Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess Infection


  • This topic is locked This topic is locked
20 replies to this topic

#1 King_Yoshi

King_Yoshi

  • Malware Study Hall Senior
  • 1,361 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 23 September 2013 - 07:19 PM

1.) I managed to get aswMBR to run. Below is the log it created.

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-22 20:21:24
-----------------------------
20:21:24.678 OS Version: Windows x64 6.1.7601 Service Pack 1
20:21:24.678 Number of processors: 12 586 0x2C02
20:21:24.678 ComputerName: QUANTUM UserName: Yoshi
20:21:24.838 Initialize success
20:21:24.898 AVAST engine defs: 13092201
20:21:27.568 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:21:27.568 Disk 0 Vendor: INTEL_SSDSA2M160G2GC 2CV102HD Size: 152627MB BusType: 3
20:21:27.578 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-2
20:21:27.578 Disk 1 Vendor: WDC_WD1001FALS-40K1B0 08.00K08 Size: 953869MB BusType: 3
20:21:27.588 Disk 0 MBR read successfully
20:21:27.588 Disk 0 MBR scan
20:21:27.628 Disk 0 Windows 7 default MBR code
20:21:27.628 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:21:27.668 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
20:21:27.708 Disk 0 scanning C:\Windows\system32\drivers
20:21:29.348 Service scanning
20:21:33.008 Modules scanning
20:21:33.008 Disk 0 trace - called modules:
20:21:33.018 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:21:33.028 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a5eb790]
20:21:33.038 3 CLASSPNP.SYS[fffff880010b243f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800a3b5060]
20:21:33.198 AVAST engine scan C:\Windows
20:21:33.518 AVAST engine scan C:\Windows\system32
20:22:03.271 AVAST engine scan C:\Windows\system32\drivers
20:22:04.971 AVAST engine scan C:\Users\Yoshi
20:22:42.605 AVAST engine scan C:\ProgramData
20:23:01.226 Scan finished successfully
20:23:24.528 Disk 0 MBR has been saved successfully to "C:\Users\Yoshi\Desktop\MBR.dat"
20:23:24.528 The log file has been saved successfully to "C:\Users\Yoshi\Desktop\aswMBR.txt"

2.) I also ran RogueKiller,. Below is the log

RogueKiller V8.6.12 [Sep 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Yoshi [Admin rights]
Mode : Remove -- Date : 09/22/2013 20:21:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - INTEL SSDSA2M160G2GC ATA Device +++++
--- User ---
[MBR] 381581785b4e3cde9e99c4838b23b2d3
[BSP] dc0d2d47e55e4dae45cb5918b51d36ad : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152525 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) (Standard disk drives) - WDC WD1001FALS-40K1B0 ATA Device +++++
--- User ---
[MBR] 6da8b54965f975592772f516b88a2a10
[BSP] 640c0a10d06da1bc8692c7c7890092b6 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_09222013_202108.txt >>
RKreport[0]_S_09222013_201954.txt

3.) I then ran avast! Free Antivirus. Here are the log results

24zhzpw.jpg

4.) I also ran Malwarebytes. Below is the log.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.22.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Yoshi :: QUANTUM [administrator]

9/22/2013 1:30:46 PM
mbam-log-2013-09-22 (13-30-46).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 619233
Time elapsed: 46 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Yoshi\AppData\Local\Temp\EP8JUu60.exe.part (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Yoshi\AppData\Local\Temp\nIu5KwzW.exe.part (PUP.Downware) -> Quarantined and deleted successfully.

(end)

5.) Below is the required DDS log.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Yoshi at 19:58:22 on 2013-09-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.9726 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Process Explorer\procexp.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
D:\Program Files\Process Explorer\procexp64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
D:\Program Files\AutoIt3\SciTE\SciTE.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\Yoshi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\procexp.lnk - D:\Program Files\Process Explorer\procexp.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A02715D6-6607-47AA-8AA1-B7D0D8874EFD} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\guard32.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2013-7-5 15664]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-5-6 18232]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-9-5 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-9-5 370288]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-3-11 584056]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2012-3-11 38144]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-6-26 239616]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-9-5 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-9-5 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-2-8 44808]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2013-5-9 8998800]
R3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.2.47873.0.sys [2013-5-13 44944]
R3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2013-7-5 389936]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-11-19 13368]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-12-16 202632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-7 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-7 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-3 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
FileExt: .ini: Applications\SciTE.exe="D:\Program Files\AutoIt3\SciTE\SciTE.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-09-22 23:52:10 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2013-09-22 23:47:20 -------- d-----w- C:\Program Files\CCleaner
2013-09-21 01:20:56 -------- d-----w- C:\TDSSKiller_Quarantine
2013-09-14 17:44:16 -------- d-----w- C:\ProgramData\Auslogics
2013-09-14 17:44:14 -------- d-----w- C:\Program Files (x86)\Auslogics
2013-09-07 02:44:29 -------- d-----w- C:\Users\Yoshi\AppData\Roaming\XBMC
.
==================== Find3M ====================
.
2013-08-09 04:19:18 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-08-08 19:32:15 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-08-07 22:56:20 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-07-31 23:47:40 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-07-26 00:37:35 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2013-07-13 00:30:41 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-13 00:30:41 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-06 19:22:05 972712 ----a-w- C:\Windows\System32\deployJava1.dll
2013-07-06 19:22:05 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-07-06 19:22:05 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
.
============= FINISH: 19:59:00.05 ===============


6.) Below is a fresh OTL log.

OTL logfile created on: 9/23/2013 8:02:14 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Yoshi\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 9.46 Gb Available Physical Memory | 78.93% Memory free
23.98 Gb Paging File | 21.31 Gb Available in Paging File | 88.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 69.90 Gb Free Space | 46.93% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 419.79 Gb Free Space | 45.07% Space Free | Partition Type: NTFS

Computer Name: QUANTUM | User Name: Yoshi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/23 20:01:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Yoshi\Desktop\ffhjlutio78o.exe
PRC - [2013/07/31 19:47:40 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/01/11 21:40:09 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/11/19 04:57:28 | 000,166,968 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
PRC - [2012/11/19 04:57:24 | 000,420,920 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2012/10/30 19:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 19:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/09/04 20:46:12 | 002,691,192 | ---- | M] (Sysinternals - www.sysinternals.com) -- D:\Program Files\Process Explorer\procexp.exe
PRC - [2012/07/23 20:33:22 | 000,661,304 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
PRC - [2012/06/08 18:35:38 | 000,861,696 | ---- | M] (Neil Hodgson neilh@scintilla.org) -- D:\Program Files\AutoIt3\SciTE\SciTE.exe
PRC - [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/11 21:40:09 | 003,021,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/11/19 04:57:28 | 000,166,968 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
MOD - [2012/11/19 04:57:24 | 000,420,920 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2012/11/08 09:25:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2012/11/08 09:23:26 | 000,339,968 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2012/11/08 09:12:20 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2012/11/08 09:08:28 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2012/11/08 09:06:28 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2012/11/08 08:56:16 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll
MOD - [2012/11/08 08:46:16 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTMUI.dll
MOD - [2012/11/08 08:24:12 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTUI.dll
MOD - [2012/11/08 08:21:52 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTFC.dll
MOD - [2011/04/30 11:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
MOD - [2011/04/30 11:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTTSH.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/09 00:18:05 | 008,998,800 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:64bit: - [2012/12/16 07:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2012/11/07 19:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012/10/30 19:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/06/26 12:21:54 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/09/06 16:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/07/31 19:47:40 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/12/27 23:50:30 | 031,124,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/13 12:12:04 | 000,044,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DisplayLinkUsbIo_x64_7.2.47873.0.sys -- (DisplayLinkUsbIo_x64)
DRV:64bit: - [2013/05/09 00:20:03 | 000,389,936 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlkmd.sys -- (dlkmd)
DRV:64bit: - [2013/05/09 00:20:03 | 000,015,664 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV:64bit: - [2012/12/16 07:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/10/30 19:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 19:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 19:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 19:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 12:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/17 00:41:48 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/06/26 13:36:26 | 010,256,384 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/26 11:22:10 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 16:50:14 | 000,018,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/04/27 09:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 09:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/11/23 20:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 20:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/10/29 04:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2012/11/19 04:57:24 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F 61 42 4D EE 9D CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: add-to-searchbox%40maltekraus.de:2.0
FF - prefs.js..extensions.enabledAddons: linkinator%40linkinator.net:1.2
FF - prefs.js..extensions.enabledAddons: linky%40gemal.dk:3.0.0
FF - prefs.js..extensions.enabledAddons: notreal.ccoptions%40environmentalchemistry.com:16.0.1
FF - prefs.js..extensions.enabledAddons: %7B03B08592-E5B4-45ff-A0BE-C1D975458688%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B27c60876-b5c9-4335-b4f3-52b26782220c%7D:0.9.4
FF - prefs.js..extensions.enabledAddons: %7B987311C6-B504-4aa2-90BF-60CC49808D42%7D:2.2
FF - prefs.js..extensions.enabledAddons: %7Baf79f858-4b25-4ca4-822b-b5db1be628fc%7D:0.3.2
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.5
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1
FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90.1
FF - prefs.js..extensions.enabledAddons: %7B578e7caa-210f-4967-a0d3-88fe5b59a39f%7D:0.8.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 21:40:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/03 20:33:48 | 000,000,000 | ---D | M]

