aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-22 20:21:24
-----------------------------
20:21:24.678 OS Version: Windows x64 6.1.7601 Service Pack 1
20:21:24.678 Number of processors: 12 586 0x2C02
20:21:24.678 ComputerName: QUANTUM UserName: Yoshi
20:21:24.838 Initialize success
20:21:24.898 AVAST engine defs: 13092201
20:21:27.568 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:21:27.568 Disk 0 Vendor: INTEL_SSDSA2M160G2GC 2CV102HD Size: 152627MB BusType: 3
20:21:27.578 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-2
20:21:27.578 Disk 1 Vendor: WDC_WD1001FALS-40K1B0 08.00K08 Size: 953869MB BusType: 3
20:21:27.588 Disk 0 MBR read successfully
20:21:27.588 Disk 0 MBR scan
20:21:27.628 Disk 0 Windows 7 default MBR code
20:21:27.628 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:21:27.668 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
20:21:27.708 Disk 0 scanning C:\Windows\system32\drivers
20:21:29.348 Service scanning
20:21:33.008 Modules scanning
20:21:33.008 Disk 0 trace - called modules:
20:21:33.018 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:21:33.028 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a5eb790]
20:21:33.038 3 CLASSPNP.SYS[fffff880010b243f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800a3b5060]
20:21:33.198 AVAST engine scan C:\Windows
20:21:33.518 AVAST engine scan C:\Windows\system32
20:22:03.271 AVAST engine scan C:\Windows\system32\drivers
20:22:04.971 AVAST engine scan C:\Users\Yoshi
20:22:42.605 AVAST engine scan C:\ProgramData
20:23:01.226 Scan finished successfully
20:23:24.528 Disk 0 MBR has been saved successfully to "C:\Users\Yoshi\Desktop\MBR.dat"
20:23:24.528 The log file has been saved successfully to "C:\Users\Yoshi\Desktop\aswMBR.txt"
2.) I also ran RogueKiller,. Below is the log
RogueKiller V8.6.12 [Sep 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Yoshi [Admin rights]
Mode : Remove -- Date : 09/22/2013 20:21:08
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - INTEL SSDSA2M160G2GC ATA Device +++++
--- User ---
[MBR] 381581785b4e3cde9e99c4838b23b2d3
[BSP] dc0d2d47e55e4dae45cb5918b51d36ad : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152525 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) (Standard disk drives) - WDC WD1001FALS-40K1B0 ATA Device +++++
--- User ---
[MBR] 6da8b54965f975592772f516b88a2a10
[BSP] 640c0a10d06da1bc8692c7c7890092b6 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_09222013_202108.txt >>
RKreport[0]_S_09222013_201954.txt
3.) I then ran avast! Free Antivirus. Here are the log results
4.) I also ran Malwarebytes. Below is the log.
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.09.22.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Yoshi :: QUANTUM [administrator]
9/22/2013 1:30:46 PM
mbam-log-2013-09-22 (13-30-46).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 619233
Time elapsed: 46 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\Yoshi\AppData\Local\Temp\EP8JUu60.exe.part (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Yoshi\AppData\Local\Temp\nIu5KwzW.exe.part (PUP.Downware) -> Quarantined and deleted successfully.
(end)
5.) Below is the required DDS log.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Yoshi at 19:58:22 on 2013-09-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.9726 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Process Explorer\procexp.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
D:\Program Files\Process Explorer\procexp64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
D:\Program Files\AutoIt3\SciTE\SciTE.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\Yoshi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\procexp.lnk - D:\Program Files\Process Explorer\procexp.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A02715D6-6607-47AA-8AA1-B7D0D8874EFD} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\guard32.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2013-7-5 15664]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-5-6 18232]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-9-5 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-9-5 370288]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-3-11 584056]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2012-3-11 38144]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-6-26 239616]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-9-5 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-9-5 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-2-8 44808]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2013-5-9 8998800]
R3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.2.47873.0.sys [2013-5-13 44944]
R3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2013-7-5 389936]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-11-19 13368]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-12-16 202632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-7 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-7 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-3 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
FileExt: .ini: Applications\SciTE.exe="D:\Program Files\AutoIt3\SciTE\SciTE.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-09-22 23:52:10 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2013-09-22 23:47:20 -------- d-----w- C:\Program Files\CCleaner
2013-09-21 01:20:56 -------- d-----w- C:\TDSSKiller_Quarantine
2013-09-14 17:44:16 -------- d-----w- C:\ProgramData\Auslogics
2013-09-14 17:44:14 -------- d-----w- C:\Program Files (x86)\Auslogics
2013-09-07 02:44:29 -------- d-----w- C:\Users\Yoshi\AppData\Roaming\XBMC
.
