Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Zekos infection eating my hard drive


  • This topic is locked This topic is locked
10 replies to this topic

#1 Acharn

Acharn

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nakhon Sawan, Thailand
  • Local time:01:45 AM

Posted 08 November 2014 - 05:18 AM

Initial symptoms included disabling or removal of extensions in Chrome browser, and failure of DVD burning software to verify discs. Current symptoms are disappearance of free space from hard drive and complete blockage of burning DVDs. DVD drive can read DVDs but either sees blank disks as "write protected" of does not see them. Two days ago the free space on my hard drive was less than 30GB out of 310 (I have two more partitions of 310GB each that I do not use -- I was thinking of possibly installing Ubuntu Linux in one). I deleted 80GB of old files I did not want to back up, and the free space went to 16GB. Yesterday the free space varied betweek 13 and 8 GB. Today (at 5:15PM) it's showing 5.09GB. Starting about five days ago the sound has been reduced to the point it is barely audible.

 

Results of DDS scan in dds.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 11.25.2
Run by Admin at 16:58:11 on 2014-11-08
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.7380.4003 [GMT 7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Eraser\Eraser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\siamw6\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Users\siamw6\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\siamw6\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe" /background
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [uTorrent] "C:\Users\siamw6\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\siamw6\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\siamw6\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\siamw6\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: ??&????????? Microsoft Excel - <no file>
IE: ??????????????? IDM - <no file>
IE: ??????????????????????????? IDM - <no file>
IE: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: LastPass - C:\Users\siamw6\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\siamw6\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: ??&????????? Microsoft Excel - <no file>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8E82893F-7ED1-4811-A247-580DCC0E2629} - hxxp://sf-web.gg.in.th/activex/StarterSFTDE.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BEAFA5A9-ECB7-4DF7-87C3-361BE77C7438} : DHCPNameServer = 192.168.1.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - <orphaned>
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - <orphaned>
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\siamw6\AppData\Roaming\Mozilla\Firefox\Profiles\mr5uf5u7.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Users\siamw6\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2014-1-6 82560]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2014-1-6 42624]
R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2014-11-6 449936]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-11-2 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-11-2 267632]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2014-11-6 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-11-2 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-11-2 436624]
R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2013-10-24 44736]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-7 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-6 344064]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-19 59648]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-11-2 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2014-11-2 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-11-2 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-2 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-11-6 104416]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-7-7 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-7-7 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-7-7 171928]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-1-4 27792]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2014-1-6 106664]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2014-1-6 226984]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-4 766096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-9-8 110336]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2013-1-4 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-16 111616]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2014-2-8 19152]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2014-2-8 12504]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-7-11 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-9-8 206080]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudserd.sys [2014-9-8 206080]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2013-1-4 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2014-7-11 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-7-11 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-7-11 30208]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2013-1-4 117248]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-1-4 2203792]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-19 1255736]
.
=============== Created Last 30 ================
.
2014-11-08 00:19:03 48240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-11-08 00:09:22 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{417031DB-D285-4AA6-B48F-297AABE3AC88}\mpengine.dll
2014-11-07 13:45:11 -------- d-----w- C:\Program Files (x86)\Sysinternals
2014-11-07 04:26:40 -------- d-----w- C:\Program Files (x86)\ESET
2014-11-07 04:06:38 -------- d-----w- C:\Windows\ERUNT
2014-11-07 03:34:48 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-11-07 03:33:44 -------- d-----w- C:\AdwCleaner
2014-11-06 07:57:40 -------- d-----w- C:\Users\siamw6\AppData\Roaming\uTorrent
2014-11-06 05:19:03 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2014-11-06 05:18:52 449936 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2014-11-06 03:12:42 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-06 00:14:24 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-03 08:17:33 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-11-03 04:34:34 -------- d-----w- C:\Users\siamw6\AppData\Roaming\QuickScan
2014-11-03 03:48:09 175528 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2014-11-03 01:16:58 -------- d-----w- C:\Program Files\Eraser
2014-11-02 14:26:20 -------- d-----w- C:\Program Files (x86)\Activision
2014-11-02 10:44:29 -------- d-----w- C:\Windows\SysWow64\directx
2014-11-02 09:29:22 -------- d-----w- C:\Program Files (x86)\Belarc
2014-11-02 09:02:46 -------- d-----w- C:\Users\siamw6\AppData\Roaming\AVAST Software
2014-11-02 08:59:53 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-11-02 08:59:53 83280 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys
2014-11-02 08:59:53 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-11-02 08:59:53 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-11-02 08:59:53 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-11-02 08:59:53 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-11-02 08:59:52 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-11-02 08:59:51 43152 ----a-w- C:\Windows\avastSS.scr
2014-11-02 08:59:39 -------- d-----w- C:\Program Files\AVAST Software
2014-11-02 08:49:11 -------- d-----w- C:\ProgramData\AVAST Software
2014-11-02 08:45:56 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2014-11-02 04:38:47 260696 ----a-w- C:\Windows\System32\unrar64.dll
2014-11-02 04:38:41 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2014-11-02 04:03:25 2101848 ----a-w- C:\Windows\System32\WavesGUILib64.dll
2014-11-02 04:03:19 2834648 ----a-w- C:\Windows\System32\RtPgEx64.dll
2014-11-02 04:03:19 1959128 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2014-11-02 04:03:18 3962840 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2014-11-02 04:03:17 1022168 ----a-w- C:\Windows\System32\RtkApi64.dll
2014-11-02 04:03:16 628952 ----a-w- C:\Windows\System32\RtDataProc64.dll
2014-11-02 04:03:16 1286872 ----a-w- C:\Windows\System32\RTCOM64.dll
2014-11-02 04:03:15 2800344 ----a-w- C:\Windows\System32\RltkAPO64.dll
2014-11-02 04:03:14 948952 ----a-w- C:\Windows\System32\RCoInstII64.dll
2014-11-02 04:03:11 397592 ----a-w- C:\Windows\System32\MBWrp64.dll
2014-11-02 04:03:05 2041432 ----a-w- C:\Windows\System32\MaxxAudioEQ64.dll
2014-11-02 04:03:05 1063512 ----a-w- C:\Windows\System32\MaxxAudioAPOShell64.dll
2014-11-02 04:02:52 2770976 ----a-w- C:\Windows\System32\FMAPO64.dll
2014-11-02 04:02:39 113576 ----a-w- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
2014-11-02 04:02:36 209096 ----a-w- C:\Windows\System32\AERTAC64.dll
2014-11-02 04:02:28 2080472 ----a-w- C:\Windows\RtlExUpd.dll
2014-11-02 03:59:00 -------- d-----w- C:\Program Files (x86)\Realtek
2014-11-02 03:58:10 -------- d--h--w- C:\Program Files (x86)\Temp
2014-10-31 00:53:13 -------- d-----w- C:\Users\siamw6\AppData\Local\EvernoteNW
2014-10-30 03:43:53 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-30 03:43:52 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-30 03:43:52 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-30 03:43:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-29 01:18:14 -------- d-----w- C:\Windows\SysWow64\vbox
2014-10-29 01:18:14 -------- d-----w- C:\Windows\System32\vbox
2014-10-20 09:53:13 -------- d-----w- C:\Users\siamw6\AppData\Local\Evernote
2014-10-20 09:52:56 -------- d-----w- C:\Program Files (x86)\Evernote
2014-10-17 03:55:49 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-10-16 10:52:20 681984 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-16 10:31:49 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-16 10:31:37 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-10-16 10:31:37 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2014-10-16 10:31:37 156312 ----a-w- C:\Windows\System32\mscorier.dll
2014-10-16 10:31:37 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-10-16 10:31:36 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-10-16 10:31:36 73880 ----a-w- C:\Windows\System32\mscories.dll
2014-10-16 10:31:01 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-16 10:31:00 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-16 10:30:47 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-16 10:30:47 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-16 10:30:47 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-10-16 10:30:47 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-10-15 11:33:49 -------- d-sh--w- C:\Users\siamw6\AppData\Local\EmieUserList
2014-10-15 11:33:49 -------- d-sh--w- C:\Users\siamw6\AppData\Local\EmieSiteList
.
==================== Find3M  ====================
.
2014-11-08 02:33:36 128728 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-27 23:34:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-17 04:00:34 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-17 04:00:34 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-05 02:11:09 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2014-09-05 01:52:41 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-01-07 16:14:51 13024768 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 16:58:50.96 ===============
 
