Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

weird russian ad keep following me around and redirect me to porn site


  • This topic is locked This topic is locked
25 replies to this topic

#1 leira8198

leira8198

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 05 December 2014 - 01:31 PM

I already post this in Am i infected? What do i do ? in another forum the other seem to have the same problem with me and Boopme suggest to do this

 

this is my original post link

http://www.bleepingcomputer.com/forums/t/558762/weird-russian-ad-keep-following-me-around-and-redirect-me-to-porn-site/

 

this is the link that Boopme suggest what to do

http://www.bleepingcomputer.com/forums/t/558631/russian-pop-up-virus/

 



BC AdBot (Login to Remove)

 


#2 leira8198

leira8198
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 05 December 2014 - 01:32 PM

Sorry i did something wrong on copy process

 

this is a RSIT, DDS is unable to run

 

Logfile of random's system information tool 1.10 (written by random/random)
Run by acer-pc at 2014-12-06 01:57:39
Microsoft Windows 8.1 Pro
System drive C: has 119 GB (80%) free of 150 GB
Total RAM: 3905 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:57:40, on 6/12/2557
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17037)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\ThaiSoftware Enterprise\ThaiSoftware Dictionary\Bin\MagicLnk.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
C:\Users\acer-pc\Downloads\Programs\SecurityCheck.exe
C:\Program Files\trend micro\acer-pc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.th/?gws_rd=cr,ssl&ei=PYSBVITvHcLnuQT3gYLACw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://kickme.to/iLLUSiON
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [MagicLinker3] C:\Program Files (x86)\ThaiSoftware Enterprise\ThaiSoftware Dictionary\Bin\MagicLnk.exe
O4 - HKLM\..\Run: [PowerDVD12DMREngine] "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe"
O4 - HKLM\..\Run: [PowerDVD12Agent] "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
O8 - Extra context menu item: ดาวน์โหลดด้วย IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: ดาวน์โหลดลิงก์ทั้งหมดด้วย IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: ส่&งไปยัง OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: ส่งไปยัง OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ส่&งไปยัง OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: CLHNServiceForPowerDVD12 - CyberLink Corp. - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: บริการ ข่าวอัพเดต Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: บริการ ข่าวอัพเดต Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12253 bytes

======Listing Processes======





wininit.exe

winlogon.exe

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\igfxCUIService.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\HitmanPro\hmpsched.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe"
taskhostex.exe
"C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
ClassicStartMenu.exe -startup

"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

igfxEM.exe
igfxHK.exe
igfxTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe"
"C:\Program Files\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe"
"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /onboot
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
"C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe"
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe"
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe" -Embedding
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe"
"C:\Program Files (x86)\ThaiSoftware Enterprise\ThaiSoftware Dictionary\Bin\MagicLnk.exe"
"C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe"
"C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
"C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3576.195c8860.876549258 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 3576 "\\.\pipe\gecko-crash-server-pipe.3576" plugin
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe" --proxy-stub-channel=Flash4680.6C965E00.14970 --host-broker-channel=Flash4680.6C965E00.31488 --host-pid=4680 --host-npapi-version=27 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_15_0_0_239.dll"
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe" --channel=4016.00BBF33C.1228697670 --proxy-stub-channel=Flash4680.6C965E00.14970 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_15_0_0_239.dll" --host-npapi-version=27 --type=renderer

