Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptops runs slow, anyone can help me and guess what is wrong by looking into th


  • This topic is locked This topic is locked
23 replies to this topic

#1 kolang

kolang

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 08 February 2015 - 02:57 PM

Can anyone help me by looking into this report and tell me what is going on.... Laptop started running slow. do not know how it hapened.I tried Malwarebytes didnt do much.

 

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\Kolang\AppData\Roaming\Mozilla\Firefox\Profiles\xk1fsn62.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxps://encrypted.google.com
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
HKLM-Run-Aimersoft Helper Compact.exe - c:\program files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5376)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\Bluetooth Suite\AthCopyHook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\igfxext.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2015-02-08  12:22:51 - machine was rebooted
ComboFix-quarantined-files.txt  2015-02-08 19:22
.
Pre-Run: 63,431,929,856 bytes free
Post-Run: 66,748,080,128 bytes free
.
- - End Of File - - E8242B90DBBE20C57862D3C4D14195DB
A36C5E4F47E84449FF07ED3517B43A31
 

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 08 February 2015 - 03:36 PM

Hello kolang and Welcome to the BleepingComputer. :welcome:  

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

---------------------------------------------------------------------------------------------------------

 

Please do the following.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

:hello:

 

Have a great day


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 kolang

kolang
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 08 February 2015 - 04:29 PM

Thanks for helping. per your request here i have attached and pasted the files

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-02-2015
Ran by Kolang (administrator) on Kolang-PC on 08-02-2015 14:11:34
Running from C:\Users\Kolang\Desktop
Loaded Profiles: Kolang (Available profiles: Kolang)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Juniper Networks, Inc.) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
(Livescribe) C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Alcor Micro Corp.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
() C:\Applications\Win7Taskbar\7 Taskbar Tweaker.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun] => C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [233472 2010-03-12] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1733928 2010-03-11] (Synaptics Incorporated)
HKLM\...\Run: [ODDPwr] => C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [186912 2010-04-22] (Acer Incorporated)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [908368 2010-04-07] (Dritek System Inc.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-01] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715296 2010-04-23] (Acer Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [490656 2011-01-20] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\AthBtTray.exe [302240 2011-01-20] (Atheros Commnucations)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [BrStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [3618104 2009-08-19] (brother)
HKU\S-1-5-21-672566934-3909434764-2333441952-1003\...\Run: [7 Taskbar Tweaker] => C:\Applications\Win7Taskbar\7 Taskbar Tweaker.exe [69632 2010-03-20] ()
HKU\S-1-5-21-672566934-3909434764-2333441952-1003\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6591800 2012-02-22] (Yahoo! Inc.)
HKU\S-1-5-21-672566934-3909434764-2333441952-1003\...\Policies\Explorer: []
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-12-16] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-672566934-3909434764-2333441952-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-672566934-3909434764-2333441952-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/en-us/?pc=UP97&ocid=UP97DHP
HKU\S-1-5-21-672566934-3909434764-2333441952-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-672566934-3909434764-2333441952-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-672566934-3909434764-2333441952-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-672566934-3909434764-2333441952-1003 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-672566934-3909434764-2333441952-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25

FireFox:
========
FF ProfilePath: C:\Users\Kolang\AppData\Roaming\Mozilla\Firefox\Profiles\xk1fsn62.default
FF DefaultSearchEngine: Wikipedia (en)
FF SelectedSearchEngine: Wikipedia (en)
FF Homepage: https://encrypted.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Citrix.com/npagee,version=10.1.122.1708 -> C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-672566934-3909434764-2333441952-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kolang\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-672566934-3909434764-2333441952-1003: @talk.google.com/O1DPlugin -> C:\Users\Kolang\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-672566934-3909434764-2333441952-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Kolang\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-672566934-3909434764-2333441952-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Kolang\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Kolang\AppData\Roaming\mozilla\plugins\npagee.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Kolang\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Kolang\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Kolang\AppData\Roaming\Mozilla\Firefox\Profiles\xk1fsn62.default\searchplugins\duckduckgo-ssl.xml
FF SearchPlugin: C:\Users\Kolang\AppData\Roaming\Mozilla\Firefox\Profiles\xk1fsn62.default\searchplugins\duckduckgo.xml
FF Extension: 20-20 3D Viewer - C:\Users\Kolang\AppData\Roaming\Mozilla\Firefox\Profiles\xk1fsn62.default\Extensions\2020Player@2020Technologies.com [2010-10-04]
FF Extension: BlackFox V2-Blue - C:\Users\Kolang\AppData\Roaming\Mozilla\Firefox\Profiles\xk1fsn62.default\Extensions\zigboom.designs@gmail.com [2015-01-09]
FF Extension: EPUBReader - C:\Users\Kolang\AppData\Roaming\Mozilla\Firefox\Profiles\xk1fsn62.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-01-13]
FF Extension: DownloadHelper - C:\Users\Kolang\AppData\Roaming\Mozilla\Firefox\Profiles\xk1fsn62.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-22]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Kolang\AppData\Roaming\Mozilla\Firefox\Profiles\xk1fsn62.default\Extensions\elemhidehelper@adblockplus.org.xpi [2011-09-28]
FF Extension: Keyword Search - C:\Users\Kolang\AppData\Roaming\Mozilla\Firefox\Profiles\xk1fsn62.default\Extensions\keywordsearch@kaply.com.xpi [2013-08-11]
FF Extension: Stylish - C:\Users\Kolang\AppData\Roaming\Mozilla\Firefox\Profiles\xk1fsn62.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2011-04-17]
FF Extension: Adblock Plus - C:\Users\Kolang\AppData\Roaming\Mozilla\Firefox\Profiles\xk1fsn62.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27]
FF Extension: BetterPrivacy - C:\Users\Kolang\AppData\Roaming\Mozilla\Firefox\Profiles\xk1fsn62.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-08-11]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-01-26]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-26]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-01-26]

Chrome:
=======
CHR Profile: C:\Users\Kolang\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kolang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Kolang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kolang\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-03]
CHR Extension: (Google Wallet) - C:\Users\Kolang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-03]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [72864 2011-01-20] (Atheros Commnucations) [File not signed]
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [684144 2014-08-12] (Juniper Networks, Inc.)
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [735776 2010-04-23] (Acer Incorporated)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2013-01-12] (Flexera Software, Inc.)
R2 LMS; C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
R2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [129568 2010-04-22] (Acer Incorporated)
R2 PenCommService; C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe [470528 2011-10-27] (Livescribe) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-08-19] (Logitech Inc.)
R2 UNS; C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [25600 2010-03-12] (Alcor Micro, Corp.)
S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [34976 2011-01-20] (Atheros) [File not signed]
S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [258720 2011-01-20] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [24736 2011-01-20] (Atheros)
S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [175776 2011-01-20] (Atheros)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [49312 2011-01-20] (Atheros)
S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [141088 2011-01-20] (Atheros)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [294952 2010-06-26] (Broadcom Corporation.)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2013-07-24] (Juniper Networks)
S2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [29232 2010-06-01] (EgisTec)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [35776 2013-09-23] (http://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
S3 PulseUsb; C:\Windows\System32\DRIVERS\PulseUsb.sys [20480 2011-10-27] (Windows ® Win 7 DDK provider) [File not signed]
S3 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
S3 tap0801co; C:\Windows\System32\DRIVERS\tap0801co.sys [25856 2006-08-30] (The OpenVPN Project) [File not signed]
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [14808 2009-11-02] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [27496 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [27496 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [27496 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [27496 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [27496 2013-01-25] (Wondershare)
S3 catchme; \??\C:\Users\Kolang\AppData\Local\Temp\catchme.sys [X]
R1 MpKsld0364701; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7AF48296-99C0-4D0D-9E8C-1730C3A9FA40}\MpKsld0364701.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 14:11 - 2015-02-08 14:12 - 00021736 _____ () C:\Users\Kolang\Desktop\FRST.txt
2015-02-08 14:11 - 2015-02-08 14:11 - 00000000 ____D () C:\FRST
2015-02-08 14:10 - 2015-02-08 14:10 - 01124352 _____ (Farbar) C:\Users\Kolang\Desktop\FRST.exe
2015-02-08 12:26 - 2015-02-08 12:55 - 00023974 _____ () C:\Users\Kolang\Desktop\ComboFix.txt
2015-02-08 12:22 - 2015-02-08 12:22 - 00023988 _____ () C:\ComboFix.txt
2015-02-08 12:01 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-08 12:01 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-08 12:01 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-08 12:01 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-08 12:01 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-08 12:01 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-08 12:01 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-08 12:01 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-08 11:54 - 2015-02-08 12:22 - 00000000 ____D () C:\Qoobox
2015-02-08 11:52 - 2015-02-08 12:22 - 00000000 ____D () C:\Windows\erdnt
2015-02-08 11:51 - 2015-02-08 11:51 - 05609947 ____R (Swearware) C:\Users\Kolang\Desktop\ComboFix.exe
2015-02-07 19:04 - 2015-02-07 19:04 - 00022259 _____ () C:\Users\Kolang\Desktop\qrcode-5.1.tar.gz
2015-02-07 19:02 - 2015-02-07 19:02 - 00149416 _____ () C:\Users\Kolang\Desktop\pyqrcode-0.2.1.tar.gz
2015-02-07 18:37 - 2015-02-07 18:37 - 00000000 ____D () C:\Users\Kolang\PycharmProjects
2015-02-07 11:26 - 2015-02-08 13:48 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 11:26 - 2015-02-07 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-07 11:25 - 2015-02-07 11:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-07 11:25 - 2015-02-07 11:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-07 11:25 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-07 11:25 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-07 11:25 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-07 11:24 - 2015-02-07 11:24 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Kolang\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-02 19:20 - 2015-02-07 20:05 - 00000000 ____D () C:\Users\Kolang\Desktop\VIdeo test
2015-01-31 18:48 - 2015-01-31 18:48 - 00000000 ____D () C:\Users\Kolang\AppData\Local\Citrix
2015-01-31 18:45 - 2015-01-31 18:45 - 00000000 ____D () C:\ProgramData\Citrix
2015-01-31 18:45 - 2015-01-31 18:45 - 00000000 ____D () C:\Program Files\Citrix
2015-01-27 15:33 - 2015-01-27 15:33 - 00000000 ____D () C:\Users\Kolang\AppData\Roaming\JetBrains
2015-01-27 15:32 - 2015-01-27 15:32 - 00000000 ____D () C:\Users\Kolang\.PyCharm40
2015-01-27 15:31 - 2015-01-27 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2015-01-27 15:31 - 2015-01-27 15:31 - 00000000 ____D () C:\Program Files\JetBrains
2015-01-26 23:35 - 2015-01-26 23:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-26 11:19 - 2015-01-26 11:21 - 00000000 ____D () C:\Users\Kolang\Desktop\Fund. of Aerodynamics
2015-01-26 11:17 - 2015-01-26 11:21 - 00000000 ____D () C:\Users\Kolang\Desktop\PDE
2015-01-26 11:13 - 2015-01-26 11:14 - 00000000 ____D () C:\Users\Kolang\Desktop\AER-ASTRO Dynamics
2015-01-26 11:07 - 2015-01-26 11:07 - 00000000 __SHD () C:\Users\Kolang\AppData\Local\EmieUserList
2015-01-26 11:07 - 2015-01-26 11:07 - 00000000 __SHD () C:\Users\Kolang\AppData\Local\EmieSiteList
2015-01-26 11:07 - 2015-01-26 11:07 - 00000000 __SHD () C:\Users\Kolang\AppData\Local\EmieBrowserModeList
2015-01-26 06:20 - 2015-01-26 06:20 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-23 12:13 - 2015-02-01 15:06 - 00000000 ____D () C:\ProgramData\Skype
2015-01-23 12:13 - 2015-02-01 15:05 - 00000000 ____D () C:\Users\Kolang\AppData\Roaming\Skype
2015-01-23 12:13 - 2015-01-23 12:13 - 00000000 ____D () C:\Users\Kolang\AppData\Local\Skype
2015-01-21 16:48 - 2015-01-21 16:51 - 21374488 _____ () C:\Users\Kolang\Desktop\ACFrOgA4hGjxZwEGSiMXYwQJIXiA2jI21ulaPsH6JsBc2v1133tRD6Ha5vyvMfncxFj28pfvbTbqS7XO3550WbgIQ0u2qOrXUuHVojZ4qItkIeKaHrvL20wLCfWV91c=
2015-01-16 06:00 - 2015-01-16 06:27 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-01-13 23:37 - 2014-12-18 19:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 23:37 - 2014-12-11 22:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-13 23:37 - 2014-12-11 22:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 23:37 - 2014-12-11 10:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 23:37 - 2014-12-05 20:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 23:36 - 2014-12-18 18:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 13:54 - 2012-03-29 16:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 13:47 - 2011-08-02 21:43 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-672566934-3909434764-2333441952-1003UA.job
2015-02-08 13:28 - 2013-12-30 11:28 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2015-02-08 12:24 - 2009-07-13 21:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 12:24 - 2009-07-13 21:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 12:22 - 2009-07-13 19:37 - 00000000 __RHD () C:\Users\Default
2015-02-08 12:22 - 2009-07-13 19:37 - 00000000 ___RD () C:\Users\Public
2015-02-08 12:20 - 2010-06-01 23:53 - 01908370 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 12:18 - 2014-01-01 18:01 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-02-08 12:17 - 2009-07-13 19:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-08 12:15 - 2010-07-17 21:42 - 00182046 _____ () C:\Windows\PFRO.log
2015-02-08 12:15 - 2010-07-14 21:00 - 00949606 _____ () C:\Windows\setupact.log
2015-02-08 12:15 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 12:14 - 2009-07-13 19:03 - 65273856 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-02-08 12:14 - 2009-07-13 19:03 - 17825792 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-02-08 12:14 - 2009-07-13 19:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-02-08 12:14 - 2009-07-13 19:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-02-08 12:14 - 2009-07-13 19:03 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-02-07 19:47 - 2011-08-02 21:43 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-672566934-3909434764-2333441952-1003Core.job
2015-02-07 19:27 - 2010-05-12 14:19 - 00796094 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-07 18:39 - 2012-03-15 00:10 - 00000000 ____D () C:\Users\Kolang\.matplotlib
2015-02-07 18:37 - 2010-07-14 11:09 - 00000000 ____D () C:\Users\Kolang
2015-02-07 08:39 - 2014-01-17 23:59 - 00000000 ____D () C:\Users\Kolang\AppData\Local\CrashDumps
2015-02-05 07:54 - 2012-03-29 16:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 07:54 - 2011-05-20 07:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 20:01 - 2014-11-21 07:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bridge Building Game
2015-02-04 19:59 - 2012-11-19 20:40 - 00000000 ____D () C:\Program Files\Google
2015-02-04 12:54 - 2014-09-06 18:30 - 00000000 ____D () C:\Users\Kolang\AppData\Roaming\vlc
2015-02-03 18:59 - 2010-08-29 16:26 - 00000000 ____D () C:\Users\Kolang\AppData\Local\Google
2015-02-02 19:37 - 2010-07-30 16:24 - 00002056 ____H () C:\Users\Kolang\Documents\Default.rdp
2015-02-02 19:16 - 2009-07-13 21:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-02 19:14 - 2010-09-26 23:24 - 00000000 ____D () C:\Users\Kolang\Documents\MATLAB
2015-02-01 05:15 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-01 01:21 - 2012-04-24 17:48 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-01 01:07 - 2010-07-30 16:18 - 00000000 ____D () C:\Users\Kolang\AppData\Roaming\Juniper Networks
2015-02-01 01:07 - 2010-07-30 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2015-02-01 01:07 - 2010-07-30 16:18 - 00000000 ____D () C:\Program Files\Juniper Networks
2015-01-31 18:33 - 2010-07-14 11:21 - 00000000 ____D () C:\Users\Kolang\AppData\Roaming\Mozilla
2015-01-26 13:07 - 2010-07-17 12:08 - 00000000 ____D () C:\Users\Kolang\AppData\Local\CutePDF Writer
2015-01-26 11:22 - 2014-11-15 22:35 - 00000000 ____D () C:\Users\Kolang\Desktop\Galaxy Note II
2015-01-26 11:21 - 2014-05-15 12:36 - 00000000 ____D () C:\Users\Kolang\Desktop\Homework
2015-01-26 06:21 - 2013-10-16 14:50 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 06:21 - 2010-08-01 00:07 - 00000000 ____D () C:\Program Files\Java
2015-01-26 06:19 - 2014-11-13 19:20 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-26 06:19 - 2014-11-13 19:20 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-26 06:19 - 2014-11-13 19:20 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-26 06:19 - 2014-11-13 19:20 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-16 06:28 - 2010-10-04 19:30 - 00000000 ____D () C:\ProgramData\Apple
2015-01-16 06:00 - 2014-09-02 09:45 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-01-14 06:19 - 2013-08-14 04:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 06:13 - 2010-07-20 00:04 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2012-05-30 22:40 - 2012-05-30 22:40 - 0000095 _____ () C:\Users\Kolang\AppData\Local\fusioncache.dat
2013-10-10 05:11 - 2013-10-10 05:11 - 0002128 _____ () C:\Users\Kolang\AppData\Local\recently-used.xbel
2010-07-14 17:55 - 2014-10-25 17:49 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2013-01-12 14:31 - 2013-01-12 14:31 - 0000147 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 02:12

==================== End Of Log ============================

Attached Files



#4 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 09 February 2015 - 12:59 PM

Are you  using Yahoo!  Messenger?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 kolang

kolang
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 09 February 2015 - 01:18 PM

I have Yahoo messenger installed but have not used it for about 2 years.