[2012/09/02 03:05:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Extensions
[2013/09/07 23:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions
[2012/11/30 00:41:38 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2013/04/15 21:28:17 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013/09/07 23:34:33 | 000,000,000 | ---D | M] (Textarea Cache) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\{578e7caa-210f-4967-a0d3-88fe5b59a39f}
[2013/07/16 18:42:30 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/10/13 00:02:38 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013/05/21 19:53:01 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\foxmarks@kei.com
[2012/09/02 03:18:20 | 000,025,781 | ---- | M] () (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\add-to-searchbox@maltekraus.de.xpi
[2013/05/25 17:12:06 | 002,168,615 | ---- | M] () (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\firebug@software.joehewitt.com.xpi
[2012/09/02 03:18:20 | 000,026,797 | ---- | M] () (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\linkinator@linkinator.net.xpi
[2012/09/03 13:46:40 | 000,024,747 | ---- | M] () (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\linky@gemal.dk.xpi
[2012/12/02 20:49:17 | 000,159,639 | ---- | M] () (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\notreal.ccoptions@environmentalchemistry.com.xpi
[2012/09/22 23:59:29 | 000,007,532 | ---- | M] () (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
[2012/09/02 03:18:20 | 000,022,573 | ---- | M] () (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi
[2012/09/02 03:18:20 | 000,078,602 | ---- | M] () (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi
[2013/05/05 18:05:27 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013/07/30 20:18:13 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/02 03:18:20 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012/12/26 16:35:19 | 000,000,996 | ---- | M] () -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\searchplugins\dictionarycom.xml
[2012/09/04 23:16:49 | 000,001,162 | ---- | M] () -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\searchplugins\magiccardsinfo.xml
[2012/12/26 16:33:56 | 000,000,932 | ---- | M] () -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\searchplugins\thesauruscom.xml
[2012/10/22 17:43:08 | 000,001,318 | ---- | M] () -- C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\searchplugins\wolframalpha.xml
[2012/09/04 14:55:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/11 21:40:09 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/24 22:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/16 21:39:56 | 000,002,093 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\gatherer.xml
[2012/10/14 00:16:46 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Silverlight (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

O1 HOSTS File: ([2013/09/20 21:01:09 | 000,000,025 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - Startup: C:\Users\Yoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\procexp.lnk = D:\Program Files\Process Explorer\procexp.exe (Sysinternals - www.sysinternals.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A02715D6-6607-47AA-8AA1-B7D0D8874EFD}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/23 20:01:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Yoshi\Desktop\ffhjlutio78o.exe
[2013/09/23 19:58:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Yoshi\Desktop\dds.com
[2013/09/22 20:16:19 | 000,000,000 | ---D | C] -- C:\Users\Yoshi\Desktop\RK_Quarantine
[2013/09/22 19:52:10 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2013/09/22 19:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/09/22 19:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/09/20 21:20:56 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/09/14 13:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Auslogics
[2013/09/14 13:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2013/09/07 16:18:44 | 000,000,000 | ---D | C] -- C:\Users\Yoshi\Desktop\Proxys I want made
[2013/09/06 22:44:29 | 000,000,000 | ---D | C] -- C:\Users\Yoshi\AppData\Roaming\XBMC
[2013/09/01 12:02:31 | 000,000,000 | ---D | C] -- C:\Users\Yoshi\Desktop\Temp MTG Folder
[2013/08/29 12:45:05 | 000,000,000 | R--D | C] -- C:\Users\Yoshi\Documents\Scanned Documents
[2013/08/29 12:45:05 | 000,000,000 | ---D | C] -- C:\Users\Yoshi\Documents\Fax

========== Files - Modified Within 30 Days ==========

[2013/09/23 20:01:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Yoshi\Desktop\ffhjlutio78o.exe
[2013/09/23 19:58:02 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Yoshi\Desktop\dds.com
[2013/09/23 19:30:13 | 000,799,064 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/23 19:30:13 | 000,673,678 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/23 19:30:13 | 000,127,236 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/23 19:28:19 | 000,011,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/23 19:28:19 | 000,011,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/23 19:22:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/23 19:21:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/23 19:21:11 | 1066,749,950 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/22 20:23:24 | 000,000,512 | ---- | M] () -- C:\Users\Yoshi\Desktop\MBR.dat
[2013/09/22 19:53:24 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/22 19:52:10 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2013/09/22 17:24:26 | 000,000,242 | ---- | M] () -- C:\Users\Yoshi\Desktop\Basic Guide to DNS - Google Apps Help.URL
[2013/09/21 17:55:46 | 000,071,627 | ---- | M] () -- C:\Users\Yoshi\Desktop\Crystal Shard.jpg
[2013/09/21 17:50:14 | 000,078,029 | ---- | M] () -- C:\Users\Yoshi\Desktop\DCI_sol_ring.jpg
[2013/09/20 23:21:14 | 094,916,037 | ---- | M] () -- C:\Users\Yoshi\Documents\New folder.zip
[2013/09/20 21:43:13 | 000,001,115 | ---- | M] () -- C:\Users\Yoshi\SciTE.session
[2013/09/20 20:44:44 | 336,044,542 | ---- | M] () -- C:\Users\Yoshi\Desktop\reg backup sept 20 2013.reg
[2013/09/20 20:12:15 | 000,001,588 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013/09/20 20:04:19 | 000,565,912 | ---- | M] () -- C:\Users\Yoshi\Desktop\bookmarks-2013-09-20 - Sandbox
[2013/09/17 19:54:08 | 001,320,178 | ---- | M] () -- C:\Users\Yoshi\Desktop\img026.jpg
[2013/09/14 01:13:18 | 000,035,298 | ---- | M] () -- C:\Users\Yoshi\Desktop\Image.jpg
[2013/09/07 23:03:47 | 002,955,199 | ---- | M] () -- C:\Users\Yoshi\Desktop\Retainers can not be changed during the Beta Test.png
[2013/09/07 16:41:50 | 000,035,772 | ---- | M] () -- C:\Users\Yoshi\Desktop\Oona, Queen of the Fae.jpg
[2013/09/06 22:57:54 | 000,000,208 | ---- | M] () -- C:\Users\Yoshi\Desktop\Learn to code Codecademy.URL
[2013/09/04 20:42:57 | 000,033,910 | ---- | M] () -- C:\Users\Yoshi\Desktop\Black Market.jpg
[2013/09/04 19:20:53 | 000,034,733 | ---- | M] () -- C:\Users\Yoshi\Desktop\Recurring Insight.jpg
[2013/09/04 19:13:41 | 000,037,054 | ---- | M] () -- C:\Users\Yoshi\Desktop\Arcanis the Omnipotent.jpg
[2013/09/04 19:12:47 | 000,030,646 | ---- | M] () -- C:\Users\Yoshi\Desktop\Cyclonic Rift.jpg
[2013/09/04 19:02:28 | 000,070,161 | ---- | M] () -- C:\Users\Yoshi\Desktop\Fabricate.jpg
[2013/08/28 13:54:16 | 001,087,530 | ---- | M] () -- C:\Users\Yoshi\Desktop\MT Unclaimed Property Form.pdf
[2013/08/28 13:50:14 | 001,084,953 | ---- | M] () -- C:\Users\Yoshi\Desktop\MT Unclaimed Property Form.jpg
[2013/08/28 13:19:28 | 000,912,078 | ---- | M] () -- C:\Users\Yoshi\Desktop\MT Cobra Coverage Form.jpg