 
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 13 November 2014 - 11:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555239 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Acharn

Acharn
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nakhon Sawan, Thailand
  • Local time:01:45 AM

Posted 14 November 2014 - 04:13 AM

I think I should say that although I still need help, the agent that was causing me problems may have removed itself. When I booted my computer day before yesterday the C: drive was no longer reporting 7.4 or 5.3 or whatever free space out of 310 GB. It now reports 144GB free out of 310GB, which sounds about right. Also today I was able to burn a video CD which previously had not worked.

 

My first notice that something was wrong was when I started Chrome and the bookmarks bar was not visible. Also, none of the icons for my extensions were visible. OK, I found how to show the bookmarks toolbar again and enabled all my extensions. Everything seemed OK. Later, I shut down Chrome. When I started it again all my extensions were gone. There were simply no extensions in the browser. Well, I don't have that many, so I just reinstalled them and everything seemed to be working. I think at that time I ran a scan with Avast! Free Antivirus, the program I've been relying on for a year. No threat found. Next time I restarted Chrome a couple of the extensions had been deleted, I think PDF Viewer and XMarks bookmark sync. I ran Spybot S&D, which found nothing. Next time I started Chrome the start page had been reset from "continue from where I left off" to "open new tab." I downloaded MalwareBytes Anti-Malware. It found one minor threat and removed it.  This continued for a couple of days. I rebooted in safe mode but was unable to scan -- I got a message about "no endpoints," which seemed to be common, so I reinstalled Avast! Then I noticed my hard drive was reporting less free space than it had been. It was down to about 30GB free space out of 310GB, but now it was reporting 15. A few minutes later is was 13.4, then it was 17.3. Next day it was reporting 8.9 free, but I wasn't having any more problems with Chrome. I downloaded the Kaspersky Rescue Disk 10, but when I tried to burn the image to DVD ImgBurn failed to verify the burn. I tried again, and ImgBurn kept telling me there was no blank DVD in the drive. In the course of events I had uninstalled Total War: Rome 2, and when I tried to reinstall it the installation behaved strangely; it sat there giving a status "Uninstalling Applications", which scared me so I cancelled the install. I'm not sure whether anything was damaged, but it seems not. Finally, flailing around, I stumbled on a link to Bleepingcomputers, recognized the name from many years ago, and turned to you guys for help.

 