#6 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 09 February 2015 - 01:30 PM

I have Yahoo messenger installed but have not used it for about 2 years.

Are we  Clean ?
 
----------------------------------------------------
 
What is the file ?

C:\Users\Kolang\Desktop\ACFrOgA4hGjxZwEGSiMXYwQJIXiA2jI21ulaPsH6JsBc2v1133tRD6Ha5vyvMfncxFj28pfvbTbqS7XO3550WbgIQ0u2qOrXUuHVojZ4qItkIeKaHrvL20wLCfWV91c=

How to see hidden files in Windows:
http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/#winxp
 
Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
C:\Users\Kolang\Desktop\ACFrOgA4hGjxZwEGSiMXYwQJIXiA2jI21ulaPsH6JsBc2v1133tRD6Ha5vyvMfncxFj28pfvbTbqS7XO3550WbgIQ0u2qOrXUuHVojZ4qItkIeKaHrvL20wLCfWV91c=
 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply

 

Thanks.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 kolang

kolang
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 09 February 2015 - 02:01 PM

Hello,

 

This file is a solutions manual for a book.

Here is the requested link from VirusTotal scan:

https://www.virustotal.com/en/file/b82d6a2ffef999c45ae5cd2bed6c3efb2940e77b220087a18a2f22921f1f2145/analysis/1423508188/

 

Thanks

Kolang



#8 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 09 February 2015 - 02:11 PM

Thank you.
 
Can we clean yahoo messenger ?
 
*****************************************************

ATTENTION: System Restore is disabled.

Did you purposely disable System Restore?

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 kolang

kolang
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 09 February 2015 - 02:19 PM

Yahoo Messenger, can be uninstalled. Do you want me to uninstall it now?

System Restore is disabled on purpose, because It slows down the system.



#10 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 09 February 2015 - 02:33 PM

Hi Kolang,
 

System Restore is disabled on purpose, because It slows down the system.

OK. But not safe.
 

Yahoo Messenger, can be uninstalled. Do you want me to uninstall it now?

Yes.   Delete Yahoo Messenger
-------------------------------------------------------------
 
Please do the following,
 
Step 1:
 
FRST Script:
 
Please download this attached txt.gif  fixlist.txt   7.43KB   0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
  • Please copy and paste its contents in your next reply.

NOT: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

 

Step 2:

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

 

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Have a great day.

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 kolang

kolang
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 09 February 2015 - 03:32 PM

Deleted Yahoo Messenger and here is what you asked for.

 

step 1:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-02-2015
Ran by Kolang at 2015-02-09 12:40:00 Run:1
Running from C:\Users\Kolang\Desktop
Loaded Profiles: Kolang (Available profiles: Kolang)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-672566934-3909434764-2333441952-1003\...\Policies\Explorer: []
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-672566934-3909434764-2333441952-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
HKU\S-1-5-21-672566934-3909434764-2333441952-1003\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6591800 2012-02-22] (Yahoo! Inc.)
Task: {79FFD941-57E9-45C6-8B6A-3A105944B9A6} - System32\Tasks\{A1C91852-E0F2-4881-8A1D-ECBF18EAAF12} => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2012-02-22] (Yahoo! Inc.)
2010-07-14 11:56 - 2012-02-22 19:49 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-672566934-3909434764-2333441952-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-672566934-3909434764-2333441952-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-672566934-3909434764-2333441952-1003 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-672566934-3909434764-2333441952-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FF ProfilePath: C:\Users\Kolang\AppData\Roaming\Mozilla\Firefox\Profiles\xk1fsn62.default
FF DefaultSearchEngine: Wikipedia (en)
FF SelectedSearchEngine: Wikipedia (en)
FF Homepage: https://encrypted.google.com
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S3 catchme; \??\C:\Users\Kolang\AppData\Local\Temp\catchme.sys [X]
CustomCLSID: HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Kolang\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Kolang\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Kolang\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kolang\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Kolang\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Kolang\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Kolang\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Kolang\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Kolang\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Kolang\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kolang\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Kolang\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Kolang\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Kolang\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Kolang\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Kolang\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Kolang\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Kolang\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Kolang\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kolang\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
2015-02-08 12:22 - 2015-02-08 12:22 - 00005632 _____ () C:\Users\Kolang\AppData\Local\Temp\stt4828.tmp
CMD: del c:\windows\prefetch\*.* /f /s /q
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:

*****************

Processes closed successfully.
HKU\S-1-5-21-672566934-3909434764-2333441952-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 => Moved successfully.
C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB => Moved successfully.
HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 => Key not found.
C:\Program Files\Yahoo!\Shared\npYState.dll not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe" => File/Directory not found.
HKU\S-1-5-21-672566934-3909434764-2333441952-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Messenger (Yahoo!) => Value not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79FFD941-57E9-45C6-8B6A-3A105944B9A6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79FFD941-57E9-45C6-8B6A-3A105944B9A6}" => Key deleted successfully.
C:\Windows\System32\Tasks\{A1C91852-E0F2-4881-8A1D-ECBF18EAAF12} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A1C91852-E0F2-4881-8A1D-ECBF18EAAF12}" => Key deleted successfully.
"C:\Program Files\Yahoo!\Messenger\yui.dll" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
HKU\S-1-5-21-672566934-3909434764-2333441952-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1C11B948-582A-433F-A98D-A8C4D5CC64F2}" => Key deleted successfully.
"HKCR\CLSID\{1C11B948-582A-433F-A98D-A8C4D5CC64F2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F27237D7-93C8-44C2-AC6E-D6057B9A918F}" => Key deleted successfully.
"HKCR\CLSID\{F27237D7-93C8-44C2-AC6E-D6057B9A918F}" => Key deleted successfully.
C:\Program Files\Yahoo!\Messenger\yui.dll => Should not be moved.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
"HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
catchme => Service deleted successfully.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key deleted successfully.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}" => Key deleted successfully.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}" => Key deleted successfully.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}" => Key deleted successfully.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}" => Key deleted successfully.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => Key deleted successfully.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key deleted successfully.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key deleted successfully.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}" => Key deleted successfully.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => Key deleted successfully.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => Key deleted successfully.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}" => Key deleted successfully.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}" => Key deleted successfully.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => Key deleted successfully.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => Key deleted successfully.
"HKU\S-1-5-21-672566934-3909434764-2333441952-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"C:\Users\Kolang\AppData\Local\Temp\stt4828.tmp" => File/Directory not found.

=========  del c:\windows\prefetch\*.* /f /s /q =========

Deleted file - c:\windows\prefetch\ACRORD32.EXE-2921E290.pf
Deleted file - c:\windows\prefetch\AgAppLaunch.db
Deleted file - c:\windows\prefetch\AgCx_S1_S-1-5-21-672566934-3909434764-2333441952-1003.snp.db
Deleted file - c:\windows\prefetch\AgCx_SC1.db
Deleted file - c:\windows\prefetch\AgCx_SC1.db.trx
Deleted file - c:\windows\prefetch\AgCx_SC2.db
Deleted file - c:\windows\prefetch\AgCx_SC4.db
Deleted file - c:\windows\prefetch\AgGlFaultHistory.db
Deleted file - c:\windows\prefetch\AgGlFgAppHistory.db
Deleted file - c:\windows\prefetch\AgGlGlobalHistory.db
Deleted file - c:\windows\prefetch\AgGlUAD_P_S-1-5-21-672566934-3909434764-2333441952-1003.db
Deleted file - c:\windows\prefetch\AgGlUAD_S-1-5-21-672566934-3909434764-2333441952-1003.db
Deleted file - c:\windows\prefetch\AgRobust.db
Deleted file - c:\windows\prefetch\AUDIODG.EXE-AB22E9A6.pf
Deleted file - c:\windows\prefetch\CMD.EXE-0BD30981.pf
Deleted file - c:\windows\prefetch\CONHOST.EXE-0C6456FB.pf
Deleted file - c:\windows\prefetch\CONSENT.EXE-40419367.pf
Deleted file - c:\windows\prefetch\CRASHREPORTER.EXE-918F1BCE.pf
Deleted file - c:\windows\prefetch\DEFRAG.EXE-3D9E8D72.pf
Deleted file - c:\windows\prefetch\DLLHOST.EXE-4B6CB38A.pf
Deleted file - c:\windows\prefetch\DLLHOST.EXE-6389524F.pf
Deleted file - c:\windows\prefetch\DLLHOST.EXE-6CCFE7C9.pf
Deleted file - c:\windows\prefetch\DLLHOST.EXE-960426D8.pf
Deleted file - c:\windows\prefetch\FIREFOX.EXE-66015FD1.pf
Deleted file - c:\windows\prefetch\FLASHPLAYERPLUGIN_16_0_0_305.-33178264.pf
Deleted file - c:\windows\prefetch\FLASHPLAYERUPDATESERVICE.EXE-CC69B9EE.pf
Deleted file - c:\windows\prefetch\FRST.EXE-3B52B35B.pf
Deleted file - c:\windows\prefetch\GLB1A2B.EXE-2EE5F7C9.pf
Deleted file - c:\windows\prefetch\GOOGLEUPDATE.EXE-737A6CD7.pf
Deleted file - c:\windows\prefetch\GOOGLEUPDATE.EXE-FA5C0A88.pf
Deleted file - c:\windows\prefetch\IELOWUTIL.EXE-F7372953.pf
Deleted file - c:\windows\prefetch\Layout.ini
Deleted file - c:\windows\prefetch\LOGONUI.EXE-F639BD7E.pf
Deleted file - c:\windows\prefetch\MOBSYNC.EXE-B307E1CC.pf
Deleted file - c:\windows\prefetch\MPCMDRUN.EXE-BA176062.pf
Deleted file - c:\windows\prefetch\MPSIGSTUB.EXE-5D0450B3.pf
Deleted file - c:\windows\prefetch\MSFEEDSSYNC.EXE-BDDD8ED1.pf
Deleted file - c:\windows\prefetch\NTOSBOOT-B00DFAAD.pf
Deleted file - c:\windows\prefetch\OSD.EXE-8959E7BE.pf
Deleted file - c:\windows\prefetch\PfSvPerfStats.bin
Deleted file - c:\windows\prefetch\PLUGIN-CONTAINER.EXE-C6EE3785.pf
Deleted file - c:\windows\prefetch\RUNDLL32.EXE-6FD72002.pf
Deleted file - c:\windows\prefetch\SEARCHFILTERHOST.EXE-44162447.pf
Deleted file - c:\windows\prefetch\SEARCHPROTOCOLHOST.EXE-69C456C3.pf
Deleted file - c:\windows\prefetch\SNDVOL.EXE-425BC49B.pf
Deleted file - c:\windows\prefetch\SVCHOST.EXE-04BA08AD.pf
Deleted file - c:\windows\prefetch\SVCHOST.EXE-67EC2DA7.pf
Deleted file - c:\windows\prefetch\SVCHOST.EXE-6E1A6101.pf
Deleted file - c:\windows\prefetch\SVCHOST.EXE-EDA5A3D2.pf
Deleted file - c:\windows\prefetch\TASKENG.EXE-35FA9C06.pf
Deleted file - c:\windows\prefetch\TASKHOST.EXE-A0F5E092.pf
Deleted file - c:\windows\prefetch\TRUSTEDINSTALLER.EXE-766EFF52.pf
Deleted file - c:\windows\prefetch\UNWISE.EXE-80D746E0.pf
Deleted file - c:\windows\prefetch\WERFAULT.EXE-155C56CF.pf
Deleted file - c:\windows\prefetch\WINWORD.EXE-D0290961.pf
Deleted file - c:\windows\prefetch\WMIPRVSE.EXE-E8B8DD29.pf
Deleted file - c:\windows\prefetch\WUAUCLT.EXE-5D573F0E.pf
Deleted file - c:\windows\prefetch\YAHOOMESSENGER.EXE-B1CB9E9E.pf
Deleted file - c:\windows\prefetch\YMSGR_TRAY.EXE-9FF1114E.pf
Deleted file - c:\windows\prefetch\ReadyBoot\Trace2.fx
Deleted file - c:\windows\prefetch\ReadyBoot\Trace3.fx
Deleted file - c:\windows\prefetch\ReadyBoot\Trace4.fx
Deleted file - c:\windows\prefetch\ReadyBoot\Trace5.fx
Deleted file - c:\windows\prefetch\ReadyBoot\Trace6.fx

========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Subinterface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Reseting Subinterface, OK!
Restart the computer to complete this action.


========= End of CMD: =========

EmptyTemp: => Removed 560.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 12:41:13 ====

 

step 2: instead of C:\AdwCleaner[S1].txt it produded this:  C:\AdwCleaner[S0].txt

 

# AdwCleaner v4.110 - Logfile created 09/02/2015 at 12:54:39
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : Kolang - Kolang-PC
# Running from : C:\Users\Kolang\Desktop\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Kolang\AppData\Local\apn

***** [ Scheduled tasks ] *****

Task Deleted : RunAsStdUser Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v

[C:\Users\Kolang\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Kolang\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1547 bytes] - [09/02/2015 12:51:04]
AdwCleaner[S0].txt - [1492 bytes] - [09/02/2015 12:54:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1551  bytes] ##########
 

step 3:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x86
Ran by Kolang on Mon 02/09/2015 at 13:01:04.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Kolang\AppData\Roaming\mozilla\firefox\profiles\xk1fsn62.default\prefs.js

user_pref("extensions.keywordsearch.searchengine", "Google");
Emptied folder: C:\Users\Kolang\AppData\Roaming\mozilla\firefox\profiles\xk1fsn62.default\minidumps [360 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/09/2015 at 13:03:13.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

step 4:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/9/2015
Scan Time: 1:05:57 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.09.09
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Kolang

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 333414
Time Elapsed: 11 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

thanks

Kolang


Edited by kolang, 09 February 2015 - 03:43 PM.