========== Files Created - No Company Name ==========

[2013/09/22 20:23:24 | 000,000,512 | ---- | C] () -- C:\Users\Yoshi\Desktop\MBR.dat
[2013/09/22 17:24:26 | 000,000,242 | ---- | C] () -- C:\Users\Yoshi\Desktop\Basic Guide to DNS - Google Apps Help.URL
[2013/09/21 17:55:46 | 000,071,627 | ---- | C] () -- C:\Users\Yoshi\Desktop\Crystal Shard.jpg
[2013/09/21 17:50:13 | 000,078,029 | ---- | C] () -- C:\Users\Yoshi\Desktop\DCI_sol_ring.jpg
[2013/09/20 23:21:10 | 094,916,037 | ---- | C] () -- C:\Users\Yoshi\Documents\New folder.zip
[2013/09/20 20:44:34 | 336,044,542 | ---- | C] () -- C:\Users\Yoshi\Desktop\reg backup sept 20 2013.reg
[2013/09/20 20:04:19 | 000,565,912 | ---- | C] () -- C:\Users\Yoshi\Desktop\bookmarks-2013-09-20 - Sandbox
[2013/09/17 19:54:08 | 001,320,178 | ---- | C] () -- C:\Users\Yoshi\Desktop\img026.jpg
[2013/09/14 01:13:18 | 000,035,298 | ---- | C] () -- C:\Users\Yoshi\Desktop\Image.jpg
[2013/09/07 23:03:47 | 002,955,199 | ---- | C] () -- C:\Users\Yoshi\Desktop\Retainers can not be changed during the Beta Test.png
[2013/09/07 16:41:50 | 000,035,772 | ---- | C] () -- C:\Users\Yoshi\Desktop\Oona, Queen of the Fae.jpg
[2013/09/06 22:57:54 | 000,000,208 | ---- | C] () -- C:\Users\Yoshi\Desktop\Learn to code Codecademy.URL
[2013/09/04 20:42:57 | 000,033,910 | ---- | C] () -- C:\Users\Yoshi\Desktop\Black Market.jpg
[2013/09/04 19:20:53 | 000,034,733 | ---- | C] () -- C:\Users\Yoshi\Desktop\Recurring Insight.jpg
[2013/09/04 19:13:41 | 000,037,054 | ---- | C] () -- C:\Users\Yoshi\Desktop\Arcanis the Omnipotent.jpg
[2013/09/04 19:12:47 | 000,030,646 | ---- | C] () -- C:\Users\Yoshi\Desktop\Cyclonic Rift.jpg
[2013/09/04 19:02:28 | 000,070,161 | ---- | C] () -- C:\Users\Yoshi\Desktop\Fabricate.jpg
[2013/08/28 13:54:15 | 001,087,530 | ---- | C] () -- C:\Users\Yoshi\Desktop\MT Unclaimed Property Form.pdf
[2013/08/28 13:50:14 | 001,084,953 | ---- | C] () -- C:\Users\Yoshi\Desktop\MT Unclaimed Property Form.jpg
[2013/08/28 13:19:28 | 000,912,078 | ---- | C] () -- C:\Users\Yoshi\Desktop\MT Cobra Coverage Form.jpg
[2013/07/31 19:47:48 | 000,291,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/07/31 19:47:40 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/07/30 11:09:47 | 000,000,056 | ---- | C] () -- C:\Users\Yoshi\.gitconfig
[2013/07/12 23:16:26 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2013/06/22 20:35:33 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2013/02/11 16:06:49 | 000,000,780 | ---- | C] () -- C:\Users\Yoshi\AppData\Roaming\MPQEditor.ini
[2012/12/14 23:41:29 | 000,000,440 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/12/11 01:26:02 | 000,000,534 | ---- | C] () -- C:\Windows\eReg.dat
[2012/12/05 22:54:43 | 000,020,442 | ---- | C] () -- C:\Windows\W2BNEUnin.dat
[2012/09/28 11:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012/09/11 16:35:31 | 000,000,061 | ---- | C] () -- C:\Users\Yoshi\SciTEUser.properties
[2012/09/11 15:20:51 | 000,001,115 | ---- | C] () -- C:\Users\Yoshi\SciTE.session
[2012/09/10 12:53:00 | 000,001,456 | ---- | C] () -- C:\Users\Yoshi\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/09/06 20:42:27 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/09/06 20:42:27 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/09/06 20:42:27 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/09/06 20:42:27 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/09/06 20:42:27 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/09/06 20:42:27 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/09/06 20:42:27 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/09/06 20:42:27 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/09/06 20:42:27 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/09/06 20:42:27 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/09/06 20:42:27 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/09/06 20:42:27 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/09/06 20:42:27 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/09/06 20:42:27 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/09/06 20:42:27 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/09/06 20:42:27 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/09/06 20:42:07 | 000,000,079 | ---- | C] () -- C:\Windows\EPSCX7400.ini
[2012/09/05 19:31:57 | 000,000,034 | ---- | C] () -- C:\Windows\AvastEmUpdate.ini
[2012/09/04 20:48:52 | 000,001,588 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/09/04 19:36:48 | 000,000,347 | ---- | C] () -- C:\Users\Yoshi\AppData\Roaming\Digital Clock_Settings.ini
[2012/09/04 19:35:23 | 000,000,284 | ---- | C] () -- C:\Users\Yoshi\AppData\Roaming\GPU MeterV2_Settings.ini
[2012/09/04 19:31:34 | 000,000,346 | ---- | C] () -- C:\Users\Yoshi\AppData\Roaming\Drives Meter_Settings.ini
[2012/09/04 19:30:15 | 000,000,352 | ---- | C] () -- C:\Users\Yoshi\AppData\Roaming\Network Meter_Settings.ini
[2012/09/04 19:29:44 | 000,001,791 | ---- | C] () -- C:\Users\Yoshi\AppData\Roaming\System Monitor II_CPU0_Settings.ini
[2012/09/04 15:15:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/09/04 14:41:50 | 000,007,606 | ---- | C] () -- C:\Users\Yoshi\AppData\Local\Resmon.ResmonCfg
[2012/09/04 00:24:14 | 000,030,764 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/09/03 17:13:35 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/09/02 23:26:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/09/02 23:17:39 | 000,792,788 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/26 11:42:40 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/06/26 11:42:40 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/17 11:14:06 | 000,000,038 | ---- | C] () -- C:\Users\Yoshi\abbrev.properties
[2012/02/17 10:02:02 | 000,000,000 | ---- | C] () -- C:\Users\Yoshi\au3.keywords.user.abbreviations.properties
[2012/02/14 16:52:12 | 000,000,027 | ---- | C] () -- C:\Users\Yoshi\au3UserAbbrev.properties
[2010/03/27 11:22:54 | 000,014,905 | ---- | C] () -- C:\Users\Yoshi\au3abbrev.properties
[2010/01/02 17:16:12 | 000,000,111 | ---- | C] () -- C:\Users\Yoshi\au3.UserUdfs.properties
[2010/01/02 17:15:50 | 000,000,000 | ---- | C] () -- C:\Users\Yoshi\au3.user.calltips.api

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 187 bytes -> C:\ProgramData\TEMP:1F41D2FE
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:728B799F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A29E7570
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:76650B61

< End of report >

But from reading the OTL log, unless I misunderstood it, I believe I am still infected.

I had avoided running Combofix, as I am not "technically" trained to run it yet, and wanted things done correctly.