"C:\Users\acer-pc\Downloads\Programs\SecurityCheck.exe"
taskhost.exe $(Arg0)
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\acer-pc\Downloads\Programs\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe  
C:\Windows\tasks\AutoKMS.job - C:\Windows\AutoKMS\AutoKMS.exe  /Application
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\acer-pc\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.239 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.239 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2012-12-19 393688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20 803520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2011-02-12 6718864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20 483520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2012-12-19 360408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20 683200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25 340384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20 440512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25 340384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25 340384]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20 683200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-21 13650648]
"ACPW07EN"=C:\Program Files\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe [2013-09-25 1739080]
"Classic Start Menu"=C:\Program Files\Classic Shell\ClassicStartMenu.exe [2014-04-20 161984]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [2013-12-24 133760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IDMan"=C:\Program Files (x86)\Internet Download Manager\IDMan.exe [2014-12-05 3541008]
"AdobeBridge"= []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files (x86)\Winamp\Winampa.exe [2003-04-02 12288]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]
""= []
"Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [2010-10-25 36760]
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2010-10-25 821144]
"MagicLinker3"=C:\Program Files (x86)\ThaiSoftware Enterprise\ThaiSoftware Dictionary\Bin\MagicLnk.exe [2001-05-11 131072]
"PowerDVD12DMREngine"=C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [2012-01-02 501544]
"PowerDVD12Agent"=C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [2012-01-12 371256]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [2013-12-24 133760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2011-02-12 6718864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"midi4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-12-06 06:51:18 ----D---- C:\Windows\Panther
2014-12-06 01:36:20 ----A---- C:\mal.txt
2014-12-06 01:15:01 ----D---- C:\rsit
2014-12-06 01:15:01 ----D---- C:\Program Files\trend micro
2014-12-06 00:49:01 ----A---- C:\Windows\KMSEmulator.exe
2014-12-05 21:46:01 ----D---- C:\EEK
2014-12-05 21:32:57 ----A---- C:\Windows\system32\drivers\TrueSight.sys
2014-12-05 21:32:55 ----D---- C:\ProgramData\RogueKiller
2014-12-05 21:27:57 ----D---- C:\Program Files\HitmanPro
2014-12-05 21:27:36 ----D---- C:\ProgramData\HitmanPro
2014-12-05 21:13:51 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-12-05 21:13:35 ----D---- C:\ProgramData\Malwarebytes
2014-12-05 21:13:35 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-05 21:13:35 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-12-05 21:13:35 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-12-05 21:13:35 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-12-05 17:22:52 ----D---- C:\Windows\AutoKMS
2014-12-05 17:21:19 ----D---- C:\Program Files (x86)\Reference Assemblies
2014-12-05 17:21:16 ----D---- C:\Program Files\Reference Assemblies
2014-12-05 17:21:16 ----D---- C:\Program Files\MSBuild
2014-12-05 17:19:46 ----A---- C:\Windows\SYSWOW64\TsWpfWrp.exe
2014-12-05 17:19:46 ----A---- C:\Windows\SYSWOW64\PresentationNative_v0300.dll
2014-12-05 17:19:46 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-12-05 17:19:46 ----A---- C:\Windows\system32\TsWpfWrp.exe
2014-12-05 17:19:46 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2014-12-05 17:19:46 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-12-05 17:14:16 ----N---- C:\Windows\system32\MpSigStub.exe
2014-12-05 17:10:34 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-12-05 17:08:24 ----D---- C:\Program Files (x86)\Google
2014-12-05 17:06:12 ----D---- C:\Windows\system32\logs
2014-12-05 17:05:49 ----A---- C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-12-05 17:03:12 ----D---- C:\ProgramData\ALM
2014-12-05 17:02:21 ----D---- C:\Program Files\Adobe
2014-12-05 17:01:16 ----D---- C:\Program Files\Common Files\Adobe
2014-12-05 16:59:43 ----D---- C:\Users\acer-pc\AppData\Roaming\Macromedia
2014-12-05 16:59:03 ----D---- C:\Users\acer-pc\AppData\Roaming\ClassicShell
2014-12-05 16:56:23 ----D---- C:\Program Files\Common Files\DESIGNER
2014-12-05 16:56:02 ----D---- C:\Program Files (x86)\MSBuild
2014-12-05 16:55:56 ----D---- C:\Windows\PCHEALTH
2014-12-05 16:55:56 ----D---- C:\Program Files\Microsoft Sync Framework
2014-12-05 16:55:13 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2014-12-05 16:55:01 ----D---- C:\Program Files\Microsoft Analysis Services
2014-12-05 16:55:01 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2014-12-05 16:54:54 ----D---- C:\Program Files (x86)\Microsoft Office
2014-12-05 16:54:53 ----D---- C:\ProgramData\Microsoft Help
2014-12-05 16:54:53 ----D---- C:\Program Files\Microsoft Office
2014-12-05 16:54:52 ----D---- C:\ProgramData\ClassicShell
2014-12-05 16:54:48 ----RHD---- C:\MSOCache
2014-12-05 16:53:01 ----D---- C:\Program Files\Classic Shell
2014-12-05 16:51:41 ----D---- C:\Users\acer-pc\AppData\Roaming\Ahead
2014-12-05 16:51:37 ----D---- C:\ProgramData\Ahead
2014-12-05 16:51:32 ----D---- C:\Program Files\TAP-Windows
2014-12-05 16:51:28 ----D---- C:\Program Files\KMSpico
2014-12-05 16:50:55 ----D---- C:\ProgramData\Nero
2014-12-05 16:50:55 ----D---- C:\Program Files (x86)\Nero
2014-12-05 16:50:09 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2014-12-05 16:50:08 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2014-12-05 16:49:50 ----D---- C:\The KMPlayer
2014-12-05 16:49:35 ----D---- C:\Program Files\CCleaner
2014-12-05 16:49:00 ----D---- C:\Program Files (x86)\PhotoScape
2014-12-05 16:48:52 ----D---- C:\Program Files (x86)\Naver
2014-12-05 16:48:27 ----D---- C:\Users\acer-pc\AppData\Roaming\Mozilla
2014-12-05 16:48:23 ----D---- C:\Users\acer-pc\AppData\Roaming\vlc
2014-12-05 16:48:21 ----D---- C:\ProgramData\Mozilla
2014-12-05 16:48:21 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-05 16:48:17 ----D---- C:\Program Files (x86)\FreeTime
2014-12-05 16:48:02 ----D---- C:\Program Files\Defraggler
2014-12-05 16:47:33 ----D---- C:\Program Files\Unlocker
2014-12-05 16:47:25 ----D---- C:\Program Files\VideoLAN
2014-12-05 16:47:14 ----D---- C:\Program Files\WinRAR
2014-12-05 16:45:34 ----D---- C:\ProgramData\PDVD
2014-12-05 16:45:32 ----D---- C:\Users\acer-pc\AppData\Roaming\CyberLink
2014-12-05 16:45:25 ----D---- C:\ProgramData\CyberLink
2014-12-05 16:45:19 ----D---- C:\Users\acer-pc\AppData\Roaming\IDM
2014-12-05 16:45:19 ----D---- C:\Users\acer-pc\AppData\Roaming\DMCache
2014-12-05 16:45:16 ----D---- C:\Program Files (x86)\Internet Download Manager
2014-12-05 16:44:22 ----D---- C:\Program Files (x86)\CyberLink
2014-12-05 16:43:28 ----A---- C:\Windows\Thsdict.ini
2014-12-05 16:43:25 ----N---- C:\Windows\SYSWOW64\vbar332.dll
2014-12-05 16:43:25 ----N---- C:\Windows\SYSWOW64\msxbse35.dll
2014-12-05 16:43:25 ----N---- C:\Windows\SYSWOW64\mstext35.dll
2014-12-05 16:43:25 ----N---- C:\Windows\SYSWOW64\msrepl35.dll
2014-12-05 16:43:25 ----N---- C:\Windows\SYSWOW64\msrd2x35.dll
2014-12-05 16:43:25 ----N---- C:\Windows\SYSWOW64\Msrd2x32.dll
2014-12-05 16:43:25 ----N---- C:\Windows\SYSWOW64\mspdox35.dll
2014-12-05 16:43:25 ----N---- C:\Windows\SYSWOW64\msltus35.dll
2014-12-05 16:43:25 ----N---- C:\Windows\SYSWOW64\msjter35.dll
2014-12-05 16:43:25 ----N---- C:\Windows\SYSWOW64\Msjint35.dll
2014-12-05 16:43:25 ----N---- C:\Windows\SYSWOW64\msjet35.dll
2014-12-05 16:43:25 ----N---- C:\Windows\SYSWOW64\msexcl35.dll
2014-12-05 16:43:22 ----D---- C:\Program Files (x86)\ThaiSoftware Enterprise
2014-12-05 16:43:07 ----A---- C:\Windows\IsUninst.exe
2014-12-05 16:42:39 ----A---- C:\Windows\winamp.ini
2014-12-05 16:42:38 ----D---- C:\Program Files (x86)\Winamp
2014-12-05 16:42:32 ----D---- C:\ProgramData\Temp
2014-12-05 16:42:31 ----D---- C:\ProgramData\install_clap
2014-12-05 16:42:16 ----D---- C:\ProgramData\Adobe
2014-12-05 16:42:16 ----D---- C:\Program Files (x86)\Adobe
2014-12-05 16:41:52 ----D---- C:\Users\acer-pc\AppData\Roaming\ACD Systems
2014-12-05 16:41:04 ----D---- C:\ProgramData\ACD Systems
2014-12-05 16:41:02 ----D---- C:\Program Files\Common Files\ACD Systems
2014-12-05 16:41:02 ----D---- C:\Program Files\ACD Systems
2014-12-05 16:36:13 ----D---- C:\ProgramData\Atheros
2014-12-05 16:36:12 ----D---- C:\Users\acer-pc\AppData\Roaming\Atheros
2014-12-05 16:35:38 ----A---- C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-12-05 16:35:38 ----A---- C:\Windows\system32\{86F549EB-A66B-4D6C-958D-CDDD66410751}.bat
2014-12-05 16:30:13 ----D---- C:\ProgramData\Acer
2014-12-05 16:30:12 ----D---- C:\Windows\oem
2014-12-05 16:30:11 ----D---- C:\Program Files (x86)\Acer
2014-12-05 16:29:40 ----A---- C:\Windows\system32\RtNicProp64.dll
2014-12-05 16:29:40 ----A---- C:\Windows\system32\drivers\RtkIOAC60.sys
2014-12-05 16:29:40 ----A---- C:\Windows\system32\drivers\Rt630x64.sys
2014-12-05 16:29:25 ----D---- C:\Windows\SYSWOW64\RTCOM
2014-12-05 16:29:25 ----D---- C:\Program Files\Realtek
2014-12-05 16:29:11 ----A---- C:\Windows\system32\WavesGUILib64.dll
2014-12-05 16:29:11 ----A---- C:\Windows\system32\tossaeapo64.dll
2014-12-05 16:29:11 ----A---- C:\Windows\system32\toseaeapo64.dll
2014-12-05 16:29:10 ----A---- C:\Windows\system32\tosasfapo64.dll
2014-12-05 16:29:10 ----A---- C:\Windows\system32\tosade.dll
2014-12-05 16:29:10 ----A---- C:\Windows\system32\tepeqapo64.dll
2014-12-05 16:29:10 ----A---- C:\Windows\system32\tadefxapo264.dll
2014-12-05 16:29:10 ----A---- C:\Windows\system32\tadefxapo.dll
2014-12-05 16:29:10 ----A---- C:\Windows\system32\SRSWOW64.dll
2014-12-05 16:29:10 ----A---- C:\Windows\system32\SRSTSX64.dll
2014-12-05 16:29:10 ----A---- C:\Windows\system32\SRSTSH64.dll
2014-12-05 16:29:10 ----A---- C:\Windows\system32\SRSHP64.dll
2014-12-05 16:29:10 ----A---- C:\Windows\system32\sltech64.dll
2014-12-05 16:29:10 ----A---- C:\Windows\system32\slprp64.dll
2014-12-05 16:29:10 ----A---- C:\Windows\system32\slcnt64.dll
2014-12-05 16:29:09 ----A---- C:\Windows\SYSWOW64\SFCOM.dll
2014-12-05 16:29:09 ----A---- C:\Windows\system32\sl3apo64.dll
2014-12-05 16:29:09 ----A---- C:\Windows\system32\SFSS_APO.dll
2014-12-05 16:29:09 ----A---- C:\Windows\system32\SFNHK64.dll
2014-12-05 16:29:09 ----A---- C:\Windows\system32\SFCOM64.dll
2014-12-05 16:29:09 ----A---- C:\Windows\system32\SFAPO64.dll
2014-12-05 16:29:09 ----A---- C:\Windows\system32\RtPgEx64.dll
2014-12-05 16:29:09 ----A---- C:\Windows\system32\RtlCPAPI64.dll
2014-12-05 16:29:09 ----A---- C:\Windows\system32\drivers\rtvienna.dat
2014-12-05 16:29:08 ----A---- C:\Windows\system32\RTKSMSettingsIPC.dll
2014-12-05 16:29:08 ----A---- C:\Windows\system32\RTKSMlfx.dll
2014-12-05 16:29:08 ----A---- C:\Windows\system32\RtkCoLDR64.dll
2014-12-05 16:29:08 ----A---- C:\Windows\system32\RtkCfg64.dll
2014-12-05 16:29:08 ----A---- C:\Windows\system32\RtkAPO64.dll
2014-12-05 16:29:08 ----A---- C:\Windows\system32\RtkApi64.dll
2014-12-05 16:29:08 ----A---- C:\Windows\system32\RTEEP64A.dll
2014-12-05 16:29:08 ----A---- C:\Windows\system32\RTEEL64A.dll
2014-12-05 16:29:08 ----A---- C:\Windows\system32\RTEEG64A.dll
2014-12-05 16:29:08 ----A---- C:\Windows\system32\RTEED64A.dll
2014-12-05 16:29:08 ----A---- C:\Windows\system32\RtDataProc64.dll
2014-12-05 16:29:08 ----A---- C:\Windows\system32\drivers\RTKVHD64.sys
2014-12-05 16:29:07 ----A---- C:\Windows\system32\RTCOM64.dll
2014-12-05 16:29:07 ----A---- C:\Windows\system32\RP3DHT64.dll
2014-12-05 16:29:07 ----A---- C:\Windows\system32\RP3DAA64.dll
2014-12-05 16:29:07 ----A---- C:\Windows\system32\RCoRes64.dat
2014-12-05 16:29:07 ----A---- C:\Windows\system32\RCoInstII64.dll
2014-12-05 16:29:07 ----A---- C:\Windows\system32\R4EEP64A.dll
2014-12-05 16:29:07 ----A---- C:\Windows\system32\R4EEL64A.dll
2014-12-05 16:29:07 ----A---- C:\Windows\system32\R4EEG64A.dll
2014-12-05 16:29:07 ----A---- C:\Windows\system32\R4EED64A.dll
2014-12-05 16:29:07 ----A---- C:\Windows\system32\R4EEA64A.dll
2014-12-05 16:29:07 ----A---- C:\Windows\system32\MISS_APO.dll
2014-12-05 16:29:07 ----A---- C:\Windows\system32\drivers\RTAIODAT.DAT
2014-12-05 16:29:06 ----A---- C:\Windows\system32\MaxxVolumeSDAPO.dll
2014-12-05 16:29:06 ----A---- C:\Windows\system32\MaxxVoiceAPO2064.dll
2014-12-05 16:29:06 ----A---- C:\Windows\system32\MaxxSpeechAPO64.dll
2014-12-05 16:29:06 ----A---- C:\Windows\system32\MaxxAudioVnN64.dll
2014-12-05 16:29:06 ----A---- C:\Windows\system32\MaxxAudioVnA64.dll
2014-12-05 16:29:06 ----A---- C:\Windows\system32\MaxxAudioRealtek64.dll
2014-12-05 16:29:05 ----A---- C:\Windows\system32\MaxxAudioRealtek264.dll
2014-12-05 16:29:05 ----A---- C:\Windows\system32\MaxxAudioEQ64.dll
2014-12-05 16:29:05 ----A---- C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-12-05 16:29:05 ----A---- C:\Windows\system32\MaxxAudioAPO5064.dll
2014-12-05 16:29:05 ----A---- C:\Windows\system32\MaxxAudioAPO4064.dll
2014-12-05 16:29:05 ----A---- C:\Windows\system32\MaxxAudioAPO30.dll
2014-12-05 16:29:05 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2014-12-05 16:29:05 ----A---- C:\Windows\system32\KAAPORT64.dll
2014-12-05 16:29:04 ----A---- C:\Windows\system32\FMAPO64.dll
2014-12-05 16:29:03 ----A---- C:\Windows\system32\DTSVoiceClarityDLL64.dll
2014-12-05 16:29:03 ----A---- C:\Windows\system32\DTSU2PREC64.dll
2014-12-05 16:29:03 ----A---- C:\Windows\system32\DTSU2PLFX64.dll
2014-12-05 16:29:03 ----A---- C:\Windows\system32\DTSU2PGFX64.dll
2014-12-05 16:29:03 ----A---- C:\Windows\system32\DTSSymmetryDLL64.dll
2014-12-05 16:29:03 ----A---- C:\Windows\system32\DTSS2SpeakerDLL64.dll
2014-12-05 16:29:03 ----A---- C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2014-12-05 16:29:03 ----A---- C:\Windows\system32\DTSNeoPCDLL64.dll
2014-12-05 16:29:03 ----A---- C:\Windows\system32\DTSLimiterDLL64.dll
2014-12-05 16:29:03 ----A---- C:\Windows\system32\DTSLFXAPO64.dll
2014-12-05 16:29:03 ----A---- C:\Windows\system32\DTSGFXAPONS64.dll
2014-12-05 16:29:03 ----A---- C:\Windows\system32\DTSGFXAPO64.dll
2014-12-05 16:29:03 ----A---- C:\Windows\system32\DTSGainCompensatorDLL64.dll
2014-12-05 16:29:03 ----A---- C:\Windows\system32\DTSBoostDLL64.dll
2014-12-05 16:29:03 ----A---- C:\Windows\system32\DTSBassEnhancementDLL64.dll
2014-12-05 16:29:03 ----A---- C:\Windows\system32\DDPP64A.dll
2014-12-05 16:29:03 ----A---- C:\Windows\system32\DDPO64A.dll
2014-12-05 16:29:03 ----A---- C:\Windows\system32\DDPD64A.dll
2014-12-05 16:29:03 ----A---- C:\Windows\system32\DDPA64.dll
2014-12-05 16:29:02 ----HD---- C:\Program Files (x86)\Temp
2014-12-05 16:29:02 ----A---- C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-12-05 16:29:02 ----A---- C:\Windows\system32\audioLibVc.dll
2014-12-05 16:29:02 ----A---- C:\Windows\system32\AERTAR64.dll
2014-12-05 16:29:02 ----A---- C:\Windows\system32\AERTAC64.dll
2014-12-05 16:29:02 ----A---- C:\Windows\system32\AcpiServiceVnA64.dll
2014-12-05 16:29:01 ----A---- C:\Windows\RtlExUpd.dll
2014-12-05 16:28:30 ----A---- C:\Windows\system32\drivers\IntelMEFWVer.dll
2014-12-05 16:28:27 ----D---- C:\ProgramData\Intel
2014-12-05 16:28:06 ----A---- C:\Windows\system32\WdfCoInstaller01011.dll
2014-12-05 16:28:06 ----A---- C:\Windows\system32\drivers\TeeDriverx64.sys
2014-12-05 16:25:12 ----D---- C:\Program Files\Common Files\QCA_Bluetooth
2014-12-05 16:24:48 ----D---- C:\Program Files (x86)\Qualcomm Atheros
2014-12-05 16:24:48 ----A---- C:\Windows\system32\drivers\athwbx.sys
2014-12-05 16:24:13 ----D---- C:\ProgramData\Qualcomm Atheros
2014-12-05 16:24:08 ----A---- C:\Windows\LiteOn_AddOn.txt
2014-12-05 16:24:00 ----A---- C:\Windows\SYSWOW64\OpenCL.DLL
2014-12-05 16:24:00 ----A---- C:\Windows\system32\OpenCL.DLL
2014-12-05 16:23:54 ----D---- C:\Program Files\Intel
2014-12-05 16:23:15 ----A---- C:\Windows\SYSWOW64\Intel_OpenCL_ICD32.dll
2014-12-05 16:23:15 ----A---- C:\Windows\system32\MetroIntelGenericUIFramework.dll
2014-12-05 16:23:15 ----A---- C:\Windows\system32\IntelWiDiWinNextAgent64.dll
2014-12-05 16:23:15 ----A---- C:\Windows\system32\IntelWiDiVAD64.exe
2014-12-05 16:23:15 ----A---- C:\Windows\system32\IntelWiDiUtils64.dll
2014-12-05 16:23:15 ----A---- C:\Windows\system32\IntelWiDiUMS64.exe
2014-12-05 16:23:15 ----A---- C:\Windows\system32\IntelWiDiSilenceFilter64.dll
2014-12-05 16:23:15 ----A---- C:\Windows\system32\IntelWiDiSecureSourceFilter64.dll
2014-12-05 16:23:15 ----A---- C:\Windows\system32\Intel_OpenCL_ICD64.dll
2014-12-05 16:23:14 ----A---- C:\Windows\SYSWOW64\IntelOpenCL32.dll
2014-12-05 16:23:14 ----A---- C:\Windows\SYSWOW64\IntelCpHeciSvc.exe
2014-12-05 16:23:14 ----A---- C:\Windows\SYSWOW64\iglhsip32.dll
2014-12-05 16:23:14 ----A---- C:\Windows\SYSWOW64\iglhcp32.dll
2014-12-05 16:23:14 ----A---- C:\Windows\SYSWOW64\igfxexps32.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\IntelWiDiMux64.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\IntelWiDiMCUMD64.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\IntelWiDiLogServer64.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\IntelWiDiDDEAgent64.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\IntelWiDiAudioFilter64.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\IntelWiDiAAC64.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\IntelOpenCL64.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\iglhsip64.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\iglhcp64.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\igfxTray.exe
2014-12-05 16:23:14 ----A---- C:\Windows\system32\igfxOSP.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\igfxLHMLibv2_0.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\igfxLHMLib.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\igfxLHM.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\igfxHK.exe
2014-12-05 16:23:14 ----A---- C:\Windows\system32\igfxext.exe
2014-12-05 16:23:14 ----A---- C:\Windows\system32\igfxexps.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\igfxEMLibv2_0.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\igfxEMLib.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\igfxEM.exe
2014-12-05 16:23:14 ----A---- C:\Windows\system32\igfxDTCM.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\igfxDILibv2_0.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\igfxDILib.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\igfxDI.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\igfxDHLibv2_0.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\igfxDHLib.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\igfxDH.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\igfxCUIServicePS.dll
2014-12-05 16:23:14 ----A---- C:\Windows\system32\igfxCoIn_v3496.dll
2014-12-05 16:23:13 ----A---- C:\Windows\SYSWOW64\igfxcmrt32.dll
2014-12-05 16:23:13 ----A---- C:\Windows\SYSWOW64\igfxcmjit32.dll
2014-12-05 16:23:13 ----A---- C:\Windows\SYSWOW64\igfx11cmrt32.dll
2014-12-05 16:23:13 ----A---- C:\Windows\SYSWOW64\igdusc32.dll
2014-12-05 16:23:13 ----A---- C:\Windows\system32\igfxCUIService.exe
2014-12-05 16:23:13 ----A---- C:\Windows\system32\igfxcmrt64.dll
2014-12-05 16:23:13 ----A---- C:\Windows\system32\igfxcmjit64.dll
2014-12-05 16:23:13 ----A---- C:\Windows\system32\igfx11cmrt64.dll
2014-12-05 16:23:13 ----A---- C:\Windows\system32\igdusc64.dll
2014-12-05 16:23:13 ----A---- C:\Windows\system32\igdumdim64.dll
2014-12-05 16:23:12 ----A---- C:\Windows\SYSWOW64\igdumdim32.dll
2014-12-05 16:23:12 ----A---- C:\Windows\SYSWOW64\igdrcl32.dll
2014-12-05 16:23:12 ----A---- C:\Windows\SYSWOW64\igdmd32.dll
2014-12-05 16:23:12 ----A---- C:\Windows\system32\igdrcl64.dll
2014-12-05 16:23:12 ----A---- C:\Windows\system32\igdmd64.dll
2014-12-05 16:23:12 ----A---- C:\Windows\system32\drivers\igdkmd64.sys
2014-12-05 16:23:11 ----A---- C:\Windows\SYSWOW64\igdfcl32.dll
2014-12-05 16:23:11 ----A---- C:\Windows\SYSWOW64\igdde32.dll
2014-12-05 16:23:11 ----A---- C:\Windows\SYSWOW64\igdbcl32.dll
2014-12-05 16:23:11 ----A---- C:\Windows\SYSWOW64\igdail32.dll
2014-12-05 16:23:11 ----A---- C:\Windows\system32\igdfcl64.dll
2014-12-05 16:23:11 ----A---- C:\Windows\system32\igdde64.dll
2014-12-05 16:23:11 ----A---- C:\Windows\system32\igdbcl64.dll
2014-12-05 16:23:11 ----A---- C:\Windows\system32\igdail64.dll
2014-12-05 16:23:10 ----A---- C:\Windows\SYSWOW64\igd10iumd32.dll
2014-12-05 16:23:10 ----A---- C:\Windows\system32\igd10iumd64.dll
2014-12-05 16:23:09 ----A---- C:\Windows\system32\ig75icd64.dll
2014-12-05 16:23:08 ----A---- C:\Windows\SYSWOW64\ig75icd32.dll
2014-12-05 16:23:08 ----A---- C:\Windows\system32\IccLibDll_x64.dll
2014-12-05 16:23:07 ----A---- C:\Windows\system32\Gfxv4_0.exe
2014-12-05 16:23:07 ----A---- C:\Windows\system32\Gfxv2_0.exe
2014-12-05 16:23:07 ----A---- C:\Windows\system32\GfxUIEx.exe
2014-12-05 16:23:07 ----A---- C:\Windows\system32\drivers\IntcDAud.sys
2014-12-05 16:23:07 ----A---- C:\Windows\system32\DPTopologyAppv2_0.exe
2014-12-05 16:23:07 ----A---- C:\Windows\system32\DPTopologyApp.exe
2014-12-05 16:23:07 ----A---- C:\Windows\system32\difx64.exe
2014-12-05 16:23:07 ----A---- C:\Windows\system32\CustomModeAppv2_0.exe
2014-12-05 16:23:07 ----A---- C:\Windows\system32\CustomModeApp.exe
2014-12-05 16:23:03 ----D---- C:\Windows\SYSWOW64\sda
2014-12-05 16:22:53 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-12-05 16:22:53 ----D---- C:\Program Files (x86)\Realtek
2014-12-05 16:22:53 ----A---- C:\Windows\SYSWOW64\RtsUVStoricon.dll
2014-12-05 16:22:53 ----A---- C:\Windows\system32\drivers\RtsUVStor.sys
2014-12-05 16:22:53 ----A---- C:\Windows\system32\drivers\RtsUStor.sys
2014-12-05 16:22:52 ----A---- C:\Windows\Realtek_CardReader.txt
2014-12-05 16:22:17 ----D---- C:\Program Files (x86)\Intel
2014-12-05 16:22:17 ----A---- C:\Windows\SYSWOW64\CSVer.dll
2014-12-05 16:21:57 ----D---- C:\Intel
2014-12-05 16:19:12 ----D---- C:\Users\acer-pc\AppData\Roaming\Adobe
2014-12-05 16:18:57 ----SD---- C:\Users\acer-pc\AppData\Roaming\Microsoft
2014-12-05 16:18:56 ----D---- C:\Windows\CSC
2014-12-05 16:18:50 ----D---- C:\Windows\SoftwareDistribution
2014-12-05 15:53:44 ----ASH---- C:\hiberfil.sys
2014-12-05 15:52:20 ----D---- C:\Windows\Prefetch
2014-12-05 15:51:57 ----ASH---- C:\swapfile.sys
2014-12-05 15:51:57 ----ASH---- C:\pagefile.sys
2014-12-05 15:51:56 ----SHD---- C:\System Volume Information