#12 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 09 February 2015 - 03:48 PM

Hi kolang,

 

Step 1:

 

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
 

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    Scan finished

    and I will see if I want to see the whole report.send me the reports made from TDSSKiller

Step 2:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.07.0.1009.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

 

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 kolang

kolang
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 09 February 2015 - 05:06 PM

Step 1:
Step 1 was too long I attached it. I had to zip it It was too big even for attachment

 

Step 2: it did not detect anything on step 2. files are attached in one zip

 

 

 

 

And just in case here is all it is from the end of the  TDSSKiller

 

14:05:56.0813 0x1110  C:\Program Files\Malwarebytes Anti-Malware\7z.dll - ok
14:05:56.0816 0x1110  [ 49F0378B4E8D6F57BC0A3988C8ED474F, 1BC0EC3A74CF25ADF2742A57620DA0E98258BEE3ED47D8CDC955992E200071B5 ] C:\Program Files\Acer\Acer ePower Management\SysHook.dll
14:05:56.0816 0x1110  C:\Program Files\Acer\Acer ePower Management\SysHook.dll - ok
14:05:56.0818 0x1110  [ B59E370277EDB6643083B62297175628, 5577BC03EFAFD3984F8D3E1BBDA32BC95CA0CC4B4A2A4BA8098E649CFB891396 ] C:\Windows\System32\ieframe.dll
14:05:56.0818 0x1110  C:\Windows\System32\ieframe.dll - ok
14:05:56.0821 0x1110  [ 60F4AEFA103D421EA4A40E31409B4756, 037A8605CA504A4FF43E9D4DE9017CEA1E26D3556C975872C747E24D8B0835EF ] C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
14:05:56.0821 0x1110  C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll - ok
14:05:56.0824 0x1110  [ 2C4A87CA8C00E98EFDCFA2E8EC9A3503, DA59CE662E98E56D89E2894D2AC8B9F324C16DA23C860640EDC2C82E0AD06097 ] C:\Windows\System32\shdocvw.dll
14:05:56.0824 0x1110  C:\Windows\System32\shdocvw.dll - ok
14:05:56.0827 0x1110  [ 9C5DAAED3B3C06DBC95228CC407B8B70, E306E5C4A1C0D4B63840E38098B9FF2F4267FA4F519C7841E5A0C25A8DFF96D8 ] C:\Users\Kolang\AppData\Local\Temp\{2D1F40B5-3080-4F90-BCF2-BD62AE7F1837}.exe
14:05:56.0827 0x1110  C:\Users\Kolang\AppData\Local\Temp\{2D1F40B5-3080-4F90-BCF2-BD62AE7F1837}.exe - ok
14:05:56.0830 0x1110  [ 6F8E3B7B70E1BBA871212940C1FBDF60, 3F9D4EE64E4210340C6FEE0DE81BFE3C613DDBE608EC09D63817D24CE24BFC5E ] C:\Windows\System32\SensApi.dll
14:05:56.0830 0x1110  C:\Windows\System32\SensApi.dll - ok
14:05:56.0833 0x1110  [ 7E9917D5309A90E7576653BFE39F80D8, 3525795CA69EF165AAAA20C878A20DF5A5F183CF6F8358A0132A88153E6459C6 ] C:\Windows\System32\timedate.cpl
14:05:56.0833 0x1110  C:\Windows\System32\timedate.cpl - ok
14:05:56.0836 0x1110  [ 3A16EA01FCFAAB40882DB5BFEE632322, 04ED66BEFDB822181EBD1D84CBF0B17AAADF8455AE742F44D7ADCB26AB07BDAD ] C:\Windows\System32\msftedit.dll
14:05:56.0836 0x1110  C:\Windows\System32\msftedit.dll - ok
14:05:56.0838 0x1110  [ 298FDE634538B62CEEEC266D8773B21A, E6E445282D17CEAFEAB66A5A1E0124DD50F2438205BCE5649DB998BDAED06CB7 ] C:\Windows\System32\msls31.dll
14:05:56.0838 0x1110  C:\Windows\System32\msls31.dll - ok
14:05:56.0841 0x1110  [ D29457125756A4A6D1996BBC2F2322AA, 97F31618715DE548A25F3F97DCF044C24550CD1D0229682FBA42FF1898FACA50 ] C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
14:05:56.0841 0x1110  C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll - ok
14:05:56.0844 0x1110  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] C:\Windows\System32\aelupsvc.dll
14:05:56.0844 0x1110  C:\Windows\System32\aelupsvc.dll - ok
14:05:56.0847 0x1110  [ 5987EA8A82C53359BCD2C29D6588583E, 59E2DF91F8DA9E33DE65FA67A6A49A7C3F524618A87EAEFC8A28C5304E7FAB85 ] C:\Windows\System32\linkinfo.dll
14:05:56.0847 0x1110  C:\Windows\System32\linkinfo.dll - ok
14:05:56.0849 0x1110  [ 4532C81637954F7D62E2AF7082763430, F8925CA0A2643A1F6BBF5A76185C9D2F8F2517BB349C17BD4E25BC995B856C99 ] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
14:05:56.0849 0x1110  C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe - ok
14:05:56.0852 0x1110  [ 2A39F32E0067CBF221611FE1FA8C6D8F, C6D1CAB7BC87F8EB7D801BE3E3DA9B631932A94468E7A6F46D60A43C9AB08EE7 ] C:\Windows\System32\DeviceCenter.dll
14:05:56.0852 0x1110  C:\Windows\System32\DeviceCenter.dll - ok
14:05:56.0854 0x1110  [ 672D7C5080ACB003343006405DA2E621, 5F28C83A20ECB1F20894B60725477BEF0D672817DFDB9822FB345A3270A0C095 ] C:\Windows\System32\thumbcache.dll
14:05:56.0855 0x1110  C:\Windows\System32\thumbcache.dll - ok
14:05:56.0857 0x1110  [ DC20169949B56A7E16FE151490A78B07, FDF3B7814F754019063820DE5918F3CDFE19E980E9B5FBDD24587B10515D4D04 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
14:05:56.0857 0x1110  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
14:05:56.0860 0x1110  [ EBB324585DC09191806392C0FE926DC6, 8796270F0EA4D9C900AA4DD1C2772C8967C5AAEA0150D7A0E41F66FF4D0F3C4D ] C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
14:05:56.0860 0x1110  C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe - ok
14:05:56.0863 0x1110  [ 3D57FFBAD3ED16B63DE3879BAB0FB56F, 6BEAF5AFC98961190B004E8DE57CD5F9F39117287AE18D59DDB2EC5C0A0C6622 ] C:\Windows\System32\networkexplorer.dll
14:05:56.0863 0x1110  C:\Windows\System32\networkexplorer.dll - ok
14:05:56.0866 0x1110  [ 29A00194528EF3340F4783F12BFD4292, 4B22F91B60CC774BD20685093CC997700FF88C3FACDF96635B2FEA0D0DDCF573 ] C:\Windows\System32\SynCOM.dll
14:05:56.0866 0x1110  C:\Windows\System32\SynCOM.dll - ok
14:05:56.0869 0x1110  [ 788B21F757937A4464A8CF51EE31A4D8, 65AF087EE9DD31EB5C7FBD406B159812F44461973DD271C032C9C272A61CA491 ] C:\Windows\System32\igfxtray.exe
14:05:56.0869 0x1110  C:\Windows\System32\igfxtray.exe - ok
14:05:56.0871 0x1110  [ 9A8410EE23E8B53F35995405E7A9CE28, 9C1EA08F6DB752FF3299DCBDC7F9448EE3C60E83A9104CCB72918ADEB3C5DA82 ] C:\Windows\System32\hccutils.dll
14:05:56.0871 0x1110  C:\Windows\System32\hccutils.dll - ok
14:05:56.0874 0x1110  [ 48D406E77B7CB520108C7BD5A662D8A0, 444CA2C9238C44B14E43A53D607C63288A384D2F7EA54EFBE46FCE4CFEAEBEDA ] C:\Windows\System32\hkcmd.exe
14:05:56.0874 0x1110  C:\Windows\System32\hkcmd.exe - ok
14:05:56.0877 0x1110  [ A8A7ACE153B5CEE46A698B56B05DD589, 1A03C9B8EA74C52DB5338650C5A73F6FA63131C5559F00A7D143439360170E92 ] C:\Windows\System32\SynTPAPI.dll
14:05:56.0877 0x1110  C:\Windows\System32\SynTPAPI.dll - ok
14:05:56.0879 0x1110  [ 5FE25182F2D0D8A2F864303BF13647DE, CDBAFC11B58AC9020E2443969087A76469AA0FF8B71ECC8548252E4989E7BA60 ] C:\Windows\System32\igfxpers.exe
14:05:56.0879 0x1110  C:\Windows\System32\igfxpers.exe - ok
14:05:56.0882 0x1110  [ 64E211E0FDFCE4D186DF58BB7D0503BC, 6B9E12979119BAD721D493A9CEFDC7B4150121D5590222069FD1B8D80F9AC5C0 ] C:\Windows\System32\gameux.dll
14:05:56.0882 0x1110  C:\Windows\System32\gameux.dll - ok
14:05:56.0885 0x1110  [ F9E68AB6BD28D4DEC548EB63FB74D380, 245064BECD3C0E679F827C2AEE0C1DDDAE814E737D2E863A02BEEF31517A5677 ] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
14:05:56.0885 0x1110  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe - ok
14:05:56.0887 0x1110  [ 74B9672AEEB79709CE7F8B296C9237A0, EE425DCB51BE57CD3A4E8E90EDDE8D5AEA0B0C00F9221EE12C37F13852CC50A5 ] C:\Windows\System32\igfxsrvc.exe
14:05:56.0887 0x1110  C:\Windows\System32\igfxsrvc.exe - ok
14:05:56.0889 0x1110  [ B042D6B383FEC85D73D09DB92F807713, 861E3DD5FBD6CCCCD0E3EA6187D13F3E4BC42FAA171043238B46717FD24165A6 ] C:\Windows\System32\wbem\unsecapp.exe
14:05:56.0889 0x1110  C:\Windows\System32\wbem\unsecapp.exe - ok
14:05:56.0892 0x1110  [ B992A01FB13D06703F741D697652A74E, 47559A3707C8403D7CA7EA06A04E5AC0B6DF9442D0A11FEC81654019E48E931C ] C:\Program Files\Autodesk\Inventor Fusion 2013\AcSignCore16.dll
14:05:56.0892 0x1110  C:\Program Files\Autodesk\Inventor Fusion 2013\AcSignCore16.dll - ok
14:05:56.0895 0x1110  [ E77547A4C1786627E1C5A5EBC5085349, 971F6B0B5EAFA7936B01E557C15FE6E4BA45ADCE433BF8CCBFC13AC924F535D6 ] C:\Windows\System32\igfxsrvc.dll
14:05:56.0895 0x1110  C:\Windows\System32\igfxsrvc.dll - ok
14:05:56.0898 0x1110  [ BC83108B18756547013ED443B8CDB31B, B2AD109C15EAA92079582787B7772BA0A2F034F7D075907FF87028DF0EAEA671 ] C:\Windows\System32\msvcp100.dll
14:05:56.0898 0x1110  C:\Windows\System32\msvcp100.dll - ok
14:05:56.0900 0x1110  [ CADC4CFE957C24984FFA718AB7E4EF3C, 12CA58EE89252126273F0ADA6A8056F48361DA56C5123B82750973470CAE22D6 ] C:\Windows\System32\consent.exe
14:05:56.0900 0x1110  C:\Windows\System32\consent.exe - ok
14:05:56.0903 0x1110  [ 15EB564EA9C89DED24ECCADCEC4913A0, B2A0B6B5140F9CC756F7666D866A85FA77D6EE53E3C81DCA07CB05904AC4912B ] C:\Windows\System32\igfxdev.dll
14:05:56.0903 0x1110  C:\Windows\System32\igfxdev.dll - ok
14:05:56.0905 0x1110  [ B283F9A1DEABD43ACC7481F893CF21E9, D3DE06E20C64917917541F31E132161F4CF9FB26BCB0214B1CEADB0CF7D3FB81 ] C:\Program Files\Launch Manager\LManager.exe
14:05:56.0905 0x1110  C:\Program Files\Launch Manager\LManager.exe - ok
14:05:56.0908 0x1110  [ 5B81BEDDB03DAC32EF0DB80F89C70315, CA7AB3E749A1F84B56BF1B570EDB052B0DC0718984FBAB475FD7E4E77DC00845 ] C:\Windows\System32\igfxrenu.lrc
14:05:56.0908 0x1110  C:\Windows\System32\igfxrenu.lrc - ok
14:05:56.0910 0x1110  [ AF849BB0400CC7C87474113CDA5027B8, 41FE2868185A17F04BAD9DF281EE197935EA567C07DD4E9C62BB56E80F2E0E69 ] C:\Windows\System32\igfxress.dll
14:05:56.0911 0x1110  C:\Windows\System32\igfxress.dll - ok
14:05:56.0913 0x1110  [ A07F12FA297F3F074D496B333C259AFA, 24C54E9ACDD135198595B67B62859C722F28FE597A4EFB8CB0436C881FF85FF4 ] C:\Program Files\Launch Manager\COMFNUTL.DLL
14:05:56.0913 0x1110  C:\Program Files\Launch Manager\COMFNUTL.DLL - ok
14:05:56.0915 0x1110  [ 30CCA31D938B70FB98343EB857F02945, 28F7FD49C8C0BFE83AA067A1FC7710280CD60800A79A833E7E635A89E557A00D ] C:\Windows\PLFSetI.exe
14:05:56.0915 0x1110  C:\Windows\PLFSetI.exe - ok
14:05:56.0918 0x1110  [ 632A6D75FEEABC846EE9AEC33345EF34, 2D3AFB5A90000FF8C7765532BE28205BC67154E5B304FCC6B57BAAFC1796824E ] C:\Program Files\Launch Manager\CDROMUTL.DLL
14:05:56.0918 0x1110  C:\Program Files\Launch Manager\CDROMUTL.DLL - ok
14:05:56.0921 0x1110  [ BFFD2239B455EDB918D00A28EB20BBAE, 501C1F109515ADFC2D8E094DF7C263A55451435D3824B592F0BD09DC30EAB07F ] C:\Windows\System32\GfxUI.exe
14:05:56.0921 0x1110  C:\Windows\System32\GfxUI.exe - ok
14:05:56.0923 0x1110  [ C2681AD62555D80BC0566943FBF79DAE, 61C9A6A26F9E57ACC0D3241B2F8C667F8FC6E0B5B5B8006B31D3C527F6628A78 ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
14:05:56.0923 0x1110  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe - ok
14:05:56.0926 0x1110  [ 936F728E04ACCF3F38801CFFCF1E3F40, 59CA86096F4B928E364B6A3C0408615F068BB8BC02DCFC5EAF4873EC6D6E0797 ] C:\Windows\System32\oledlg.dll
14:05:56.0927 0x1110  C:\Windows\System32\oledlg.dll - ok
14:05:56.0929 0x1110  [ 69259DD752862F5665413AFCFB4C0B0E, C2DBB39C510D934261853616575A0F5949142E6A1DFB2A271321DCB5B0AFAA57 ] C:\Program Files\Launch Manager\MIXERUTL.DLL
14:05:56.0929 0x1110  C:\Program Files\Launch Manager\MIXERUTL.DLL - ok
14:05:56.0932 0x1110  [ A53F59BC46766CE79E407AB6F451100D, B49A69ADA68E44558B3128966F885543F0015B2A7E95682219F2E5F5365AF386 ] C:\Program Files\Launch Manager\WND2FILE.DLL
14:05:56.0932 0x1110  C:\Program Files\Launch Manager\WND2FILE.DLL - ok
14:05:56.0934 0x1110  [ 71FC112959B07D686E71541BD9D4F237, 1412F52431CF65D6D9953CB795A936C5BF0F91E96B87C168A661C6CA0B320A18 ] C:\Program Files\Launch Manager\PowerUtl.dll