==================== Find3M ====================
.
2013-08-09 04:19:18 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-08-08 19:32:15 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-08-07 22:56:20 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-07-31 23:47:40 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-07-26 00:37:35 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2013-07-13 00:30:41 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-13 00:30:41 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-06 19:22:05 972712 ----a-w- C:\Windows\System32\deployJava1.dll
2013-07-06 19:22:05 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-07-06 19:22:05 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
.
============= FINISH: 19:59:00.05 ===============
6.) Below is a fresh OTL log.
OTL logfile created on: 9/23/2013 8:02:14 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Yoshi\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
11.99 Gb Total Physical Memory | 9.46 Gb Available Physical Memory | 78.93% Memory free
23.98 Gb Paging File | 21.31 Gb Available in Paging File | 88.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 69.90 Gb Free Space | 46.93% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 419.79 Gb Free Space | 45.07% Space Free | Partition Type: NTFS
Computer Name: QUANTUM | User Name: Yoshi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/09/23 20:01:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Yoshi\Desktop\ffhjlutio78o.exe
PRC - [2013/07/31 19:47:40 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/01/11 21:40:09 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/11/19 04:57:28 | 000,166,968 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
PRC - [2012/11/19 04:57:24 | 000,420,920 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2012/10/30 19:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 19:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/09/04 20:46:12 | 002,691,192 | ---- | M] (Sysinternals - www.sysinternals.com) -- D:\Program Files\Process Explorer\procexp.exe
PRC - [2012/07/23 20:33:22 | 000,661,304 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
PRC - [2012/06/08 18:35:38 | 000,861,696 | ---- | M] (Neil Hodgson neilh@scintilla.org) -- D:\Program Files\AutoIt3\SciTE\SciTE.exe
PRC - [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
========== Modules (No Company Name) ==========
MOD - [2013/01/11 21:40:09 | 003,021,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/11/19 04:57:28 | 000,166,968 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
MOD - [2012/11/19 04:57:24 | 000,420,920 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2012/11/08 09:25:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2012/11/08 09:23:26 | 000,339,968 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2012/11/08 09:12:20 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2012/11/08 09:08:28 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2012/11/08 09:06:28 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2012/11/08 08:56:16 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll
MOD - [2012/11/08 08:46:16 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTMUI.dll
MOD - [2012/11/08 08:24:12 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTUI.dll
MOD - [2012/11/08 08:21:52 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTFC.dll
MOD - [2011/04/30 11:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
MOD - [2011/04/30 11:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTTSH.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
========== Services (SafeList) ==========
SRV:64bit: - [2013/05/09 00:18:05 | 008,998,800 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:64bit: - [2012/12/16 07:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2012/11/07 19:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012/10/30 19:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/06/26 12:21:54 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/09/06 16:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/07/31 19:47:40 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/12/27 23:50:30 | 031,124,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/05/13 12:12:04 | 000,044,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DisplayLinkUsbIo_x64_7.2.47873.0.sys -- (DisplayLinkUsbIo_x64)