======List of files/folders modified in the last 1 month======

2014-12-06 01:15:01 ----RD---- C:\Program Files
2014-12-06 01:00:00 ----D---- C:\Windows\system32\sru
2014-12-06 00:52:54 ----RD---- C:\Windows\System32
2014-12-06 00:52:54 ----D---- C:\Windows\Inf
2014-12-06 00:52:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-12-06 00:52:41 ----D---- C:\Windows\Tasks
2014-12-06 00:51:42 ----D---- C:\Windows\system32\drivers
2014-12-06 00:51:08 ----D---- C:\Windows\Temp
2014-12-06 00:50:22 ----D---- C:\Windows\system32\wdi
2014-12-06 00:49:01 ----D---- C:\Windows
2014-12-05 22:45:58 ----D---- C:\Windows\system32\Tasks
2014-12-05 21:32:55 ----HD---- C:\ProgramData
2014-12-05 21:22:15 ----RD---- C:\Windows\DesktopTileResources
2014-12-05 21:13:35 ----RD---- C:\Program Files (x86)
2014-12-05 19:17:27 ----D---- C:\Windows\system32\config
2014-12-05 19:16:58 ----SD---- C:\ProgramData\Microsoft
2014-12-05 19:16:11 ----SHD---- C:\Windows\Installer
2014-12-05 19:15:51 ----D---- C:\Windows\SysWOW64
2014-12-05 17:21:38 ----D---- C:\Windows\Microsoft.NET
2014-12-05 17:21:38 ----D---- C:\Windows\CbsTemp
2014-12-05 17:21:37 ----D---- C:\Windows\WinSxS
2014-12-05 17:21:16 ----RSD---- C:\Windows\Fonts
2014-12-05 17:21:16 ----D---- C:\Windows\SYSWOW64\en-US
2014-12-05 17:21:16 ----D---- C:\Windows\system32\en-US
2014-12-05 17:15:46 ----D---- C:\Windows\system32\drivers\UMDF
2014-12-05 17:01:48 ----D---- C:\Program Files (x86)\Common Files
2014-12-05 17:01:16 ----D---- C:\Program Files\Common Files
2014-12-05 16:58:35 ----A---- C:\Windows\win.ini
2014-12-05 16:58:02 ----RD---- C:\Windows\assembly
2014-12-05 16:56:24 ----D---- C:\Windows\ShellNew
2014-12-05 16:56:23 ----D---- C:\Program Files\Common Files\microsoft shared
2014-12-05 16:55:56 ----D---- C:\Program Files (x86)\Microsoft.NET
2014-12-05 16:55:05 ----D---- C:\Program Files\Common Files\System
2014-12-05 16:52:36 ----D---- C:\Windows\system32\DriverStore
2014-12-05 16:29:01 ----D---- C:\Windows\Logs
2014-12-05 16:28:10 ----D---- C:\Windows\system32\catroot
2014-12-05 16:25:07 ----D---- C:\Windows\AppReadiness
2014-12-05 16:22:54 ----D---- C:\Windows\system32\restore
2014-12-05 16:19:49 ----HD---- C:\Program Files\WindowsApps
2014-12-05 16:19:36 ----SHD---- C:\$Recycle.Bin
2014-12-05 16:18:56 ----RD---- C:\Users
2014-12-05 15:54:00 ----D---- C:\Windows\debug
2014-12-05 15:53:06 ----D---- C:\Windows\system32\Recovery

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2013-08-22 71680]
R2 IDMWFP;IDMWFP; C:\Windows\system32\DRIVERS\idmwfp.sys [2012-11-22 165112]
R2 ntk_PowerDVD12;ntk_PowerDVD12; \??\C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2011-10-27 82928]
R2 RtkIOAC60;@oem22.inf,%NDISPROT_Desc%;Realtek IOAC Protocol Driver; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [2013-07-19 29912]
R3 AthBTPort;@oem15.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2013-12-24 89800]
R3 athr;@oem11.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athwbx.sys [2013-12-12 3881472]
R3 BTATH_A2DP;@oem14.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2013-12-24 338120]
R3 btath_avdt;@oem14.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2013-12-24 116424]
R3 BTATH_BUS;@oem12.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\Windows\System32\drivers\btath_bus.sys [2013-12-24 34384]
R3 BTATH_HCRP;@oem17.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\Windows\System32\drivers\btath_hcrp.sys [2013-12-24 179432]
R3 BTATH_LWFLT;@oem19.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2013-12-24 77464]
R3 BTATH_RCP;@oem21.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\Windows\System32\drivers\btath_rcp.sys [2013-12-24 137928]
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2013-12-24 597192]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2013-08-22 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2014-03-18 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2013-08-22 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2014-03-18 81920]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2014-03-07 3729920]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-08-21 3591000]
R3 iwdbus;@oem10.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\Windows\System32\drivers\iwdbus.sys [2014-03-02 27032]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-11-21 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2014-12-06 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-11-21 64216]
R3 MEIx64;@oem16.inf,%TEE_SvcDesc%;Intel® Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2014-03-18 167424]
R3 RSUSBVSTOR;@oem6.inf,%RSUSBVSTOR.SvcDesc%;RtsUVStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUVStor.sys [2013-12-16 330968]
R3 RTL8168;@oem20.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2013-06-21 816344]
R3 tap0901;@oem25.inf,%DeviceDescription%;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2013-08-22 40664]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2013-08-22 36864]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2014-03-18 1200640]
S3 cleanhlp;cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys [2014-12-05 57024]
S3 intaud_WaveExtensible;@oem9.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2014-03-02 38296]
S3 IntcDAud;@oem7.inf,%IntcDAud.SvcDesc%;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2014-03-07 450520]
S3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2014-03-18 121088]
S3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-08-22 212224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [2013-12-24 318592]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-01-12 87336]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-01-12 75048]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-01-12 296232]
R2 HitmanProScheduler;HitmanPro Scheduler; C:\Program Files\HitmanPro\hmpsched.exe [2014-12-05 127752]
R2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2014-03-11 282096]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-21 1871160]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-21 969016]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 gupdate;บริการ ข่าวอัพเดต Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-05 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-05 267440]
S3 cphs;Intel® Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2014-03-11 279024]
S3 gupdatem;บริการ ข่าวอัพเดต Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-05 116648]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 51727736]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-05 114800]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

-----------------EOF-----------------
 


Edited by leira8198, 05 December 2014 - 02:03 PM.


#3 leira8198

leira8198
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 05 December 2014 - 01:52 PM

i dont know what is thid log cam from but i will post it here also

 

info.txt logfile of random's system information tool 1.10 2014-12-06 01:15:12

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A1E869A7400008020210007BE122C0008000000F00A0000BE132C07FEFFFF00F80A000088441200FEFFFF07FEFFFF00804F1200D8686100FEFFFF27FEFFFF0060B8730008B80055AA

======Uninstall list======

-->C:\Program Files (x86)\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
ACDSee Pro 7 (64-bit)-->MsiExec.exe /I{D2A6EC54-CB46-49E4-A6FC-A9179F9D9D12}
Adobe Acrobat X Pro - English, Fran็ais, Deutsch-->MsiExec.exe /I{AC76BA86-1033-F400-7760-000000000005}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{FE23D063-934D-4829-A0D8-00634CE79B4A}
Adobe Creative Suite 6 Master Collection-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}"
Adobe Flash Player 15 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_239_Plugin.exe -maintain plugin
Adobe Help Manager-->msiexec /qb /x {AF37176A-78CA-545B-34EF-8B6A21514DD1}
Adobe Help Manager-->MsiExec.exe /I{AF37176A-78CA-545B-34EF-8B6A21514DD1}
Adobe Reader XI (11.0.09)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AB0000000001}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Classic Shell-->MsiExec.exe /X{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}
CyberLink PowerDVD 12-->"C:\Program Files (x86)\InstallShield Installation Information\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}\Setup.exe" /z-uninstall
CyberLink PowerDVD 12-->"C:\Program Files (x86)\InstallShield Installation Information\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}\Setup.exe" /z-uninstall
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
FormatFactory 3.3.3.0-->C:\Program Files (x86)\FreeTime\FormatFactory\uninst.exe
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\setup.exe" --uninstall --multi-install --chrome --system-level --verbose-logging
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HitmanPro 3.7-->"C:\Program Files\HitmanPro\HitmanPro.exe" /uninstall
Identity Card-->MsiExec.exe /X{3D9CB654-99AD-4301-89C6-0D12A790767C}
Intel® Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall
Intel® Processor Graphics-->C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe -uninstall
Intel® Trusted Connect Service Client-->MsiExec.exe /I{B5E06417-A4AC-4225-B36E-7E34C91616E7}
Internet Download Manager-->C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
LINE-->C:\Program Files (x86)\Naver\LINE\LineUnInst.exe
Live Updater-->MsiExec.exe /X{EE26E302-876A-48D9-9058-3129E5B99999}
Malwarebytes Anti-Malware version 2.0.4.1028-->"C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" "1054" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1054" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-041E-1000-0000000FF1CE}" "{95DE8727-B83D-4D16-9594-F4AF8D1F6218}" "1054" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1054" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-041E-1000-0000000FF1CE}" "{95DE8727-B83D-4D16-9594-F4AF8D1F6218}" "1054" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1054" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-041E-1000-0000000FF1CE}" "{95DE8727-B83D-4D16-9594-F4AF8D1F6218}" "1054" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1054" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-041E-1000-0000000FF1CE}" "{95DE8727-B83D-4D16-9594-F4AF8D1F6218}" "1054" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1054" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-041E-1000-0000000FF1CE}" "{95DE8727-B83D-4D16-9594-F4AF8D1F6218}" "1054" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1054" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-041E-1000-0000000FF1CE}" "{95DE8727-B83D-4D16-9594-F4AF8D1F6218}" "1054" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-041E-1000-0000000FF1CE}" "{7D416F8F-9947-4E55-8D7B-846AF2AEABF1}" "1054" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-041E-1000-0000000FF1CE}" "{63801793-96D6-4248-BA2C-8CDA970DEA8E}" "1054" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-041E-1000-0000000FF1CE}" "{2342E7E1-06D1-4921-B84C-D37C900554F5}" "1054" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0044-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1054" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0044-041E-1000-0000000FF1CE}" "{95DE8727-B83D-4D16-9594-F4AF8D1F6218}" "1054" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-041E-1000-0000000FF1CE}" "{F2AF35E3-78F5-4A34-BE52-FADB853A491A}" "1054" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1054" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-041E-1000-0000000FF1CE}" "{95DE8727-B83D-4D16-9594-F4AF8D1F6218}" "1054" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00BA-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1054" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00BA-041E-1000-0000000FF1CE}" "{95DE8727-B83D-4D16-9594-F4AF8D1F6218}" "1054" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0117-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1054" "0"
Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-1000-0000000FF1CE}
Microsoft Office Access MUI (Thai) 2010-->MsiExec.exe /X{90140000-0015-041E-1000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-1000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-1000-0000000FF1CE}
Microsoft Office Excel MUI (Thai) 2010-->MsiExec.exe /X{90140000-0016-041E-1000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2010-->MsiExec.exe /X{90140000-00BA-0409-1000-0000000FF1CE}
Microsoft Office Groove MUI (Thai) 2010-->MsiExec.exe /X{90140000-00BA-041E-1000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2010-->MsiExec.exe /X{90140000-0044-0409-1000-0000000FF1CE}
Microsoft Office InfoPath MUI (Thai) 2010-->MsiExec.exe /X{90140000-0044-041E-1000-0000000FF1CE}
Microsoft Office Office 32-bit Components 2010-->MsiExec.exe /X{90140000-0043-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Thai) 2010-->MsiExec.exe /X{90140000-00A1-041E-1000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-1000-0000000FF1CE}
Microsoft Office Outlook MUI (Thai) 2010-->MsiExec.exe /X{90140000-001A-041E-1000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-1000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Thai) 2010-->MsiExec.exe /X{90140000-0018-041E-1000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-1000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-1000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-1000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-1000-0000000FF1CE}
Microsoft Office Proof (Thai) 2010-->MsiExec.exe /X{90140000-001F-041E-1000-0000000FF1CE}
Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-1000-0000000FF1CE}
Microsoft Office Proofing (Thai) 2010-->MsiExec.exe /X{90140000-002C-041E-1000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-1000-0000000FF1CE}
Microsoft Office Publisher MUI (Thai) 2010-->MsiExec.exe /X{90140000-0019-041E-1000-0000000FF1CE}
Microsoft Office Shared 32-bit MUI (English) 2010-->MsiExec.exe /X{90140000-0043-0409-1000-0000000FF1CE}
Microsoft Office Shared 32-bit MUI (Thai) 2010-->MsiExec.exe /X{90140000-0043-041E-1000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (Thai) 2010-->MsiExec.exe /X{90140000-006E-041E-1000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-1000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-1000-0000000FF1CE}
Microsoft Office Word MUI (Thai) 2010-->MsiExec.exe /X{90140000-001B-041E-1000-0000000FF1CE}
Microsoft Project 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-1000-0000000FF1CE}" "{0242505C-4E90-407F-9299-B5B275F50D86}" "1054" "0"
Microsoft Project 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-1000-0000000FF1CE}" "{B51389C8-2890-4633-81D8-47D2A7402274}" "1054" "0"
Microsoft Project 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-1000-0000000FF1CE}" "{1779650B-2E44-4A19-8DF6-3866D645764A}" "1054" "0"
Microsoft Project 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0409-1000-0000000FF1CE}" "{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" "1054" "0"
Microsoft Project 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0409-1000-0000000FF1CE}" "{FCD1C311-8B02-4DBD-BA46-1079C629577E}" "1054" "0"
Microsoft Project 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-1000-0000000FF1CE}" "{516CA4A9-98E6-4F77-A863-CBD8487368E4}" "1054" "0"
Microsoft Project 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0115-0409-1000-0000000FF1CE}" "{516CA4A9-98E6-4F77-A863-CBD8487368E4}" "1054" "0"
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Mozilla Firefox 35.0 (x86 en-US)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
Nero 7 Ultra Edition-->MsiExec.exe /X{847CAE64-4CD2-4B2D-AF00-978FF5431054}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PDF Settings CS6-->MsiExec.exe /I{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}
PhotoScape-->"C:\Program Files (x86)\PhotoScape\uninstall.exe"
Qualcomm Atheros WLAN and Bluetooth Client Installation Program-->"C:\Program Files (x86)\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -runfromtemp -l0x0409  -removeonly
Realtek Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}\setup.exe" -runfromtemp -removeonly
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe"  -removeonly
TAP-Windows 9.9.2-->C:\Program Files\TAP-Windows\Uninstall.exe
ThaiSoftware Dictionary V4.0-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\ThaiSoftware Enterprise\ThaiSoftware Dictionary\Uninst.isu"
The KMPlayer (remove only)-->"C:\The KMPlayer\uninstall.exe"
Unlocker 1.9.2-->C:\Program Files\Unlocker\uninst.exe
VLC media player 2.1.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only)-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
WinRAR 5.10 beta 2 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: acer
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 139
Source Name: Microsoft-Windows-Time-Service
Time Written: 20141205091842.472996-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: acer
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 136
Source Name: Microsoft-Windows-Time-Service
Time Written: 20141205091840.972986-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: WIN-85KGQJVS8LD
Event Code: 7023
Message: The Network List Service service terminated with the following error:
The device is not ready.
Record Number: 45
Source Name: Service Control Manager
Time Written: 20141205085225.444947-000
Event Type: Error
User:

Computer Name: WIN-85KGQJVS8LD
Event Code: 7023
Message: The IP Helper service terminated with the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 39
Source Name: Service Control Manager
Time Written: 20141205085221.851173-000
Event Type: Error
User:

Computer Name: WIN-85KGQJVS8LD
Event Code: 46
Message: Crash dump initialization failed!
Record Number: 16
Source Name: volmgr
Time Written: 20141205085153.802410-000
Event Type: Error
User:

=====Application event log=====

Computer Name: acer
Event Code: 3036
Message: Crawl could not be completed on content source <winrt://{S-1-5-21-3284542498-3779551672-207374659-1001}/>.