14:05:56.0934 0x1110  C:\Program Files\Launch Manager\PowerUtl.dll - ok
14:05:56.0937 0x1110  [ 05CEB9CE61ECADF795AD0DCA38126945, 7F7B0966669578BD7E75AF9ADC0FC5B6B86DC3324980ECA965CE12CA32D83C04 ] C:\Program Files\Acer\Acer ePower Management\BrightnessControl.dll
14:05:56.0937 0x1110  C:\Program Files\Acer\Acer ePower Management\BrightnessControl.dll - ok
14:05:56.0940 0x1110  [ E279E55C0D5F5DA2E1FD268EBD12F268, 06C40AF999881699DD9B73440D2ED48F404864C3FB8FF7B36560759892CAAA12 ] C:\Program Files\Microsoft Security Client\msseces.exe
14:05:56.0940 0x1110  C:\Program Files\Microsoft Security Client\msseces.exe - ok
14:05:56.0942 0x1110  [ 20D30D8717E9DFF90224B5AB37410D9D, E9D8D3F5FD9355769D7CB5FE8FFD7BD99460E2791A94A1F62A968865D5A84B64 ] C:\Program Files\Launch Manager\OSDUTL2.DLL
14:05:56.0943 0x1110  C:\Program Files\Launch Manager\OSDUTL2.DLL - ok
14:05:56.0945 0x1110  [ 703FFD301AB900B047337C5D40FD6F96, C09909B89183B89BA87CAC8C5BEBD0E995C5CB08CC9B9D1E88352103EE958857 ] C:\Windows\System32\olepro32.dll
14:05:56.0945 0x1110  C:\Windows\System32\olepro32.dll - ok
14:05:56.0947 0x1110  [ 1F27643C4C626457FCE8F047AE1CD7E1, 68E2367B9AA21C1BDE7FEA566D5F0DBDF1E246CB53E949622F8EDC810AA95956 ] C:\Windows\System32\dxva2.dll
14:05:56.0947 0x1110  C:\Windows\System32\dxva2.dll - ok
14:05:56.0950 0x1110  [ FD5A0A28AAEA0421039242A9D592212B, 5F1061B60D947DCF9300D193E04E96D7481C3749BAAE7B2F0023827904A84BED ] C:\Program Files\Launch Manager\SZUPFUTL.DLL
14:05:56.0950 0x1110  C:\Program Files\Launch Manager\SZUPFUTL.DLL - ok
14:05:56.0953 0x1110  [ 514240B60373AF886E0B6EBB885349E6, 0981562F1EBAE35F9F9E947746356973D9DB3AA78848E9651C36203BB1EF0421 ] C:\Program Files\Bluetooth Suite\BtvStack.exe
14:05:56.0953 0x1110  C:\Program Files\Bluetooth Suite\BtvStack.exe - ok
14:05:56.0955 0x1110  [ 9B9A0802B4E34CC4D9DB04AB6ABFA8AE, 538421631C002C135DC45B20D790DC78002E941CC46F62ED41706C5A76BEE82A ] C:\Windows\System32\input.dll
14:05:56.0955 0x1110  C:\Windows\System32\input.dll - ok
14:05:56.0958 0x1110  [ 5C0E0064D0FA3F540CF64A82AF9EB24A, 9A648C44CFD31D6B2CD3530AD30F83D4067CAD35BF46472D7FE6F43D18F3F79B ] C:\Windows\System32\LogiLDA.DLL
14:05:56.0958 0x1110  C:\Windows\System32\LogiLDA.DLL - ok
14:05:56.0961 0x1110  [ EF4284C7256C66684C5FDA2043F63A10, 57F33016A22388225999E45550EA30E6D5FD34FA8A97898B9EBAC74A2FEC252F ] C:\Program Files\Launch Manager\RadioWndUtl.dll
14:05:56.0961 0x1110  C:\Program Files\Launch Manager\RadioWndUtl.dll - ok
14:05:56.0963 0x1110  [ 1F9681D830FE51DAD74966009448E298, B04A6E5338966C380DA406460B235E687C5A54715F20E418DB06964B2815A292 ] C:\Program Files\Bluetooth Suite\AthBtTray.exe
14:05:56.0963 0x1110  C:\Program Files\Bluetooth Suite\AthBtTray.exe - ok
14:05:56.0966 0x1110  [ EBBA23A0718A043AA5FCC331A8AD82D5, 27B4534086999836A7427A8261D4B0F7C9F4155CCF6A1001A5026ED799134014 ] C:\Program Files\Acer\Acer ePower Management\NetAdapterControl.dll
14:05:56.0966 0x1110  C:\Program Files\Acer\Acer ePower Management\NetAdapterControl.dll - ok
14:05:56.0969 0x1110  [ 820F382C81A67F91A75A060664B79EA6, 9ED5F5931FF5504631068501CC9218B9E297CE800513EF7B05D72699BBB1A2C9 ] C:\Program Files\Bluetooth Suite\Handsfree.dll
14:05:56.0969 0x1110  C:\Program Files\Bluetooth Suite\Handsfree.dll - ok
14:05:56.0971 0x1110  [ 5BB8C06EB5EA4BA22EE8A678F2D79B25, 019E9274DE2F5BAB16B4632B8A2E93DFC8DF0C08EC4EEA947B337FD29EB2E0CC ] C:\Windows\System32\devenum.dll
14:05:56.0972 0x1110  C:\Windows\System32\devenum.dll - ok
14:05:56.0974 0x1110  [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files\QuickTime\QTTask.exe
14:05:56.0974 0x1110  C:\Program Files\QuickTime\QTTask.exe - ok
14:05:56.0977 0x1110  [ 94CED43A57825DEF0D226BF1572A6A82, D4068309718A94B5EA575083F4D5B45575D8E1179AAC7AFCBEB92347268E850F ] C:\Program Files\Bluetooth Suite\RfcommLib.dll
14:05:56.0977 0x1110  C:\Program Files\Bluetooth Suite\RfcommLib.dll - ok
14:05:56.0980 0x1110  [ FF98EF5A50EA52FA115FE60B0F0A92B1, 0B5266BF0A63C7A495BBF41143F34105AF5F5E7C79BB7B203EE8F78AE6C17231 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
14:05:56.0980 0x1110  C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
14:05:56.0982 0x1110  [ 090956557CC68D25C1BCA9A2703A9ABA, 950C403CF1960C492F66AF499A75666DB5A18812E340281F44C13648F4447BC6 ] C:\Program Files\Brownie\BrStsWnd.exe
14:05:56.0982 0x1110  C:\Program Files\Brownie\BrStsWnd.exe - ok
14:05:56.0985 0x1110  [ 6928C47F700DF4ED9D5D9E45C4FB0025, 5D87473E6565C97FCCEFE433931B3B189E42A59BE5DDE787D7E5602A3ACD1E4A ] C:\Program Files\Acer\Acer ePower Management\CommonControl.dll
14:05:56.0985 0x1110  C:\Program Files\Acer\Acer ePower Management\CommonControl.dll - ok
14:05:56.0988 0x1110  [ D629F73E88B2DA7F5BDA2C06466DCCC4, 0870101A02E3BEB49F209662E22353648E0FA4D1ACCB8F08D7D10F293D38C028 ] C:\Windows\IME\SPTIP.DLL
14:05:56.0988 0x1110  C:\Windows\IME\SPTIP.DLL - ok
14:05:56.0990 0x1110  [ 4879B16C91F56DCA20DDC598A96D476D, B8957F11349C0B4EB5659C44193D86417BB7D4028C574E992953820BF9C3E7E5 ] C:\Program Files\Launch Manager\LmSmbKel.dll
14:05:56.0990 0x1110  C:\Program Files\Launch Manager\LmSmbKel.dll - ok
14:05:56.0993 0x1110  [ 09152712220FC23408C9102C093FE628, AB84E8A8D551C3B27EF580CAB7B2F2ADC6B327270450713B9D410B1308AD57FC ] C:\Program Files\Bluetooth Suite\OutLookLib.dll
14:05:56.0993 0x1110  C:\Program Files\Bluetooth Suite\OutLookLib.dll - ok
14:05:56.0996 0x1110  [ FCEBDCCD70A8E4EB4C44F6705B3EA777, D1CE5CAFD24EF90F63E609A6051B31DEFAFE351F5A1BFE8F10AFC51F028477E7 ] C:\Program Files\Windows NT\TableTextService\TableTextService.dll
14:05:56.0996 0x1110  C:\Program Files\Windows NT\TableTextService\TableTextService.dll - ok
14:05:56.0998 0x1110  [ 7069AAB8536F29ED7323140973A2894B, 04B7FB6C64BFA3B80549F35CEF36D5DAE5D19A40E42444B3665B6BEFDF98EB5F ] C:\Windows\System32\msdmo.dll
14:05:56.0998 0x1110  C:\Windows\System32\msdmo.dll - ok
14:05:57.0001 0x1110  [ E5AA46171E105F2BDA55B710070268AF, 16E2D52227EA9943AA70BAEB90FC82C188F1E5A19049CD1AF38608E13667B3AE ] C:\Program Files\Launch Manager\aipflib.dll
14:05:57.0001 0x1110  C:\Program Files\Launch Manager\aipflib.dll - ok
14:05:57.0004 0x1110  [ 5D4961959249EA722AD93B9A59B75642, D174807CDCAB7C00654A30CCD691C814834D4180A34BEF4B990AD9DEFF98A541 ] C:\Applications\Win7Taskbar\7 Taskbar Tweaker.exe
14:05:57.0004 0x1110  C:\Applications\Win7Taskbar\7 Taskbar Tweaker.exe - ok
14:05:57.0006 0x1110  [ CE7803953FE7314061B3F9188D310EB2, 75078CCE3A7277B5B60E806FA000FC437C4B06E2AD80EAB5BC99C8960810F295 ] C:\Windows\System32\en-US\KernelBase.dll.mui
14:05:57.0006 0x1110  C:\Windows\System32\en-US\KernelBase.dll.mui - ok
14:05:57.0009 0x1110  [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] C:\Users\Kolang\AppData\Local\Temp\{FCAF3CCD-CA1F-4D4F-91DD-4603182395CD}\{2D5F6823-E393-47E4-8114-ABD5CBAE25E2}.tmp
14:05:57.0009 0x1110  C:\Users\Kolang\AppData\Local\Temp\{FCAF3CCD-CA1F-4D4F-91DD-4603182395CD}\{2D5F6823-E393-47E4-8114-ABD5CBAE25E2}.tmp - ok
14:05:57.0012 0x1110  [ 13E9CCAB91FAE5B90A013A62C0F407F1, EE744896B2C35824C999C34CD8CA236128F2CF7BB47291765C3B51AAAD1257C9 ] C:\Program Files\Bluetooth Suite\btbip.dll
14:05:57.0012 0x1110  C:\Program Files\Bluetooth Suite\btbip.dll - ok
14:05:57.0015 0x1110  [ B52795543AD52CCC4C428CED497B4AB8, A981480C65CF9E67579710AB3A11C485FE07B4887EF360DB9AB89581FDFE70CE ] C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
14:05:57.0015 0x1110  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - ok
14:05:57.0017 0x1110  [ 5AAA9F136A6DEC2992529F5258AE4F54, 0CF97EE0C0BB029ECE8FE5B438ECB547B593FDB0E72FC527699E6E7466109AFF ] C:\Program Files\Launch Manager\LMworker.exe
14:05:57.0017 0x1110  C:\Program Files\Launch Manager\LMworker.exe - ok
14:05:57.0020 0x1110  [ 0DFF0891561EB507E8521300ED615189, A3E69D7A52BD9521A98FF7B5D1DF35FBDA63720FFEC4B3D0315CF1F17328F6AD ] C:\Program Files\WIDCOMM\Bluetooth Software\btwapi.dll
14:05:57.0020 0x1110  C:\Program Files\WIDCOMM\Bluetooth Software\btwapi.dll - ok
14:05:57.0023 0x1110  [ 537184E7306E06BB22C5B93D2AFA4DF8, 24603B2F70B33B23FC84AA0B98E0B80EA41F64C2A1FEDCEA364D73A46194BA21 ] C:\Windows\System32\msxml3.dll
14:05:57.0023 0x1110  C:\Windows\System32\msxml3.dll - ok
14:05:57.0025 0x1110  [ 24498D084FAA7A459C91066EC241E1CE, 5214A26D8B441F7A55414DC2935AF6C76DB8C8D55F8677DA97D19943C69D765E ] C:\Windows\System32\vfwwdm32.dll
14:05:57.0025 0x1110  C:\Windows\System32\vfwwdm32.dll - ok
14:05:57.0028 0x1110  [ 9E83A284150DC8F0FCCCFA52C906D0FA, 51E6FFE08C3E697FEBCE7DE36080A7DFA4D41F37956CAFA7DEFA37BC994C8F2E ] C:\Program Files\Bluetooth Suite\Sync.dll
14:05:57.0028 0x1110  C:\Program Files\Bluetooth Suite\Sync.dll - ok
14:05:57.0031 0x1110  [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] C:\Users\Kolang\AppData\Local\Temp\{FCAF3CCD-CA1F-4D4F-91DD-4603182395CD}\{500D7D11-8403-4F9C-81D3-B46B8645C048}.tmp
14:05:57.0031 0x1110  C:\Users\Kolang\AppData\Local\Temp\{FCAF3CCD-CA1F-4D4F-91DD-4603182395CD}\{500D7D11-8403-4F9C-81D3-B46B8645C048}.tmp - ok
14:05:57.0034 0x1110  [ AF6E966D1F38287EF4D33B246CCC3A33, 56E4E2852E86EF53CA8A5F7E6EEFB2C71E673BC9D9FBA50A4D326578C6CBD0C5 ] C:\Users\Kolang\Desktop\JRT.exe
14:05:57.0034 0x1110  C:\Users\Kolang\Desktop\JRT.exe - ok
14:05:57.0036 0x1110  [ 671AC526F7BA5F364B7EB19BFA492681, 3161FA6F6EDAECF2DB0E875E119389C268629282200539E16F3C27FDFEAE126C ] C:\Program Files\Microsoft Security Client\MsMpRes.dll
14:05:57.0037 0x1110  C:\Program Files\Microsoft Security Client\MsMpRes.dll - ok
14:05:57.0040 0x1110  [ F148865E4AC4F715E322EA06E6E21D84, 88CF0A1CB18BA9CA3D356EAF2F7EF8892CDDD9BF55798E64E4351C1ED111575A ] C:\Windows\System32\wbem\NCProv.dll
14:05:57.0040 0x1110  C:\Windows\System32\wbem\NCProv.dll - ok
14:05:57.0043 0x1110  [ 80808656078CFCC32CF8BFEB0DD66279, 383F37599ABF16EEDEB2A60242DB7EDCC3D210A2A59DD61169047059F7041C5C ] C:\Users\Kolang\AppData\Local\Temp\{FCAF3CCD-CA1F-4D4F-91DD-4603182395CD}\{85BFCE30-EBE0-4B91-877A-CA3E457E6CE2}.tmp
14:05:57.0043 0x1110  C:\Users\Kolang\AppData\Local\Temp\{FCAF3CCD-CA1F-4D4F-91DD-4603182395CD}\{85BFCE30-EBE0-4B91-877A-CA3E457E6CE2}.tmp - ok
14:05:57.0045 0x1110  [ 1F5AFD468EB5E09E9ED75A087529EAB5, 8204DBCC054C1E54B6065BACB78C55716681AD91759E25111B4E4797E51D0AA3 ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll
14:05:57.0045 0x1110  C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll - ok
14:05:57.0048 0x1110  [ B7A50025E0D3521E6AA4D2F047C95F61, 9C37CC43A41BA15B4F4095D06E8AAA1C842DAACD6D698A7F249BFEDCEA0BD60D ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
14:05:57.0048 0x1110  C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll - ok
14:05:57.0051 0x1110  [ 9AED8E824CF5FAAB67957EDBC5512060, 2AEE03C5BFD9151C8F304A4A62F12884761E0F2E1611AE91B9CB0CC390A90212 ] C:\Program Files\Windows Media Player\wmplayer.exe
14:05:57.0051 0x1110  C:\Program Files\Windows Media Player\wmplayer.exe - ok
14:05:57.0054 0x1110  [ 1CA78F3B55689CC3CAB45B6C4498755C, EA9AF25295B6108659E04D5562F006EF2A7CFF8B331BFE3D83E610E4553E1326 ] C:\Program Files\Bluetooth Suite\goep_single.dll
14:05:57.0054 0x1110  C:\Program Files\Bluetooth Suite\goep_single.dll - ok
14:05:57.0057 0x1110  [ E71785E7FB09CDC37D83215CEDD1E82C, 5FF4FF26EF824A7E26454FED332049C3337551E96FB6DC2610B4144A832098F0 ] C:\Users\Kolang\AppData\Local\Temp\sttB5E6.tmp