I have a Windows 7 Ultimate (x64) disk and have copied the activation key from my hard drive. The log dds.txt is:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 11.25.2
Run by Admin at 16:05:38 on 2014-11-14
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.7380.3994 [GMT 7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
C:\Users\siamw6\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\siamw6\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\siamw6\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe" /background
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [uTorrent] "C:\Users\siamw6\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\siamw6\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\siamw6\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\siamw6\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: ??&????????? Microsoft Excel - <no file>
IE: ??????????????? IDM - <no file>
IE: ??????????????????????????? IDM - <no file>
IE: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: LastPass - C:\Users\siamw6\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\siamw6\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: ??&????????? Microsoft Excel - <no file>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8E82893F-7ED1-4811-A247-580DCC0E2629} - hxxp://sf-web.gg.in.th/activex/StarterSFTDE.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BEAFA5A9-ECB7-4DF7-87C3-361BE77C7438} : DHCPNameServer = 192.168.1.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - <orphaned>
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - <orphaned>
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\siamw6\AppData\Roaming\Mozilla\Firefox\Profiles\mr5uf5u7.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Users\siamw6\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2014-1-6 82560]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2014-1-6 42624]
R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2014-11-13 449936]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-11-2 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-11-2 267632]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2014-11-6 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-11-2 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-11-2 436624]
R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2013-10-24 44736]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-7 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-6 344064]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-19 59648]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-11-2 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2014-11-2 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-11-2 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-13 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-11-13 104416]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-7-7 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-7-7 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-7-7 171928]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-1-4 27792]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2014-1-6 106664]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2014-1-6 226984]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-4 766096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-9-8 110336]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2013-1-4 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-12 114688]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2014-2-8 19152]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2014-2-8 12504]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-7-11 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-9-8 206080]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudserd.sys [2014-9-8 206080]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2013-1-4 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2014-7-11 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-7-11 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-7-11 30208]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2013-1-4 117248]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-1-4 2203792]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-19 1255736]
.
=============== Created Last 30 ================
.
2014-11-14 05:02:15 48240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-11-14 04:26:48 -------- d-----w- C:\ProgramData\Canneverbe Limited
2014-11-13 03:48:01 43152 ----a-w- C:\Windows\avastSS.scr
2014-11-13 03:47:53 449936 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2014-11-12 23:45:08 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-11-11 23:49:21 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-11-11 23:48:38 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-11-11 23:47:28 77824 ----a-w- C:\Windows\System32\packager.dll
2014-11-11 23:47:28 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-11-11 23:47:22 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-11-11 23:47:20 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-11-11 23:47:17 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-11 23:47:17 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-11-11 11:37:26 -------- d-----w- C:\Users\siamw6\AppData\Roaming\Canneverbe Limited
2014-11-07 13:45:11 -------- d-----w- C:\Program Files (x86)\Sysinternals
2014-11-07 04:26:40 -------- d-----w- C:\Program Files (x86)\ESET
2014-11-07 04:06:38 -------- d-----w- C:\Windows\ERUNT
2014-11-07 03:34:48 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-11-07 03:33:44 -------- d-----w- C:\AdwCleaner
2014-11-06 07:57:40 -------- d-----w- C:\Users\siamw6\AppData\Roaming\uTorrent
2014-11-06 05:19:03 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2014-11-06 03:12:42 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-06 00:14:24 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-03 08:17:33 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-11-03 04:34:34 -------- d-----w- C:\Users\siamw6\AppData\Roaming\QuickScan
2014-11-03 03:48:09 175528 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2014-11-03 01:16:58 -------- d-----w- C:\Program Files\Eraser
2014-11-02 14:26:20 -------- d-----w- C:\Program Files (x86)\Activision
2014-11-02 10:44:29 -------- d-----w- C:\Windows\SysWow64\directx
2014-11-02 09:29:22 -------- d-----w- C:\Program Files (x86)\Belarc
2014-11-02 09:02:46 -------- d-----w- C:\Users\siamw6\AppData\Roaming\AVAST Software
2014-11-02 08:59:53 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-11-02 08:59:53 83280 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys
2014-11-02 08:59:53 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-11-02 08:59:53 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-11-02 08:59:53 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-11-02 08:59:53 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-11-02 08:59:52 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-11-02 08:59:39 -------- d-----w- C:\Program Files\AVAST Software
2014-11-02 08:49:11 -------- d-----w- C:\ProgramData\AVAST Software
2014-11-02 08:45:56 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2014-11-02 04:38:47 260696 ----a-w- C:\Windows\System32\unrar64.dll
2014-11-02 04:38:41 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2014-11-02 04:03:25 2101848 ----a-w- C:\Windows\System32\WavesGUILib64.dll
2014-11-02 04:03:19 2834648 ----a-w- C:\Windows\System32\RtPgEx64.dll
2014-11-02 04:03:19 1959128 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2014-11-02 04:03:18 3962840 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2014-11-02 04:03:17 1022168 ----a-w- C:\Windows\System32\RtkApi64.dll
2014-11-02 04:03:16 628952 ----a-w- C:\Windows\System32\RtDataProc64.dll
2014-11-02 04:03:16 1286872 ----a-w- C:\Windows\System32\RTCOM64.dll
2014-11-02 04:03:15 2800344 ----a-w- C:\Windows\System32\RltkAPO64.dll
2014-11-02 04:03:14 948952 ----a-w- C:\Windows\System32\RCoInstII64.dll
2014-11-02 04:03:11 397592 ----a-w- C:\Windows\System32\MBWrp64.dll
2014-11-02 04:03:05 2041432 ----a-w- C:\Windows\System32\MaxxAudioEQ64.dll
2014-11-02 04:03:05 1063512 ----a-w- C:\Windows\System32\MaxxAudioAPOShell64.dll
2014-11-02 04:02:52 2770976 ----a-w- C:\Windows\System32\FMAPO64.dll
2014-11-02 04:02:39 113576 ----a-w- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
2014-11-02 04:02:36 209096 ----a-w- C:\Windows\System32\AERTAC64.dll
2014-11-02 04:02:28 2080472 ----a-w- C:\Windows\RtlExUpd.dll
2014-11-02 03:59:00 -------- d-----w- C:\Program Files (x86)\Realtek
2014-11-02 03:58:10 -------- d--h--w- C:\Program Files (x86)\Temp
2014-10-31 00:53:13 -------- d-----w- C:\Users\siamw6\AppData\Local\EvernoteNW
2014-10-30 03:43:53 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-30 03:43:52 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-30 03:43:52 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-30 03:43:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-29 01:18:14 -------- d-----w- C:\Windows\SysWow64\vbox
2014-10-29 01:18:14 -------- d-----w- C:\Windows\System32\vbox
2014-10-20 09:53:13 -------- d-----w- C:\Users\siamw6\AppData\Local\Evernote
2014-10-20 09:52:56 -------- d-----w- C:\Program Files (x86)\Evernote
2014-10-17 03:55:49 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-10-16 10:52:20 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-10-16 10:52:20 235520 ----a-w- C:\Windows\System32\winsta.dll
2014-10-16 10:52:20 212480 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2014-10-16 10:52:20 157696 ----a-w- C:\Windows\SysWow64\winsta.dll
2014-10-16 10:52:20 150528 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2014-10-16 10:52:19 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2014-10-16 10:52:12 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2014-10-16 10:52:12 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-10-16 10:52:09 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-10-16 10:31:37 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-10-16 10:31:37 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2014-10-16 10:31:37 156312 ----a-w- C:\Windows\System32\mscorier.dll
2014-10-16 10:31:37 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-10-16 10:31:36 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-10-16 10:31:36 73880 ----a-w- C:\Windows\System32\mscories.dll
2014-10-16 10:30:47 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-10-16 10:30:47 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-10-15 11:33:49 -------- d-sh--w- C:\Users\siamw6\AppData\Local\EmieUserList
2014-10-15 11:33:49 -------- d-sh--w- C:\Users\siamw6\AppData\Local\EmieSiteList
.
==================== Find3M  ====================
.
2014-11-12 11:42:15 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 11:42:15 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-08 02:33:36 128728 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-06 04:04:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\Windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-10-27 23:34:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:44 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:42 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-21 06:43:26 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2014-08-21 06:40:32 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-08-21 06:26:21 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-01-07 16:14:51 13024768 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 16:06:22.49 ===============
 
 
 

 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:45 PM

Posted 14 November 2014 - 10:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#5 Acharn

Acharn
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nakhon Sawan, Thailand
  • Local time:01:45 AM

Posted 14 November 2014 - 07:38 PM

Hi, nasdaq. Thanks for helping. I want to mention that yesterday I suddenly got a pop-up informing me that the Spybot Search and Destroy Tray something was not running. When I tried to run Spybot I got the message Spybot Search and Destroy Start Center has been stopped. When I went to Safe Mode it ran but did not find any threat. MalwareBytes in Safe Mode also did not report any threat. I was not able to run Avast! in Safe Mode. I got the message: "Avast Information. Unable to start scan. There are no more endpoints available from the endpoint mapper." The forum at Avast! treats that message as routine, recommends uninstalling and reinstalling Avast! I don't know if this is relevant, but thought I should bring it up.