Context: Windows Application, SystemIndex Catalog

Details:
    The parameter is incorrect.  (HRESULT : 0x80070057) (0x80070057)

Record Number: 71
Source Name: Microsoft-Windows-Search
Time Written: 20141205092131.000000-000
Event Type: Warning
User:

Computer Name: acer
Event Code: 8198
Message: License Activation (slui.exe) failed with the following error code:
hr=0x8007267C
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=TimerEvent
Record Number: 54
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20141205091951.000000-000
Event Type: Error
User:

Computer Name: acer
Event Code: 8198
Message: License Activation (slui.exe) failed with the following error code:
hr=0x8007267C
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Record Number: 52
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20141205091951.000000-000
Event Type: Error
User:

Computer Name: acer
Event Code: 1534
Message: Profile notification of event Create for component {2c86c843-77ae-4284-9722-27d65366543c} failed, error code is Not implemented
.


Record Number: 43
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20141205091859.004398-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: acer
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 35
Source Name: Microsoft-Windows-Search
Time Written: 20141205091856.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: WIN-85KGQJVS8LD
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
    Security ID:        S-1-5-18
    Account Name:        SYSTEM
    Account Domain:        NT AUTHORITY
    Logon ID:        0x3E7

Privileges:        SeAssignPrimaryTokenPrivilege
            SeTcbPrivilege
            SeSecurityPrivilege
            SeTakeOwnershipPrivilege
            SeLoadDriverPrivilege
            SeBackupPrivilege
            SeRestorePrivilege
            SeDebugPrivilege
            SeAuditPrivilege
            SeSystemEnvironmentPrivilege
            SeImpersonatePrivilege
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141205085211.194817-000
Event Type: Audit Success
User:

Computer Name: WIN-85KGQJVS8LD
Event Code: 4624
Message: An account was successfully logged on.

Subject:
    Security ID:        S-1-5-18
    Account Name:        WIN-85KGQJVS8LD$
    Account Domain:        WORKGROUP
    Logon ID:        0x3E7

Logon Type:            5

Impersonation Level:        Impersonation

New Logon:
    Security ID:        S-1-5-18
    Account Name:        SYSTEM
    Account Domain:        NT AUTHORITY
    Logon ID:        0x3E7
    Logon GUID:        {00000000-0000-0000-0000-000000000000}

Process Information:
    Process ID:        0x208
    Process Name:        C:\Windows\System32\services.exe

Network Information:
    Workstation Name:    
    Source Network Address:    -
    Source Port:        -

Detailed Authentication Information:
    Logon Process:        Advapi  
    Authentication Package:    Negotiate
    Transited Services:    -
    Package Name (NTLM only):    -
    Key Length:        0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
    - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
    - Transited services indicate which intermediate services have participated in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM protocols.
    - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141205085211.194817-000
Event Type: Audit Success
User:

Computer Name: WIN-85KGQJVS8LD
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements:    0
Policy ID:    0x3DCD2
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141205085210.538577-000
Event Type: Audit Success
User:

Computer Name: WIN-85KGQJVS8LD
Event Code: 4624
Message: An account was successfully logged on.

Subject:
    Security ID:        S-1-0-0
    Account Name:        -
    Account Domain:        -
    Logon ID:        0x0

Logon Type:            0

Impersonation Level:        -

New Logon:
    Security ID:        S-1-5-18
    Account Name:        SYSTEM
    Account Domain:        NT AUTHORITY
    Logon ID:        0x3E7
    Logon GUID:        {00000000-0000-0000-0000-000000000000}

Process Information:
    Process ID:        0x4
    Process Name:        

Network Information:
    Workstation Name:    -
    Source Network Address:    -
    Source Port:        -

Detailed Authentication Information:
    Logon Process:        -
    Authentication Package:    -
    Transited Services:    -
    Package Name (NTLM only):    -
    Key Length:        0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
    - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
    - Transited services indicate which intermediate services have participated in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM protocols.
    - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141205085209.903934-000
Event Type: Audit Success
User:

Computer Name: WIN-85KGQJVS8LD
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141205085209.888324-000
Event Type: Audit Success
User:

======Environment variables======

"FP_NO_HOST_CHECK"=NO
"USERNAME"=SYSTEM
"Path"=C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT
"ComSpec"=%SystemRoot%\system32\cmd.exe
"TMP"=%SystemRoot%\TEMP
"OS"=Windows_NT
"windir"=%SystemRoot%
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=3c03

-----------------EOF-----------------
 


Edited by leira8198, 05 December 2014 - 02:06 PM.


#4 leira8198

leira8198
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 05 December 2014 - 02:26 PM

Queen-Evie said i should give as much infomatiion I could so here it goes

 

before i post it here i did followed some advise from another web about redirect site ( It tells you whant to do and no it is not a forum, this is the first time i do asked the promblem)

 

this is the step i followed

 

- first it asked to do Combofix, this i can't do my window not suport the programme

 

- run RKill

 

- then Malwarebytes that it detected a blackdoor.agent

 

- HitmanPro

 

- RogueKiller

 

- Emsisoft Anti-malware



#5 leira8198

leira8198
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 05 December 2014 - 02:31 PM

I can't find log from Rkill but I will try to post history log from other programme

 

this is malwarebytes

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/12/2557
Scan Time: 21:14:26
Logfile: mal.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.05.05
Rootkit Database: v2014.12.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: acer-pc

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323695
Time Elapsed: 5 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Backdoor.Agent, C:\Program Files (x86)\Internet Download Manager\Patch.exe, Quarantined, [de5b9fc0cdaf360023d55dcd6b97aa56],

Physical Sectors: 0
(No malicious items detected)


(end)



#6 leira8198

leira8198
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 05 December 2014 - 02:33 PM

HitmanPro did not have history log this is the new one.

 

HitmanPro 3.7.9.232
www.hitmanpro.com

   Computer name . . . . : ACER
   Windows . . . . . . . : 6.3.0.9600.X64/4
   User name . . . . . . : acer\acer-pc
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (29 days left)

   Scan date . . . . . . : 2014-12-06 02:29:35
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 17s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 14

   Objects scanned . . . : 1,260,850
   Files scanned . . . . : 19,973
   Remnants scanned  . . : 205,794 files / 1,035,083 keys

Suspicious files ____________________________________________________________

   C:\Users\acer-pc\Downloads\Programs\MiniToolBox.exe
      Size . . . . . . . : 401,920 bytes
      Age  . . . . . . . : 0.1 days (2014-12-05 23:06:01)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 520E765E9043243127BE3D7B7210D32E2D1994866DC7A0F57EC05FA480D6D062
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -6.9s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\DD9A48F781FE432135B799543FE0FA36B5C53177
         -6.3s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\FD6037B860360EC7D0768F5694876024D81F503F
         -6.2s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\15A0EDC0D589FEA363948F2F5D52267F1B5BE369
         -6.1s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\ABB898AB73F6059FAF229B0B12D276E8898CC2D7
         -6.1s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\A29ECDC5DE9B0E5F7F807E80F4B91B8E2F32FADB
         -5.9s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\FB4D1C5F36CCD48FF901A47289298D73E648DC38
         -5.8s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\EE5749AA65B97C7399480A2604A0EF530FBBED14
         -5.6s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\98AD08CF520EB769850461AEA5AF485C373969A8
         -5.6s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\11B2FBD3031745CCE81CDFE784E09926D6B2059E
         -5.6s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\E21F0EFF8DF77DFB7F21FA7BCE7F16AF6DF74BA0
         -5.2s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\3F5992F974F4C33BC70AE1E82820C4AB398A1142
         -5.1s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\A9F0F2F2409AA5DB7030E741E600F96AC301B5F8
         -5.0s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\EA98F652F801293635583D460E1558C290AB8706
         -4.9s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\211DACEBCE79BCEA6F149A43AE79CC7C476CB859
         -4.7s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\B940A29B14942B72836F85566870C2B094E5D8CE
         -4.6s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\DA5C7A16B154BD6841981708A734D28C1199D0E2
         -4.6s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\D0238128FA2CB11BB656E46B9D3F234DF3AA631A
         -4.5s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\AADEAC9435E91779471F154EE6ED241B65FF3ED3
         -4.5s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\055C7A2A0B8D54D0A9B54BBCBEFC77220F6C3FAA
         -4.5s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\CE4795FC42A52D0468F702859EBA5690668A3363
         -4.5s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\A01B3C31B9057290C1D7B844149EC45899239D32
         -4.1s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\5BE4E5F0B0076A3B46E0DBBEF33245A70505583F
         -4.0s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\677F1BEF53D738291C79EEB4221A895DE0D958D1
         -3.9s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\022929AAAA494AA6BAA97C0EDF9C1F10E576BF98
         -3.7s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\C22EC029E22CA7F1D700CB06A35C2BD28BC1A701
         -3.5s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\F95FA79D50ABE49D221C12285802862D788CBC1F
         -3.5s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\3AC719020BEA7B2682D84BB7382D8FA679AB5952
         -3.4s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\12E0F3924A90E3D1DD357A7FD2E262CACA87EFB5
         -3.4s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\67DC3B7B715E90AE784C71B418CF15BD12B5F246
         -0.3s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\C5F50AA77FC412872246FDD38306F7753667E1B4
         -0.2s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\24BBD890F69426B2E64065C133669CFE2A30F947
         -0.2s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\D245F0DBBFFE7E074C1518BFB6ECE294918A1751
         -0.2s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\C75CE3E0C3DEE83EDFC3E36B2EE37D40CF56A8BA
          0.0s C:\Users\acer-pc\Downloads\Programs\MiniToolBox.exe
          0.0s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\462880D294799BC5CED950CD8431567E2735751F
          1.1s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\0FAC2350005FE2DC077FCB85FB1C630CF6DB9D4D
          2.0s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\5D8D21A9BF3FFE2760C33E57A93447D0D4710895
          2.4s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\A9DCDABBF32F8C03FA52D52F8211620B3FE00E4F
          2.5s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\B1FC7F8E1C670F9D799047B90A1C12AE2E5A1B63
          2.5s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\CEEAC75EE2FC7FA377F9D44BAF6FCB7B94F49417
          2.5s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\B40DE88CB73E2027BFDE7F41F195F6AC07905049
          2.5s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\3D16A9EBEDDE572147A319D4E1EEB3DF71047020
          3.4s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\A17E5C7369D5BE649B76E6312261C3DE644E95FA
          3.5s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\9D57E25E46C6DEFD9CAFE8E8E13E3F20D3EC1891
          3.5s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\0F989A8DB630F05551ABAED4347F3733123F6372
          4.2s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\F23D724CC2A4ECDD6BF5D833A73C82D6583175D6
          5.1s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\D965B001F438FF8FC8E4277FB45E5728BFCD0328
          5.3s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\E3A90C82096F5D8C4E532CAE45538718AD46160F
          5.3s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\7AA901331A7264AA2C28CBE4E685A879FC84A87C
          5.8s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\1E9AB59536CAECBF46A19DE457606A606FCBE0FD
          6.3s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\DEBB4CFF51EA4CC0BB9E92F7C587B02DD0AC098C
          8.5s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\A443316D689A2EB98795D95005477D171A6F0E1F
          9.5s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\CDBBE68288E58FA4C0D362C1C5A478E11DB1FBC1
          9.6s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\A5D369C7C1042F4467CAC72A68C2A2A399A0E9F1
         38.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CFCE566F-73E9-467A-8723-3B4FD27DFCA4}
         41.6s C:\Windows\Prefetch\MINITOOLBOX.EXE-3215CA62.pf
         51.2s C:\Users\acer-pc\Downloads\Programs\Result.txt
         52.8s C:\Windows\Prefetch\IPCONFIG.EXE-E1E46F7F.pf
         67.5s C:\Windows\Prefetch\NSLOOKUP.EXE-8DBC12C3.pf

   C:\Users\acer-pc\Downloads\Programs\SecurityCheck.exe
      Size . . . . . . . : 852,487 bytes
      Age  . . . . . . . : 0.1 days (2014-12-06 00:34:11)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 8035809DE55E85A6EF38D0FA5426059E1ADB5FD8556A4CE19E99BA84E3CA5FC4
      Parent Name  . . . : C:\Windows\Explorer.EXE
      Running processes  : 5104
      Fuzzy  . . . . . . : 22.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Program is running but currently exposes no human-computer interface (GUI).
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         The file is in use by one or more active processes.
      Forensic Cluster
         -15.8s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\FEA59B1C0255EC0D20BDBDFB7C6A80305205704C
         -15.3s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\2A92B7785861999EC9CEB21C43AD073F82605A58
         -15.3s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\D8043F321B595A2C38F02B865C402FA7C2F59375
         -15.3s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\0779482E724B361EA730BA205D47F9A46F63A5F7
         -14.1s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\B598BA0B751D653C0E62027EF4DF1995576A97C6
         -9.1s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\F22CAB25C48A797B7A28F77376B747D491FDD395
         -8.6s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\BF38F9A869BFE7D8CCC27684B1678177D961A758
         -6.8s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\867C9F4270C7E2875A7B22434F3E032CA23C19F4
         -6.3s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\F1ED635DC1D2B1342A733AF6966C20D7E29619A4
         -5.7s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\8983A0EB6232D0F6B229FED73AA37485DC20EC28
         -4.7s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\CA7398AE87EDD5B9342B1BAA848658E84D803330
          0.0s C:\Users\acer-pc\Downloads\Programs\SecurityCheck.exe
          0.2s C:\Users\acer-pc\AppData\Local\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cache2\entries\1A3C463A6F4F153285CC4D2977E387CC4F573035


Cookies _____________________________________________________________________

   C:\Users\acer-pc\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cookies.sqlite:ads.pubmatic.com
   C:\Users\acer-pc\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cookies.sqlite:advertising.com
   C:\Users\acer-pc\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cookies.sqlite:atdmt.com
   C:\Users\acer-pc\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cookies.sqlite:casalemedia.com
   C:\Users\acer-pc\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cookies.sqlite:doubleclick.net
   C:\Users\acer-pc\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cookies.sqlite:revsci.net
   C:\Users\acer-pc\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cookies.sqlite:richpornvideo.com
   C:\Users\acer-pc\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cookies.sqlite:ru4.com
   C:\Users\acer-pc\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cookies.sqlite:stats.adotube.com
   C:\Users\acer-pc\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cookies.sqlite:tribalfusion.com
   C:\Users\acer-pc\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451\cookies.sqlite:yadro.ru
 

Edited by leira8198, 05 December 2014 - 02:57 PM.


#7 leira8198

leira8198
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 05 December 2014 - 02:40 PM

For Rogue I don't have the old log this is the rescan log

 

RogueKiller V10.0.8.0 (x64) [Nov 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : acer-pc [Administrator]
Mode : Delete -- Date : 12/06/2014  02:41:20

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 94.249.192.104 8.8.8.8 [(Unknown Country?) (XX)]  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 94.249.192.104 8.8.8.8 [(Unknown Country?) (XX)]  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7289136D-2165-45D5-AF57-727181FFE0F3} | DhcpNameServer : 94.249.192.104 8.8.8.8 [(Unknown Country?) (XX)]  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7289136D-2165-45D5-AF57-727181FFE0F3} | DhcpNameServer : 94.249.192.104 8.8.8.8 [(Unknown Country?) (XX)]  -> Replaced ()

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-21M2NA0 ATA Device +++++
--- User ---
[MBR] 59ba4381604db63a40acd0462cc63de9
[BSP] 3a753723d32a3f300702e3d0a82141c1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 149649 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 307200000 | Size: 797979 MB
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1941463040 | Size: 5889 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_12052014_214025.log - RKreport_DEL_12052014_214040.log - RKreport_DEL_12052014_214809.log - RKreport_DEL_12052014_225842.log
RKreport_SCN_12052014_213909.log - RKreport_SCN_12052014_214650.log - RKreport_SCN_12052014_225347.log - RKreport_SCN_12052014_225807.log
RKreport_SCN_12062014_023910.log


Edited by leira8198, 05 December 2014 - 02:46 PM.


