____D C:\Program Files\Excel Repair
Toolbox
2017-10-30 08:39 - 2017-08-16 08:42 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Roaming\vlc
2017-10-30 07:16 - 2017-05-31 15:55 - 000000000 ____D C:\Program Files\Mozilla
Firefox
2017-10-27 11:01 - 2017-07-07 14:40 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Local\Google
2017-10-27 11:01 - 2016-10-03 10:52 - 000000000 ____D C:\Program Files\Google
2017-10-27 10:44 - 2017-08-16 08:07 - 003791083 ____H C:\Users\IT DAN
UMUM\AppData\Local\IconCache.db.backup
2017-10-26 13:36 - 2017-08-16 08:47 - 000000000 ____D C:\Users\IT DAN
UMUM\.MemuHyperv
2017-10-26 10:35 - 2016-10-03 10:45 - 000000000 ____D C:\Users\IT DAN UMUM
2017-10-26 10:33 - 2009-07-14 09:37 - 000000000 ____D C:\Windows\Registration
2017-10-26 08:30 - 2017-09-13 08:30 - 005250048 _____ (Adobe Systems Incorporated)
C:\Windows\system32\FlashPlayerInstaller.exe
2017-10-26 08:30 - 2016-10-03 14:45 - 000803328 _____ (Adobe Systems Incorporated)
C:\Windows\system32\FlashPlayerApp.exe
2017-10-26 08:30 - 2016-10-03 14:45 - 000144896 _____ (Adobe Systems Incorporated)
C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-10-26 08:30 - 2016-10-03 14:37 - 000000000 ____D C:\Windows\system32\Macromed
2017-10-24 07:33 - 2017-08-29 07:49 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC Browser
2017-10-23 16:41 - 2016-06-23 14:31 - 000206472 _____ (ESET)
C:\Windows\system32\Drivers\eamonm.sys
2017-10-23 16:41 - 2016-06-23 14:31 - 000156288 _____ (ESET)
C:\Windows\system32\Drivers\ehdrv.sys
2017-10-23 16:41 - 2016-06-23 14:31 - 000141448 _____ (ESET)
C:\Windows\system32\Drivers\epfwwfpr.sys
2017-10-23 16:18 - 2016-10-03 11:34 - 000000000 ____D C:\Program Files\SMADAV
2017-10-23 16:15 - 2017-06-19 14:53 - 000000000 ____D C:\ProgramData\Kaspersky Lab
Setup Files
2017-10-20 16:12 - 2017-09-20 11:08 - 000002211 _____ C:\Users\IT DAN
UMUM\Desktop\WhatsApp.lnk
2017-10-20 16:12 - 2017-09-20 11:08 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Roaming\WhatsApp
2017-10-20 16:12 - 2017-09-20 11:08 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-10-20 16:12 - 2017-09-20 11:08 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Local\WhatsApp
2017-10-20 16:11 - 2017-09-20 11:08 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Local\SquirrelTemp
2017-10-20 07:37 - 2016-10-17 11:04 - 000000000 ___RD C:\Users\IT DAN UMUM\Dropbox
2017-10-18 16:37 - 2017-09-19 13:57 - 000000000 ____D C:\Users\IT DAN
UMUM\Desktop\DRIVER MATHERBOARD
2017-10-18 08:56 - 2016-10-03 15:05 - 000000000 ____D C:\Windows\Minidump
2017-10-18 08:18 - 2017-02-01 11:10 - 000000000 ____D C:\Users\IT DAN
UMUM\Desktop\DATA HARIAN 2017
2017-10-18 08:11 - 2017-06-02 09:00 - 000000692 _____
C:\Users\Public\Desktop\SMADΔV.lnk
2017-10-18 08:10 - 2017-08-16 08:09 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Roaming\Smadav
2017-10-18 07:40 - 2017-07-21 07:37 - 000000000 __SHD
C:\Users\Administrator\IntelGraphicsProfiles
2017-10-13 15:04 - 2017-09-26 13:29 - 000000000 ____D C:\Users\IT DAN
UMUM\AppData\Local\Microsoft Help
2017-10-13 07:22 - 2017-03-20 15:20 - 000000000 ____D C:\Program Files\TeamViewer
2017-10-11 12:24 - 2009-07-14 09:37 - 000000000 ____D C:\Windows\rescache
2017-10-11 11:02 - 2016-10-13 10:32 - 000000000 ____D C:\Windows\system32\MRT
2017-10-11 10:55 - 2016-10-13 10:31 - 124059592 ____C (Microsoft Corporation)
C:\Windows\system32\MRT.exe
2017-10-10 08:17 - 2017-08-01 18:31 - 000001218 _____ C:\Users\IT DAN
UMUM\Desktop\UmmyVideoDownloader.lnk

==================== Files in the root of some directories =======

2016-10-04 14:14 - 2016-10-04 14:18 - 000003032 _____ () C:\Program


Files\UpdateCfg.ini
2017-08-23 15:55 - 2017-08-23 15:55 - 000000001 _____ () C:\Users\IT DAN
UMUM\AppData\Local\llftool.4.12.agreement
2017-08-15 15:26 - 2017-08-15 15:26 - 000000057 _____ () C:\ProgramData\Ament.ini
2016-10-03 10:51 - 2016-10-03 10:51 - 000000000 ____H ()
C:\ProgramData\DP45977C.lfl

Some files in TEMP:


====================
2017-11-03 09:13 - 2017-11-03 09:14 - 017080664 _____ () C:\Users\IT DAN
UMUM\AppData\Local\Temp\gusetup4.exe
2017-11-03 09:13 - 2017-11-03 09:14 - 017080664 _____ () C:\Users\IT DAN
UMUM\AppData\Local\Temp\gusetup5.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed


C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-30 13:59

==================== End of FRST.txt ============================

You might also like