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by Admin (administrator) on GZUNDA on 15-11-2014 07:27:14
Running from C:\Users\siamw6\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
(BitTorrent Inc.) C:\Users\siamw6\AppData\Roaming\uTorrent\uTorrent.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dropbox, Inc.) C:\Users\siamw6\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-13] (AVAST Software)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-392449462-2157238968-1224464033-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-392449462-2157238968-1224464033-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-392449462-2157238968-1224464033-1001\...\Run: [Google Update] => C:\Users\siamw6\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-23] (Google Inc.)
HKU\S-1-5-21-392449462-2157238968-1224464033-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [1435136 2014-10-03] ()
HKU\S-1-5-21-392449462-2157238968-1224464033-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-392449462-2157238968-1224464033-1001\...\Run: [uTorrent] => C:\Users\siamw6\AppData\Roaming\uTorrent\uTorrent.exe [1689168 2014-11-06] (BitTorrent Inc.)
Startup: C:\Users\siamw6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\siamw6\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\siamw6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://th.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD145971A8CEACD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = th
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {8E82893F-7ED1-4811-A247-580DCC0E2629} http://sf-web.gg.in.th/activex/StarterSFTDE.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} -  No File
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} -  No File
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\siamw6\AppData\Roaming\Mozilla\Firefox\Profiles\mr5uf5u7.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll No File
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-392449462-2157238968-1224464033-1001: @tools.google.com/Google Update;version=3 -> C:\Users\siamw6\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-392449462-2157238968-1224464033-1001: @tools.google.com/Google Update;version=9 -> C:\Users\siamw6\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF Extension: Xmarks - C:\Users\siamw6\AppData\Roaming\Mozilla\Firefox\Profiles\mr5uf5u7.default\Extensions\[email protected]<script type="text/javascript"> /* */ </script> [2014-11-03]
FF Extension: NetVideoHunter - C:\Users\siamw6\AppData\Roaming\Mozilla\Firefox\Profiles\mr5uf5u7.default\Extensions\[email protected][2014-11-03]
FF Extension: LastPass - C:\Users\siamw6\AppData\Roaming\Mozilla\Firefox\Profiles\mr5uf5u7.default\Extensions\[email protected][2014-05-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-02]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.co.th/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\siamw6\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Java Deployment Toolkit 8.0.250.18) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 8 U25) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NPLastPass) - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Google Update) - C:\Users\siamw6\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll No File
CHR Profile: C:\Users\siamw6\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\siamw6\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-11-03]
CHR Extension: (Google Docs) - C:\Users\siamw6\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-07]
CHR Extension: (Google Drive) - C:\Users\siamw6\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\siamw6\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\siamw6\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-07]
CHR Extension: (Adblock Plus) - C:\Users\siamw6\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-29]
CHR Extension: (Google Search) - C:\Users\siamw6\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-07]
CHR Extension: (Avast Online Security) - C:\Users\siamw6\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-07]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\siamw6\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-10-29]
CHR Extension: (Pocket) - C:\Users\siamw6\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2014-11-14]
CHR Extension: (LastPass Vault) - C:\Users\siamw6\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2014-01-07]
CHR Extension: (Save to Pocket) - C:\Users\siamw6\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-11-14]
CHR Extension: (Google Wallet) - C:\Users\siamw6\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\siamw6\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2014-01-07]
CHR Extension: (Print Edit) - C:\Users\siamw6\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnblpmehglpcallpnbgmikjblmkopia [2014-11-15]
CHR Extension: (Picasa) - C:\Users\siamw6\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-01-07]
CHR Extension: (Evernote Web Clipper) - C:\Users\siamw6\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-10-29]
CHR Extension: (Gmail) - C:\Users\siamw6\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2013-10-24] (ArcSoft, Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-13] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-13] (AVAST Software)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-09-15] (VIA Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-13] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-13] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-13] ()
S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15416 2009-05-14] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-06-16] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-15 07:27 - 2014-11-15 07:27 - 00023360 _____ () C:\Users\siamw6\Desktop\FRST.txt
2014-11-15 07:27 - 2014-11-15 07:27 - 00000000 ____D () C:\FRST
2014-11-15 07:25 - 2014-11-15 07:25 - 02116608 _____ (Farbar) C:\Users\siamw6\Desktop\FRST64.exe
2014-11-14 16:59 - 2014-11-14 17:00 - 20389063 _____ () C:\Users\siamw6\Desktop\kav_rescue_10.iso
2014-11-14 16:37 - 2014-11-14 16:37 - 00000049 _____ () C:\Users\siamw6\Desktop\KasperskyMD5.txt
2014-11-14 14:38 - 2014-11-14 15:12 - 2147484722 _____ () C:\Users\siamw6\Desktop\X17-59465.iso
2014-11-14 14:03 - 2014-11-14 14:03 - 00003148 _____ () C:\Windows\System32\Tasks\{7CEB42DE-D18E-4C12-8456-3A143BE6A8AA}
2014-11-14 12:52 - 2014-11-14 14:17 - 00000074 _____ () C:\Users\siamw6\Desktop\Win7SHA.txt
2014-11-14 11:26 - 2014-11-14 11:26 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-11-14 07:30 - 2014-11-14 07:30 - 00000000 ____D () C:\Users\siamw6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-13 10:59 - 2014-11-13 10:59 - 625588214 _____ () C:\Windows\MEMORY.DMP
2014-11-13 10:59 - 2014-11-13 10:59 - 00276344 _____ () C:\Windows\Minidump\111314-18751-01.dmp
2014-11-13 10:59 - 2014-11-13 10:59 - 00000000 ____D () C:\Windows\Minidump
2014-11-13 10:48 - 2014-11-13 10:48 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-13 10:48 - 2014-11-13 10:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-13 10:47 - 2014-11-13 10:47 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-11-13 06:45 - 2014-10-10 07:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 06:51 - 2014-11-08 02:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 06:51 - 2014-11-08 02:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 06:51 - 2014-11-06 11:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 06:51 - 2014-11-06 11:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 06:51 - 2014-11-06 11:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 06:51 - 2014-11-06 10:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 06:51 - 2014-11-06 10:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 06:51 - 2014-11-06 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 06:51 - 2014-11-06 10:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 06:51 - 2014-11-06 10:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 06:51 - 2014-11-06 10:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 06:51 - 2014-11-06 10:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 06:51 - 2014-11-06 10:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 06:51 - 2014-11-06 10:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 06:51 - 2014-11-06 10:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 06:51 - 2014-11-06 10:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 06:51 - 2014-11-06 10:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 06:51 - 2014-11-06 10:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 06:51 - 2014-11-06 10:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 06:51 - 2014-11-06 10:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 06:51 - 2014-11-06 10:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 06:51 - 2014-11-06 10:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 06:51 - 2014-11-06 10:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 06:51 - 2014-11-06 10:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 06:51 - 2014-11-06 10:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 06:51 - 2014-11-06 10:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 06:51 - 2014-11-06 10:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 06:51 - 2014-11-06 10:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 06:51 - 2014-11-06 10:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 06:51 - 2014-11-06 10:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 06:51 - 2014-11-06 10:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 06:51 - 2014-11-06 10:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 06:51 - 2014-11-06 09:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 06:51 - 2014-11-06 09:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 06:51 - 2014-11-06 09:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 06:51 - 2014-11-06 09:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 06:51 - 2014-11-06 09:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 06:51 - 2014-11-06 09:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 06:51 - 2014-11-06 09:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 06:51 - 2014-11-06 09:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 06:51 - 2014-11-06 09:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 06:51 - 2014-11-06 09:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 06:51 - 2014-11-06 09:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 06:51 - 2014-11-06 09:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 06:51 - 2014-11-06 09:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 06:51 - 2014-11-06 09:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 06:51 - 2014-11-06 09:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 06:51 - 2014-11-06 09:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 06:51 - 2014-11-06 09:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 06:51 - 2014-11-06 09:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 06:51 - 2014-11-06 09:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 06:51 - 2014-11-06 09:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 06:51 - 2014-11-06 08:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 06:51 - 2014-11-06 08:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 06:51 - 2014-11-06 08:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 06:51 - 2014-11-06 08:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 06:51 - 2014-10-14 09:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 06:51 - 2014-10-14 09:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 06:51 - 2014-10-14 09:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 06:51 - 2014-10-14 09:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 06:51 - 2014-10-14 09:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 06:51 - 2014-10-14 08:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 06:51 - 2014-10-14 08:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 06:51 - 2014-10-14 08:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 06:51 - 2014-10-14 08:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 06:49 - 2014-10-03 09:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 06:49 - 2014-10-03 09:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 06:49 - 2014-10-03 09:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 06:49 - 2014-10-03 09:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 06:49 - 2014-10-03 09:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 06:49 - 2014-10-03 08:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 06:49 - 2014-10-03 08:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 06:49 - 2014-10-03 08:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 06:49 - 2014-08-21 13:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 06:49 - 2014-08-21 13:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 06:49 - 2014-08-21 13:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 06:49 - 2014-08-21 13:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 06:49 - 2014-08-12 09:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 06:49 - 2014-08-12 08:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 06:48 - 2014-09-19 16:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 06:48 - 2014-09-19 16:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 06:48 - 2014-09-19 16:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 06:48 - 2014-09-19 16:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 06:48 - 2014-09-19 16:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 06:48 - 2014-09-19 16:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 06:48 - 2014-09-19 16:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 06:48 - 2014-09-19 16:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-12 06:48 - 2014-09-19 16:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 06:48 - 2014-09-19 16:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 06:48 - 2014-09-19 16:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 06:48 - 2014-09-19 16:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 06:48 - 2014-09-19 16:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 06:48 - 2014-09-19 16:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 06:47 - 2014-10-25 08:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 06:47 - 2014-10-25 08:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 06:47 - 2014-10-18 09:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 06:47 - 2014-10-18 08:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 06:47 - 2014-10-14 09:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 06:47 - 2014-10-14 08:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 18:37 - 2014-11-11 18:37 - 00001147 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2014-11-11 18:37 - 2014-11-11 18:37 - 00001105 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-11-11 18:37 - 2014-11-11 18:37 - 00000000 ____D () C:\Users\siamw6\AppData\Roaming\Canneverbe Limited
2014-11-11 18:37 - 2014-11-11 18:37 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-11-08 20:25 - 2014-11-08 20:28 - 00000000 ____D () C:\Users\siamw6\Documents\Family
2014-11-08 16:58 - 2014-11-14 16:06 - 00029766 _____ () C:\Users\siamw6\Desktop\dds.txt
2014-11-08 16:58 - 2014-11-14 16:06 - 00007526 _____ () C:\Users\siamw6\Desktop\attach.txt
2014-11-08 16:50 - 2014-11-08 16:50 - 00688992 ____R (Swearware) C:\Users\siamw6\Desktop\dds.com
2014-11-08 07:16 - 2014-11-14 12:04 - 97452896 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\siamw6\Downloads\Evernote_5.7.1.5586.exe
2014-11-07 20:46 - 2014-11-07 20:47 - 00001722 _____ () C:\Users\siamw6\Desktop\Process Explorer.lnk
2014-11-07 20:45 - 2014-11-14 14:04 - 00000000 ____D () C:\Program Files (x86)\Sysinternals
2014-11-07 11:26 - 2014-11-07 11:26 - 02347384 _____ (ESET) C:\Users\siamw6\Desktop\esetsmartinstaller_enu.exe
2014-11-07 11:26 - 2014-11-07 11:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-07 11:11 - 2014-11-07 11:11 - 00000815 _____ () C:\Users\siamw6\Desktop\JRT.txt
2014-11-07 11:06 - 2014-11-07 11:06 - 00000000 ____D () C:\Windows\ERUNT
2014-11-07 11:05 - 2014-11-07 11:05 - 00010585 _____ () C:\Users\siamw6\Desktop\AdwCleaner[S0].txt
2014-11-07 10:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-11-07 10:33 - 2014-11-07 10:58 - 00000000 ____D () C:\AdwCleaner
2014-11-07 10:06 - 2014-11-07 10:06 - 01706939 _____ (Thisisu) C:\Users\siamw6\Desktop\JRT.exe
2014-11-07 10:05 - 2014-11-07 10:05 - 01375089 _____ () C:\Users\siamw6\Desktop\AdwCleaner.exe
2014-11-07 10:04 - 2014-11-07 10:05 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\siamw6\Desktop\tdsskiller.exe
2014-11-07 07:00 - 2014-11-07 07:00 - 00000000 ____D () C:\Users\siamw6\Documents\Fax
2014-11-06 14:59 - 2014-11-06 14:59 - 00000850 _____ () C:\Users\siamw6\Desktop\µTorrent.lnk
2014-11-06 14:59 - 2014-11-06 14:59 - 00000830 _____ () C:\Users\siamw6\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-11-06 14:57 - 2014-11-15 07:27 - 00000000 ____D () C:\Users\siamw6\AppData\Roaming\uTorrent
2014-11-06 13:27 - 2014-11-06 13:27 - 00001094 _____ () C:\Users\siamw6\Desktop\checkup.txt
2014-11-06 12:30 - 2014-11-13 10:50 - 00022204 _____ () C:\Windows\PFRO.log