#8 leira8198

leira8198
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 05 December 2014 - 03:05 PM

emsisoft have several log i not sure what to post Quarantin Log or Scan Log

 

this is the first scan log

 

Emsisoft Emergency Kit - Version 9.0
Last update: 5/12/2014 21:51:36
User account: acer\acer-pc

Scan settings:

Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    5/12/2014 21:52:32
C:\Windows\KMSEmulator.exe     detected: Riskware.Win32.HackTool (A)
C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Support Files\Contents\Windows\amtlib.dll     detected: Riskware.Win32.CrackTool (A)
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll     detected: Riskware.Win32.CrackTool (A)
C:\Program Files\KMSpico\Service_KMS.exe     detected: Gen:Variant.Kazy.354671 (B)
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Crack.exe     detected: Backdoor.Generic.636036 (B)

Scanned    185861
Found    5

Scan end:    5/12/2014 22:09:36
Scan time:    0:17:04

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Crack.exe    Quarantined Backdoor.Generic.636036 (B)
C:\Program Files\KMSpico\Service_KMS.exe    Quarantined Gen:Variant.Kazy.354671 (B)
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll    Quarantined Riskware.Win32.CrackTool (A)
C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Support Files\Contents\Windows\amtlib.dll    Quarantined Riskware.Win32.CrackTool (A)
C:\Windows\KMSEmulator.exe    Quarantined Riskware.Win32.HackTool (A)

Quarantined    5
 

 

Second scan

 

Emsisoft Emergency Kit - Version 9.0
Last update: 5/12/2014 21:51:36
User account: acer\acer-pc

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    5/12/2014 22:11:15
C:\Users\acer-pc\Internet Download Manager 6.14 Build 2 + Patch\Patch\Patch.exe     detected: Riskware.Win32.Hacktool (A)

Scanned    208495
Found    1

Scan end:    5/12/2014 22:38:36
Scan time:    0:27:21

C:\Users\acer-pc\Internet Download Manager 6.14 Build 2 + Patch\Patch\Patch.exe    Quarantined Riskware.Win32.Hacktool (A)

Quarantined    1

the third
 

Emsisoft Emergency Kit - Version 9.0
Last update: 5/12/2014 21:51:36
User account: acer\acer-pc

Scan settings:

Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    5/12/2014 23:05:12
C:\Windows\KMSEmulator.exe     detected: Riskware.Win32.HackTool (A)

Scanned    185429
Found    1

Scan end:    5/12/2014 23:22:13
Scan time:    0:17:01

C:\Windows\KMSEmulator.exe    Quarantined Riskware.Win32.HackTool (A)

Quarantined    1


 



#9 leira8198

leira8198
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 05 December 2014 - 03:20 PM

MiniToolBox

 

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by acer-pc (administrator) on 06-12-2014 at 03:19:22
Running from "C:\Users\acer-pc\Downloads\Programs"
Microsoft Windows 8.1 Pro  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet (Connected)
Qualcomm Atheros AR5BWB222 Wireless Network Adapter = Wi-Fi (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
TAP-Windows Adapter V9 = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=10.3.0.1 metric=1 publish=Yes
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
add address name="Local Area Connection" address=10.3.0.1 mask=255.255.255.252


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : acer
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-2C-45-00-D3
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : B8-EE-65-AD-81-92
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Qualcomm Atheros AR5BWB222 Wireless Network Adapter
   Physical Address. . . . . . . . . : B8-EE-65-AD-6A-22
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 44-8A-5B-B7-F6-EF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::3156:5ed1:70ef:9f10%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 6 �ѹ�Ҥ� 2557 2:54:30
   Lease Expires . . . . . . . . . . : 9 �ѹ�Ҥ� 2557 2:54:30
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 54823515
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-13-38-C6-44-8A-5B-B7-F6-EF
   DNS Servers . . . . . . . . . . . : 94.249.192.104
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{7289136D-2165-45D5-AF57-727181FFE0F3}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:3c7b:328:3f57:fefd(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3c7b:328:3f57:fefd%10(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 419430400
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-13-38-C6-44-8A-5B-B7-F6-EF
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  94.249.192.104


Pinging google.com [180.180.248.20] with 32 bytes of data:
Reply from 180.180.248.20: bytes=32 time=34ms TTL=57
Reply from 180.180.248.20: bytes=32 time=34ms TTL=57

Ping statistics for 180.180.248.20:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 34ms, Maximum = 34ms, Average = 34ms
Server:  UnKnown
Address:  94.249.192.104


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=269ms TTL=47
Reply from 206.190.36.45: bytes=32 time=270ms TTL=47

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 269ms, Maximum = 270ms, Average = 269ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  8...00 ff 2c 45 00 d3 ......TAP-Windows Adapter V9
  6...b8 ee 65 ad 81 92 ......Bluetooth Device (Personal Area Network)
  4...b8 ee 65 ad 6a 22 ......Qualcomm Atheros AR5BWB222 Wireless Network Adapter
  3...44 8a 5b b7 f6 ef ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
  9...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.2     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.2    276
      192.168.1.2  255.255.255.255         On-link       192.168.1.2    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.2    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.2    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.2    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0         10.3.0.1       1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 10    306 2001::/32                On-link
 10    306 2001:0:9d38:6ab8:3c7b:328:3f57:fefd/128
                                    On-link
  3    276 fe80::/64                On-link
 10    306 fe80::/64                On-link
  3    276 fe80::3156:5ed1:70ef:9f10/128
                                    On-link
 10    306 fe80::3c7b:328:3f57:fefd/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    276 ff00::/8                 On-link
 10    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [51200] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/05/2014 10:58:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.0.5448, time stamp: 0x547d25f8
Faulting module name: mozalloc.dll, version: 35.0.0.5448, time stamp: 0x547d1df4
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x6f8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (12/05/2014 09:48:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.0.5448, time stamp: 0x547d25f8
Faulting module name: mozalloc.dll, version: 35.0.0.5448, time stamp: 0x547d1df4
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x15c8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (12/05/2014 05:06:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: KMSServer.exe, version: 0.0.0.0, time stamp: 0x527e110b
Faulting module name: KMSServer.exe, version: 0.0.0.0, time stamp: 0x527e110b
Exception code: 0xc0000005
Fault offset: 0x00009d90
Faulting process id: 0xc10
Faulting application start time: 0xKMSServer.exe0
Faulting application path: KMSServer.exe1
Faulting module path: KMSServer.exe2
Report Id: KMSServer.exe3
Faulting package full name: KMSServer.exe4
Faulting package-relative application ID: KMSServer.exe5

Error: (12/05/2014 04:52:51 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007267C
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/05/2014 04:52:48 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/05/2014 04:50:20 PM) (Source: MsiInstaller) (User: acer)
Description: ผลิตภัณฑ์: Nero 7 Ultra Edition -- ข้อผิดพลาด 1500. การติดตั้งอื่นยังอยู่ในการดำเนินการ คุณต้องทำการติดตั้งนั้นให้สมบูรณ์ก่อนที่จะทำการติดตั้งนี้ต่อไป

Error: (12/05/2014 04:43:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/05/2014 04:43:23 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/05/2014 04:43:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/05/2014 04:35:51 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007267C
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


System errors:
=============
Error: (12/05/2014 10:48:10 PM) (Source: Service Control Manager) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error:
%%0

Error: (12/05/2014 09:24:46 PM) (Source: Service Control Manager) (User: )
Description: The Service KMSELDI service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/05/2014 07:14:02 PM) (Source: Service Control Manager) (User: )
Description: The Service KMSELDI service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/05/2014 07:12:42 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 17:05:47 on ‎5/‎12/‎2557 was unexpected.

Error: (12/05/2014 07:12:18 PM) (Source: Microsoft-Windows-Kernel-Boot) (User: NT AUTHORITY)
Description: 32212256845566689933772392

Error: (12/05/2014 05:14:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.189.1431.0).

Error: (12/05/2014 05:06:52 PM) (Source: Service Control Manager) (User: )
Description: The Service KMSELDI service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/05/2014 04:45:36 PM) (Source: Service Control Manager) (User: )
Description: The CyberLink PowerDVD 12 Media Server Monitor Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/05/2014 04:45:36 PM) (Source: Service Control Manager) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/05/2014 03:52:25 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service terminated with the following error:
%%21


Microsoft Office Sessions:
=========================
Error: (12/05/2014 10:58:42 PM) (Source: Application Error)(User: )
Description: plugin-container.exe35.0.0.5448547d25f8mozalloc.dll35.0.0.5448547d1df480000003000014256f801d010a303cd923bC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll958964ca-7c97-11e4-8255-b8ee65ad8192

Error: (12/05/2014 09:48:09 PM) (Source: Application Error)(User: )
Description: plugin-container.exe35.0.0.5448547d25f8mozalloc.dll35.0.0.5448547d1df4800000030000142515c801d0109709633fd5C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllba84f5ec-7c8d-11e4-8254-b8ee65ad8192

Error: (12/05/2014 05:06:30 PM) (Source: Application Error)(User: )
Description: KMSServer.exe0.0.0.0527e110bKMSServer.exe0.0.0.0527e110bc000000500009d90c1001d010731e15b4bbC:\Windows\System32\KMSServer.exeC:\Windows\System32\KMSServer.exe617a69b7-7c66-11e4-8252-b8ee65ad8192

Error: (12/05/2014 04:52:51 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007267CRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/05/2014 04:52:48 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/05/2014 04:50:20 PM) (Source: MsiInstaller)(User: acer)
Description: ผลิตภัณฑ์: Nero 7 Ultra Edition -- ข้อผิดพลาด 1500. การติดตั้งอื่นยังอยู่ในการดำเนินการ คุณต้องทำการติดตั้งนั้นให้สมบูรณ์ก่อนที่จะทำการติดตั้งนี้ต่อไป(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/05/2014 04:43:48 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL

Error: (12/05/2014 04:43:23 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Adobe\Acrobat 10.0\Designer 9.0\FileSystemBrowser.dll

Error: (12/05/2014 04:43:21 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Adobe\Acrobat 10.0\Designer 9.0\FormDesigner.exe

Error: (12/05/2014 04:35:51 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007267CRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1



=========================== Installed Programs ============================
ACDSee Pro 7 (64-bit) (HKLM\...\{D2A6EC54-CB46-49E4-A6FC-A9179F9D9D12}) (Version: 7.0.137 - ACD Systems International Inc.)
Adobe Acrobat X Pro - English, Fran็ais, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1312.54 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.1312.54 - CyberLink Corp.) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
FormatFactory 3.3.3.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.3.0 - Format Factory)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel? Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
LINE (HKLM-x32\...\LINE) (Version: 3.5.2.42 - LINE Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Thai) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Thai) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Thai) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Thai) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Thai) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Thai) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Thai) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Thai) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Thai) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Thai) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (Thai) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Thai) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Thai) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Project 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Nero 7 Ultra Edition (HKLM-x32\...\{847CAE64-4CD2-4B2D-AF00-978FF5431054}) (Version: 7.02.9755 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.25 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.3.34 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
ThaiSoftware Dictionary V4.0 (HKLM-x32\...\ThaiSoftware Dictionary V3.0) (Version:  - )
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.8.0.122 - PandoraTV)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Winamp (remove only) (HKLM-x32\...\Winamp) (Version:  - )
WinRAR 5.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)

========================= Memory info: ===================================

Percentage of memory in use: 66%
Total physical RAM: 3905.45 MB
Available physical RAM: 1290.48 MB
Total Pagefile: 5313.45 MB
Available Pagefile: 3018.35 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.28 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:146.14 GB) (Free:116.56 GB) NTFS
2 Drive d: () (Fixed) (Total:779.28 GB) (Free:357.62 GB) NTFS

========================= Users: ========================================

User accounts for \\ACER

acer-pc                  Administrator            Guest                    


**** End of log ****
 



#10 leira8198

leira8198
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 05 December 2014 - 03:28 PM

TDSSKiller found nothing



#11 leira8198

leira8198
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 05 December 2014 - 03:29 PM

AdwCleaner

 

# AdwCleaner v4.104 - Report created 06/12/2014 at 03:30:26
# Updated 05/12/2014 by Xplode
# Database : 2014-12-03.1 [Live]
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : acer-pc - ACER
# Running from : C:\Users\acer-pc\Downloads\Programs\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17037


-\\ Mozilla Firefox v35.0 (x86 en-US)


-\\ Google Chrome v39.0.2171.71


*************************

AdwCleaner[R0].txt - [867 octets] - [06/12/2014 03:26:59]
AdwCleaner[S0].txt - [787 octets] - [06/12/2014 03:30:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [846 octets] ##########
 


Edited by leira8198, 05 December 2014 - 03:37 PM.


#12 leira8198

leira8198
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 05 December 2014 - 03:41 PM

Junkware removal tool

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 Pro x64
Ran by acer-pc on Sat 12/06/2014 at  3:38:32.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/06/2014 at  3:40:25.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#13 leira8198

leira8198
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 05 December 2014 - 04:34 PM

ESET did not creat log but found 2 threat on second scan found nothing



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:30 AM

Posted 10 December 2014 - 10:19 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#15 leira8198

leira8198
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 11 December 2014 - 02:20 PM