14:05:57.0057 0x1110  C:\Users\Kolang\AppData\Local\Temp\sttB5E6.tmp - ok
14:05:57.0060 0x1110  [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] C:\Users\Kolang\AppData\Local\Temp\{FCAF3CCD-CA1F-4D4F-91DD-4603182395CD}\{823A1249-D32A-42A0-8629-E3791F8B9E07}.tmp
14:05:57.0060 0x1110  C:\Users\Kolang\AppData\Local\Temp\{FCAF3CCD-CA1F-4D4F-91DD-4603182395CD}\{823A1249-D32A-42A0-8629-E3791F8B9E07}.tmp - ok
14:05:57.0063 0x1110  [ 912649A1B3F9E6ACB3899FBDABA2ED5F, 049DFA9EA45A888B984E459B927A0F8AA4C10B9D36C6C0A0FE57F6329BEAF555 ] C:\Windows\System32\stobject.dll
14:05:57.0063 0x1110  C:\Windows\System32\stobject.dll - ok
14:05:57.0066 0x1110  [ 930EE91A776C474C163DCE476714339A, 5FF96F5132D7026E63E9BE89E509B50D9FB8D8DA83055474462F49286B912E61 ] C:\Program Files\WIDCOMM\Bluetooth Software\btosif.dll
14:05:57.0066 0x1110  C:\Program Files\WIDCOMM\Bluetooth Software\btosif.dll - ok
14:05:57.0068 0x1110  [ 063F592B4C0AE7F786BC1A1460FB380E, C6E58F8C87609849C5333108A930F75C60DB865D8D0F595A5ADC79E09F1B2C81 ] C:\Program Files\Launch Manager\VistaVol.dll
14:05:57.0068 0x1110  C:\Program Files\Launch Manager\VistaVol.dll - ok
14:05:57.0071 0x1110  [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] C:\Users\Kolang\AppData\Local\Temp\{FCAF3CCD-CA1F-4D4F-91DD-4603182395CD}\{DB86DFB4-4093-4F35-89EF-FC5937D5FE29}.tmp
14:05:57.0071 0x1110  C:\Users\Kolang\AppData\Local\Temp\{FCAF3CCD-CA1F-4D4F-91DD-4603182395CD}\{DB86DFB4-4093-4F35-89EF-FC5937D5FE29}.tmp - ok
14:05:57.0074 0x1110  [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] C:\Users\Kolang\AppData\Local\Temp\{FCAF3CCD-CA1F-4D4F-91DD-4603182395CD}\{D8BD23FA-3975-4617-920A-44D10B09CFB6}.tmp
14:05:57.0074 0x1110  C:\Users\Kolang\AppData\Local\Temp\{FCAF3CCD-CA1F-4D4F-91DD-4603182395CD}\{D8BD23FA-3975-4617-920A-44D10B09CFB6}.tmp - ok
14:05:57.0077 0x1110  [ 67C1B58706B47EEBA4E117AC197289E6, 9213E55DA854563E3A99369A4FAD853C0A97241A4F6D93F98444C57ADEEF89C1 ] C:\Windows\System32\batmeter.dll
14:05:57.0077 0x1110  C:\Windows\System32\batmeter.dll - ok
14:05:57.0080 0x1110  [ AA60FC73326973A774036486421F386C, BF798303F256B3020E6E7B4CA57CB00852741BCB7A514E66CB6F2E37FBE40472 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
14:05:57.0080 0x1110  C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll - ok
14:05:57.0083 0x1110  [ 07BDE9690FDC796705E8BB811F61237B, 196D45EA9C8895AEAB976EDD567F1D1142EF965DB31947B08BB23A4A8F952FA3 ] C:\Program Files\Launch Manager\NTKCUtl.dll
14:05:57.0083 0x1110  C:\Program Files\Launch Manager\NTKCUtl.dll - ok
14:05:57.0085 0x1110  [ 2A60A0059F58EBEE5FEEC7BC15989B0A, 0D2D877241969EEBE5095B9739A4080FFEA41E1F136A8E90EDE4266BCEAB8905 ] C:\Program Files\Bluetooth Suite\BPP.dll
14:05:57.0085 0x1110  C:\Program Files\Bluetooth Suite\BPP.dll - ok
14:05:57.0088 0x1110  [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042, 8E9D77A216D8DD2BE2B304E60EDF85CE825309E67262FCFF1891AEDE63909599 ] C:\Program Files\Microsoft Security Client\sqmapi.dll
14:05:57.0088 0x1110  C:\Program Files\Microsoft Security Client\sqmapi.dll - ok
14:05:57.0091 0x1110  [ 8CBE7D2DBD2F580E9FEDFD5D1B56175B, 09D090FB23BA3C70A4D152066A810F6E52A514BE4FEC6E0DC0A427BAA092109D ] C:\Program Files\Bluetooth Suite\goep_bpp.dll
14:05:57.0091 0x1110  C:\Program Files\Bluetooth Suite\goep_bpp.dll - ok
14:05:57.0093 0x1110  [ 69A9531DFF6C8C0D409845EDDFCE0AED, 1210A9A6DF6C50727BCE7F3ADD2591EE1D09DD38301DA204F40C9B13C3E4460C ] C:\Program Files\WIDCOMM\Bluetooth Software\btwhidcs.dll
14:05:57.0093 0x1110  C:\Program Files\WIDCOMM\Bluetooth Software\btwhidcs.dll - ok
14:05:57.0096 0x1110  [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] C:\Users\Kolang\AppData\Local\Temp\{FCAF3CCD-CA1F-4D4F-91DD-4603182395CD}\{B6ABC05E-DCBA-4CE5-98E5-D32846943489}.tmp
14:05:57.0096 0x1110  C:\Users\Kolang\AppData\Local\Temp\{FCAF3CCD-CA1F-4D4F-91DD-4603182395CD}\{B6ABC05E-DCBA-4CE5-98E5-D32846943489}.tmp - ok
14:05:57.0099 0x1110  [ 07E182AA3ED9DF0166F72B40DCC2CBA1, 7A344551575EEC33AD2BFF40B5AE8FBB55467D14F2620C6C34457941BB2D184B ] C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll
14:05:57.0099 0x1110  C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll - ok
14:05:57.0102 0x1110  [ 1C8B13768248524456CFBB11F8B097B4, 042D4360F62E85353F0E639E44E37E00A418052C63ED958EBE48B67E7F23986C ] C:\Program Files\Bluetooth Suite\L2capLib.dll
14:05:57.0102 0x1110  C:\Program Files\Bluetooth Suite\L2capLib.dll - ok
14:05:57.0105 0x1110  [ 6C213DB4E09C1FD21ADB931F4A28AF78, 1CF764D0223116304CEB0C7853772872C4142C612CDFA1D3FDC40792FD3E6C32 ] C:\Program Files\Bluetooth Suite\BtCommonRes.dll
14:05:57.0105 0x1110  C:\Program Files\Bluetooth Suite\BtCommonRes.dll - ok
14:05:57.0108 0x1110  [ 0E85C11F8850D524B02181C6E02BA9AE, 8703566931067CCF949E9779E4D328DD21210329DD687459300C83DDD06390A8 ] C:\Windows\System32\dsound.dll
14:05:57.0108 0x1110  C:\Windows\System32\dsound.dll - ok
14:05:57.0110 0x1110  [ C8333F1F77A1B2E25F2202E892CAF634, 7A614AA4353ECE8175B6AB7B25EE26FAB22DF2A53C9A5A694B3A3B56F6C783A7 ] C:\Windows\System32\prnfldr.dll
14:05:57.0110 0x1110  C:\Windows\System32\prnfldr.dll - ok
14:05:57.0113 0x1110  [ 788537818D8867308D03C561DAF55BDB, 8F6FDE1C2AB1EB07E7AACA9521AD8A3721E19D832137E8CCB7817E71455F9177 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3d4f835b8078dacc8d5da623e2c3f0ee\PresentationCore.ni.dll
14:05:57.0113 0x1110  C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3d4f835b8078dacc8d5da623e2c3f0ee\PresentationCore.ni.dll - ok
14:05:57.0116 0x1110  [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] C:\Users\Kolang\AppData\Local\Temp\{FCAF3CCD-CA1F-4D4F-91DD-4603182395CD}\{E211F946-DC86-4F63-B2ED-B6185ECDDE1A}.tmp
14:05:57.0116 0x1110  C:\Users\Kolang\AppData\Local\Temp\{FCAF3CCD-CA1F-4D4F-91DD-4603182395CD}\{E211F946-DC86-4F63-B2ED-B6185ECDDE1A}.tmp - ok
14:05:57.0119 0x1110  [ BC5525C19F79B6099B085D0C00C4EF46, A429C160FD829EFBF2F825068643499EDC8EA8D7B57C49B0BC0934CB8BB18BBE ] C:\Windows\System32\irprops.cpl
14:05:57.0119 0x1110  C:\Windows\System32\irprops.cpl - ok
14:05:57.0121 0x1110  [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] C:\Users\Kolang\AppData\Local\Temp\{FCAF3CCD-CA1F-4D4F-91DD-4603182395CD}\{6882253D-B994-45AA-BDD1-1B7D32FDD222}.tmp
14:05:57.0122 0x1110  C:\Users\Kolang\AppData\Local\Temp\{FCAF3CCD-CA1F-4D4F-91DD-4603182395CD}\{6882253D-B994-45AA-BDD1-1B7D32FDD222}.tmp - ok
14:05:57.0124 0x1110  [ DF13A51A5C591887D2EC6AE64CEED0FA, DFD503AEBCAA056B2B0E669ACA52F6D26F4E6892F2DCFCCD902752C23A621653 ] C:\Windows\System32\wsock32.dll
14:05:57.0124 0x1110  C:\Windows\System32\wsock32.dll - ok
14:05:57.0127 0x1110  [ 4860790FA0F039A2C094BE4BF0CC5858, BD90A475CB617C5CEBA48539FA2037587A55D5DB2EF8F7B1A6BB096AB1B8A45F ] C:\Program Files\Launch Manager\CdDirIo.dll
14:05:57.0127 0x1110  C:\Program Files\Launch Manager\CdDirIo.dll - ok
14:05:57.0130 0x1110  [ 63B98B3DC93C957A4AED4487DD3B6B0C, 6B09EEAD649823105C3C0D563F9DB4CA8A168B65581DC6F39DB39851343A719A ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1f539baa94516139240877cb6afd72c2\PresentationFramework.ni.dll
14:05:57.0130 0x1110  C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1f539baa94516139240877cb6afd72c2\PresentationFramework.ni.dll - ok
14:05:57.0132 0x1110  [ 5C3783FD06354E2B7F728E6D942EA3D6, 6375013B07EA8202FB5F3BFB1BFFA73D3AD41148E220B42B12A717026FF79626 ] C:\Windows\System32\igfxext.exe
14:05:57.0133 0x1110  C:\Windows\System32\igfxext.exe - ok
14:05:57.0135 0x1110  [ ADDB05C93272A62606599B24730BD645, 38E2E2979C48549A3B72807B33254DB3AC106DB1FD2790C8AC1B27CDE86EC38F ] C:\Windows\System32\DXP.dll
14:05:57.0135 0x1110  C:\Windows\System32\DXP.dll - ok
14:05:57.0137 0x1110  [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] C:\Users\Kolang\AppData\Local\Temp\{FCAF3CCD-CA1F-4D4F-91DD-4603182395CD}\{87648C75-E044-47C3-98C3-E3DECBEF6CE0}.tmp
14:05:57.0137 0x1110  C:\Users\Kolang\AppData\Local\Temp\{FCAF3CCD-CA1F-4D4F-91DD-4603182395CD}\{87648C75-E044-47C3-98C3-E3DECBEF6CE0}.tmp - ok
14:05:57.0140 0x1110  [ 8DFB5078508924FA725C203CE179B10C, A26A42B331C75D455074B597B982D4CB734B57F1F527C7B2EDBCD0746C38CD52 ] C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
14:05:57.0140 0x1110  C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - ok
14:05:57.0143 0x1110  [ 856CFFCD835528136367BB1A8FE1DB87, 97EE0B243F460BE737D18B634559BC6389064BA013890E69B650E5152AB873C8 ] C:\Windows\System32\Syncreg.dll
14:05:57.0143 0x1110  C:\Windows\System32\Syncreg.dll - ok
14:05:57.0146 0x1110  [ 32B695330E9271DC3CC35ADD9229CB22, 37750F6C50E0393A0B835A6FFF221403359FE63726D28A9C1583858CD90A2F23 ] C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll
14:05:57.0146 0x1110  C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll - ok
14:05:57.0149 0x1110  [ 6255AF5E27AD144B314D87A231086BA5, 639212CCABA7505043ADB8152D20752DBF5620E9E875E8A02E44760199F16019 ] C:\Program Files\Bluetooth Suite\BtObexFt.dll
14:05:57.0149 0x1110  C:\Program Files\Bluetooth Suite\BtObexFt.dll - ok
14:05:57.0151 0x1110  [ F8F03D206F7D5811D630349A23E9B9B9, D8F63A2DF5E79103BC3DD36BF09E60D095577BCB30BADA8763168E0199ED4CD8 ] C:\Windows\ehome\ehSSO.dll
14:05:57.0151 0x1110  C:\Windows\ehome\ehSSO.dll - ok
14:05:57.0154 0x1110  [ E0E5BB58A4C43F7DBB83352785F32DEF, 03000DF8B9C6D1E13F85730643797413EEE8221653A761FFBECB0AE64457F9E4 ] C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
14:05:57.0154 0x1110  C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll - ok
14:05:57.0157 0x1110  [ 78A86D698FA8CA88D2DB02849D483387, FAF4BA142837E1458F740B02C56F8B589556C97D49C9FD8D7ADA452D0AED5B13 ] C:\Program Files\Bluetooth Suite\BtFileStore.dll
14:05:57.0157 0x1110  C:\Program Files\Bluetooth Suite\BtFileStore.dll - ok
14:05:57.0160 0x1110  [ 09A116FB06C5E362EF8938D29CDAB27B, 887B39388C39FF262FBBE3047FA1F5F47EB649AF3D760865AFE614DE64160D33 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
14:05:57.0160 0x1110  C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
14:05:57.0163 0x1110  [ 0CC6FCE645AE5512DBA7A55481BA847A, 238C418CEE86EF4D1B59765C1090C80B3450F7BA0E40C064660EC93D658454C7 ] C:\Windows\System32\igfxexps.dll
14:05:57.0163 0x1110  C:\Windows\System32\igfxexps.dll - ok
14:05:57.0166 0x1110  [ 687EC49BB54BAEDD24B974220E2E77FC, 51BCF8F13099B0B16C328B10406F0562AF1744AE30DC485FDB029D194DA1EEAC ] C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll
14:05:57.0166 0x1110  C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll - ok
14:05:57.0170 0x1110  [ EAFD880A39CAAED5A5539DFD19827006, 084D1D13E12BCFCAE5487805BCB2EC467C8392531BE19AEF899D6B1288CBB6CB ] C:\Program Files\Bluetooth Suite\BTOBEXOP.dll
14:05:57.0170 0x1110  C:\Program Files\Bluetooth Suite\BTOBEXOP.dll - ok
14:05:57.0172 0x1110  [ B2B3DAE040F6B5AE1DF52B0CD7631A18, 062680EFF24EB83FF34DDD76043DB9ABB476C8FEE7BBE869A1E7F7FC8891314F ] C:\Windows\System32\AltTab.dll
14:05:57.0172 0x1110  C:\Windows\System32\AltTab.dll - ok
14:05:57.0174 0x1110  [ 3E58DFCF5379C1397F9786B4D376C4B1, AAA9C245445F97A41AD35D14AF5F6E25285DD4D6840C71E769EB981CC1A59FF0 ] C:\Program Files\Bluetooth Suite\BtFileStoreOpp.dll
14:05:57.0175 0x1110  C:\Program Files\Bluetooth Suite\BtFileStoreOpp.dll - ok
14:05:57.0177 0x1110  [ 735263DA17BF5BAF9CCD483843BF9D5A, A493F9191EA3F37A53474E94B3917EA038B29545FC62B1634CE47F05EA2FF5C6 ] C:\Windows\System32\WPDShServiceObj.dll