2014-11-06 12:19 - 2014-11-13 10:48 - 00001930 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2014-11-06 12:19 - 2014-11-13 10:47 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-11-06 10:48 - 2014-11-06 10:48 - 00854448 _____ () C:\Users\siamw6\Desktop\SecurityCheck.exe
2014-11-06 10:29 - 2014-11-06 11:06 - 00003546 _____ () C:\Users\siamw6\Desktop\Rkill.txt
2014-11-06 10:27 - 2014-11-06 10:27 - 00002355 _____ () C:\Users\siamw6\Desktop\FSS.txt
2014-11-06 10:25 - 2014-11-07 10:27 - 00034404 _____ () C:\Users\siamw6\Desktop\Result.txt
2014-11-06 10:12 - 2014-11-08 09:45 - 00000000 ____D () C:\Users\siamw6\Desktop\mbar
2014-11-06 10:12 - 2014-11-08 09:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-06 10:11 - 2014-11-06 10:11 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\siamw6\Desktop\rkill.com
2014-11-06 10:05 - 2014-11-06 10:06 - 14349744 _____ (Malwarebytes Corp.) C:\Users\siamw6\Desktop\mbar-1.07.0.1012.exe
2014-11-06 10:04 - 2014-11-06 10:04 - 00415232 _____ (Farbar) C:\Users\siamw6\Desktop\FSS.exe
2014-11-06 10:00 - 2014-11-06 10:00 - 00401920 _____ (Farbar) C:\Users\siamw6\Desktop\MiniToolBox.exe
2014-11-06 07:14 - 2014-11-06 07:16 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-06 07:14 - 2014-11-06 07:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-06 07:14 - 2014-11-06 07:14 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-06 07:14 - 2014-11-06 07:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-06 07:14 - 2014-11-06 07:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-05 06:44 - 2014-11-15 06:48 - 00001400 _____ () C:\Windows\setupact.log
2014-11-05 06:44 - 2014-11-05 06:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-04 07:02 - 2014-11-04 07:02 - 00675150 _____ () C:\Users\siamw6\Documents\cc_20141104_070157.reg
2014-11-03 15:22 - 2014-11-03 15:22 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-11-03 15:17 - 2014-11-03 15:17 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-03 15:17 - 2014-11-03 15:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-11-03 15:17 - 2014-11-03 15:17 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-11-03 11:34 - 2014-11-03 11:34 - 00000000 ____D () C:\Users\siamw6\AppData\Roaming\QuickScan
2014-11-03 10:48 - 2013-09-02 14:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-11-03 08:17 - 2014-11-03 08:17 - 00001719 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
2014-11-03 08:16 - 2014-11-03 08:17 - 00000000 ____D () C:\Program Files\Eraser
2014-11-02 21:26 - 2014-11-02 21:26 - 00000000 ____D () C:\Program Files (x86)\Activision
2014-11-02 17:44 - 2014-11-02 17:44 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-11-02 17:00 - 2014-11-02 17:00 - 00132550 _____ () C:\Users\siamw6\Desktop\sfcdetails.txt
2014-11-02 16:29 - 2014-11-02 16:29 - 00002132 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2014-11-02 16:29 - 2014-11-02 16:29 - 00002120 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-11-02 16:29 - 2014-11-02 16:29 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-11-02 16:02 - 2014-11-02 16:02 - 00000000 ____D () C:\Users\siamw6\AppData\Roaming\AVAST Software
2014-11-02 15:59 - 2014-11-13 10:48 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-02 15:59 - 2014-11-13 10:48 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-02 15:59 - 2014-11-13 10:48 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-02 15:59 - 2014-11-13 10:48 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-02 15:59 - 2014-11-13 10:48 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-11-02 15:59 - 2014-11-13 10:48 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-02 15:59 - 2014-11-13 10:48 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-02 15:59 - 2014-11-13 10:47 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-02 15:59 - 2014-11-06 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-02 15:59 - 2014-11-02 15:59 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-02 15:49 - 2014-11-02 15:59 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-02 11:39 - 2014-11-02 11:39 - 00003674 _____ () C:\Windows\System32\Tasks\klcp_update
2014-11-02 11:38 - 2014-11-02 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-11-02 11:38 - 2014-11-02 11:38 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-11-02 11:38 - 2014-06-14 21:03 - 00260696 _____ () C:\Windows\system32\unrar64.dll
2014-11-02 11:03 - 2014-05-14 18:37 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-11-02 11:03 - 2014-05-14 16:00 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-11-02 11:03 - 2014-05-09 11:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-11-02 11:03 - 2014-04-30 11:34 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-11-02 11:03 - 2014-04-28 15:48 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2014-11-02 11:03 - 2014-04-25 13:51 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-11-02 11:03 - 2014-04-25 13:23 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-11-02 11:03 - 2014-04-10 12:19 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2014-11-02 11:03 - 2014-04-10 12:19 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2014-11-02 11:03 - 2014-04-10 12:19 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-11-02 11:03 - 2014-03-06 16:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-11-02 11:03 - 2014-01-28 11:48 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-11-02 11:03 - 2014-01-08 15:25 - 00397592 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2014-11-02 11:02 - 2014-02-26 15:16 - 02080472 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2014-11-02 11:02 - 2014-02-18 17:04 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-11-02 11:02 - 2013-10-16 03:43 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-11-02 11:02 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-11-02 10:59 - 2014-11-02 10:59 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-11-02 10:58 - 2014-11-02 11:03 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-11-02 08:31 - 2014-11-02 08:31 - 00018790 _____ () C:\Users\siamw6\Documents\cc_20141102_083107.reg
2014-11-01 01:49 - 2014-11-01 01:49 - 00000197 _____ () C:\Windows\system32\2014-10-31-18-49-54.089-AvastVBoxSVC.exe-5816.log
2014-11-01 01:47 - 2014-11-01 01:47 - 00000197 _____ () C:\Windows\system32\2014-10-31-18-47-45.080-AvastVBoxSVC.exe-5948.log
2014-11-01 01:45 - 2014-11-01 01:45 - 00000197 _____ () C:\Windows\system32\2014-10-31-18-45-48.006-AvastVBoxSVC.exe-5628.log
2014-11-01 01:45 - 2014-11-01 01:45 - 00000197 _____ () C:\Windows\system32\2014-10-31-18-45-44.061-AvastVBoxSVC.exe-4856.log
2014-10-31 22:20 - 2014-11-14 12:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-31 07:53 - 2014-10-31 07:53 - 00000000 ____D () C:\Users\siamw6\AppData\Local\EvernoteNW
2014-10-31 07:15 - 2014-10-31 07:15 - 00000197 _____ () C:\Windows\system32\2014-10-31-00-15-27.023-AvastVBoxSVC.exe-4964.log
2014-10-30 10:56 - 2014-10-30 10:57 - 00000197 _____ () C:\Windows\system32\2014-10-30-03-56-57.007-AvastVBoxSVC.exe-3248.log
2014-10-30 10:43 - 2014-11-08 09:32 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-30 10:43 - 2014-10-30 10:43 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-30 10:43 - 2014-10-30 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-30 10:43 - 2014-10-30 10:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-30 10:43 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-30 10:43 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-30 06:59 - 2014-10-30 06:59 - 00000197 _____ () C:\Windows\system32\2014-10-29-23-59-21.050-AvastVBoxSVC.exe-4332.log
2014-10-29 08:30 - 2014-10-29 08:30 - 00000247 _____ () C:\Windows\system32\2014-10-29-01-30-04.043-aswFe.exe-6204.log
2014-10-29 08:24 - 2014-10-29 08:29 - 00000247 _____ () C:\Windows\system32\2014-10-29-01-24-59.026-aswFe.exe-3852.log
2014-10-29 08:24 - 2014-10-29 08:24 - 00000197 _____ () C:\Windows\system32\2014-10-29-01-24-53.085-AvastVBoxSVC.exe-5584.log
2014-10-29 08:18 - 2014-10-29 08:18 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-10-29 08:18 - 2014-10-29 08:18 - 00000000 ____D () C:\Windows\system32\vbox
2014-10-26 17:38 - 2014-10-28 16:52 - 00000000 ____D () C:\Users\siamw6\Documents\Tricare Claims
2014-10-24 07:30 - 2014-11-03 11:34 - 00190423 _____ () C:\Users\siamw6\AppData\Local\ars.cache
2014-10-24 07:30 - 2014-11-03 11:34 - 00122375 _____ () C:\Users\siamw6\AppData\Local\census.cache
2014-10-24 07:26 - 2014-11-03 11:03 - 00000010 _____ () C:\Users\siamw6\AppData\Local\sponge.last.runtime.cache
2014-10-24 07:17 - 2014-10-24 07:17 - 02476596 _____ (Trend Micro Inc.) C:\Users\siamw6\Desktop\HousecallLauncher64.exe