Edited by Oh My, 23 September 2013 - 09:44 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,967 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:42 AM

Posted 23 September 2013 - 07:43 PM

Greetings King_Yoshi and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Please allow me some time to review the information you have provided and I will reply as soon as possible. From this point forward if you can copy and paste the contents of reports it will make it easier for me to review.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,967 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:42 AM

Posted 23 September 2013 - 09:43 PM

Greetings,

There are a few entries we need to take care of but before we do that I would like to use another program to get a snapshot of your computer from a slightly different angle. Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Farbar logs (2)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 King_Yoshi

King_Yoshi
  • Topic Starter

  • Malware Study Hall Senior
  • 1,361 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 24 September 2013 - 06:41 PM

FRST Scan Log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2013
Ran by Yoshi (administrator) on QUANTUM on 24-09-2013 19:33:53
Running from C:\Users\Yoshi\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
() C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sysinternals - www.sysinternals.com) D:\Program Files\Process Explorer\procexp.exe
(Sysinternals - www.sysinternals.com) D:\Program Files\Process Explorer\procexp64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-07] (COMODO)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2012-09-04] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [6900024 2012-07-23] (Logitech Inc.)
HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [160256 2012-10-28] (IvoSoft)
HKCU\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [765200 2012-12-16] (SANDBOXIE L.T.D)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-30] (AVAST Software)
AppInit_DLLs: C:\Windows\System32\guard64.dll C:\Windows\System32\guard64.dll [390392 2012-11-07] (COMODO)
AppInit_DLLs-x32: C:\Windows\SysWOW64\guard32.dll [301264 2012-11-07] (COMODO)
Startup: C:\Users\Yoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\procexp.lnk
ShortcutTarget: procexp.lnk -> D:\Program Files\Process Explorer\procexp.exe (Sysinternals - www.sysinternals.com)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9F61424DEE9DCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\searchplugins\dictionarycom.xml
FF SearchPlugin: C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\searchplugins\magiccardsinfo.xml
FF SearchPlugin: C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\searchplugins\thesauruscom.xml
FF SearchPlugin: C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\searchplugins\wolframalpha.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\gatherer.xml
FF Extension: Deutsches Wörterbuch - C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: No Name - C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\Extensions\foxmarks@kei.com
FF Extension: Toolbar Buttons - C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
FF Extension: Flashblock - C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF Extension: Textarea Cache - C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\Extensions\{578e7caa-210f-4967-a0d3-88fe5b59a39f}
FF Extension: ChatZilla - C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF Extension: add-to-searchbox - C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\Extensions\add-to-searchbox@maltekraus.de.xpi
FF Extension: firebug - C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: linkinator - C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\Extensions\linkinator@linkinator.net.xpi
FF Extension: linky - C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\Extensions\linky@gemal.dk.xpi
FF Extension: notreal.ccoptions - C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\Extensions\notreal.ccoptions@environmentalchemistry.com.xpi
FF Extension: No Name - C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
FF Extension: No Name - C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi
FF Extension: No Name - C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi
FF Extension: No Name - C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF Extension: No Name - C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\4eatwozm.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: Skype extension for Firefox - C:\Program Files (x86)\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll ()
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-30] (AVAST Software)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-07] (COMODO)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8998800 2013-05-09] (DisplayLink Corp.)
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files\Microsoft Office\Office14\GROOVE.EXE [31124344 2010-12-27] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-07-31] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-12-16] (SANDBOXIE L.T.D)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-07] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-07] (COMODO)
R3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.2.47873.0.sys [44944 2013-05-13] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-07] (COMODO)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2012-11-19] ()
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2012-11-19] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-12-16] (SANDBOXIE L.T.D)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18232 2011-02-23] ()
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys [x]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-24 19:33 - 2013-09-24 19:33 - 01955802 _____ (Farbar) C:\Users\Yoshi\Desktop\FRST64.exe
2013-09-24 19:33 - 2013-09-24 19:33 - 00000000 ____D C:\FRST
2013-09-23 22:17 - 2013-09-23 22:17 - 00068790 _____ C:\Users\Yoshi\Desktop\ufonts.com_plantin_1_.ttf
2013-09-23 22:02 - 2013-09-23 22:02 - 41416684 _____ C:\Users\Yoshi\Desktop\FPM's MTG Life Counter.zip
2013-09-23 22:02 - 2013-09-23 22:02 - 12587142 _____ C:\Users\Yoshi\Desktop\White Dragon's MTG Expansion Symbols.zip
2013-09-23 20:05 - 2013-09-23 20:05 - 00092296 _____ C:\Users\Yoshi\Desktop\OTL.Txt
2013-09-23 20:01 - 2013-09-23 20:01 - 00602112 _____ (OldTimer Tools) C:\Users\Yoshi\Desktop\ffhjlutio78o.exe
2013-09-23 19:59 - 2013-09-23 19:59 - 00013126 _____ C:\Users\Yoshi\Desktop\dds.txt
2013-09-23 19:59 - 2013-09-23 19:59 - 00012318 _____ C:\Users\Yoshi\Desktop\attach.txt
2013-09-22 20:23 - 2013-09-22 20:23 - 00002023 _____ C:\Users\Yoshi\Desktop\aswMBR.txt
2013-09-22 20:23 - 2013-09-22 20:23 - 00000512 _____ C:\Users\Yoshi\Desktop\MBR.dat
2013-09-22 20:21 - 2013-09-22 20:21 - 00002065 _____ C:\Users\Yoshi\Desktop\RKreport[0]_D_09222013_202108.txt
2013-09-22 20:19 - 2013-09-22 20:19 - 00002009 _____ C:\Users\Yoshi\Desktop\RKreport[0]_S_09222013_201954.txt
2013-09-22 20:16 - 2013-09-22 20:21 - 00000000 ____D C:\Users\Yoshi\Desktop\RK_Quarantine
2013-09-22 19:53 - 2013-09-24 19:31 - 00000224 _____ C:\Windows\setupact.log
2013-09-22 19:53 - 2013-09-22 19:53 - 00000000 _____ C:\Windows\setuperr.log
2013-09-22 19:52 - 2013-09-22 19:52 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2013-09-22 19:47 - 2013-09-22 19:47 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-09-22 19:47 - 2013-09-22 19:47 - 00000000 ____D C:\Program Files\CCleaner
2013-09-22 17:24 - 2013-09-22 17:24 - 00000242 _____ C:\Users\Yoshi\Desktop\Basic Guide to DNS - Google Apps Help.URL
2013-09-20 23:21 - 2013-09-20 23:21 - 94916037 _____ C:\Users\Yoshi\Documents\New folder.zip
2013-09-20 21:59 - 2013-09-20 21:59 - 00000030 _____ C:\Users\Yoshi\Desktop\Infection Notes.txt
2013-09-20 21:31 - 2013-09-23 20:06 - 00085946 _____ C:\Users\Yoshi\Desktop\Extras.Txt
2013-09-20 21:20 - 2013-09-20 21:20 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-09-20 20:44 - 2013-09-20 20:44 - 336044542 _____ C:\Users\Yoshi\Desktop\reg backup sept 20 2013.reg
2013-09-20 20:04 - 2013-09-20 20:04 - 00565912 _____ C:\Users\Yoshi\Desktop\bookmarks-2013-09-20 - Sandbox
2013-09-14 13:44 - 2013-09-14 13:44 - 00000000 ____D C:\ProgramData\Auslogics
2013-09-14 13:44 - 2013-09-14 13:44 - 00000000 ____D C:\Program Files (x86)\Auslogics
2013-09-07 18:25 - 2013-09-07 18:25 - 00000646 _____ C:\Users\Yoshi\Desktop\Custom Order ioffer - MTG Proxies.txt
2013-09-07 16:18 - 2013-09-18 20:26 - 00000000 ____D C:\Users\Yoshi\Desktop\Proxys I want made
2013-09-06 22:57 - 2013-09-06 22:57 - 00000208 _____ C:\Users\Yoshi\Desktop\Learn to code Codecademy.URL
2013-09-06 22:44 - 2013-09-06 22:44 - 00000000 ____D C:\Users\Yoshi\AppData\Roaming\XBMC
2013-09-01 12:02 - 2013-09-01 12:12 - 00000000 ____D C:\Users\Yoshi\Desktop\Temp MTG Folder
2013-08-29 12:45 - 2013-08-29 12:49 - 00000000 ____D C:\Users\Yoshi\Documents\Fax