14:05:57.0177 0x1110  C:\Windows\System32\WPDShServiceObj.dll - ok
14:05:57.0180 0x1110  [ 32BFAE767DE0B73DC0B9F2ACC976F068, 65B1AE831FD99F661CBBD53BE737DAB6F77F504C7D6C474D955A6374971500C8 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
14:05:57.0180 0x1110  C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
14:05:57.0183 0x1110  [ 102CF6879887BBE846A00C459E6D4ABC, A4C51C79CF95D5C79DCEFB02946A09A987FEAF83CE2EE1BA7677EBA90869AC80 ] C:\Windows\System32\riched20.dll
14:05:57.0183 0x1110  C:\Windows\System32\riched20.dll - ok
14:05:57.0185 0x1110  [ 0C5C0DDC64E0060B915A2BD3337C7887, 0E29B36B38940E1E86CE545E685F678D6FB6E4F7A4E03CCD013809227982F33E ] C:\Program Files\Bluetooth Suite\goep.dll
14:05:57.0185 0x1110  C:\Program Files\Bluetooth Suite\goep.dll - ok
14:05:57.0188 0x1110  [ 9A57C93C71BDA17DEB2E8A8E49DF4EE0, 94DD09B8DB7A398A24375570A4B0611AD7176786FC5405C07A7B9185D9811373 ] C:\Windows\System32\gfxSrvc.dll
14:05:57.0188 0x1110  C:\Windows\System32\gfxSrvc.dll - ok
14:05:57.0190 0x1110  [ 3D6F22551D422F97AACB0BB927E4C846, 9AB7C9F2E7F3D1CEC4553D0DF57E074121957055A9A4349946D354ACB6FC4579 ] C:\Windows\System32\pnidui.dll
14:05:57.0190 0x1110  C:\Windows\System32\pnidui.dll - ok
14:05:57.0194 0x1110  [ 3E3AB576C50FC2429143A70A3102936C, AF23FFA13CDF19C20CB106C1BD28E0ED094E2D314F0D1F7DC548746907D137FB ] C:\Program Files\Bluetooth Suite\ShellContextExt.dll
14:05:57.0194 0x1110  C:\Program Files\Bluetooth Suite\ShellContextExt.dll - ok
14:05:57.0196 0x1110  [ B09D3351A950D2E4CDBDEB56392EDC96, 9E60C79D8779E5327C146CDE18855B13F766D1FF5F26567144E63B1DB2592DCC ] C:\Program Files\WIDCOMM\Bluetooth Software\BtwRSupport.dll
14:05:57.0196 0x1110  C:\Program Files\WIDCOMM\Bluetooth Software\BtwRSupport.dll - ok
14:05:57.0199 0x1110  [ 059D344145BA103135E6989C03C37BE0, 5DB033C260E287B0B038734C5754620C8919EB923EA8A9B87A2E5827DD82A9B8 ] C:\Windows\Branding\Basebrd\basebrd.dll
14:05:57.0199 0x1110  C:\Windows\Branding\Basebrd\basebrd.dll - ok
14:05:57.0202 0x1110  [ B78EA200B63A72DD01C88706E7F2AD56, 1722E255E7A9F4EE5564B109CEF4F3CD16BD8A4DCCF114C503886A5DBE999B59 ] C:\Windows\System32\IGFXDEVLib.dll
14:05:57.0202 0x1110  C:\Windows\System32\IGFXDEVLib.dll - ok
14:05:57.0204 0x1110  [ BD626EF05967D14C772B8096292731A3, FE3838B41DCAFC52089D909E7F411186D993C08AC149E093352D691D57C9BE71 ] C:\Windows\System32\QUTIL.DLL
14:05:57.0204 0x1110  C:\Windows\System32\QUTIL.DLL - ok
14:05:57.0207 0x1110  [ 50C73E54062BA252350F3F29580E28DA, BCBECE7A4A403E97B3F2F393AAB8711CB6812B609338497EE7AA5EA29DEBA92F ] C:\Windows\System32\tzres.dll
14:05:57.0207 0x1110  C:\Windows\System32\tzres.dll - ok
14:05:57.0209 0x1110  [ B7813B9569DDC81D87D17AF77E94DB2C, D9ED820ADEF4F015131C1AE04501B79138633EE4194B8724A27E4AA092220DD0 ] C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
14:05:57.0209 0x1110  C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll - ok
14:05:57.0212 0x1110  [ ADB45A977BD9E45790CA496DB84BA148, BB251C9A5D2F5C6BDFB22C6BA235748472FC28AF2ADAF1CE7948352301DDE3C1 ] C:\Windows\System32\PortableDeviceTypes.dll
14:05:57.0212 0x1110  C:\Windows\System32\PortableDeviceTypes.dll - ok
14:05:57.0215 0x1110  [ B5998562E394D9DB672D012D4E670790, 921B0B871F47488F9C6A3CC1B3558061607A8EEA9F72DA55084F95B7B6D28862 ] C:\Users\Kolang\Desktop\adwcleaner_4.110.exe
14:05:57.0215 0x1110  C:\Users\Kolang\Desktop\adwcleaner_4.110.exe - ok
14:05:57.0217 0x1110  [ BF2FD56B12D0FEA111DE3ED4BCB0B9AE, 8B581BAB9EA72B8E6E0B1167A611BFF69F826D2D49CFECDAE0EB04E21B48BF18 ] C:\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
14:05:57.0218 0x1110  C:\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll - ok
14:05:57.0220 0x1110  [ CF4274CEEA9F7791FB7FC40A066BC2C7, C153EC0D420261185001B354955DF85C6E842334D34E70BB69CECC3AFC8CE36C ] C:\Windows\System32\cscobj.dll
14:05:57.0220 0x1110  C:\Windows\System32\cscobj.dll - ok
14:05:57.0223 0x1110  [ EB26FBC205FCFD0B04B9366E391F7742, 82FA8B6567C782E18F8DBC34FC1A87101AC46C682F7DF594BCD8C6AD8A9B30C2 ] C:\Windows\System32\igdumdx32.dll
14:05:57.0223 0x1110  C:\Windows\System32\igdumdx32.dll - ok
14:05:57.0225 0x1110  [ C546D73E6EE0962A634CE3AF68ABAEC1, EF0E6444F55F04627329A37EF8E2C2354AA00C0381838169ABEC2B5D4BB26FD7 ] C:\Windows\System32\igdumd32.dll
14:05:57.0225 0x1110  C:\Windows\System32\igdumd32.dll - ok
14:05:57.0228 0x1110  [ C6B0509AA89F656247694E2D6ABF7255, 5E8ABE4B83590E499C418D79FAB152AD3B0FD01E94F137B192518D6DD24E5D97 ] C:\Windows\System32\wbem\wmiprov.dll
14:05:57.0228 0x1110  C:\Windows\System32\wbem\wmiprov.dll - ok
14:05:57.0231 0x1110  [ B3D37FF08ED3A94B3E7F2810F8875096, C6E78C777A3F9F636013501F03FEADCDD1E6A9F1540B33F6ECB4C6BC4E629C15 ] C:\Program Files\Bluetooth Suite\AthCopyHook.dll
14:05:57.0231 0x1110  C:\Program Files\Bluetooth Suite\AthCopyHook.dll - ok
14:05:57.0233 0x1110  [ 40AB4AABDE0EBA00A4BBBA218276738F, 0CA75F61A5B537F95866DC0D41552A51D11588FCE8A31203BEEF6218BEF4724E ] C:\Program Files\WIDCOMM\Bluetooth Software\BTNCopy.dll
14:05:57.0233 0x1110  C:\Program Files\WIDCOMM\Bluetooth Software\BTNCopy.dll - ok
14:05:57.0236 0x1110  [ 674B0C0F6A448EB185CAAB9C51D44032, 6722351F46BF70BA967844D3239CD801DFC4538A4EB6C478D8497F27F7FD9F1D ] C:\Windows\System32\srchadmin.dll
14:05:57.0236 0x1110  C:\Windows\System32\srchadmin.dll - ok
14:05:57.0239 0x1110  [ 2FBB653F8BF919E32C9869FA545A5F01, E54DB9DD1E77C1A7584CACDE345961119498F5810F59DCAD0BD56186C5802A24 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
14:05:57.0239 0x1110  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll - ok
14:05:57.0242 0x1110  [ 236F286E103FD44BD85FDD93097FD5DD, C369C98E76FEFBB05A12ABEECCF89C75132419B56866ED9AB77F61F84BA62785 ] C:\Windows\System32\SearchIndexer.exe
14:05:57.0242 0x1110  C:\Windows\System32\SearchIndexer.exe - ok
14:05:57.0244 0x1110  [ 9A39A2A5F443A756C568C6ED5748AFE4, 13C2790985CBA9CD325BA20364A665DB50B769B7DDE93E6BE20F25427BDB34F8 ] C:\Windows\System32\ActionCenter.dll
14:05:57.0244 0x1110  C:\Windows\System32\ActionCenter.dll - ok
14:05:57.0247 0x1110  [ 49BA0CAAA0668976382ABB600870129C, EC54DF5B296BC5EDFD1C3EACE37B4D472AA5D0FF1D92401EA81C9FA086B411D3 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
14:05:57.0247 0x1110  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll - ok
14:05:57.0250 0x1110  [ 04B88428A872390D235BE52D38A9D4EF, F6954D514B67547738EB012456342D65289B0B18A0304BBAD5BDAA3436181C77 ] C:\Windows\System32\dot3api.dll
14:05:57.0250 0x1110  C:\Windows\System32\dot3api.dll - ok
14:05:57.0252 0x1110  [ 8063046AA70B97CA9985672B8848FB2E, C7A7F2D216D1F0D7F28A22E4933DB3D821AC52CC2EF7AE8BA08D18104FCF8B81 ] C:\Windows\System32\wlanhlp.dll
14:05:57.0252 0x1110  C:\Windows\System32\wlanhlp.dll - ok
14:05:57.0255 0x1110  [ 8B285BDAB7735FDFB18E6F7122923B77, DE3DBDDBF0E999CDE4A53B194128094671684708CDBED2C4D5362316CAA3A8CD ] C:\Windows\System32\UIAnimation.dll
14:05:57.0255 0x1110  C:\Windows\System32\UIAnimation.dll - ok
14:05:57.0258 0x1110  [ D2F3A4BAEC689FB87932159874F06239, 12B6298EF049EB967B923B1A67037048F783D227D7B45DAC69A7B416E52D5B91 ] C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
14:05:57.0258 0x1110  C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe - ok
14:05:57.0261 0x1110  [ 42FA5E7136A3CBB68AAA61E92D4739CE, A988F36C000CA35162E96B2CC2F6DE5F05ED72EBA45635FA41F40190EFD38F76 ] C:\Windows\System32\Storprop.dll
14:05:57.0261 0x1110  C:\Windows\System32\Storprop.dll - ok
14:05:57.0263 0x1110  [ 62A6EB5771580CAE445804389F3F7432, CC529625540204E82794E5494C063371BF7A5164823E6C3B2CCAAC030AE4D5AE ] C:\Windows\System32\WindowsCodecsExt.dll
14:05:57.0263 0x1110  C:\Windows\System32\WindowsCodecsExt.dll - ok
14:05:57.0266 0x1110  [ 816B681CC308FAA128EDCB90643DCED7, C2C6295F59F00F4D47673C361F1965BA62F9ADF6897A6A0BE224509628A27D7E ] C:\Windows\System32\icm32.dll
14:05:57.0266 0x1110  C:\Windows\System32\icm32.dll - ok
14:05:57.0269 0x1110  [ 73869A8A7AF77801387A36CF9B9B5886, 682A1EBCB22EE830F861005716C44150D2846126FB70C5F9CE128DF7502FB508 ] C:\Windows\System32\sysclass.dll
14:05:57.0269 0x1110  C:\Windows\System32\sysclass.dll - ok
14:05:57.0271 0x1110  [ 03A5619E65993B1619A4A88968172F4B, 8B833D45545D4C28C93B53FC121E123F22120EFF2C45C3DCBE9B7BC0E1549B4B ] C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b20319dfb7dd671d2de2f383cd2551ce\WindowsFormsIntegration.ni.dll
14:05:57.0271 0x1110  C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b20319dfb7dd671d2de2f383cd2551ce\WindowsFormsIntegration.ni.dll - ok
14:05:57.0274 0x1110  [ DE5D2DD02382DB98FCA90DE8169F27DE, 81E9EF6E7093516F8E89B6F19F478A303249829CF376DED5255AD913A4F5CCDC ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7b22741531a2850c807656d0298a96bd\PresentationFramework.Aero.ni.dll
14:05:57.0274 0x1110  C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7b22741531a2850c807656d0298a96bd\PresentationFramework.Aero.ni.dll - ok
14:05:57.0277 0x1110  [ C02AA67276FEE0C15CC4D6D616BDE95E, 24B0FFA2903CC77FEDE6B491647BB759C4AE054E38A19EFA0D2662AC2959570B ] C:\Windows\System32\WWanAPI.dll
14:05:57.0277 0x1110  C:\Windows\System32\WWanAPI.dll - ok
14:05:57.0280 0x1110  [ F2ED6D00921CA138289E5E0CCB9ABF87, 528F249CE0835CA4D8B7C4940F5132DF1155EB344177BEA4CD7FCF9B8DCCCA4B ] C:\Windows\System32\wwapi.dll
14:05:57.0280 0x1110  C:\Windows\System32\wwapi.dll - ok
14:05:57.0282 0x1110  [ 02530B0B7E048DD5AC8D52DAEACAEB2B, 2DEB454F8B71EC54C59185E2F1D679F7EC1C7AEFCD1D59761FDD3D70CABE0254 ] C:\Windows\System32\QAGENT.DLL
14:05:57.0282 0x1110  C:\Windows\System32\QAGENT.DLL - ok
14:05:57.0285 0x1110  [ C2D6A4475B87651D5909E364439FDA52, BE9B898A8396F977E05A22D6EDF7B6B4EF4C16E159806453D03C2A918D24C19F ] C:\Windows\System32\FXSST.dll
14:05:57.0285 0x1110  C:\Windows\System32\FXSST.dll - ok
14:05:57.0287 0x1110  [ AC0B6D0C310CFC83FC56C3314A6945D3, E7FF1CD6B7E8F80D42EA5AF2E24314052BE99E72B22B60BBF20EBFB625216133 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
14:05:57.0287 0x1110  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll - ok
14:05:57.0291 0x1110  [ 942E57152F1CD0533644AB30EF1A4728, 4F72510BECFAFDBB06C9CAAC66BA9E95225DE1EA12B4D2FD5B67492A2E628ABD ] C:\Windows\System32\FXSAPI.dll
14:05:57.0291 0x1110  C:\Windows\System32\FXSAPI.dll - ok
14:05:57.0293 0x1110  [ 0241CB16136B9A4939CA0395768AE286, E7A3A0BDB4AC4BD718C93BE650541F96603739BDB3DB6860665DCC073DA8007D ] C:\Windows\System32\mssrch.dll
14:05:57.0293 0x1110  C:\Windows\System32\mssrch.dll - ok
14:05:57.0296 0x12e0  Object send P2P result: true
14:05:57.0299 0x12e0  Object required for P2P: [ 4120DA10AA42A9996F4575DB9E3E6E6E ] KSecDD
14:05:57.0300 0x1110  [ 81600E2E27ED61427AAD865B9BCDDB9D, 0D7D39C0A5A2C24FAADCA41658A1C62D13180B462C78103BDF6DBD76B64DD79A ] C:\Windows\System32\msidle.dll
14:05:57.0300 0x1110  C:\Windows\System32\msidle.dll - ok
14:05:57.0305 0x1110  [ 1CBF15FDB0310345A68972EB5C5B948F, E1EDCE6216B24037B243AC68CEEBD510646B2EFD70BC118E68303F9ED85D1973 ] C:\Windows\System32\mssprxy.dll
14:05:57.0305 0x1110  C:\Windows\System32\mssprxy.dll - ok
14:05:57.0309 0x1110  [ 465DBF63A5049E4DB4BC5C12FFE781CB, D12F6A9FB92144B2CFFD28BD72C234BA42F882EF22122DB83CE5EB1B8EBE9017 ] C:\Windows\System32\tquery.dll
14:05:57.0309 0x1110  C:\Windows\System32\tquery.dll - ok
14:05:57.0312 0x1110  [ EBCDF8D3CBBF9B42489E6A2AEED74CE3, E6E1CD930C9257CDF5705C5844C34A78186204CD08C3DBC4258EDBB104DF8982 ] C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll
14:05:57.0312 0x1110  C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll - ok
14:05:57.0316 0x1110  [ B63E24E9271E99FD4540E3CA22A937DA, A9E75FBF482C4447E887E5B6EBAD96FE827F0BBD1101F1D8B54EE178D3AEAA7E ] C:\Windows\System32\en-US\tquery.dll.mui
14:05:57.0316 0x1110  C:\Windows\System32\en-US\tquery.dll.mui - ok
14:05:57.0319 0x1110  [ B0222BD0F9D97488D691BCC02B051A92, 0FFC8C8870637948DC0B93020BDF520E9665DF72CB437DD8244D6A7400B45187 ] C:\Windows\ehome\ehshell.exe
14:05:57.0319 0x1110  C:\Windows\ehome\ehshell.exe - ok
14:05:57.0321 0x1110  [ 265B49EF94A5AA713192EE97A7D248B5, 3147BFD8A0FF4C58F19C21BFF3C24629409CC6C6D10EC30F63619A6532DE89C2 ] C:\Program Files\Mozilla Firefox\firefox.exe
14:05:57.0321 0x1110  C:\Program Files\Mozilla Firefox\firefox.exe - ok
14:05:57.0324 0x1110  [ E1AC89F6C5252057E6062843E36A6701, 32BE52836F2A011D46957AD60ABA48986B87026FD50ED09D8495460C7F1AB23E ] C:\Windows\System32\SearchProtocolHost.exe
14:05:57.0324 0x1110  C:\Windows\System32\SearchProtocolHost.exe - ok
14:05:57.0327 0x1110  [ 89F4D0DD6606A2FE15931E6888DBBC8D, 513D9F6DB0D993DB6D720DF1FF4FED2C6A9B067522CDEE389CA40D3B618B6A55 ] C:\Windows\System32\stdole2.tlb
14:05:57.0327 0x1110  C:\Windows\System32\stdole2.tlb - ok
14:05:57.0329 0x1110  [ D53519D8BB92559350125447991DCFA8, 553C06E8FDD9F516B05D64DC6C4CDC15575B5CB130060AE8F3325C564FAE02C0 ] C:\Windows\System32\mssitlb.dll
14:05:57.0329 0x1110  C:\Windows\System32\mssitlb.dll - ok
14:05:57.0332 0x1110  [ 43D496743D8775A80260177CC5CEC84E, 3A1D775FA7223D4A7656C302E17A44A9679EB3B9BCBA4AEE82F68C6E0A96FFB5 ] C:\Program Files\Mozilla Firefox\mozglue.dll
14:05:57.0332 0x1110  C:\Program Files\Mozilla Firefox\mozglue.dll - ok
14:05:57.0335 0x1110  [ 03E9314004F504A14A61C3D364B62F66, A3BA6421991241BEA9C8334B62C3088F8F131AB906C3CC52113945D05016A35F ] C:\Program Files\Mozilla Firefox\msvcp100.dll
14:05:57.0335 0x1110  C:\Program Files\Mozilla Firefox\msvcp100.dll - ok
14:05:57.0337 0x1110  [ 67EC459E42D3081DD8FD34356F7CAFC1, 1221A09484964A6F38AF5E34EE292B9AFEFCCB3DC6E55435FD3AAF7C235D9067 ] C:\Program Files\Mozilla Firefox\msvcr100.dll
14:05:57.0337 0x1110  C:\Program Files\Mozilla Firefox\msvcr100.dll - ok
14:05:57.0340 0x1110  [ 18A32372444AD6A408E76784CD879AF7, 8A2BC166D5F719E12921C9F3B5D83090D7EE999E08AFBDCB28E57E73D1CFB05F ] C:\Program Files\Mozilla Firefox\nss3.dll
14:05:57.0340 0x1110  C:\Program Files\Mozilla Firefox\nss3.dll - ok
14:05:57.0343 0x1110  [ C2492C3E6580E942B2B730865A9C3374, BE45AAD587C2A5A60A0E422CDCCFF1AFFF9BD6753D3DBAF95ECE71DBD10C0DBE ] C:\Program Files\Mozilla Firefox\mozjs.dll
14:05:57.0343 0x1110  C:\Program Files\Mozilla Firefox\mozjs.dll - ok
14:05:57.0346 0x1110  [ 3DCEB907632F335F1F7D88E9F62481E4, 2B3122DD2982C9DC2E7481A5E4790AC5030F4E40367A561597E658B8AF8289AE ] C:\Program Files\Mozilla Firefox\icuin52.dll
14:05:57.0346 0x1110  C:\Program Files\Mozilla Firefox\icuin52.dll - ok
14:05:57.0348 0x1110  [ 23AC8F9740D57244CA0F035AD64A4D60, B2984940D798D7DBA6F4AFECD80EF5114B7B902CEECDF7FE7BCE6C2E1ADB1A70 ] C:\Program Files\Mozilla Firefox\icuuc52.dll
14:05:57.0348 0x1110  C:\Program Files\Mozilla Firefox\icuuc52.dll - ok
14:05:57.0351 0x1110  [ 1A47B99FEFE67F3EC4FDAED17187B907, E5118331A366826B7CE559F4B1BA83F241674BA60494047D54E991843F5B961E ] C:\Program Files\Mozilla Firefox\icudt52.dll
14:05:57.0351 0x1110  C:\Program Files\Mozilla Firefox\icudt52.dll - ok
14:05:57.0354 0x1110  [ B3C10E9DAD50E1F6B0A048C83B75B5B5, D711C8C0CAA9340FE8A6C959CD770CAB155465B4A33F8ACB8EF00F782A60336A ] C:\Program Files\Mozilla Firefox\sandboxbroker.dll
14:05:57.0354 0x1110  C:\Program Files\Mozilla Firefox\sandboxbroker.dll - ok
14:05:57.0356 0x1110  [ 83CA994A5F030FCD4BC3AAD2DD499085, 64461A4A6C9D51377D284154970D83CA3EB4BD17D05007AFA1A9901B320AE150 ] C:\Program Files\Mozilla Firefox\mozalloc.dll
14:05:57.0356 0x1110  C:\Program Files\Mozilla Firefox\mozalloc.dll - ok
14:05:57.0359 0x1110  [ 6A8C679763F758AB111DA9BB64D21203, 98D1794416C72AB71B7E5654CD93CFE5866E67F4BBC764860F0E0FDF67C6BA87 ] C:\Program Files\Mozilla Firefox\gkmedias.dll
14:05:57.0359 0x1110  C:\Program Files\Mozilla Firefox\gkmedias.dll - ok
14:05:57.0362 0x1110  [ 487F44B08EFEAF5AD087878357B9403D, B02C99850940588D52B3E6DB30DB64582F294E0BD62101067BECFEA1483010C6 ] C:\Windows\System32\pdh.dll
14:05:57.0362 0x1110  C:\Windows\System32\pdh.dll - ok
14:05:57.0364 0x1110  [ B29280AA00BC34FEECDC0426B11B9DAC, 9FE8CD345D00F74EDD1ADFF073835AC611F4045927C21AFCCD6D85E171880F17 ] C:\Windows\System32\RstrtMgr.dll
14:05:57.0365 0x1110  C:\Windows\System32\RstrtMgr.dll - ok
14:05:57.0367 0x1110  [ C2CF659F388EBCB9E5D4D579A3D192A4, 3FB814C99500E849C0FEB4ED55DBC34D5B49EC138C158E25BE32E208586CB336 ] C:\Program Files\Mozilla Firefox\browser\components\browsercomps.dll
14:05:57.0367 0x1110  C:\Program Files\Mozilla Firefox\browser\components\browsercomps.dll - ok
14:05:57.0370 0x1110  [ D4CEB17185B3C509011864923CD34FB7, C95B1C44371EFEB29B3F660307D81F62CCF83FD3F843CA8C09F2CF5A6C2B737B ] C:\Program Files\Mozilla Firefox\xul.dll
14:05:57.0370 0x1110  C:\Program Files\Mozilla Firefox\xul.dll - ok
14:05:57.0373 0x1110  [ 03B3541AE6986602CF9CB5B3AD169C33, FC4B0ABA53EDB19DCBA00B8FEBE807643A4AB2D6B8337EE05CE2D0283BEF0F4E ] C:\Windows\System32\webcheck.dll
14:05:57.0373 0x1110  C:\Windows\System32\webcheck.dll - ok
14:05:57.0375 0x1110  [ A5D237B8673025B052C0E6FDB6A883E8, 0DAE34965C08F7450938A5145D2B53C68AA917744B8C6FCB130A35C03C5CEF6F ] C:\Windows\System32\msshooks.dll
14:05:57.0375 0x1110  C:\Windows\System32\msshooks.dll - ok
14:05:57.0378 0x1110  [ 4277F5164DE9B7C665BB928B9145BEE0, B977BF5D20BD4AA3B5FFFAF42C02D95E9883625E79820531A77C470C8D29CA37 ] C:\Windows\System32\DWrite.dll
14:05:57.0378 0x1110  C:\Windows\System32\DWrite.dll - ok
14:05:57.0381 0x1110  [ 2DDEA2C345DA5BC589EFD398F220DB0E, B515B15BE7CB66F94B7A9B802719DAF7D50E1FE2832B66B6883AC0023060800D ] C:\Windows\System32\SyncCenter.dll
14:05:57.0381 0x1110  C:\Windows\System32\SyncCenter.dll - ok
14:05:57.0383 0x1110  [ A6CD6B3F71E13E2E45B727FB8A47EA87, 4D84F6B03185DA961543ADFB927CBC17A1A9F216AC24E9A9228780AD7DD0222E ] C:\Windows\System32\SearchFilterHost.exe
14:05:57.0383 0x1110  C:\Windows\System32\SearchFilterHost.exe - ok
14:05:57.0386 0x1110  [ C7952D0A4C43A965A1741916BB134751, 84EF222159E8C444A1D9D2E6509245716E4106C8032861DBFF399001A529BF94 ] C:\Windows\System32\hgcpl.dll
14:05:57.0386 0x1110  C:\Windows\System32\hgcpl.dll - ok
14:05:57.0387 0x1110  [ DB67C7C62038BDE813CB6486581A7611, DC0ACAA2795BBF4C8C35CE9DD9C14636ACFD94296CDC103696B64357CC2C84BB ] C:\Windows\System32\mssph.dll
14:05:57.0387 0x1110  C:\Windows\System32\mssph.dll - ok
14:05:57.0390 0x1110  [ 8BC9DB92C4B2F3BE89185BEAB2AFC1F6, 4F40D5CCE264290C8DD73A5766062A55ED4CF77D8F6B59D453DDB6F88B640D7E ] C:\Windows\System32\mapi32.dll
14:05:57.0390 0x1110  C:\Windows\System32\mapi32.dll - ok
14:05:57.0392 0x1110  [ 43C9CF6825CEA58F1815B7C3DBBB385C, C79DB405D588C77E4ACAE3BC26080213BEEB604C0A109AFDF88031FC46B4CBC0 ] C:\Windows\System32\Wpc.dll
14:05:57.0392 0x1110  C:\Windows\System32\Wpc.dll - ok
14:05:57.0395 0x1110  [ 6C3E34E303DBDCB9F7EC1F7A7F6B1629, 6E33DDF02761244817179FE5D59ADF20D6A42F8276D628FA72BAD425B7253FA5 ] C:\Users\Kolang\AppData\Roaming\Mozilla\plugins\npo1d.dll
14:05:57.0395 0x1110  C:\Users\Kolang\AppData\Roaming\Mozilla\plugins\npo1d.dll - ok
14:05:57.0398 0x1110  [ 2D684F0DDF782C73847BED9503250991, 864410D729FDF3EFE668CFBDDF7DFFC5A4E91DA0849101B0EAF1A95475CEF59C ] C:\Users\Kolang\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
14:05:57.0398 0x1110  C:\Users\Kolang\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - ok
14:05:57.0401 0x1110  [ 7AA31903C74E82D039F150DA2FE8AF72, 4D83B5BC2885C38B9248CDA10DD3DB84C3481966DF479175EDEB169723730C8B ] C:\Users\Kolang\AppData\Roaming\Mozilla\plugins\npagee.dll
14:05:57.0401 0x1110  C:\Users\Kolang\AppData\Roaming\Mozilla\plugins\npagee.dll - ok
14:05:57.0403 0x1110  [ F36BCEEEC0FFA4E14087E2D24E2BDD40, 9B35B9E6AB2323EA156AA93A1EA839DC01BE7A57AE62A8B6E8F3D03F603F8C4C ] C:\Program Files\QuickTime\QuickTimePlayer.exe
14:05:57.0403 0x1110  C:\Program Files\QuickTime\QuickTimePlayer.exe - ok
14:05:57.0406 0x1110  [ 72E7A13372047CA67AB84FAF2F49EF06, 1AEA7F6E7F365AD25A989B0F835E6F8E9FE206B14BBDBCD087142B7812990BA8 ] C:\Program Files\Mozilla Firefox\plugin-container.exe
14:05:57.0406 0x1110  C:\Program Files\Mozilla Firefox\plugin-container.exe - ok
14:05:57.0409 0x1110  [ C62322C77D1AAB77B1CF1130FCC3673A, AF358668F8B46475E1672D0B58CEF2A6A08357FAFBE80D027C00DCC812877F9B ] C:\Windows\System32\Macromed\Flash\NPSWF32_16_0_0_305.dll
14:05:57.0409 0x1110  C:\Windows\System32\Macromed\Flash\NPSWF32_16_0_0_305.dll - ok
14:05:57.0412 0x1110  [ 5E08AC958BE05247FF1539E0D1CE7905, C6E7419EA72D1703F72292743A999F4A6CF0C6734BA1EE92C6AF18BA8B1A3A23 ] C:\Windows\System32\dinput8.dll
14:05:57.0412 0x1110  C:\Windows\System32\dinput8.dll - ok
14:05:57.0414 0x1110  [ 4E8288547D53DB9555067DE7FDCCB127, 218428D93C757DD1357F545CBC7B1B68CD3F8796DF6E9AE5949ADC3CC54E784C ] C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
14:05:57.0414 0x1110  C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe - ok
14:05:57.0417 0x1110  [ 5A95915B9E942B9A5762AE0CE6E895C1, 78C40C619076236CB5CA637327C1EC3D74AD11E868DCA15BB1D2A2912533FFA1 ] C:\Program Files\Mozilla Firefox\softokn3.dll
14:05:57.0417 0x1110  C:\Program Files\Mozilla Firefox\softokn3.dll - ok
14:05:57.0420 0x1110  [ 52A083E0F1C22838EE5E31BF76689668, EE5B0D0543A7F41FD9C46050B25319BCE618DC4A78A15B29F8DF6833FC7A4A49 ] C:\Program Files\Mozilla Firefox\nssdbm3.dll
14:05:57.0420 0x1110  C:\Program Files\Mozilla Firefox\nssdbm3.dll - ok
14:05:57.0423 0x1110  [ ADAD1002BA29691F70F32DE219416FB8, EDC24515E93D0493AA91CC8598D1DC7E034BA80A182C6CEE4BCD518BEDA0F210 ] C:\Program Files\Mozilla Firefox\freebl3.dll
14:05:57.0423 0x1110  C:\Program Files\Mozilla Firefox\freebl3.dll - ok
14:05:57.0426 0x1110  [ DAC64A0367AC121B7408A8E0F4B99CAA, 389387EFF2C536C7A494F1B32272BE405AB39A1C9ADF7B030DAC3CBD8E9AACDD ] C:\Program Files\Mozilla Firefox\nssckbi.dll
14:05:57.0426 0x1110  C:\Program Files\Mozilla Firefox\nssckbi.dll - ok
14:05:57.0428 0x1110  [ 14800BD31701A5047AC3145BB1E698AE, 05B4E33B14B9623EE065634708D9C4CDC7226146F9614C4F374E6B097BB35A50 ] C:\Windows\System32\d2d1.dll
14:05:57.0428 0x1110  C:\Windows\System32\d2d1.dll - ok
14:05:57.0431 0x1110  [ 007863E45F25AA47A4C30D0930BBFD85, 60F2ABA40D520FCA2C57FA2DB72E111C14F21821DA17F662837506B80C269634 ] C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
14:05:57.0431 0x1110  C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll - ok
14:05:57.0434 0x1110  [ 7A97AA40D8A3DA4A9095873C72D524C5, 00D2CE2C35E8F2D31C2A8778C6E8846BE3D1467CD1E66AA494571A14DEA0E4D1 ] C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
14:05:57.0434 0x1110  C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe - ok
14:05:57.0437 0x1110  [ CCA67BD391CFC9F036323B2522887A6A, 79F5BC1AD13A5575A52D39A000D0873B31865659B5EFC66A7FEF5E43E54C38B9 ] C:\Windows\System32\mobsync.exe
14:05:57.0437 0x1110  C:\Windows\System32\mobsync.exe - ok
14:05:57.0440 0x1110  [ 469E61ED4C5E018E1D0B130ACE65D85F, 9E8D84782940FE4D8E7FBEA32CB5A847F628DBB3E65C2315835D7E11C62DDEF3 ] C:\Windows\System32\SyncInfrastructure.dll