2014-10-24 07:17 - 2014-10-24 07:17 - 00000036 _____ () C:\Users\siamw6\AppData\Local\housecall.guid.cache
2014-10-21 10:15 - 2014-10-21 10:15 - 00001500 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk
2014-10-21 10:15 - 2014-10-21 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2014-10-20 17:12 - 2014-10-20 17:12 - 00004656 _____ () C:\Users\siamw6\AppData\Local\recently-used.xbel
2014-10-20 16:53 - 2014-10-20 16:53 - 00000000 ____D () C:\Users\siamw6\AppData\Local\Evernote
2014-10-20 16:53 - 2014-10-20 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-10-20 16:52 - 2014-10-20 16:52 - 00000932 _____ () C:\Users\siamw6\Desktop\Evernote.lnk
2014-10-20 16:52 - 2014-10-20 16:52 - 00000000 ____D () C:\Program Files (x86)\Evernote
2014-10-19 10:13 - 2014-10-19 10:13 - 00000089 _____ () C:\Users\siamw6\Desktop\18th Brumaire of Louis Bonaparte. Marx 1852.url
2014-10-17 10:55 - 2014-10-17 10:55 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-10-17 10:55 - 2014-10-17 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-16 17:52 - 2014-09-05 09:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 17:52 - 2014-09-05 08:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 17:52 - 2014-08-29 09:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 17:52 - 2014-07-17 09:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 17:52 - 2014-07-17 09:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 17:52 - 2014-07-17 09:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 17:52 - 2014-07-17 08:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 17:52 - 2014-07-17 08:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 17:52 - 2014-07-17 08:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 17:31 - 2014-06-19 05:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 17:31 - 2014-06-19 05:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 17:31 - 2014-06-19 05:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 17:31 - 2014-06-19 05:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 17:31 - 2014-06-19 05:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 17:31 - 2014-06-19 05:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 17:30 - 2014-09-04 12:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 17:30 - 2014-09-04 12:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-15 07:18 - 2014-07-23 20:02 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-392449462-2157238968-1224464033-1001UA.job
2014-11-15 06:56 - 2009-07-14 11:45 - 00020112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-15 06:56 - 2009-07-14 11:45 - 00020112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-15 06:55 - 2014-01-06 12:39 - 01183713 _____ () C:\Windows\WindowsUpdate.log
2014-11-15 06:50 - 2014-01-19 14:29 - 00000000 ___RD () C:\Users\siamw6\Dropbox
2014-11-15 06:50 - 2014-01-19 14:28 - 00000000 ____D () C:\Users\siamw6\AppData\Roaming\Dropbox
2014-11-15 06:49 - 2013-01-04 22:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-15 06:49 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-14 20:42 - 2013-01-04 22:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-14 20:32 - 2014-01-07 22:27 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf0bbcef20e71f.job
2014-11-14 20:25 - 2014-01-19 10:22 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-14 20:17 - 2014-05-09 17:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-14 18:08 - 2014-05-13 14:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-14 12:18 - 2014-07-23 20:02 - 00000858 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-392449462-2157238968-1224464033-1001Core.job
2014-11-14 12:02 - 2014-05-13 14:58 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-14 12:02 - 2014-05-13 14:58 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-14 11:59 - 2014-10-06 19:43 - 00000000 ____D () C:\Users\siamw6\AppData\Roaming\vlc
2014-11-14 11:30 - 2014-02-10 10:56 - 00000000 ____D () C:\Users\siamw6\AppData\Roaming\dvdcss
2014-11-14 11:27 - 2014-01-07 22:27 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf0bbcef20e71f
2014-11-14 11:27 - 2013-01-04 22:16 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 15:00 - 2014-01-08 12:23 - 00000000 ____D () C:\Users\siamw6\Documents\Calibre Library
2014-11-13 14:58 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 09:02 - 2009-07-14 11:45 - 00338296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 18:42 - 2013-01-04 22:03 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 18:42 - 2013-01-04 22:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 18:42 - 2013-01-04 22:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 09:03 - 2014-01-19 15:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 09:00 - 2014-01-19 15:12 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 19:46 - 2014-01-19 14:32 - 00000000 ____D () C:\Users\siamw6\Torrents
2014-11-08 20:24 - 2014-01-19 14:26 - 00000000 ___RD () C:\Users\siamw6\Google Drive
2014-11-07 20:04 - 2014-01-07 23:54 - 00000960 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-11-07 20:04 - 2014-01-07 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-11-07 20:04 - 2014-01-07 23:54 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-11-07 12:50 - 2013-01-05 01:44 - 00000000 ____D () C:\Windows\AutoKMS
2014-11-07 09:54 - 2013-01-04 22:06 - 00077200 _____ () C:\Users\siamw6\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-07 06:55 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\SchCache
2014-11-06 18:05 - 2014-01-19 14:29 - 00001018 _____ () C:\Users\siamw6\Desktop\Dropbox.lnk
2014-11-06 18:05 - 2014-01-19 14:28 - 00000000 ____D () C:\Users\siamw6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-06 11:40 - 2014-05-09 15:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-06 07:14 - 2014-01-19 12:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-05 06:44 - 2014-05-17 19:24 - 00000000 ____D () C:\Users\siamw6\AppData\Roaming\Free Download Manager
2014-11-04 12:27 - 2014-01-19 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-04 07:00 - 2014-01-19 13:28 - 00000000 ____D () C:\Users\siamw6\AppData\Roaming\XnView
2014-11-04 06:52 - 2014-01-08 07:08 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-11-03 14:34 - 2014-02-03 00:11 - 00000000 ____D () C:\Users\siamw6\AppData\Roaming\DVD Flick
2014-11-03 12:45 - 2014-04-29 19:03 - 00000000 ____D () C:\Users\siamw6\Documents\dvd
2014-11-03 08:17 - 2014-01-19 09:18 - 00001707 _____ () C:\Users\Public\Desktop\Eraser.lnk
2014-11-02 21:43 - 2009-07-14 12:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-11-02 21:42 - 2014-01-08 07:27 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-11-02 21:42 - 2014-01-08 07:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-02 21:42 - 2009-07-14 12:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-11-02 21:42 - 2009-07-14 10:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-02 11:03 - 2014-01-06 12:44 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-11-02 11:02 - 2014-01-22 14:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-01 02:59 - 2014-05-12 11:14 - 00000000 ____D () C:\Users\siamw6\Desktop\Multiboot USB
2014-11-01 02:58 - 2014-05-10 15:09 - 00000000 ____D () C:\Users\siamw6\AppData\Roaming\rmi
2014-10-30 10:53 - 2014-05-07 10:20 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-10-30 10:52 - 2014-05-14 18:49 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2014-10-28 13:44 - 2014-01-07 23:20 - 00000000 ____D () C:\Users\siamw6\AppData\Roaming\MediaMonkey
2014-10-28 09:21 - 2014-07-06 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2014-10-28 09:21 - 2014-07-06 12:29 - 00000000 ____D () C:\Program Files (x86)\MediaMonkey
2014-10-28 06:34 - 2013-01-04 22:12 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-23 12:13 - 2014-07-23 20:02 - 00003880 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-392449462-2157238968-1224464033-1001UA
2014-10-23 12:13 - 2014-07-23 20:02 - 00003484 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-392449462-2157238968-1224464033-1001Core
2014-10-21 10:14 - 2014-01-25 09:54 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-10-20 19:29 - 2014-01-08 12:23 - 00000000 ____D () C:\Users\siamw6\AppData\Local\calibre-cache
2014-10-20 17:44 - 2014-02-01 18:12 - 00000000 ____D () C:\Users\siamw6\.gimp-2.8
2014-10-20 17:12 - 2014-02-08 19:15 - 00000000 ____D () C:\Users\siamw6\AppData\Local\gtk-2.0
2014-10-18 17:47 - 2014-02-01 13:59 - 00000000 ____D () C:\Users\siamw6\AppData\Roaming\ZoomBrowser EX
2014-10-18 17:43 - 2014-02-01 13:58 - 00000000 ____D () C:\Users\siamw6\AppData\Roaming\CameraWindowDC
2014-10-17 11:00 - 2014-08-15 21:27 - 00000000 ____D () C:\Users\siamw6\AppData\Local\Adobe
 