DRV:64bit: - [2013/05/09 00:20:03 | 000,389,936 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlkmd.sys -- (dlkmd)
DRV:64bit: - [2013/05/09 00:20:03 | 000,015,664 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV:64bit: - [2012/12/16 07:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/10/30 19:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 19:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 19:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 19:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 12:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/17 00:41:48 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/06/26 13:36:26 | 010,256,384 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/26 11:22:10 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 16:50:14 | 000,018,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/04/27 09:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 09:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/11/23 20:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 20:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/10/29 04:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2012/11/19 04:57:24 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F 61 42 4D EE 9D CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: add-to-searchbox%40maltekraus.de:2.0
FF - prefs.js..extensions.enabledAddons: linkinator%40linkinator.net:1.2
FF - prefs.js..extensions.enabledAddons: linky%40gemal.dk:3.0.0
FF - prefs.js..extensions.enabledAddons: notreal.ccoptions%40environmentalchemistry.com:16.0.1
FF - prefs.js..extensions.enabledAddons: %7B03B08592-E5B4-45ff-A0BE-C1D975458688%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B27c60876-b5c9-4335-b4f3-52b26782220c%7D:0.9.4
FF - prefs.js..extensions.enabledAddons: %7B987311C6-B504-4aa2-90BF-60CC49808D42%7D:2.2
FF - prefs.js..extensions.enabledAddons: %7Baf79f858-4b25-4ca4-822b-b5db1be628fc%7D:0.3.2
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.5
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1
FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90.1
FF - prefs.js..extensions.enabledAddons: %7B578e7caa-210f-4967-a0d3-88fe5b59a39f%7D:0.8.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 21:40:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/03 20:33:48 | 000,000,000 | ---D | M]
[2012/09/02 03:05:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Extensions
[2013/09/07 23:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions
[2012/11/30 00:41:38 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2013/04/15 21:28:17 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013/09/07 23:34:33 | 000,000,000 | ---D | M] (Textarea Cache) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\{578e7caa-210f-4967-a0d3-88fe5b59a39f}
[2013/07/16 18:42:30 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/10/13 00:02:38 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013/05/21 19:53:01 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\foxmarks@kei.com
[2012/09/02 03:18:20 | 000,025,781 | ---- | M] () (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\add-to-searchbox@maltekraus.de.xpi
[2013/05/25 17:12:06 | 002,168,615 | ---- | M] () (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\firebug@software.joehewitt.com.xpi
[2012/09/02 03:18:20 | 000,026,797 | ---- | M] () (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\linkinator@linkinator.net.xpi
[2012/09/03 13:46:40 | 000,024,747 | ---- | M] () (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\linky@gemal.dk.xpi
[2012/12/02 20:49:17 | 000,159,639 | ---- | M] () (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\notreal.ccoptions@environmentalchemistry.com.xpi
[2012/09/22 23:59:29 | 000,007,532 | ---- | M] () (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
[2012/09/02 03:18:20 | 000,022,573 | ---- | M] () (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi
[2012/09/02 03:18:20 | 000,078,602 | ---- | M] () (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi
[2013/05/05 18:05:27 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013/07/30 20:18:13 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/02 03:18:20 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012/12/26 16:35:19 | 000,000,996 | ---- | M] () -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\searchplugins\dictionarycom.xml
[2012/09/04 23:16:49 | 000,001,162 | ---- | M] () -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\searchplugins\magiccardsinfo.xml
[2012/12/26 16:33:56 | 000,000,932 | ---- | M] () -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\searchplugins\thesauruscom.xml
[2012/10/22 17:43:08 | 000,001,318 | ---- | M] () -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\searchplugins\wolframalpha.xml
[2012/09/04 14:55:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/11 21:40:09 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/24 22:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/16 21:39:56 | 000,002,093 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\gatherer.xml
[2012/10/14 00:16:46 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Silverlight (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
O1 HOSTS File: ([2013/09/20 21:01:09 | 000,000,025 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - Startup: C:\Users\Yoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\procexp.lnk = D:\Program Files\Process Explorer\procexp.exe (Sysinternals - www.sysinternals.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A02715D6-6607-47AA-8AA1-B7D0D8874EFD}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/09/23 20:01:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Yoshi\Desktop\ffhjlutio78o.exe
[2013/09/23 19:58:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Yoshi\Desktop\dds.com
[2013/09/22 20:16:19 | 000,000,000 | ---D | C] -- C:\Users\Yoshi\Desktop\RK_Quarantine
[2013/09/22 19:52:10 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2013/09/22 19:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/09/22 19:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/09/20 21:20:56 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/09/14 13:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Auslogics
[2013/09/14 13:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2013/09/07 16:18:44 | 000,000,000 | ---D | C] -- C:\Users\Yoshi\Desktop\Proxys I want made
[2013/09/06 22:44:29 | 000,000,000 | ---D | C] -- C:\Users\Yoshi\AppData\Roaming\XBMC
[2013/09/01 12:02:31 | 000,000,000 | ---D | C] -- C:\Users\Yoshi\Desktop\Temp MTG Folder
[2013/08/29 12:45:05 | 000,000,000 | R--D | C] -- C:\Users\Yoshi\Documents\Scanned Documents
[2013/08/29 12:45:05 | 000,000,000 | ---D | C] -- C:\Users\Yoshi\Documents\Fax
========== Files - Modified Within 30 Days ==========
[2013/09/23 20:01:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Yoshi\Desktop\ffhjlutio78o.exe
[2013/09/23 19:58:02 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Yoshi\Desktop\dds.com
[2013/09/23 19:30:13 | 000,799,064 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/23 19:30:13 | 000,673,678 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/23 19:30:13 | 000,127,236 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/23 19:28:19 | 000,011,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/23 19:28:19 | 000,011,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/23 19:22:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/23 19:21:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/23 19:21:11 | 1066,749,950 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/22 20:23:24 | 000,000,512 | ---- | M] () -- C:\Users\Yoshi\Desktop\MBR.dat
[2013/09/22 19:53:24 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/22 19:52:10 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2013/09/22 17:24:26 | 000,000,242 | ---- | M] () -- C:\Users\Yoshi\Desktop\Basic Guide to DNS - Google Apps Help.URL
[2013/09/21 17:55:46 | 000,071,627 | ---- | M] () -- C:\Users\Yoshi\Desktop\Crystal Shard.jpg
[2013/09/21 17:50:14 | 000,078,029 | ---- | M] () -- C:\Users\Yoshi\Desktop\DCI_sol_ring.jpg
[2013/09/20 23:21:14 | 094,916,037 | ---- | M] () -- C:\Users\Yoshi\Documents\New folder.zip