14:05:57.0440 0x1110  C:\Windows\System32\SyncInfrastructure.dll - ok
14:05:57.0443 0x1110  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:05:57.0443 0x1110  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
14:05:57.0446 0x1110  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] C:\Windows\System32\sppsvc.exe
14:05:57.0446 0x1110  C:\Windows\System32\sppsvc.exe - ok
14:05:57.0448 0x1110  [ D16D818E9930A6E5B4F6476DD0998D1A, 11284FBAE473325322DA0CA6F9317B9A700A666D6D907BBBC812FD0E7BE7FE67 ] C:\Windows\System32\drivers\spsys.sys
14:05:57.0448 0x1110  C:\Windows\System32\drivers\spsys.sys - ok
14:05:57.0451 0x1110  [ 41118D920B2B268C0ADC36421248CDCF, 4F99C4913DCFE02B0783FD97F02558E4DD4D7C98553D95A8E26FAAA0C0D67616 ] C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:05:57.0451 0x1110  C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe - ok
14:05:57.0454 0x1110  [ 3A11396EAC2414012155AB14E5C1E332, 27B2DF1C2980098025EC43B354C150BA1CE795F1138DFC03C763A115BBF77010 ] C:\Windows\System32\sppwinob.dll
14:05:57.0454 0x1110  C:\Windows\System32\sppwinob.dll - ok
14:05:57.0457 0x1110  [ D480C9220BFE667DE65A46CDE80EA7E9, 3BD2C69533749792A8DA8E5602515BCA2E290194838F566334DBB54BB2CE2229 ] C:\Program Files\Intel\Intel® Management Engine Components\UNS\StatusStrings.dll
14:05:57.0457 0x1110  C:\Program Files\Intel\Intel® Management Engine Components\UNS\StatusStrings.dll - ok
14:05:57.0460 0x1110  [ 122F89E0905FC656D56F65CD7A2E9B4D, 4D86847587EE5212129E98A814124E490EE29F411DBB9CF7ECEB1E9146B4FCAE ] C:\Program Files\Intel\Intel® Management Engine Components\UNS\xerces-c_2_7.dll
14:05:57.0460 0x1110  C:\Program Files\Intel\Intel® Management Engine Components\UNS\xerces-c_2_7.dll - ok
14:05:57.0464 0x1110  [ 1CBAD5EEE017FAFEA2BF75E82330783D, 000BF76D0C8A63A7FB09DCCC7D80564D381992BBDA57C8A71887BF7F8F2A5274 ] C:\Program Files\Intel\Intel® Management Engine Components\UNS\DTMessageLib.dll
14:05:57.0464 0x1110  C:\Program Files\Intel\Intel® Management Engine Components\UNS\DTMessageLib.dll - ok
14:05:57.0466 0x1110  [ 421D9645B72CD341ECDBB0FCE06C97DE, C2F0DF431E526A8F6F3F521E1BD26838A6A7B5F8E5DBDD044871815DBC5FF6B1 ] C:\Windows\System32\sppobjs.dll
14:05:57.0466 0x1110  C:\Windows\System32\sppobjs.dll - ok
14:05:57.0469 0x1110  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] C:\Windows\System32\wscsvc.dll
14:05:57.0469 0x1110  C:\Windows\System32\wscsvc.dll - ok
14:05:57.0472 0x1110  [ 1B0EC94520CAB89A9CE1B2DA405166AF, 129102C98C8B3D403C85604C9A2AFC0471CDB1212FD2C5487D73FC089FC88F0C ] C:\Windows\System32\p2pcollab.dll
14:05:57.0472 0x1110  C:\Windows\System32\p2pcollab.dll - ok
14:05:57.0474 0x1110  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] C:\Windows\System32\wuaueng.dll
14:05:57.0474 0x1110  C:\Windows\System32\wuaueng.dll - ok
14:05:57.0477 0x1110  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] C:\Windows\System32\QAGENTRT.DLL
14:05:57.0477 0x1110  C:\Windows\System32\QAGENTRT.DLL - ok
14:05:57.0480 0x1110  [ 9FD6496B6D91C8BE2A10BD55EAE2D5F2, FC71F6CC24FE61BF83DD3E237C00DD0002D84DC303DB9570B241BF8212B8639D ] C:\Windows\System32\fveui.dll
14:05:57.0480 0x1110  C:\Windows\System32\fveui.dll - ok
14:05:57.0482 0x1110  [ 7A6986DD659B96398A11AF5173892715, FB7818952B9015F433418E7DC656A2C20CD682056AB981A55C1722020142D578 ] C:\Windows\System32\cabinet.dll
14:05:57.0482 0x1110  C:\Windows\System32\cabinet.dll - ok
14:05:57.0485 0x1110  [ 867148EBF47E7E7E7B21C07B4A981929, 3272520CAFC13684F4AA5A3CFA996736B025D48A4DFB90F3A3BC230A450776EC ] C:\Windows\System32\wuapi.dll
14:05:57.0485 0x1110  C:\Windows\System32\wuapi.dll - ok
14:05:57.0487 0x1110  [ 387A8A473ECC5BA02CF453277C1F3274, 3F36D3088B0F7CB0CC2C31E8F908527EC5502F0D3153D20332745B7BBF8B04D7 ] C:\Windows\System32\mspatcha.dll
14:05:57.0488 0x1110  C:\Windows\System32\mspatcha.dll - ok
14:05:57.0490 0x1110  [ 255F0417EC31C71585824269522EC8E9, EE25FB9239FF8C696CEC94F5C8036A2977788E47C12E848E320CC8C521BF5F36 ] C:\Windows\System32\wups.dll
14:05:57.0490 0x1110  C:\Windows\System32\wups.dll - ok
14:05:57.0493 0x1110  [ 459E257F8915D44B23ACB46211FD45D0, 11A72DBFB0AAC070BB77A7AE9358E9A9402F2FD0484D87F1BFA4DF5A280DCF47 ] C:\Windows\System32\wups2.dll
14:05:57.0493 0x1110  C:\Windows\System32\wups2.dll - ok
14:05:57.0495 0x1110  [ 8258362DDB18B644A82D8B5061AD9426, 87CA586B2B1B0089BFF6A259A0743D184AE383B3B12C4BC5986D72ADFFBE9EDA ] C:\Windows\System32\wscisvif.dll
14:05:57.0495 0x1110  C:\Windows\System32\wscisvif.dll - ok
14:05:57.0498 0x1110  [ 7DF186D86CF8C571A12AAB788C777F84, A2C1064BFDEF2A85CB12A11E55728BCC09933C115C278403F07B27DB2C36C710 ] C:\Windows\System32\wscproxystub.dll
14:05:57.0498 0x1110  C:\Windows\System32\wscproxystub.dll - ok
14:05:57.0501 0x1110  [ 43BE3B9CA431F88E049928DC45C4365C, D370BEBF27FE039D63B2799F636460988DE751E8088BC7187C05E6E4770E3309 ] C:\Windows\System32\wbem\wmipcima.dll
14:05:57.0501 0x1110  C:\Windows\System32\wbem\wmipcima.dll - ok
14:05:57.0503 0x1110  ================ Scan generic autorun ======================
14:05:57.0565 0x1110  [ 4532C81637954F7D62E2AF7082763430, F8925CA0A2643A1F6BBF5A76185C9D2F8F2517BB349C17BD4E25BC995B856C99 ] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
14:05:57.0583 0x1110  AmIcoSinglun - detected UnsignedFile.Multi.Generic ( 1 )
14:06:00.0751 0x1448  Object required for P2P: [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap
14:06:01.0863 0x1110  Detect skipped due to KSN trusted
14:06:01.0863 0x1110  AmIcoSinglun - ok
14:06:01.0982 0x1110  [ DC20169949B56A7E16FE151490A78B07, FDF3B7814F754019063820DE5918F3CDFE19E980E9B5FBDD24587B10515D4D04 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
14:06:02.0024 0x1110  SynTPEnh - ok
14:06:02.0035 0x12e0  Object send P2P result: true
14:06:02.0041 0x1110  [ EBB324585DC09191806392C0FE926DC6, 8796270F0EA4D9C900AA4DD1C2772C8967C5AAEA0150D7A0E41F66FF4D0F3C4D ] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe
14:06:02.0051 0x1110  ODDPwr - ok
14:06:02.0072 0x1110  [ 788B21F757937A4464A8CF51EE31A4D8, 65AF087EE9DD31EB5C7FBD406B159812F44461973DD271C032C9C272A61CA491 ] C:\Windows\system32\igfxtray.exe
14:06:02.0083 0x1110  IgfxTray - ok
14:06:02.0089 0x1110  [ 48D406E77B7CB520108C7BD5A662D8A0, 444CA2C9238C44B14E43A53D607C63288A384D2F7EA54EFBE46FCE4CFEAEBEDA ] C:\Windows\system32\hkcmd.exe
14:06:02.0099 0x1110  HotKeysCmds - ok
14:06:02.0106 0x1110  [ 5FE25182F2D0D8A2F864303BF13647DE, CDBAFC11B58AC9020E2443969087A76469AA0FF8B71ECC8548252E4989E7BA60 ] C:\Windows\system32\igfxpers.exe
14:06:02.0116 0x1110  Persistence - ok
14:06:02.0160 0x1110  [ B283F9A1DEABD43ACC7481F893CF21E9, D3DE06E20C64917917541F31E132161F4CF9FB26BCB0214B1CEADB0CF7D3FB81 ] C:\Program Files\Launch Manager\LManager.exe
14:06:02.0185 0x1110  LManager - ok
14:06:02.0200 0x1110  [ 30CCA31D938B70FB98343EB857F02945, 28F7FD49C8C0BFE83AA067A1FC7710280CD60800A79A833E7E635A89E557A00D ] C:\Windows\PLFSetI.exe
14:06:02.0210 0x1110  PLFSetI - ok
14:06:02.0274 0x1110  [ C2681AD62555D80BC0566943FBF79DAE, 61C9A6A26F9E57ACC0D3241B2F8C667F8FC6E0B5B5B8006B31D3C527F6628A78 ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
14:06:02.0295 0x1110  Acer ePower Management - ok
14:06:02.0304 0x1110  [ 51138BEEA3E2C21EC44D0932C71762A8, 5AD3C37E6F2B9DB3EE8B5AEEDC474645DE90C66E3D95F8620C48102F1EBA4124 ] C:\Windows\system32\rundll32.exe
14:06:02.0355 0x1110  Logitech Download Assistant - ok
14:06:02.0442 0x1110  [ E279E55C0D5F5DA2E1FD268EBD12F268, 06C40AF999881699DD9B73440D2ED48F404864C3FB8FF7B36560759892CAAA12 ] c:\Program Files\Microsoft Security Client\msseces.exe
14:06:02.0480 0x1110  MSC - ok
14:06:02.0603 0x1110  [ 514240B60373AF886E0B6EBB885349E6, 0981562F1EBAE35F9F9E947746356973D9DB3AA78848E9651C36203BB1EF0421 ] C:\Program Files\Bluetooth Suite\BtvStack.exe
14:06:02.0672 0x1110  AtherosBtStack - detected UnsignedFile.Multi.Generic ( 1 )
14:06:06.0092 0x1110  Detect skipped due to KSN trusted
14:06:06.0093 0x1110  AtherosBtStack - ok
14:06:06.0129 0x1110  [ 1F9681D830FE51DAD74966009448E298, B04A6E5338966C380DA406460B235E687C5A54715F20E418DB06964B2815A292 ] C:\Program Files\Bluetooth Suite\AthBtTray.exe
14:06:06.0152 0x1110  AthBtTray - detected UnsignedFile.Multi.Generic ( 1 )
14:06:09.0585 0x1110  Detect skipped due to KSN trusted
14:06:09.0585 0x1110  AthBtTray - ok
14:06:09.0733 0x1110  [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files\QuickTime\QTTask.exe
14:06:09.0753 0x1110  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
14:06:13.0041 0x1110  Detect skipped due to KSN trusted
14:06:13.0041 0x1110  QuickTime Task - ok
14:06:13.0260 0x1110  [ 090956557CC68D25C1BCA9A2703A9ABA, 950C403CF1960C492F66AF499A75666DB5A18812E340281F44C13648F4447BC6 ] C:\Program Files\Brownie\BrstsWnd.exe
14:06:13.0339 0x1110  BrStsWnd - ok
14:06:13.0565 0x1110  [ 5D4961959249EA722AD93B9A59B75642, D174807CDCAB7C00654A30CCD691C814834D4180A34BEF4B990AD9DEFF98A541 ] C:\Applications\Win7Taskbar\7 Taskbar Tweaker.exe
14:06:13.0617 0x1110  7 Taskbar Tweaker - detected UnsignedFile.Multi.Generic ( 1 )
14:06:17.0508 0x1110  7 Taskbar Tweaker ( UnsignedFile.Multi.Generic ) - warning
14:06:17.0508 0x1110  Force sending object to P2P due to detect: C:\Applications\Win7Taskbar\7 Taskbar Tweaker.exe
14:06:20.0590 0x1448  Object send P2P result: true
14:06:21.0604 0x1110  Object send P2P result: true
14:06:24.0453 0x1110  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x60000 ( disabled : updated )
14:06:24.0498 0x1110  Win FW state via NFP2: enabled
14:06:27.0378 0x1110  ============================================================
14:06:27.0378 0x1110  Scan finished
14:06:27.0378 0x1110  ============================================================
14:06:27.0399 0x110c  Detected object count: 1
14:06:27.0399 0x110c  Actual detected object count: 1
14:06:49.0498 0x110c  7 Taskbar Tweaker ( UnsignedFile.Multi.Generic ) - skipped by user
14:06:49.0498 0x110c  7 Taskbar Tweaker ( UnsignedFile.Multi.Generic ) - User select action: Skip

 

 

Thanks

Kolang

Attached Files



#14 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 09 February 2015 - 05:57 PM

Hi kolang

 

Step 1:

Java Fix:

  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel > Programs, and remove all older versions of Java. Specifically
    Java™ 6 Update 37
  • Click the Remove or Change/Remove button.
  • PC restart
  • Go into the Control Panel > Programs > Java (this is using the default Category view - if you are using something different, the Java Icon looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
    • Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
       
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

Step 2:

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Regards

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 kolang

kolang
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 09 February 2015 - 11:09 PM

Step 1: Completed

Step 2:

C:\Program Files\Advanced Port Scanner\Advanced Port Scanner.exe    Win32/NetTool.Portscan.AC potentially unsafe application
C:\Users\Kolang\Desktop\Books and Articles\Books and articles2\VULCAN 7.5\V\!release\vfxexe.exe    probably unknown NewHeur_PE virus
 

 

Thanks

Kolang






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users