Some content of TEMP:
====================
C:\Users\siamw6\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1rwo_c.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-05 08:13
 
==================== End Of Log ============================
 
Addition.txt is attached.
 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:45 PM

Posted 15 November 2014 - 09:48 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

(BitTorrent Inc.) C:\Users\siamw6\AppData\Roaming\uTorrent\uTorrent.exe
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-392449462-2157238968-1224464033-1001\...\Run: [uTorrent] => C:\Users\siamw6\AppData\Roaming\uTorrent\uTorrent.exe [1689168 2014-11-06] (BitTorrent Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} -  No File
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\internal-nacl-plugin No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll No File
CHR Extension: (Google Wallet) - C:\Users\siamw6\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {B4EE364F-B477-4F56-9AE6-F4B8B4DBEBFE} - \FacebookUpdateTaskUserS-1-5-21-392449462-2157238968-1224464033-1001UA No Task File <==== ATTENTION
Task: {DFA98DAE-E6F8-4069-BF20-81116D0B620D} - \FacebookUpdateTaskUserS-1-5-21-392449462-2157238968-1224464033-1001Core No Task File <==== ATTENTION
C:\Users\siamw6\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1rwo_c.dll

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#7 Acharn

Acharn
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nakhon Sawan, Thailand
  • Local time:01:45 AM

Posted 15 November 2014 - 11:03 AM

OK, here's fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2014
Ran by Admin at 2014-11-15 22:03:52 Run:1
Running from C:\Users\siamw6\Desktop\FRST
Loaded Profile: Admin (Available profiles: Admin)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
(BitTorrent Inc.) C:\Users\siamw6\AppData\Roaming\uTorrent\uTorrent.exe
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-392449462-2157238968-1224464033-1001\...\Run: [uTorrent] => C:\Users\siamw6\AppData\Roaming\uTorrent\uTorrent.exe [1689168 2014-11-06] (BitTorrent Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} -  No File
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\internal-nacl-plugin No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll No File
CHR Extension: (Google Wallet) - C:\Users\siamw6\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {B4EE364F-B477-4F56-9AE6-F4B8B4DBEBFE} - \FacebookUpdateTaskUserS-1-5-21-392449462-2157238968-1224464033-1001UA No Task File <==== ATTENTION
Task: {DFA98DAE-E6F8-4069-BF20-81116D0B620D} - \FacebookUpdateTaskUserS-1-5-21-392449462-2157238968-1224464033-1001Core No Task File <==== ATTENTION
C:\Users\siamw6\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1rwo_c.dll
 
End
*****************
 
[2756] C:\Users\siamw6\AppData\Roaming\uTorrent\uTorrent.exe => Process closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
HKU\S-1-5-21-392449462-2157238968-1224464033-1001\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
"HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
"HKCR\PROTOCOLS\Filter\video/mp4" => Key deleted successfully.
"HKCR\CLSID\{20C75730-7C25-476B-95DC-C65810F9E489}" => Key not found.
"HKCR\PROTOCOLS\Filter\video/x-flv" => Key deleted successfully.
"HKCR\CLSID\{20C75730-7C25-476B-95DC-C65810F9E489}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.4" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205" => Key deleted successfully.
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\internal-nacl-plugin No File not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll not found.
C:\Users\siamw6\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
VGPU => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4EE364F-B477-4F56-9AE6-F4B8B4DBEBFE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4EE364F-B477-4F56-9AE6-F4B8B4DBEBFE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-392449462-2157238968-1224464033-1001UA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFA98DAE-E6F8-4069-BF20-81116D0B620D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFA98DAE-E6F8-4069-BF20-81116D0B620D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-392449462-2157238968-1224464033-1001Core" => Key deleted successfully.
"C:\Users\siamw6\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1rwo_c.dll" => File/Directory not found.
 
==== End of Fixlog ====
 
And here's checkup.txt from after running FRST:
 

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Java 7 Update 71  
 Java 8 Update 25  
 Java version out of Date!
 Adobe Flash Player 15.0.0.223  
 Adobe Reader XI  
 Mozilla Firefox (33.1) 
 Google Chrome 38.0.2125.111  
 Google Chrome 38.0.2125.122  
 Google Chrome Plugins...  
````````Process Check: objlist.exe by Laurent````````
 Spybot Teatimer.exe is disabled!
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log``````````````````````
 
Well, one of the problems is that in most ways the computer is running fine. I tried to install Total War: Rome, using the same CDs I installed from ten months ago. When I inserted the CD in the drive it showed immediately, instead of taking two or three minutes to "load." When I ran setup it seemed to be going OK, but it stalled while giving a message, "Removing applications." That's a pretty scary message, but I let it go for about ten minutes and then hit cancel. No new files were created that I can see, but the hard drive went from reporting 144GB free to 141GB free. I wonder, could it be creating a new restore point? Then I tried burning an .iso image of the Kaspersky Rescue Disk 10 to  a DVD using CDBurnerXP. I'm not particularly familiar with this program but it seemed simple enough. The program showed that it completed burning and was verifying the data when it became unresponsive. The disc looks like nothing was burned to it. Oddly enough, I was able to use the program to burn a video DVD earlier in the day. 
 
 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:45 PM

Posted 15 November 2014 - 11:48 AM

I wonder, could it be creating a new restore point?


Yes check your restore point.

===
 

Then I tried burning an .iso image of the Kaspersky Rescue Disk 10 to a DVD using CDBurnerXP. I'm not particularly familiar with this program but it seemed simple enough. The program showed that it completed burning and was verifying the data when it became unresponsive

Why do you need that?

Did you try to install it on a USB flash drive?
http://support.kaspersky.com/8092

===

Using the Add/Remove programs remove this old version of Java.
Java 7 Update 71
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 Acharn

Acharn
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nakhon Sawan, Thailand
  • Local time:01:45 AM

Posted 15 November 2014 - 08:02 PM

OK, there is a restore point for installation of Total War: Rome. 3GB seems like a lot, but what do I know?
 

 

Quote
Then I tried burning an .iso image of the Kaspersky Rescue Disk 10 to a DVD using CDBurnerXP. I'm not particularly familiar with this program but it seemed simple enough. The program showed that it completed burning and was verifying the data when it became unresponsive
Why do you need that?


Did you try to install it on a USB flash drive?
http://support.kaspersky.com/8092

 


Well, I don't really need it. It was a way of testing whether the computer is back to normal or not. No, I wasn't trying to install it to a USB drive, because my motherboard doesn't support booting from a USB drive. I burned it to a DVD, although now that I think of it maybe I should have used a CD instead.

I hope this isn't irrelevant: I did not have a Windows 7 installation disk. I have an OEM version of Windows 7 Ultimate (x64), and the company that built my computer didn't provide me with a restore disk. I downloaded the Microsoft .iso image from rivercity.com, then realized that I couldn't trust any DVD I burned to not be infected with this virus. I have not been able to find an SHA1 or MD5 hash to verify the integrity of the .iso file, and when I downloaded it a second time I discovered the first file was 3GB and the second was 2GB. Before I contacted bleepingcomputer.com, I floundered around trying to find tools to find and remove the virus, and one I found that looked good was the Kaspersky Rescue disk. It has an MD5 hash at the site, so I could verify the .iso. It doesn't match, and I don't have any way to tell if the file is just corrupted normally or by the virus during downloading. Anyway, I ended up using my nephew's computer to download and burn the Windows 7 disk, and it booted and seemed to show the correct opening screen in his box.
 
Hmmm. Just discovered that 7-zip has been uninstalled. I did not do that.

 

OK, removed Java 7, Update 71.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:45 PM

Posted 16 November 2014 - 09:25 AM

Hmmm. Just discovered that 7-zip has been uninstalled. I did not do that.

Strange things happen. Re-install it.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:45 PM

Posted 22 November 2014 - 02:18 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users