[2013/09/20 21:43:13 | 000,001,115 | ---- | M] () -- C:\Users\Yoshi\SciTE.session
[2013/09/20 20:44:44 | 336,044,542 | ---- | M] () -- C:\Users\Yoshi\Desktop\reg backup sept 20 2013.reg
[2013/09/20 20:12:15 | 000,001,588 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013/09/20 20:04:19 | 000,565,912 | ---- | M] () -- C:\Users\Yoshi\Desktop\bookmarks-2013-09-20 - Sandbox
[2013/09/17 19:54:08 | 001,320,178 | ---- | M] () -- C:\Users\Yoshi\Desktop\img026.jpg
[2013/09/14 01:13:18 | 000,035,298 | ---- | M] () -- C:\Users\Yoshi\Desktop\Image.jpg
[2013/09/07 23:03:47 | 002,955,199 | ---- | M] () -- C:\Users\Yoshi\Desktop\Retainers can not be changed during the Beta Test.png
[2013/09/07 16:41:50 | 000,035,772 | ---- | M] () -- C:\Users\Yoshi\Desktop\Oona, Queen of the Fae.jpg
[2013/09/06 22:57:54 | 000,000,208 | ---- | M] () -- C:\Users\Yoshi\Desktop\Learn to code Codecademy.URL
[2013/09/04 20:42:57 | 000,033,910 | ---- | M] () -- C:\Users\Yoshi\Desktop\Black Market.jpg
[2013/09/04 19:20:53 | 000,034,733 | ---- | M] () -- C:\Users\Yoshi\Desktop\Recurring Insight.jpg
[2013/09/04 19:13:41 | 000,037,054 | ---- | M] () -- C:\Users\Yoshi\Desktop\Arcanis the Omnipotent.jpg
[2013/09/04 19:12:47 | 000,030,646 | ---- | M] () -- C:\Users\Yoshi\Desktop\Cyclonic Rift.jpg
[2013/09/04 19:02:28 | 000,070,161 | ---- | M] () -- C:\Users\Yoshi\Desktop\Fabricate.jpg
[2013/08/28 13:54:16 | 001,087,530 | ---- | M] () -- C:\Users\Yoshi\Desktop\MT Unclaimed Property Form.pdf
[2013/08/28 13:50:14 | 001,084,953 | ---- | M] () -- C:\Users\Yoshi\Desktop\MT Unclaimed Property Form.jpg
[2013/08/28 13:19:28 | 000,912,078 | ---- | M] () -- C:\Users\Yoshi\Desktop\MT Cobra Coverage Form.jpg
========== Files Created - No Company Name ==========
[2013/09/22 20:23:24 | 000,000,512 | ---- | C] () -- C:\Users\Yoshi\Desktop\MBR.dat
[2013/09/22 17:24:26 | 000,000,242 | ---- | C] () -- C:\Users\Yoshi\Desktop\Basic Guide to DNS - Google Apps Help.URL
[2013/09/21 17:55:46 | 000,071,627 | ---- | C] () -- C:\Users\Yoshi\Desktop\Crystal Shard.jpg
[2013/09/21 17:50:13 | 000,078,029 | ---- | C] () -- C:\Users\Yoshi\Desktop\DCI_sol_ring.jpg
[2013/09/20 23:21:10 | 094,916,037 | ---- | C] () -- C:\Users\Yoshi\Documents\New folder.zip
[2013/09/20 20:44:34 | 336,044,542 | ---- | C] () -- C:\Users\Yoshi\Desktop\reg backup sept 20 2013.reg
[2013/09/20 20:04:19 | 000,565,912 | ---- | C] () -- C:\Users\Yoshi\Desktop\bookmarks-2013-09-20 - Sandbox
[2013/09/17 19:54:08 | 001,320,178 | ---- | C] () -- C:\Users\Yoshi\Desktop\img026.jpg
[2013/09/14 01:13:18 | 000,035,298 | ---- | C] () -- C:\Users\Yoshi\Desktop\Image.jpg
[2013/09/07 23:03:47 | 002,955,199 | ---- | C] () -- C:\Users\Yoshi\Desktop\Retainers can not be changed during the Beta Test.png
[2013/09/07 16:41:50 | 000,035,772 | ---- | C] () -- C:\Users\Yoshi\Desktop\Oona, Queen of the Fae.jpg
[2013/09/06 22:57:54 | 000,000,208 | ---- | C] () -- C:\Users\Yoshi\Desktop\Learn to code Codecademy.URL
[2013/09/04 20:42:57 | 000,033,910 | ---- | C] () -- C:\Users\Yoshi\Desktop\Black Market.jpg
[2013/09/04 19:20:53 | 000,034,733 | ---- | C] () -- C:\Users\Yoshi\Desktop\Recurring Insight.jpg
[2013/09/04 19:13:41 | 000,037,054 | ---- | C] () -- C:\Users\Yoshi\Desktop\Arcanis the Omnipotent.jpg
[2013/09/04 19:12:47 | 000,030,646 | ---- | C] () -- C:\Users\Yoshi\Desktop\Cyclonic Rift.jpg
[2013/09/04 19:02:28 | 000,070,161 | ---- | C] () -- C:\Users\Yoshi\Desktop\Fabricate.jpg
[2013/08/28 13:54:15 | 001,087,530 | ---- | C] () -- C:\Users\Yoshi\Desktop\MT Unclaimed Property Form.pdf
[2013/08/28 13:50:14 | 001,084,953 | ---- | C] () -- C:\Users\Yoshi\Desktop\MT Unclaimed Property Form.jpg
[2013/08/28 13:19:28 | 000,912,078 | ---- | C] () -- C:\Users\Yoshi\Desktop\MT Cobra Coverage Form.jpg
[2013/07/31 19:47:48 | 000,291,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/07/31 19:47:40 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/07/30 11:09:47 | 000,000,056 | ---- | C] () -- C:\Users\Yoshi\.gitconfig
[2013/07/12 23:16:26 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2013/06/22 20:35:33 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2013/02/11 16:06:49 | 000,000,780 | ---- | C] () -- C:\Users\Yoshi\AppData\Roaming\MPQEditor.ini