==================== One Month Modified Files and Folders =======

2013-09-24 19:33 - 2013-09-24 19:33 - 01955802 _____ (Farbar) C:\Users\Yoshi\Desktop\FRST64.exe
2013-09-24 19:33 - 2013-09-24 19:33 - 00000000 ____D C:\FRST
2013-09-24 19:31 - 2013-09-22 19:53 - 00000224 _____ C:\Windows\setupact.log
2013-09-24 19:31 - 2012-09-05 19:53 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-24 19:31 - 2012-09-05 19:53 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-24 19:31 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-24 19:31 - 2009-07-14 00:45 - 00362376 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-23 22:38 - 2013-01-04 01:42 - 00003020 _____ C:\Windows\System32\Tasks\MSIAfterburner
2013-09-23 22:38 - 2012-09-02 02:54 - 01136557 _____ C:\Windows\WindowsUpdate.log
2013-09-23 22:17 - 2013-09-23 22:17 - 00068790 _____ C:\Users\Yoshi\Desktop\ufonts.com_plantin_1_.ttf
2013-09-23 22:09 - 2012-09-02 23:58 - 00091752 _____ C:\Users\Yoshi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-23 22:02 - 2013-09-23 22:02 - 41416684 _____ C:\Users\Yoshi\Desktop\FPM's MTG Life Counter.zip
2013-09-23 22:02 - 2013-09-23 22:02 - 12587142 _____ C:\Users\Yoshi\Desktop\White Dragon's MTG Expansion Symbols.zip
2013-09-23 21:33 - 2012-09-04 14:55 - 00000000 ____D C:\Users\Yoshi\AppData\Roaming\Skype
2013-09-23 20:49 - 2012-09-04 19:59 - 00000000 ____D C:\Users\Yoshi\AppData\Local\Adobe
2013-09-23 20:24 - 2012-09-11 15:20 - 00000979 _____ C:\Users\Yoshi\SciTE.session
2013-09-23 20:24 - 2012-09-04 15:15 - 00000000 ____D C:\Users\Yoshi\AppData\Roaming\skypePM
2013-09-23 20:06 - 2013-09-20 21:31 - 00085946 _____ C:\Users\Yoshi\Desktop\Extras.Txt
2013-09-23 20:05 - 2013-09-23 20:05 - 00092296 _____ C:\Users\Yoshi\Desktop\OTL.Txt
2013-09-23 20:01 - 2013-09-23 20:01 - 00602112 _____ (OldTimer Tools) C:\Users\Yoshi\Desktop\ffhjlutio78o.exe
2013-09-23 19:59 - 2013-09-23 19:59 - 00013126 _____ C:\Users\Yoshi\Desktop\dds.txt
2013-09-23 19:59 - 2013-09-23 19:59 - 00012318 _____ C:\Users\Yoshi\Desktop\attach.txt
2013-09-23 19:30 - 2009-07-14 01:13 - 00799064 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-23 19:28 - 2009-07-14 00:45 - 00011168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-23 19:28 - 2009-07-14 00:45 - 00011168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-22 20:23 - 2013-09-22 20:23 - 00002023 _____ C:\Users\Yoshi\Desktop\aswMBR.txt
2013-09-22 20:23 - 2013-09-22 20:23 - 00000512 _____ C:\Users\Yoshi\Desktop\MBR.dat
2013-09-22 20:21 - 2013-09-22 20:21 - 00002065 _____ C:\Users\Yoshi\Desktop\RKreport[0]_D_09222013_202108.txt
2013-09-22 20:21 - 2013-09-22 20:16 - 00000000 ____D C:\Users\Yoshi\Desktop\RK_Quarantine
2013-09-22 20:19 - 2013-09-22 20:19 - 00002009 _____ C:\Users\Yoshi\Desktop\RKreport[0]_S_09222013_201954.txt
2013-09-22 20:10 - 2013-07-06 15:47 - 00000000 ____D C:\Program Files (x86)\PowerCmd
2013-09-22 19:53 - 2013-09-22 19:53 - 00000000 _____ C:\Windows\setuperr.log
2013-09-22 19:52 - 2013-09-22 19:52 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2013-09-22 19:50 - 2013-06-22 20:36 - 00000000 ____D C:\Users\Yoshi\AppData\Roaming\Ventrilo
2013-09-22 19:50 - 2012-09-04 20:03 - 00000000 ____D C:\Users\Yoshi\AppData\Roaming\Media Player Classic
2013-09-22 19:50 - 2012-09-04 19:43 - 00000000 ____D C:\Users\Yoshi\AppData\Roaming\uTorrent
2013-09-22 19:50 - 2012-09-02 06:49 - 00000000 ____D C:\Windows\Panther
2013-09-22 19:50 - 2012-09-02 03:11 - 00000000 ____D C:\Windows\Minidump
2013-09-22 19:47 - 2013-09-22 19:47 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-09-22 19:47 - 2013-09-22 19:47 - 00000000 ____D C:\Program Files\CCleaner
2013-09-22 17:24 - 2013-09-22 17:24 - 00000242 _____ C:\Users\Yoshi\Desktop\Basic Guide to DNS - Google Apps Help.URL
2013-09-20 23:21 - 2013-09-20 23:21 - 94916037 _____ C:\Users\Yoshi\Documents\New folder.zip
2013-09-20 21:59 - 2013-09-20 21:59 - 00000030 _____ C:\Users\Yoshi\Desktop\Infection Notes.txt
2013-09-20 21:20 - 2013-09-20 21:20 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-09-20 20:44 - 2013-09-20 20:44 - 336044542 _____ C:\Users\Yoshi\Desktop\reg backup sept 20 2013.reg
2013-09-20 20:20 - 2012-09-02 13:43 - 00000000 ____D C:\ProgramData\AMD
2013-09-20 20:12 - 2012-09-04 20:48 - 00001588 _____ C:\Windows\Sandboxie.ini
2013-09-20 20:04 - 2013-09-20 20:04 - 00565912 _____ C:\Users\Yoshi\Desktop\bookmarks-2013-09-20 - Sandbox
2013-09-18 20:26 - 2013-09-07 16:18 - 00000000 ____D C:\Users\Yoshi\Desktop\Proxys I want made
2013-09-17 19:48 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-14 13:44 - 2013-09-14 13:44 - 00000000 ____D C:\ProgramData\Auslogics
2013-09-14 13:44 - 2013-09-14 13:44 - 00000000 ____D C:\Program Files (x86)\Auslogics
2013-09-14 13:44 - 2012-09-04 23:08 - 00000000 ____D C:\Users\Yoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-14 13:44 - 2012-09-04 20:41 - 00000000 ___RD C:\Users\Yoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities
2013-09-08 18:06 - 2013-06-09 16:59 - 00000000 ____D C:\Users\Yoshi\Desktop\Job Search Possibilities
2013-09-08 16:09 - 2013-08-14 12:08 - 00000000 ___RD C:\Users\Yoshi\Desktop\Other
2013-09-08 15:17 - 2013-06-17 15:26 - 00000000 ____D C:\Users\Yoshi\AppData\Local\Deployment
2013-09-08 14:26 - 2012-09-02 01:06 - 00000000 ____D C:\Users\Yoshi\Desktop\Security And Computer Fixes
2013-09-08 13:18 - 2013-07-30 09:40 - 00000000 ____D C:\Users\Yoshi\AppData\Local\GitHub
2013-09-08 13:17 - 2013-07-30 09:40 - 00000000 ____D C:\Users\Yoshi\AppData\Roaming\GitHub
2013-09-07 18:25 - 2013-09-07 18:25 - 00000646 _____ C:\Users\Yoshi\Desktop\Custom Order ioffer - MTG Proxies.txt
2013-09-06 22:59 - 2012-09-04 20:41 - 00000000 ___RD C:\Users\Yoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media Players
2013-09-06 22:57 - 2013-09-06 22:57 - 00000208 _____ C:\Users\Yoshi\Desktop\Learn to code Codecademy.URL
2013-09-06 22:44 - 2013-09-06 22:44 - 00000000 ____D C:\Users\Yoshi\AppData\Roaming\XBMC
2013-09-02 18:47 - 2012-09-02 01:06 - 00000000 ___RD C:\Users\Yoshi\Desktop\Information
2013-09-02 18:46 - 2013-07-20 20:49 - 00000000 ____D C:\Users\Yoshi\Desktop\Things to do
2013-09-01 12:12 - 2013-09-01 12:02 - 00000000 ____D C:\Users\Yoshi\Desktop\Temp MTG Folder
2013-09-01 12:07 - 2013-08-05 14:26 - 00000000 ____D C:\Users\Yoshi\Desktop\Training and Further Education
2013-09-01 12:04 - 2013-08-14 12:09 - 00000000 ____D C:\Users\Yoshi\Desktop\United Nations Consulting
2013-09-01 12:04 - 2013-08-14 12:03 - 00000000 ____D C:\Users\Yoshi\Desktop\Downloaded PDF Books
2013-09-01 12:04 - 2013-07-30 12:18 - 00000000 ____D C:\Users\Yoshi\Desktop\Unemployment
2013-08-29 12:49 - 2013-08-29 12:45 - 00000000 ____D C:\Users\Yoshi\Documents\Fax
2013-08-26 20:51 - 2012-09-06 00:21 - 00000000 ____D C:\Users\Yoshi\Documents\my games
2013-08-26 20:51 - 2012-09-03 17:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