Farbar Recovery Scan Tool Log

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 01
Ran by acer-pc (administrator) on ACER on 12-12-2014 02:19:17
Running from C:\Users\acer-pc\Downloads\Programs
Loaded Profile: acer-pc (Available profiles: acer-pc)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ACD Systems) C:\Program Files\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(BitTorrent Inc.) C:\Users\acer-pc\AppData\Roaming\uTorrent\uTorrent.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
() C:\Program Files (x86)\Winamp\winampa.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(ThaiSoftware Enterprise Co., Ltd.) C:\Program Files (x86)\ThaiSoftware Enterprise\ThaiSoftware Dictionary\Bin\MagicLnk.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(m53group) D:\WINLINEZ.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor)
HKLM\...\Run: [ACPW07EN] => C:\Program Files\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe [1739080 2013-09-25] (ACD Systems)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\Winampa.exe [12288 2003-04-02] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [MagicLinker3] => C:\Program Files (x86)\ThaiSoftware Enterprise\ThaiSoftware Dictionary\Bin\MagicLnk.exe [131072 2001-05-11] (ThaiSoftware Enterprise Co., Ltd.)
HKLM-x32\...\Run: [PowerDVD12DMREngine] => C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [501544 2012-01-02] (CyberLink)
HKLM-x32\...\Run: [PowerDVD12Agent] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [371256 2012-01-12] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133760 2013-12-24] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-3284542498-3779551672-207374659-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3541008 2014-12-05] (Tonec Inc.)
HKU\S-1-5-21-3284542498-3779551672-207374659-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3284542498-3779551672-207374659-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-3284542498-3779551672-207374659-1001\...\Run: [uTorrent] => C:\Users\acer-pc\AppData\Roaming\uTorrent\uTorrent.exe [1682512 2014-12-07] (BitTorrent Inc.)
HKU\S-1-5-21-3284542498-3779551672-207374659-1001\...\MountPoints2: {f2c69b3a-7c5b-11e4-824f-806e6f6e6963} - "E:\InstallationAssistant.exe"
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://kickme.to/iLLUSiON
HKU\S-1-5-21-3284542498-3779551672-207374659-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.th/?gws_rd=cr,ssl&ei=PYSBVITvHcLnuQT3gYLACw
HKU\S-1-5-21-3284542498-3779551672-207374659-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/th-th/?ocid=iehp
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 94.249.192.104 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\acer-pc\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q1nmg.default-1417793587451
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-12-05]
FF HKU\S-1-5-21-3284542498-3779551672-207374659-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\acer-pc\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\acer-pc\AppData\Roaming\IDM\idmmzcc5 [2014-12-05]
FF HKU\S-1-5-21-3284542498-3779551672-207374659-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\acer-pc\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR Profile: C:\Users\acer-pc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google สไลด์) - C:\Users\acer-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-05]
CHR Extension: (Google เอกสาร) - C:\Users\acer-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-05]
CHR Extension: (Google ไดรฟ์) - C:\Users\acer-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-05]
CHR Extension: (YouTube) - C:\Users\acer-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-05]
CHR Extension: (ค้นหาโดย Google) - C:\Users\acer-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-05]
CHR Extension: (Google สเปรดชีต) - C:\Users\acer-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-05]
CHR Extension: (IDM Integration) - C:\Users\acer-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm [2014-12-05]
CHR Extension: (Google Wallet) - C:\Users\acer-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-05]
CHR Extension: (Gmail) - C:\Users\acer-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-05]
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2012-12-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows ® Win 7 DDK provider)
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-01-12] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-01-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-01-12] (CyberLink)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-12-05] (SurfRight B.V.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-11] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-12-05] (Emsisoft GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [82928 2011-10-27] (Cyberlink Corp.)
R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-19] (Realtek semiconductor corp)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [146928 2012-01-11] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-11 23:29 - 2014-12-12 02:19 - 00000000 ____D () C:\Users\acer-pc\Desktop\nasdaq
2014-12-11 23:29 - 2014-12-12 02:19 - 00000000 ____D () C:\FRST
2014-12-10 07:23 - 2014-12-10 07:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-09 18:56 - 2014-12-09 18:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\13B90121.sys
2014-12-08 17:47 - 2014-12-08 17:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\185C7E7A.sys
2014-12-07 16:19 - 2014-12-07 16:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\59326D1B.sys
2014-12-07 02:53 - 2014-12-07 02:53 - 00000861 _____ () C:\Users\acer-pc\Desktop\µTorrent.lnk
2014-12-07 02:53 - 2014-12-07 02:53 - 00000000 ____D () C:\ProgramData\APN
2014-12-07 02:52 - 2014-12-12 02:18 - 00000000 ____D () C:\Users\acer-pc\AppData\Roaming\uTorrent
2014-12-06 06:51 - 2014-12-06 04:50 - 00000000 ____D () C:\Windows\Panther
2014-12-06 05:30 - 2014-12-06 05:30 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-06 05:29 - 2014-12-06 05:29 - 00000628 _____ () C:\Users\acer-pc\Desktop\JRT.txt
2014-12-06 05:27 - 2014-12-11 19:04 - 00041663 _____ () C:\Windows\WindowsUpdate.log
2014-12-06 05:26 - 2014-12-06 05:26 - 00000306 _____ () C:\Windows\PFRO.log
2014-12-06 04:52 - 2014-12-06 04:52 - 00002010 _____ () C:\Users\acer-pc\Desktop\Rkill.txt
2014-12-06 04:51 - 2014-12-06 05:30 - 00000000 ____D () C:\Users\acer-pc\Desktop\New folder
2014-12-06 03:38 - 2014-12-06 03:38 - 00000000 ____D () C:\Windows\ERUNT
2014-12-06 03:26 - 2014-12-06 05:25 - 00000000 ____D () C:\AdwCleaner
2014-12-06 03:26 - 2014-12-06 05:23 - 00000110 _____ () C:\AdwCleanerDebug.txt
2014-12-06 02:50 - 2014-12-06 02:50 - 00029918 _____ () C:\Users\acer-pc\Desktop\HitmanPro_20141206_0250.log
2014-12-06 02:48 - 2014-12-06 02:48 - 00000984 _____ () C:\Users\acer-pc\Desktop\Quarantine_141206-024848.txt
2014-12-06 02:45 - 2014-12-06 02:45 - 00002341 _____ () C:\Users\acer-pc\Desktop\RKreport_DEL_12062014_024120.log
2014-12-06 02:44 - 2014-12-06 02:44 - 00002281 _____ () C:\Users\acer-pc\Desktop\RKreport_SCN_12062014_023910.log
2014-12-06 02:31 - 2014-12-06 02:31 - 00029918 _____ () C:\Users\acer-pc\Desktop\HitmanPro_20141206_0231.log
2014-12-06 02:04 - 2014-12-06 02:04 - 00059862 _____ () C:\Users\acer-pc\Desktop\RSIT 2.txt
2014-12-06 01:36 - 2014-12-06 01:36 - 00001137 _____ () C:\mal.txt
2014-12-06 01:33 - 2014-12-06 01:33 - 00028279 _____ () C:\Users\acer-pc\Desktop\RSIT.txt
2014-12-06 01:15 - 2014-12-06 04:51 - 00000000 ____D () C:\Program Files\trend micro
2014-12-06 01:15 - 2014-12-06 01:15 - 00000000 ____D () C:\rsit
2014-12-06 01:12 - 2014-12-06 01:12 - 00688992 _____ (Swearware) C:\Users\acer-pc\Downloads\dds.com
2014-12-05 23:34 - 2014-12-05 23:34 - 00000746 _____ () C:\Users\acer-pc\Desktop\WINLINEZ - Shortcut.lnk
2014-12-05 22:45 - 2014-12-05 22:45 - 00000876 _____ () C:\Windows\system32\.crusader
2014-12-05 21:48 - 2014-12-09 01:24 - 00000000 ____D () C:\Users\acer-pc\AppData\Local\CrashDumps
2014-12-05 21:46 - 2014-12-06 05:06 - 00000000 ____D () C:\EEK
2014-12-05 21:46 - 2014-12-05 21:46 - 00000755 _____ () C:\Users\acer-pc\Desktop\Start Emsisoft Emergency Kit.lnk
2014-12-05 21:32 - 2014-12-06 05:01 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-05 21:32 - 2014-12-05 21:32 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-05 21:27 - 2014-12-05 22:45 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-05 21:27 - 2014-12-05 21:27 - 00001905 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-12-05 21:27 - 2014-12-05 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-12-05 21:27 - 2014-12-05 21:27 - 00000000 ____D () C:\Program Files\HitmanPro
2014-12-05 21:13 - 2014-12-12 02:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-05 21:13 - 2014-12-06 00:17 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-05 21:13 - 2014-12-06 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-05 21:13 - 2014-12-06 00:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-05 21:13 - 2014-12-05 21:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-05 21:13 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-05 21:13 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-05 21:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-05 19:17 - 2014-12-05 19:17 - 00000000 ____D () C:\Users\acer-pc\AppData\Local\Macromedia
2014-12-05 17:22 - 2014-12-06 06:03 - 00000000 ____D () C:\Windows\AutoKMS
2014-12-05 17:22 - 2014-12-05 17:22 - 00000737 _____ () C:\Users\acer-pc\Settings.ini
2014-12-05 17:21 - 2014-12-05 17:21 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-12-05 17:21 - 2014-12-05 17:21 - 00000000 ____D () C:\Program Files\MSBuild
2014-12-05 17:21 - 2014-12-05 17:21 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-12-05 17:19 - 2013-08-03 11:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2014-12-05 17:19 - 2013-08-03 11:48 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-12-05 17:19 - 2013-08-03 11:48 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-12-05 17:19 - 2013-08-03 11:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2014-12-05 17:19 - 2013-08-03 11:41 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-12-05 17:19 - 2013-08-03 11:41 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-12-05 17:15 - 2014-12-05 17:15 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-12-05 17:14 - 2014-10-30 18:25 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-05 17:12 - 2014-12-12 01:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-05 17:12 - 2014-12-10 00:42 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-05 17:11 - 2014-12-05 17:13 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-05 17:11 - 2014-12-05 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-05 17:08 - 2014-12-12 01:22 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-05 17:08 - 2014-12-11 18:30 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-05 17:08 - 2014-12-05 17:17 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-05 17:08 - 2014-12-05 17:17 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-05 17:08 - 2014-12-05 17:11 - 00000000 ____D () C:\Users\acer-pc\AppData\Local\Google
2014-12-05 17:08 - 2014-12-05 17:11 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-05 17:07 - 2014-12-05 17:12 - 00000000 ____D () C:\Users\acer-pc\Documents\CyberLink
2014-12-05 17:06 - 2014-12-05 17:06 - 00000000 ____D () C:\Users\acer-pc\AppData\Local\Ahead
2014-12-05 17:05 - 2014-12-05 17:05 - 00000180 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-12-05 17:04 - 2014-12-05 17:04 - 00001552 _____ () C:\Users\acer-pc\Desktop\Adobe Illustrator CS6 (64 Bit).lnk
2014-12-05 17:04 - 2014-12-05 17:04 - 00001097 _____ () C:\Users\acer-pc\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
2014-12-05 17:04 - 2014-12-05 17:03 - 00001552 _____ () C:\Users\acer-pc\Documents\Adobe Illustrator CS6 (64 Bit).lnk
2014-12-05 17:03 - 2014-12-05 17:03 - 00000000 ____D () C:\ProgramData\ALM
2014-12-05 17:02 - 2014-12-05 17:03 - 00000000 ____D () C:\Program Files\Adobe
2014-12-05 17:01 - 2014-12-05 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2014-12-05 17:01 - 2014-12-05 17:03 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-05 17:01 - 2014-12-05 17:01 - 00001013 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2014-12-05 17:01 - 2014-12-05 17:01 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-12-05 17:01 - 2014-12-05 17:01 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-12-05 16:59 - 2014-12-11 19:09 - 00000000 ____D () C:\Users\acer-pc\AppData\Roaming\ClassicShell
2014-12-05 16:59 - 2014-12-05 16:59 - 00000000 ____D () C:\Users\acer-pc\AppData\Roaming\Macromedia
2014-12-05 16:56 - 2014-12-05 17:21 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-12-05 16:56 - 2014-12-05 16:56 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-12-05 16:56 - 2014-12-05 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-12-05 16:56 - 2014-12-05 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-05 16:56 - 2014-12-05 16:56 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-12-05 16:55 - 2014-12-05 16:55 - 00000000 ____D () C:\Windows\PCHEALTH
2014-12-05 16:55 - 2014-12-05 16:55 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2014-12-05 16:55 - 2014-12-05 16:55 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-12-05 16:55 - 2014-12-05 16:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-12-05 16:55 - 2014-12-05 16:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-12-05 16:54 - 2014-12-07 16:53 - 00000000 ____D () C:\ProgramData\ClassicShell
2014-12-05 16:54 - 2014-12-05 16:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-05 16:54 - 2014-12-05 16:55 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-12-05 16:54 - 2014-12-05 16:54 - 00000000 __RHD () C:\MSOCache
2014-12-05 16:54 - 2014-12-05 16:54 - 00000000 ____D () C:\Users\acer-pc\AppData\Local\Microsoft Help
2014-12-05 16:54 - 2014-12-05 16:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-05 16:54 - 2011-05-23 00:52 - 32495104 _____ () C:\Users\acer-pc\Office 2010 Toolkit.exe
2014-12-05 16:53 - 2014-12-05 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2014-12-05 16:53 - 2014-12-05 16:53 - 00000000 ____D () C:\Program Files\Classic Shell
2014-12-05 16:52 - 2014-12-05 16:52 - 00002722 _____ () C:\Users\Public\Desktop\Nero StartSmart.lnk
2014-12-05 16:52 - 2014-12-05 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition
2014-12-05 16:51 - 2014-12-05 22:46 - 00000000 ____D () C:\Program Files\KMSpico
2014-12-05 16:51 - 2014-12-05 16:52 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-12-05 16:51 - 2014-12-05 16:51 - 00000000 ____D () C:\Users\acer-pc\AppData\Roaming\Ahead
2014-12-05 16:51 - 2014-12-05 16:51 - 00000000 ____D () C:\ProgramData\Ahead
2014-12-05 16:50 - 2014-12-05 19:16 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-05 16:50 - 2014-12-05 16:50 - 00002039 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-12-05 16:50 - 2014-12-05 16:50 - 00000000 ____D () C:\ProgramData\Nero
2014-12-05 16:50 - 2014-12-05 16:50 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-12-05 16:50 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-12-05 16:50 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-12-05 16:49 - 2014-12-05 16:49 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-12-05 16:49 - 2014-12-05 16:49 - 00001079 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2014-12-05 16:49 - 2014-12-05 16:49 - 00001073 _____ () C:\Users\Public\Desktop\LINE.lnk
2014-12-05 16:49 - 2014-12-05 16:49 - 00001043 _____ () C:\Users\acer-pc\Desktop\PhotoScape.lnk
2014-12-05 16:49 - 2014-12-05 16:49 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-05 16:49 - 2014-12-05 16:49 - 00000000 ____D () C:\Users\acer-pc\AppData\Local\Line
2014-12-05 16:49 - 2014-12-05 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2014-12-05 16:49 - 2014-12-05 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2014-12-05 16:49 - 2014-12-05 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-05 16:49 - 2014-12-05 16:49 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-05 16:49 - 2014-12-05 16:49 - 00000000 ____D () C:\Program Files (x86)\PhotoScape
2014-12-05 16:48 - 2014-12-12 02:11 - 00000000 ____D () C:\Users\acer-pc\AppData\Roaming\vlc
2014-12-05 16:48 - 2014-12-10 18:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-05 16:48 - 2014-12-05 20:43 - 00000000 ____D () C:\Program Files\Defraggler
2014-12-05 16:48 - 2014-12-05 16:48 - 00001736 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2014-12-05 16:48 - 2014-12-05 16:48 - 00001214 _____ () C:\Users\acer-pc\Desktop\Format Factory.lnk
2014-12-05 16:48 - 2014-12-05 16:48 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-05 16:48 - 2014-12-05 16:48 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-05 16:48 - 2014-12-05 16:48 - 00000000 ____D () C:\Users\acer-pc\Documents\Freemake
2014-12-05 16:48 - 2014-12-05 16:48 - 00000000 ____D () C:\Users\acer-pc\AppData\Roaming\Mozilla
2014-12-05 16:48 - 2014-12-05 16:48 - 00000000 ____D () C:\Users\acer-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-12-05 16:48 - 2014-12-05 16:48 - 00000000 ____D () C:\Users\acer-pc\AppData\Local\Mozilla
2014-12-05 16:48 - 2014-12-05 16:48 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-05 16:48 - 2014-12-05 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2014-12-05 16:48 - 2014-12-05 16:48 - 00000000 ____D () C:\Program Files (x86)\Naver