[2012/12/14 23:41:29 | 000,000,440 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/12/11 01:26:02 | 000,000,534 | ---- | C] () -- C:\Windows\eReg.dat
[2012/12/05 22:54:43 | 000,020,442 | ---- | C] () -- C:\Windows\W2BNEUnin.dat
[2012/09/28 11:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012/09/11 16:35:31 | 000,000,061 | ---- | C] () -- C:\Users\Yoshi\SciTEUser.properties
[2012/09/11 15:20:51 | 000,001,115 | ---- | C] () -- C:\Users\Yoshi\SciTE.session
[2012/09/10 12:53:00 | 000,001,456 | ---- | C] () -- C:\Users\Yoshi\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/09/06 20:42:27 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/09/06 20:42:27 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/09/06 20:42:27 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/09/06 20:42:27 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/09/06 20:42:27 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/09/06 20:42:27 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/09/06 20:42:27 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/09/06 20:42:27 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/09/06 20:42:27 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/09/06 20:42:27 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/09/06 20:42:27 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/09/06 20:42:27 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/09/06 20:42:27 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/09/06 20:42:27 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/09/06 20:42:27 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/09/06 20:42:27 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/09/06 20:42:07 | 000,000,079 | ---- | C] () -- C:\Windows\EPSCX7400.ini
[2012/09/05 19:31:57 | 000,000,034 | ---- | C] () -- C:\Windows\AvastEmUpdate.ini
[2012/09/04 20:48:52 | 000,001,588 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/09/04 19:36:48 | 000,000,347 | ---- | C] () -- C:\Users\Yoshi\AppData\Roaming\Digital Clock_Settings.ini
[2012/09/04 19:35:23 | 000,000,284 | ---- | C] () -- C:\Users\Yoshi\AppData\Roaming\GPU MeterV2_Settings.ini
[2012/09/04 19:31:34 | 000,000,346 | ---- | C] () -- C:\Users\Yoshi\AppData\Roaming\Drives Meter_Settings.ini
[2012/09/04 19:30:15 | 000,000,352 | ---- | C] () -- C:\Users\Yoshi\AppData\Roaming\Network Meter_Settings.ini
[2012/09/04 19:29:44 | 000,001,791 | ---- | C] () -- C:\Users\Yoshi\AppData\Roaming\System Monitor II_CPU0_Settings.ini
[2012/09/04 15:15:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/09/04 14:41:50 | 000,007,606 | ---- | C] () -- C:\Users\Yoshi\AppData\Local\Resmon.ResmonCfg
[2012/09/04 00:24:14 | 000,030,764 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/09/03 17:13:35 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/09/02 23:26:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/09/02 23:17:39 | 000,792,788 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/26 11:42:40 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/06/26 11:42:40 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/17 11:14:06 | 000,000,038 | ---- | C] () -- C:\Users\Yoshi\abbrev.properties
[2012/02/17 10:02:02 | 000,000,000 | ---- | C] () -- C:\Users\Yoshi\au3.keywords.user.abbreviations.properties
[2012/02/14 16:52:12 | 000,000,027 | ---- | C] () -- C:\Users\Yoshi\au3UserAbbrev.properties
[2010/03/27 11:22:54 | 000,014,905 | ---- | C] () -- C:\Users\Yoshi\au3abbrev.properties
[2010/01/02 17:16:12 | 000,000,111 | ---- | C] () -- C:\Users\Yoshi\au3.UserUdfs.properties
[2010/01/02 17:15:50 | 000,000,000 | ---- | C] () -- C:\Users\Yoshi\au3.user.calltips.api
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 187 bytes -> C:\ProgramData\TEMP:1F41D2FE
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:728B799F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A29E7570
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:76650B61
< End of report >
But from reading the OTL log, unless I misunderstood it, I believe I am still infected.
I had avoided running Combofix, as I am not "technically" trained to run it yet, and wanted things done correctly.
via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/508758/zeroaccess-infection/
Aucun commentaire:
Enregistrer un commentaire