Some content of TEMP:
====================
C:\Users\Yoshi\AppData\Local\Temp\Foxit Reader Updater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-22 13:20

==================== End Of Log ============================

 

 

FRST Addition Log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2013
Ran by Yoshi at 2013-09-24 19:34:35
Running from C:\Users\Yoshi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Defense+ (Enabled - Up to date) {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall (Enabled) {7DB03214-694B-060B-1600-BD4715C36DBB}

==================== Installed Programs ======================

µTorrent (x32 Version: 3.2.0)
Adobe Flash Player 10 ActiveX (x32 Version: 10.1.102.64)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Advanced PDF Password Recovery (x32 Version: 5.05.97.1109)
Age of Empires II: HD Edition (x32)
Age of Empires® III: Complete Collection (x32)
Aion (x32 Version: 1.0.0.2)
AMD Catalyst Install Manager (Version: 8.0.881.0)
Apple Application Support (x32 Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (x32 Version: 2.1.3.127)
Auslogics DiskDefrag (x32 Version: 4.1.0.0)
AutoIt v3.3.8.1 (x32)
avast! Free Antivirus (x32 Version: 7.0.1474.0)
Bonjour (Version: 3.0.0.10)
Borderlands 2 (x32)
Call of Duty 4: Modern Warfare (x32)
Call of Duty: Black Ops II - Multiplayer (x32)
Call of Duty: Black Ops II (x32)
Call of Duty: Modern Warfare 3 - Multiplayer (x32)
Catalyst Control Center InstallProxy (x32 Version: 2012.0626.1157.19430)
CCleaner (Version: 4.05)
Cheat Engine 5.6.1 (x32)
Chivalry: Medieval Warfare (x32)
Classic Menu for Office Home and Student 2010 v5.25 (Version: 5.25)
Classic Shell (Version: 3.6.2)
Cockatrice (x32)
Command and Conquer: Red Alert 3 (x32)
COMODO Internet Security (Version: 5.10.31649.2253)
Counter-Strike: Global Offensive (x32)
Dark Souls: Prepare to Die Edition (x32)
Data Wipe  (x32 Version: )
Diablo II (x32)
DisplayLink Core Software (Version: 7.2.47873.0)
Dolby Axon - 1.5.0.1 (x32 Version: 1.5.0.1)
Dota 2 (x32)
EPSON Printer Software
EPSON Scan (x32)
Evoland (x32)
FileZilla Client 3.6.0.1 (x32 Version: 3.6.0.1)
FINAL FANTASY XIV - A Realm Reborn (x32 Version: 1.0.0000)
Foxit Reader (x32 Version: 6.0.3.524)
Fraps (remove only) (x32)
GitHub (HKCU Version: 1.0.56.0)
GlassFish Server Open Source Edition 4.0
Google Chrome (x32 Version: 21.0.1180.89)
Guild Wars (HKCU)
Heroes of Newerth (x32 Version: 2.3.0)
HiJackThis (x32 Version: 1.0.0)
iTunes (Version: 11.0.1.12)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java SE Development Kit 7 Update 25 (64-bit) (Version: 1.7.0.250)
JMicron JMB36X Driver (x32 Version: 1.00.0000)
Logitech Gaming Software (Version: 8.35.18)
Logitech Gaming Software 8.35 (Version: 8.35.18)
Macromedia Dreamweaver MX (x32 Version: 6.0)
Macromedia Extension Manager (x32 Version: 1.5)
Magic Online (x32 Version: 3.00.0000)
Magic The Gathering Online  (HKCU Version: 3.4.76.329)
Majesty 2 Collection (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Metro 2033 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Mirror's Edge (x32)
Mozilla Firefox 18.0 (x86 en-US) (x32 Version: 18.0)
MPC-HC 1.6.3.5818 (x32 Version: 1.6.3.5818)
MSI Afterburner 2.3.0 (x32 Version: 2.3.0)
NCSOFT Game Launcher (x32)
NetBeans IDE 7.3.1 (Version: 7.3.1)
NVIDIA Control Panel 306.97 (Version: 306.97)
NVIDIA Graphics Driver 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX (x32 Version: 9.12.0604)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
Path of Exile (x32 Version: 0.10.0.22397)
Pawsoft Fass (x32)
Plants vs. Zombies: Game of the Year (x32)
Portal 2 (x32)
PowerCmd 2.2 (x32 Version: AppVerName)
PowerISO (x32 Version: 5.4)
PunkBuster Services (x32 Version: 0.993)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6037)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0)
RIFT (HKCU)
Sandboxie 3.76 (64-bit) (Version: 3.76)
SciTE4AutoIt3 6/10/2012 (x32 Version: 6/10/2012)
Skype™ 4.0 (x32 Version: 4.0.226)
Star Wars Empire at War (x32 Version: 1.0)
Star Wars: The Old Republic (x32 Version: 1.00)
The Elder Scrolls V: Skyrim (x32)
The Matrix Trilogy 3D Code Screen Saver v3.4 (x32)
Unreal Tournament: Game of the Year Edition (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
Warcraft II BNE (x32)
WinBMA (x32 Version: 2.0.4713.34518)
World of Warcraft (x32 Version: 5.3.0.17128)
Worms Reloaded (x32)
XBMC (HKCU)
XYplorer 11.90 (x32 Version: 11.90)

==================== Restore Points  =========================

18-08-2013 20:51:58 Scheduled Checkpoint
20-08-2013 03:32:53 Removed Star Wars Battlefront II
27-08-2013 18:43:00 Scheduled Checkpoint
05-09-2013 00:05:25 Scheduled Checkpoint
12-09-2013 01:08:29 Scheduled Checkpoint
22-09-2013 18:43:26 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 22:34 - 2013-09-20 21:01 - 00000025 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {3211BB2B-66B5-4309-A2A3-431D17B0BA3E} - System32\Tasks\{F2F7BB4C-3107-4E3F-89FB-4C05DC99F595} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsProgressBar
Task: {351BCEE3-8AE8-4B15-9405-A47861431622} - System32\Tasks\{86C359A9-2F90-4790-8106-CB82EFB68146} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2009-04-16] (Skype Technologies S.A.)
Task: {4A52543C-5E33-4ADA-9BE2-09F520F4B388} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2012-11-19] ()
Task: {4CB3BD8F-1D96-4C18-884D-D6C3A441EA15} - System32\Tasks\{05D4214B-B04D-493E-BF11-BD43D7D7A535} => Firefox.exe http://ui.skype.com/ui/0/6.1.0.129/en/abandoninstall?page=tsProgressBar
Task: {920598DB-6457-4E1E-BF29-401142D2D037} - \GoogleUpdateTaskMachineUA No Task File
Task: {97E11A53-B82B-409B-A6FB-46A5DBE5E7B4} - \GoogleUpdateTaskMachineCore No Task File
Task: {9C4F5E40-4CC9-47A7-89A8-6CE5E10180F9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {A7900AFC-1AF4-4872-BC09-5D9375C0C420} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-30] (AVAST Software)
Task: {BD52E4D2-455F-4AB3-889A-298FC605FFFD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CE610289-3C99-430D-82F3-811E4E7BF5C2} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-09-03] (Microsoft Corporation)
Task: {E8276175-015B-40A7-B2CB-E0D78CF6843A} - System32\Tasks\{BB15791B-273A-4595-99B4-F1840FA6A502} => Firefox.exe http://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?source=lightinstaller&amp;page=tsBing
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SidebarExecute.job => C:\Program Files\Windows Sidebar\sidebar.exe