2014-12-05 16:48 - 2014-12-05 16:48 - 00000000 ____D () C:\Program Files (x86)\FreeTime
2014-12-05 16:47 - 2014-12-05 16:47 - 00000887 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-05 16:47 - 2014-12-05 16:47 - 00000000 ____D () C:\Users\acer-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-05 16:47 - 2014-12-05 16:47 - 00000000 ____D () C:\Users\acer-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-12-05 16:47 - 2014-12-05 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-05 16:47 - 2014-12-05 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-05 16:47 - 2014-12-05 16:47 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-05 16:47 - 2014-12-05 16:47 - 00000000 ____D () C:\Program Files\VideoLAN
2014-12-05 16:47 - 2014-12-05 16:47 - 00000000 ____D () C:\Program Files\Unlocker
2014-12-05 16:45 - 2014-12-11 22:38 - 00000000 ____D () C:\Users\acer-pc\AppData\Roaming\DMCache
2014-12-05 16:45 - 2014-12-07 16:29 - 00000000 ____D () C:\Users\acer-pc\AppData\Roaming\IDM
2014-12-05 16:45 - 2014-12-05 21:21 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2014-12-05 16:45 - 2014-12-05 17:07 - 00000000 ____D () C:\Users\acer-pc\AppData\Roaming\CyberLink
2014-12-05 16:45 - 2014-12-05 16:45 - 00002204 _____ () C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
2014-12-05 16:45 - 2014-12-05 16:45 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
2014-12-05 16:45 - 2014-12-05 16:45 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-12-05 16:45 - 2014-12-05 16:45 - 00000000 ____D () C:\Users\Public\CyberLink
2014-12-05 16:45 - 2014-12-05 16:45 - 00000000 ____D () C:\Users\acer-pc\Downloads\Video
2014-12-05 16:45 - 2014-12-05 16:45 - 00000000 ____D () C:\Users\acer-pc\Downloads\Compressed
2014-12-05 16:45 - 2014-12-05 16:45 - 00000000 ____D () C:\Users\acer-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-12-05 16:45 - 2014-12-05 16:45 - 00000000 ____D () C:\Users\acer-pc\AppData\Local\MediaServer
2014-12-05 16:45 - 2014-12-05 16:45 - 00000000 ____D () C:\Users\acer-pc\AppData\Local\CyberLink
2014-12-05 16:45 - 2014-12-05 16:45 - 00000000 ____D () C:\ProgramData\PDVD
2014-12-05 16:45 - 2014-12-05 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-12-05 16:45 - 2014-12-05 16:45 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-05 16:44 - 2014-12-05 16:44 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-12-05 16:43 - 2014-12-05 17:12 - 00000000 ____D () C:\Users\acer-pc\AppData\Local\Adobe
2014-12-05 16:43 - 2014-12-05 16:43 - 00002481 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-12-05 16:43 - 2014-12-05 16:43 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2014-12-05 16:43 - 2014-12-05 16:43 - 00002331 _____ () C:\Users\Public\Desktop\ThaiSoftware Dictionary.lnk
2014-12-05 16:43 - 2014-12-05 16:43 - 00002046 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2014-12-05 16:43 - 2014-12-05 16:43 - 00000067 _____ () C:\Windows\Thsdict.ini
2014-12-05 16:43 - 2014-12-05 16:43 - 00000000 ____D () C:\Users\acer-pc\Internet Download Manager 6.14 Build 2 + Patch
2014-12-05 16:43 - 2014-12-05 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThaiSoftware Enterprise
2014-12-05 16:43 - 2014-12-05 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-12-05 16:43 - 2014-12-05 16:43 - 00000000 ____D () C:\Program Files (x86)\ThaiSoftware Enterprise
2014-12-05 16:43 - 2014-09-22 16:24 - 00895120 _____ (Google Inc.) C:\Users\acer-pc\ChromeSetup.exe
2014-12-05 16:43 - 2009-05-18 23:13 - 00139264 _____ (HotAHA!com) C:\Users\acer-pc\CPE17AntiAutorun1405.exe
2014-12-05 16:43 - 2000-05-22 00:00 - 00203976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX
2014-12-05 16:43 - 2000-04-27 15:52 - 00266240 ____N (Microsoft Corporation) C:\Windows\SysWOW64\Msrd2x32.dll
2014-12-05 16:43 - 1998-02-25 19:56 - 00119808 _____ (Dialog-Medien) C:\Windows\SysWOW64\mp3play.ocx
2014-12-05 16:43 - 1997-12-17 18:33 - 00304128 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2014-12-05 16:43 - 1997-08-25 13:55 - 01045776 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msjet35.dll
2014-12-05 16:43 - 1997-08-25 13:55 - 00407312 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msrepl35.dll
2014-12-05 16:43 - 1997-01-13 00:00 - 00037136 ____N (Microsoft Corporation) C:\Windows\SysWOW64\Msjint35.dll
2014-12-05 16:43 - 1996-12-31 13:19 - 00254976 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msexcl35.dll
2014-12-05 16:43 - 1996-12-31 13:19 - 00169984 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msltus35.dll
2014-12-05 16:43 - 1996-12-02 18:44 - 00290816 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msxbse35.dll
2014-12-05 16:43 - 1996-12-02 18:44 - 00253952 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mspdox35.dll
2014-12-05 16:43 - 1996-12-02 18:44 - 00251664 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x35.dll
2014-12-05 16:43 - 1996-12-02 18:44 - 00166912 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mstext35.dll
2014-12-05 16:43 - 1996-12-02 18:44 - 00024336 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msjter35.dll
2014-12-05 16:43 - 1996-11-08 02:48 - 00368912 ____N (Microsoft Corporation) C:\Windows\SysWOW64\vbar332.dll
2014-12-05 16:42 - 2014-12-06 04:50 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-12-05 16:42 - 2014-12-05 19:13 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-05 16:42 - 2014-12-05 17:02 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-05 16:42 - 2014-12-05 16:44 - 00000000 ____D () C:\ProgramData\Temp
2014-12-05 16:42 - 2014-12-05 16:43 - 00000095 _____ () C:\Windows\winamp.ini
2014-12-05 16:42 - 2014-12-05 16:42 - 00000000 ____D () C:\Users\acer-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp
2014-12-05 16:42 - 2014-12-05 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2014-12-05 16:42 - 2014-12-05 16:42 - 00000000 ____D () C:\ProgramData\install_clap
2014-12-05 16:41 - 2014-12-12 02:10 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A3A8ACC0-0F6A-486B-AE00-6883821F1192}
2014-12-05 16:41 - 2014-12-05 16:42 - 00000000 ____D () C:\Users\acer-pc\AppData\Local\ACD Systems
2014-12-05 16:41 - 2014-12-05 16:41 - 00002231 _____ () C:\Users\Public\Desktop\ACDSee Pro 7 (64-bit).lnk
2014-12-05 16:41 - 2014-12-05 16:41 - 00000000 __SHD () C:\Users\acer-pc\AppData\Local\EmieUserList
2014-12-05 16:41 - 2014-12-05 16:41 - 00000000 __SHD () C:\Users\acer-pc\AppData\Local\EmieSiteList
2014-12-05 16:41 - 2014-12-05 16:41 - 00000000 ____D () C:\Users\acer-pc\AppData\Roaming\ACD Systems
2014-12-05 16:41 - 2014-12-05 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
2014-12-05 16:41 - 2014-12-05 16:41 - 00000000 ____D () C:\ProgramData\ACD Systems
2014-12-05 16:41 - 2014-12-05 16:41 - 00000000 ____D () C:\Program Files\Common Files\ACD Systems
2014-12-05 16:41 - 2014-12-05 16:41 - 00000000 ____D () C:\Program Files\ACD Systems
2014-12-05 16:40 - 2014-12-05 16:40 - 00000000 ____D () C:\Users\acer-pc\AppData\Local\Downloaded Installations
2014-12-05 16:36 - 2014-12-05 16:36 - 00018670 _____ () C:\Windows\system32\results.xml
2014-12-05 16:36 - 2014-12-05 16:36 - 00000000 ____D () C:\Users\acer-pc\AppData\Roaming\Atheros
2014-12-05 16:36 - 2014-12-05 16:36 - 00000000 ____D () C:\Users\acer-pc\AppData\Local\BMExplorer
2014-12-05 16:36 - 2014-12-05 16:36 - 00000000 ____D () C:\ProgramData\Atheros
2014-12-05 16:35 - 2014-12-05 16:35 - 00000451 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-12-05 16:35 - 2014-12-05 16:35 - 00000244 _____ () C:\Windows\system32\{86F549EB-A66B-4D6C-958D-CDDD66410751}.bat
2014-12-05 16:35 - 2014-12-05 16:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-12-05 16:30 - 2014-12-05 16:30 - 00004402 _____ () C:\Windows\System32\Tasks\ALUAgent
2014-12-05 16:30 - 2014-12-05 16:30 - 00003628 _____ () C:\Windows\System32\Tasks\ALU
2014-12-05 16:30 - 2014-12-05 16:30 - 00000000 ____D () C:\Windows\oem
2014-12-05 16:30 - 2014-12-05 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2014-12-05 16:30 - 2014-12-05 16:30 - 00000000 ____D () C:\ProgramData\Acer
2014-12-05 16:30 - 2014-12-05 16:30 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-12-05 16:29 - 2014-12-05 16:29 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-12-05 16:29 - 2014-12-05 16:29 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-05 16:29 - 2014-12-05 16:29 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-12-05 16:29 - 2014-12-05 16:29 - 00000000 ____D () C:\Program Files\Realtek
2014-12-05 16:29 - 2013-08-21 11:50 - 03591000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-12-05 16:29 - 2013-08-20 19:17 - 02809048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-12-05 16:29 - 2013-08-20 19:17 - 02585304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2014-12-05 16:29 - 2013-08-20 17:48 - 00633381 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-12-05 16:29 - 2013-08-20 17:31 - 00148184 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-12-05 16:29 - 2013-08-20 12:51 - 31488000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-12-05 16:29 - 2013-08-20 09:02 - 04848920 _____ (ASUSTeKcomputer.Inc Inc) C:\Windows\system32\RTKSMlfx.dll
2014-12-05 16:29 - 2013-08-16 14:46 - 00818008 _____ (ASUSTeKcomputer.Inc Inc) C:\Windows\system32\RTKSMSettingsIPC.dll
2014-12-05 16:29 - 2013-08-14 15:36 - 01325312 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2014-12-05 16:29 - 2013-08-14 15:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2014-12-05 16:29 - 2013-08-14 15:35 - 01084160 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2014-12-05 16:29 - 2013-08-14 15:35 - 00907008 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2014-12-05 16:29 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2014-12-05 16:29 - 2013-08-13 04:21 - 01019136 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2014-12-05 16:29 - 2013-08-13 04:21 - 00899328 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2014-12-05 16:29 - 2013-08-13 04:21 - 00720128 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2014-12-05 16:29 - 2013-08-13 04:21 - 00244480 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2014-12-05 16:29 - 2013-08-08 18:57 - 02080472 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2014-12-05 16:29 - 2013-08-07 16:41 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-12-05 16:29 - 2013-08-07 16:34 - 00765184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2014-12-05 16:29 - 2013-08-06 08:47 - 00947248 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2014-12-05 16:29 - 2013-08-06 03:56 - 06219096 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2014-12-05 16:29 - 2013-08-06 03:56 - 01908568 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2014-12-05 16:29 - 2013-08-06 03:56 - 00312152 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2014-12-05 16:29 - 2013-08-06 03:56 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2014-12-05 16:29 - 2013-08-05 17:11 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-12-05 16:29 - 2013-08-02 19:16 - 01005784 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-12-05 16:29 - 2013-08-01 09:59 - 05694760 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2014-12-05 16:29 - 2013-07-28 09:48 - 27518208 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2014-12-05 16:29 - 2013-07-26 13:05 - 00617176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-12-05 16:29 - 2013-07-24 09:07 - 02032896 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2014-12-05 16:29 - 2013-07-23 14:40 - 03610880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2014-12-05 16:29 - 2013-07-23 14:40 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2014-12-05 16:29 - 2013-07-23 14:39 - 14048512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2014-12-05 16:29 - 2013-07-23 14:39 - 01916672 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2014-12-05 16:29 - 2013-07-23 14:39 - 00922880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-12-05 16:29 - 2013-07-19 13:50 - 00029912 _____ (Realtek semiconductor corp) C:\Windows\system32\Drivers\RtkIOAC60.sys
2014-12-05 16:29 - 2013-07-11 13:15 - 00557880 _____ () C:\Windows\system32\audioLibVc.dll
2014-12-05 16:29 - 2013-06-25 11:47 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2014-12-05 16:29 - 2013-06-25 11:47 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2014-12-05 16:29 - 2013-06-25 11:46 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2014-12-05 16:29 - 2013-06-21 16:35 - 00816344 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x64.sys
2014-12-05 16:29 - 2013-06-21 16:35 - 00074456 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-12-05 16:29 - 2013-06-21 10:01 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2014-12-05 16:29 - 2013-06-05 20:42 - 00208072 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-12-05 16:29 - 2013-04-24 16:16 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-12-05 16:29 - 2013-04-03 13:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2014-12-05 16:29 - 2013-02-20 17:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-12-05 16:29 - 2012-10-02 13:41 - 00501192 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2014-12-05 16:29 - 2012-10-02 13:41 - 00487368 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2014-12-05 16:29 - 2012-10-02 13:41 - 00415688 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2014-12-05 16:29 - 2012-08-31 18:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2014-12-05 16:29 - 2012-08-31 18:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2014-12-05 16:29 - 2012-08-31 18:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2014-12-05 16:29 - 2012-08-31 18:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2014-12-05 16:29 - 2012-08-31 18:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2014-12-05 16:29 - 2012-03-08 10:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-12-05 16:29 - 2012-01-30 10:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2014-12-05 16:29 - 2012-01-10 09:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2014-12-05 16:29 - 2011-12-20 14:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-12-05 16:29 - 2011-11-22 15:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2014-12-05 16:29 - 2011-09-02 13:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2014-12-05 16:29 - 2011-09-02 13:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2014-12-05 16:29 - 2011-09-02 13:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2014-12-05 16:29 - 2011-08-23 16:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2014-12-05 16:29 - 2011-05-31 08:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2014-12-05 16:29 - 2011-05-31 08:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2014-12-05 16:29 - 2011-05-31 08:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2014-12-05 16:29 - 2011-05-31 08:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2014-12-05 16:29 - 2011-05-31 08:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2014-12-05 16:29 - 2011-05-31 08:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2014-12-05 16:29 - 2011-05-31 08:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2014-12-05 16:29 - 2011-05-31 08:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2014-12-05 16:29 - 2011-05-31 08:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2014-12-05 16:29 - 2011-05-31 08:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2014-12-05 16:29 - 2011-05-31 08:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2014-12-05 16:29 - 2011-05-31 08:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2014-12-05 16:29 - 2011-03-17 11:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2014-12-05 16:29 - 2011-03-07 16:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2014-12-05 16:29 - 2010-11-08 06:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2014-12-05 16:29 - 2010-11-08 06:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2014-12-05 16:29 - 2010-11-08 06:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2014-12-05 16:29 - 2010-11-08 06:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2014-12-05 16:29 - 2010-11-08 06:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2014-12-05 16:29 - 2010-11-08 06:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2014-12-05 16:29 - 2010-11-03 17:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2014-12-05 16:29 - 2010-09-27 08:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2014-12-05 16:29 - 2010-07-22 15:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2014-12-05 16:29 - 2009-11-24 08:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2014-12-05 16:29 - 2009-11-24 08:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2014-12-05 16:29 - 2009-11-24 08:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2014-12-05 16:29 - 2009-11-24 08:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2014-12-05 16:28 - 2014-12-05 16:28 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-12-05 16:28 - 2014-12-05 16:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2014-12-05 16:28 - 2014-12-05 16:28 - 00000000 ____D () C:\ProgramData\Intel
2014-12-05 16:28 - 2013-09-16 11:19 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2014-12-05 16:28 - 2013-09-16 11:19 - 00099288 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2014-12-05 16:28 - 2013-09-16 11:19 - 00016344 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelMEFWVer.dll
2014-12-05 16:25 - 2014-12-05 16:36 - 00000000 ____D () C:\Users\acer-pc\Documents\Bluetooth Folder