==================== Loaded Modules (whitelisted) =============

2012-03-11 21:13 - 2012-11-07 19:37 - 00390392 _____ (COMODO) C:\Windows\system32\guard64.dll
2013-05-09 00:18 - 2013-05-09 00:18 - 01158032 _____ (DisplayLink Corp.) C:\Windows\system32\dlumd10.dll
2013-01-08 00:35 - 2012-10-02 18:21 - 14922600 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2012-10-28 10:29 - 2012-10-28 10:29 - 00741376 _____ (IvoSoft) C:\Program Files\Classic Shell\ClassicExplorer64.dll
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-10-28 10:29 - 2012-10-28 10:29 - 02004480 _____ (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2012-08-17 00:42 - 2012-08-17 00:42 - 00230496 _____ (Power Software Ltd) D:\Program Files\PowerISO\PWRISOSH.DLL
2013-06-24 20:55 - 2013-04-06 13:38 - 00206296 _____ (Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll
2013-07-25 20:37 - 2013-07-25 20:37 - 00178800 _____ (Sony DADC Austria AG.) c:\windows\SysWOW64\cmdlineext_x64.dll
2012-09-04 00:16 - 2012-09-04 00:15 - 00149536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2012-09-04 00:16 - 2012-09-04 00:15 - 01631264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-05-09 00:18 - 2013-05-09 00:18 - 01323920 _____ (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\AddOnApi64.dll
2013-01-08 00:35 - 2012-10-02 18:21 - 26331496 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.DLL
2012-12-16 07:25 - 2012-12-16 07:25 - 00439056 _____ (SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieDll.dll
2012-09-04 19:29 - 2012-09-04 19:29 - 00020480 _____ (Jonathan Abbott) C:\Users\Yoshi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Network_Meter_V8.1.gadget\netlib.dll
2013-07-03 16:38 - 2013-01-11 18:23 - 00045792 _____ (Orbmu2k) C:\Users\Yoshi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPU_Meter_V2.4.gadget\GPUStatusReader.dll
2013-01-08 00:35 - 2012-10-02 18:21 - 02731880 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-07-03 16:38 - 2013-01-11 18:23 - 00577760 _____ (NVIDIA) C:\Users\Yoshi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPU_Meter_V2.4.gadget\nvsulib64.dll
2012-09-03 13:34 - 2011-11-17 01:38 - 01292080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-01-07 01:39 - 2012-10-04 12:47 - 01114112 _____ (Microsoft Corporation) C:\Windows\syswow64\kernel32.dll
2013-01-07 01:39 - 2012-10-04 12:47 - 00274944 _____ (Microsoft Corporation) C:\Windows\syswow64\KERNELBASE.dll
2012-11-08 09:25 - 2012-11-08 09:25 - 00061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2012-09-03 23:57 - 2010-11-20 08:21 - 00350208 _____ (Microsoft Corporation) C:\Windows\syswow64\SHLWAPI.dll
2012-09-03 23:57 - 2010-11-20 08:08 - 00311296 _____ (Microsoft Corporation) C:\Windows\syswow64\GDI32.dll
2012-09-03 23:57 - 2010-11-20 08:08 - 00833024 _____ (Microsoft Corporation) C:\Windows\syswow64\USER32.dll
2012-09-03 23:57 - 2010-11-20 08:18 - 00640512 _____ (Microsoft Corporation) C:\Windows\syswow64\ADVAPI32.dll
2012-09-03 13:34 - 2011-12-16 03:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\syswow64\msvcrt.dll
2009-07-13 19:11 - 2009-07-13 21:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2012-09-03 23:57 - 2010-11-20 08:08 - 00663040 _____ (Microsoft Corporation) C:\Windows\syswow64\RPCRT4.dll
2013-01-07 01:33 - 2012-08-24 12:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\syswow64\SspiCli.dll
2009-07-13 19:12 - 2009-07-13 21:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\syswow64\CRYPTBASE.dll
2009-07-13 19:25 - 2009-07-13 21:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\syswow64\LPK.dll
2012-09-03 23:57 - 2010-11-20 08:21 - 00626176 _____ (Microsoft Corporation) C:\Windows\syswow64\USP10.dll
2012-11-08 09:06 - 2012-11-08 09:06 - 00061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2012-09-03 23:57 - 2010-11-20 08:20 - 01414144 _____ (Microsoft Corporation) C:\Windows\syswow64\ole32.dll
2012-09-03 13:34 - 2011-08-27 00:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\syswow64\OLEAUT32.dll
2012-11-08 09:12 - 2012-11-08 09:12 - 00229376 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2012-09-03 23:57 - 2010-11-20 08:21 - 01667584 _____ (Microsoft Corporation) C:\Windows\syswow64\SETUPAPI.dll
2012-09-03 13:34 - 2011-05-24 06:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\syswow64\CFGMGR32.dll
2012-09-03 13:34 - 2011-05-24 06:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\syswow64\DEVOBJ.dll
2009-07-13 19:15 - 2009-07-13 21:16 - 00006144 _____ (Microsoft Corporation) C:\Windows\syswow64\PSAPI.DLL
2012-11-08 09:08 - 2012-11-08 09:08 - 00143360 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2012-11-08 09:23 - 2012-11-08 09:23 - 00339968 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2013-01-07 02:08 - 2012-11-13 21:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\syswow64\WININET.dll
2009-07-13 19:15 - 2009-07-13 21:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\syswow64\Normaliz.dll
2013-01-07 02:08 - 2012-11-13 21:46 - 01793024 _____ (Microsoft Corporation) C:\Windows\syswow64\iertutil.dll
2013-01-07 02:08 - 2012-11-13 21:57 - 01103872 _____ (Microsoft Corporation) C:\Windows\syswow64\urlmon.dll
2012-09-03 13:36 - 2012-06-09 00:41 - 12873728 _____ (Microsoft Corporation) C:\Windows\syswow64\SHELL32.dll
2009-07-13 19:28 - 2009-07-13 21:15 - 00828928 _____ (Microsoft Corporation) C:\Windows\syswow64\MSCTF.dll
2012-03-11 21:13 - 2012-11-07 19:37 - 00301264 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2012-09-03 23:57 - 2010-11-20 08:21 - 00206848 _____ (Microsoft Corporation) C:\Windows\syswow64\WS2_32.dll
2009-07-13 19:12 - 2009-07-13 21:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\syswow64\NSI.dll
2012-10-10 13:45 - 2012-08-24 12:57 - 00172544 _____ (Microsoft Corporation) C:\Windows\syswow64\WINTRUST.dll
2012-10-10 13:45 - 2012-06-02 00:36 - 01159680 _____ (Microsoft Corporation) C:\Windows\syswow64\CRYPT32.dll
2012-09-03 23:57 - 2010-11-20 08:19 - 00034304 _____ (Microsoft Corporation) C:\Windows\syswow64\MSASN1.dll
2011-04-30 11:04 - 2011-04-30 11:04 - 00013312 _____ () C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
2009-07-13 19:44 - 2009-07-13 21:15 - 00522240 _____ (Microsoft Corporation) C:\Windows\syswow64\CLBCatQ.DLL
2012-09-03 23:57 - 2010-11-20 08:21 - 00505856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2012-09-03 23:57 - 2010-11-20 08:21 - 00269824 _____ (Microsoft Corporation) C:\Windows\syswow64\WLDAP32.dll
2012-11-08 08:56 - 2012-11-08 08:56 - 00122880 _____ () C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll
2012-11-08 08:21 - 2012-11-08 08:21 - 00061440 _____ () C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTFC.dll
2012-11-08 08:24 - 2012-11-08 08:24 - 00139264 _____ () C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTUI.dll
2012-11-08 08:46 - 2012-11-08 08:46 - 00061440 _____ () C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTMUI.dll
2011-04-30 11:04 - 2011-04-30 11:04 - 00013312 _____ () C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTTSH.dll
2012-09-03 23:57 - 2010-11-20 08:18 - 00485888 _____ (Microsoft Corporation) C:\Windows\syswow64\COMDLG32.dll
2010-04-27 09:33 - 2010-04-27 09:33 - 00096904 _____ (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.dll
2013-02-15 22:35 - 2013-02-15 22:35 - 06071760 ____R (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\Flash10l.ocx
2012-09-02 03:05 - 2013-01-11 21:40 - 03021872 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-09-02 03:05 - 2013-01-11 21:40 - 00814128 _____ (sqlite.org) C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:1F41D2FE
AlternateDataStreams: C:\ProgramData\TEMP:728B799F
AlternateDataStreams: C:\ProgramData\TEMP:76650B61
AlternateDataStreams: C:\ProgramData\TEMP:A29E7570
AlternateDataStreams: C:\Users\Public\DRM:??????????

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00963846.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20674879.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00963846.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20674879.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/24/2013 07:34:01 PM) (Source: PerfNet) (User: )
Description:

Error: (09/24/2013 07:31:57 PM) (Source: PerfNet) (User: )
Description:

Error: (09/23/2013 10:34:13 PM) (Source: PerfNet) (User: )
Description:

Error: (09/23/2013 10:26:13 PM) (Source: PerfNet) (User: )
Description:

Error: (09/23/2013 10:18:13 PM) (Source: PerfNet) (User: )
Description:

Error: (09/23/2013 10:10:13 PM) (Source: PerfNet) (User: )
Description:

Error: (09/23/2013 10:02:13 PM) (Source: PerfNet) (User: )
Description:

Error: (09/23/2013 09:54:13 PM) (Source: PerfNet) (User: )
Description:

Error: (09/23/2013 09:46:13 PM) (Source: PerfNet) (User: )
Description:

Error: (09/23/2013 09:38:13 PM) (Source: PerfNet) (User: )
Description:


System errors:
=============
Error: (09/24/2013 07:31:42 PM) (Source: Service Control Manager) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error:
%%1058

Error: (09/23/2013 07:21:17 PM) (Source: Service Control Manager) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error:
%%1058

Error: (09/22/2013 08:12:44 PM) (Source: Service Control Manager) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error:
%%1058

Error: (09/22/2013 08:05:14 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/22/2013 08:05:14 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/22/2013 08:05:14 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/22/2013 08:05:14 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/22/2013 08:05:14 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/22/2013 08:05:14 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/22/2013 08:05:13 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (09/24/2013 07:34:01 PM) (Source: PerfNet)(User: )
Description:

Error: (09/24/2013 07:31:57 PM) (Source: PerfNet)(User: )
Description:

Error: (09/23/2013 10:34:13 PM) (Source: PerfNet)(User: )
Description:

Error: (09/23/2013 10:26:13 PM) (Source: PerfNet)(User: )
Description:

Error: (09/23/2013 10:18:13 PM) (Source: PerfNet)(User: )
Description:

Error: (09/23/2013 10:10:13 PM) (Source: PerfNet)(User: )
Description:

Error: (09/23/2013 10:02:13 PM) (Source: PerfNet)(User: )
Description:

Error: (09/23/2013 09:54:13 PM) (Source: PerfNet)(User: )
Description:

Error: (09/23/2013 09:46:13 PM) (Source: PerfNet)(User: )
Description:

Error: (09/23/2013 09:38:13 PM) (Source: PerfNet)(User: )
Description:


CodeIntegrity Errors:
===================================
  Date: 2012-09-16 17:47:49.490
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-16 17:47:49.459
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 12279.11 MB
Available physical RAM: 9576.31 MB
Total Pagefile: 24556.42 MB
Available Pagefile: 21618.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:68.2 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:419.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 0FA06A33)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F7A2E6AE)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,967 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:42 AM

Posted 24 September 2013 - 08:41 PM

Greetings,

We need to clean up some entries and investigate some others. Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Users\Yoshi\AppData\Local\Temp\Foxit Reader Updater.exe
AlternateDataStreams: C:\ProgramData\TEMP:1F41D2FE
AlternateDataStreams: C:\ProgramData\TEMP:728B799F
AlternateDataStreams: C:\ProgramData\TEMP:76650B61
AlternateDataStreams: C:\ProgramData\TEMP:A29E7570
AlternateDataStreams: C:\Users\Public\DRM:??????????
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's MiniRegTool

--------------------
  • Please download MiniRegTool.zip (for 32 bit systems) or MiniRegTool64.zip (for 64 bit systems) and save it to your desktop
  • Unzip the folder and double click the icon
  • When you run the tool this is what you will see

MiniReg.gif

  • Copy and paste the following into the edit box:

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00963846.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20674879.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00963846.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20674879.sys

  • Check the Export keys radio button.
  • Press the Go button and post the result.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • MiniRegTool report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 King_Yoshi

King_Yoshi
  • Topic Starter

  • Malware Study Hall Senior
  • 1,361 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 25 September 2013 - 07:36 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2013
Ran by Yoshi at 2013-09-25 20:33:58 Run:1
Running from C:\Users\Yoshi\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Yoshi\AppData\Local\Temp\Foxit Reader Updater.exe
AlternateDataStreams: C:\ProgramData\TEMP:1F41D2FE
AlternateDataStreams: C:\ProgramData\TEMP:728B799F
AlternateDataStreams: C:\ProgramData\TEMP:76650B61
AlternateDataStreams: C:\ProgramData\TEMP:A29E7570
AlternateDataStreams: C:\Users\Public\DRM:??????????
*****************

C:\Users\Yoshi\AppData\Local\Temp\Foxit Reader Updater.exe => Moved successfully.
C:\ProgramData\TEMP => ":1F41D2FE" ADS removed successfully.
C:\ProgramData\TEMP => ":728B799F" ADS removed successfully.
C:\ProgramData\TEMP => ":76650B61" ADS removed successfully.
C:\ProgramData\TEMP => ":A29E7570" ADS removed successfully.
"C:\Users\Public\DRM" => ":??????????" ADS not found.

==== End of Fixlog ====

 

 

 

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00963846.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20674879.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00963846.sys]
@="Driver"
 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,967 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:42 AM

Posted 25 September 2013 - 08:13 PM

Thanks for the information.

 

Could you please boot into Safe Mode with Networking and tell me if you have internet access?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 King_Yoshi

King_Yoshi
  • Topic Starter

  • Malware Study Hall Senior
  • 1,361 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 25 September 2013 - 09:54 PM

Thanks for the information.

 

Could you please boot into Safe Mode with Networking and tell me if you have internet access?

I do have internet access in safe mode.

I am writing this post from Safe Mode with Networking.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,967 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:42 AM

Posted 25 September 2013 - 10:26 PM

OK thanks. I am checking on the validity of those safeboot registry keys.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,967 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:42 AM

Posted 26 September 2013 - 08:36 AM

Greetings King_Yoshi,

Could you please rerun MiniRegTool again (Post #5) exactly as you did previously with one important change. Rather than select Export, please select Delete Keys/Values including locked/Null embedded.

Please post the report and let me know how your computer is running.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 King_Yoshi

King_Yoshi
  • Topic Starter

  • Malware Study Hall Senior
  • 1,361 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 26 September 2013 - 09:01 AM

Greetings King_Yoshi,

Could you please rerun MiniRegTool again (Post #5) exactly as you did previously with one important change. Rather than select Export, please select Delete Keys/Values including locked/Null embedded.

Please post the report and let me know how your computer is running.

 

Ok, I will do so, as soon as I get home from work, this evening.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,967 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:42 AM

Posted 26 September 2013 - 09:04 AM

No problem, take your time.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 King_Yoshi

King_Yoshi
  • Topic Starter

  • Malware Study Hall Senior
  • 1,361 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 26 September 2013 - 06:32 PM

MiniRegTool64 by Farbar Version:18-06-2013
Ran by Yoshi (administrator) on 2013-09-26 19:29:43

====================================
"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00963846.sys" deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20674879.sys" deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00963846.sys" deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20674879.sys " not found.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,967 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:42 AM

Posted 26 September 2013 - 09:07 PM

Great, are you currently having any issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 King_Yoshi

King_Yoshi
  • Topic Starter

  • Malware Study Hall Senior
  • 1,361 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 27 September 2013 - 09:42 AM

I don't seem to be having any issues.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users