2014-12-05 16:25 - 2014-12-05 16:26 - 00000000 ____D () C:\Program Files\Common Files\QCA_Bluetooth
2014-12-05 16:24 - 2014-12-09 19:06 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3284542498-3779551672-207374659-1001
2014-12-05 16:24 - 2014-12-05 16:27 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
2014-12-05 16:24 - 2014-12-05 16:24 - 00025861 _____ () C:\Windows\LiteOn_AddOn.txt
2014-12-05 16:24 - 2014-12-05 16:24 - 00000724 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk
2014-12-05 16:24 - 2014-12-05 16:24 - 00000712 _____ () C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2014-12-05 16:24 - 2014-12-05 16:24 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-12-05 16:24 - 2014-03-07 07:59 - 00064000 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2014-12-05 16:24 - 2014-03-07 07:59 - 00060416 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2014-12-05 16:24 - 2013-12-12 01:10 - 03881472 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athwbx.sys
2014-12-05 16:23 - 2014-12-05 16:28 - 00000000 ____D () C:\Program Files\Intel
2014-12-05 16:23 - 2014-12-05 16:23 - 00000000 ____D () C:\Windows\SysWOW64\sda
2014-12-05 16:23 - 2014-03-11 17:16 - 02478768 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiVAD64.exe
2014-12-05 16:23 - 2014-03-11 17:16 - 00501744 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2014-12-05 16:23 - 2014-03-11 17:16 - 00440816 _____ (Intel Corporation) C:\Windows\system32\igfxTray.exe
2014-12-05 16:23 - 2014-03-11 17:16 - 00416240 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUMS64.exe
2014-12-05 16:23 - 2014-03-11 17:16 - 00282096 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2014-12-05 16:23 - 2014-03-11 17:16 - 00279024 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2014-12-05 16:23 - 2014-03-11 17:16 - 00243696 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2014-12-05 16:23 - 2014-03-11 17:16 - 00191472 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2014-12-05 16:23 - 2014-03-11 17:15 - 04340720 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2014-12-05 16:23 - 2014-03-11 17:15 - 04337136 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2014-12-05 16:23 - 2014-03-11 17:15 - 00929776 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2014-12-05 16:23 - 2014-03-11 17:15 - 00543728 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2014-12-05 16:23 - 2014-03-11 17:15 - 00543216 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2014-12-05 16:23 - 2014-03-11 17:15 - 00393200 _____ (Intel Corporation) C:\Windows\system32\CustomModeApp.exe
2014-12-05 16:23 - 2014-03-11 17:15 - 00392688 _____ (Intel Corporation) C:\Windows\system32\CustomModeAppv2_0.exe
2014-12-05 16:23 - 2014-03-11 17:15 - 00153072 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2014-12-05 16:23 - 2014-03-07 08:26 - 00450520 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2014-12-05 16:23 - 2014-03-07 08:26 - 00182784 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v3496.dll
2014-12-05 16:23 - 2014-03-07 08:22 - 00002576 _____ () C:\Windows\system32\iglhxs64.vp
2014-12-05 16:23 - 2014-03-07 08:21 - 27362968 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2014-12-05 16:23 - 2014-03-07 08:21 - 26996776 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2014-12-05 16:23 - 2014-03-07 08:21 - 26168168 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2014-12-05 16:23 - 2014-03-07 08:21 - 25710824 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2014-12-05 16:23 - 2014-03-07 08:21 - 04532472 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2014-12-05 16:23 - 2014-03-07 08:21 - 03608032 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2014-12-05 16:23 - 2014-03-07 08:21 - 01137080 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2014-12-05 16:23 - 2014-03-07 08:21 - 01132960 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2014-12-05 16:23 - 2014-03-07 08:21 - 00425856 _____ () C:\Windows\system32\igdmd64.dll
2014-12-05 16:23 - 2014-03-07 08:21 - 00342944 _____ () C:\Windows\SysWOW64\igdmd32.dll
2014-12-05 16:23 - 2014-03-07 08:21 - 00218808 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2014-12-05 16:23 - 2014-03-07 08:21 - 00187408 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2014-12-05 16:23 - 2014-03-07 08:21 - 00183800 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2014-12-05 16:23 - 2014-03-07 08:21 - 00158032 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2014-12-05 16:23 - 2014-03-07 08:21 - 00080312 _____ () C:\Windows\system32\igfxexps.dll
2014-12-05 16:23 - 2014-03-07 08:18 - 08160256 _____ (Intel Corporation) C:\Windows\system32\ig75icd64.dll
2014-12-05 16:23 - 2014-03-07 08:18 - 03729920 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2014-12-05 16:23 - 2014-03-07 08:18 - 00223744 _____ () C:\Windows\system32\igdde64.dll
2014-12-05 16:23 - 2014-03-07 08:18 - 00186638 _____ () C:\Windows\system32\resTHA.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00179511 _____ () C:\Windows\system32\resELL.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00175392 _____ () C:\Windows\system32\resRUS.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00161268 _____ () C:\Windows\system32\resARA.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00160719 _____ () C:\Windows\system32\resHEB.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00160698 _____ () C:\Windows\system32\resJPN.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00160256 _____ () C:\Windows\system32\igdail64.dll
2014-12-05 16:23 - 2014-03-07 08:18 - 00156105 _____ () C:\Windows\system32\resFRA.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00156088 _____ () C:\Windows\system32\resHUN.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00154381 _____ () C:\Windows\system32\resKOR.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00154314 _____ () C:\Windows\system32\resITA.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00154287 _____ () C:\Windows\system32\resDEU.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00154148 _____ () C:\Windows\system32\resROM.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00154037 _____ () C:\Windows\system32\resESN.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00153601 _____ () C:\Windows\system32\resPLK.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00153459 _____ () C:\Windows\system32\resSKY.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00153260 _____ () C:\Windows\system32\resNLD.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00152700 _____ () C:\Windows\system32\resPTB.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00152545 _____ () C:\Windows\system32\resTRK.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00152536 _____ () C:\Windows\system32\resCSY.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00152411 _____ () C:\Windows\system32\resPTG.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00151989 _____ () C:\Windows\system32\resFIN.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00151552 _____ () C:\Windows\system32\resHRV.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00151097 _____ () C:\Windows\system32\resSVE.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00150924 _____ () C:\Windows\system32\resSLV.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00150001 _____ () C:\Windows\system32\resNOR.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00149488 _____ () C:\Windows\system32\resDAN.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00148173 _____ () C:\Windows\system32\resENU.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00146403 _____ () C:\Windows\system32\resCHT.cui
2014-12-05 16:23 - 2014-03-07 08:18 - 00145574 _____ () C:\Windows\system32\resCHS.cui
2014-12-05 16:23 - 2014-03-07 08:17 - 00734208 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2014-12-05 16:23 - 2014-03-07 08:17 - 00653824 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2014-12-05 16:23 - 2014-03-07 08:17 - 00372736 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2014-12-05 16:23 - 2014-03-07 08:17 - 00267264 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2014-12-05 16:23 - 2014-03-07 08:17 - 00254976 _____ () C:\Windows\system32\igfxCPL.cpl
2014-12-05 16:23 - 2014-03-07 08:17 - 00209920 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2014-12-05 16:23 - 2014-03-07 08:17 - 00151040 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2014-12-05 16:23 - 2014-03-07 08:17 - 00069632 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2014-12-05 16:23 - 2014-03-07 08:17 - 00068608 _____ () C:\Windows\system32\igfxCUIServicePS.dll
2014-12-05 16:23 - 2014-03-07 08:17 - 00057344 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2014-12-05 16:23 - 2014-03-07 08:17 - 00010752 _____ ( ) C:\Windows\system32\igfxDILib.dll
2014-12-05 16:23 - 2014-03-07 08:17 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2014-12-05 16:23 - 2014-03-07 08:17 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2014-12-05 16:23 - 2014-03-07 08:17 - 00010240 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2014-12-05 16:23 - 2014-03-07 08:17 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2014-12-05 16:23 - 2014-03-07 08:17 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2014-12-05 16:23 - 2014-03-07 08:15 - 06448128 _____ (Intel Corporation) C:\Windows\SysWOW64\ig75icd32.dll
2014-12-05 16:23 - 2014-03-07 08:14 - 00183296 _____ () C:\Windows\SysWOW64\igdde32.dll
2014-12-05 16:23 - 2014-03-07 08:14 - 00142848 _____ () C:\Windows\SysWOW64\igdail32.dll
2014-12-05 16:23 - 2014-03-07 08:14 - 00068608 _____ () C:\Windows\SysWOW64\igfxexps32.dll
2014-12-05 16:23 - 2014-03-07 08:08 - 18028544 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2014-12-05 16:23 - 2014-03-07 08:08 - 01555456 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2014-12-05 16:23 - 2014-03-07 08:08 - 00291840 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2014-12-05 16:23 - 2014-03-07 08:08 - 00265216 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2014-12-05 16:23 - 2014-03-07 08:07 - 23046144 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2014-12-05 16:23 - 2014-03-07 08:07 - 01673728 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2014-12-05 16:23 - 2014-03-07 08:07 - 00330752 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2014-12-05 16:23 - 2014-03-07 08:07 - 00320512 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2014-12-05 16:23 - 2014-03-07 07:59 - 04011168 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAAC64.dll
2014-12-05 16:23 - 2014-03-07 07:59 - 02813952 _____ () C:\Windows\system32\iglhxa64.cpa
2014-12-05 16:23 - 2014-03-07 07:59 - 02020864 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2014-12-05 16:23 - 2014-03-07 07:59 - 01753088 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2014-12-05 16:23 - 2014-03-07 07:59 - 01455264 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSecureSourceFilter64.dll
2014-12-05 16:23 - 2014-03-07 07:59 - 00790688 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiWinNextAgent64.dll
2014-12-05 16:23 - 2014-03-07 07:59 - 00646304 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAudioFilter64.dll
2014-12-05 16:23 - 2014-03-07 07:59 - 00603296 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMux64.dll
2014-12-05 16:23 - 2014-03-07 07:59 - 00344736 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSilenceFilter64.dll
2014-12-05 16:23 - 2014-03-07 07:59 - 00210592 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUtils64.dll
2014-12-05 16:23 - 2014-03-07 07:59 - 00182784 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2014-12-05 16:23 - 2014-03-07 07:59 - 00177824 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiDDEAgent64.dll
2014-12-05 16:23 - 2014-03-07 07:59 - 00155136 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2014-12-05 16:23 - 2014-03-07 07:59 - 00128672 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMCUMD64.dll
2014-12-05 16:23 - 2014-03-07 07:59 - 00094368 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiLogServer64.dll
2014-12-05 16:23 - 2014-03-07 07:59 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2014-12-05 16:23 - 2014-03-07 07:59 - 00064000 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2014-12-05 16:23 - 2014-03-07 07:59 - 00060416 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2014-12-05 16:23 - 2014-03-07 07:59 - 00044025 _____ () C:\Windows\system32\iglhxo64.vp
2014-12-05 16:23 - 2014-03-07 07:59 - 00043816 _____ () C:\Windows\system32\iglhxc64_dev.vp
2014-12-05 16:23 - 2014-03-07 07:59 - 00043494 _____ () C:\Windows\system32\iglhxc64.vp
2014-12-05 16:23 - 2014-03-07 07:59 - 00043298 _____ () C:\Windows\system32\iglhxg64_dev.vp
2014-12-05 16:23 - 2014-03-07 07:59 - 00043256 _____ () C:\Windows\system32\iglhxg64.vp
2014-12-05 16:23 - 2014-03-07 07:59 - 00042079 _____ () C:\Windows\system32\iglhxo64_dev.vp
2014-12-05 16:23 - 2014-03-07 07:59 - 00001125 _____ () C:\Windows\system32\iglhxa64.vp
2014-12-05 16:22 - 2014-12-05 16:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-05 16:22 - 2014-12-05 16:29 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-12-05 16:22 - 2014-12-05 16:28 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-12-05 16:22 - 2014-12-05 16:22 - 00025965 _____ () C:\Windows\Realtek_CardReader.txt
2014-12-05 16:22 - 2013-12-25 00:14 - 00269528 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys
2014-12-05 16:22 - 2013-12-16 22:44 - 00330968 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUVStor.sys
2014-12-05 16:22 - 2013-08-05 10:50 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2014-12-05 16:22 - 2013-04-26 03:12 - 09889352 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUVStoricon.dll
2014-12-05 16:21 - 2014-12-05 16:23 - 00000000 ____D () C:\Intel
2014-12-05 16:21 - 2014-12-05 16:21 - 00001139 _____ () C:\Users\acer-pc\Desktop\Windows.Defender.lnk
2014-12-05 16:21 - 2014-12-05 16:21 - 00000000 ____D () C:\Users\acer-pc\AppData\Local\InstallationAssistant
2014-12-05 16:21 - 2014-12-05 16:21 - 00000000 ____D () C:\Users\acer-pc\AppData\Local\AutorunX2
2014-12-05 16:19 - 2014-12-05 17:07 - 00000000 ____D () C:\Users\acer-pc\AppData\Roaming\Adobe
2014-12-05 16:19 - 2014-12-05 16:19 - 00001442 _____ () C:\Users\acer-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-05 16:19 - 2014-12-05 16:19 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-05 16:19 - 2014-12-05 16:19 - 00000000 ____D () C:\Users\acer-pc\AppData\Local\VirtualStore
2014-12-05 16:19 - 2014-12-05 16:19 - 00000000 ____D () C:\Users\acer-pc\AppData\Local\Packages
2014-12-05 16:18 - 2014-12-06 04:51 - 00000000 ____D () C:\Users\acer-pc
2014-12-05 16:18 - 2014-12-05 16:21 - 00000000 ___RD () C:\Users\acer-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-05 16:18 - 2014-12-05 16:18 - 00000020 ___SH () C:\Users\acer-pc\ntuser.ini
2014-12-05 16:18 - 2014-12-05 16:18 - 00000000 ____D () C:\Windows\CSC
2014-12-05 16:18 - 2014-03-18 17:18 - 00000000 ___RD () C:\Users\acer-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-05 16:18 - 2014-03-18 17:05 - 00000369 _____ () C:\Users\acer-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-12-05 16:18 - 2014-03-18 17:05 - 00000369 _____ () C:\Users\acer-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-12-05 16:18 - 2013-08-22 22:36 - 00000000 ___RD () C:\Users\acer-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-05 16:18 - 2013-08-22 22:36 - 00000000 ____D () C:\Users\acer-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-12 02:00 - 2013-08-22 22:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-06 06:51 - 2013-08-22 22:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2014-12-06 05:31 - 2014-03-18 17:02 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-06 05:26 - 2013-08-22 21:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-05 21:22 - 2013-08-22 22:36 - 00000000 ___RD () C:\Windows\DesktopTileResources
2014-12-05 21:21 - 2013-08-22 20:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-05 17:21 - 2013-08-22 22:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-05 17:17 - 2013-08-22 20:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-12-05 17:05 - 2013-08-22 21:44 - 05099304 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-05 16:58 - 2013-08-22 20:25 - 00000167 _____ () C:\Windows\win.ini
2014-12-05 16:56 - 2014-03-18 16:43 - 00000000 ____D () C:\Windows\ShellNew
2014-12-05 16:56 - 2013-08-22 22:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-05 16:55 - 2013-08-22 22:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-05 16:25 - 2013-08-22 22:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-05 16:22 - 2013-08-22 22:36 - 00000000 ____D () C:\Windows\system32\restore
2014-12-05 15:53 - 2013-08-22 22:36 - 00000000 ____D () C:\Windows\system32\Recovery

Files to move or delete:
====================
C:\Users\acer-pc\ChromeSetup.exe
C:\Users\acer-pc\CPE17AntiAutorun1405.exe
C:\Users\acer-pc\Office 2010 Toolkit.exe


Some content of TEMP:
====================
C:\Users\acer-pc\AppData\Local\Temp\bassmod.dll
C:\Users\acer-pc\AppData\Local\Temp\dllnt_dump.dll
C:\Users\acer-pc\AppData\Local\Temp\Quarantine.exe
C:\Users\acer-pc\AppData\Local\Temp\sqlite3.dll
C:\Users\acer-pc\AppData\Local\Temp\utt3993.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-05 15:51

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users