Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

All .exe files downloaded contain a virus [Closed]

Started by Keldaris , Jul 18 2013 11:48 PM

This topic is locked

#1
Keldaris

Posted 18 July 2013 - 11:48 PM

New Member

Member
6 posts

I have been trying to download and install Windows updates and repairs from Microsoft FixIt site and every EXE file comes through as a virus even when running in safe mode.

Internet Explorer says FILENAME.EXE contained a virus and FireFox just deletes the files automatically. I had to put OTL on a flash drive and copy to desktop to get it to run. Could not download RKILL or EXEHELPER either copied to flash. I have a second PC I can download on so it helps.

I wasn't sure if I should include those logs as well but included RKILL log below.

OTL logfile created on: 7/19/13 1:26:18 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amanda\Desktop\AVStuff
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: M/dd/yy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.16% Memory free
3.99 Gb Paging File | 3.50 Gb Available in Paging File | 87.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 115.81 Gb Free Space | 38.85% Space Free | Partition Type: NTFS
Drive D: | 303.38 Gb Total Space | 205.36 Gb Free Space | 67.69% Space Free | Partition Type: NTFS
Drive E: | 1559.63 Gb Total Space | 407.90 Gb Free Space | 26.15% Space Free | Partition Type: NTFS
Drive H: | 14.54 Gb Total Space | 11.01 Gb Free Space | 75.75% Space Free | Partition Type: FAT32

Computer Name: AMANDA-PC | User Name: Amanda | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/18 23:01:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\AVStuff\OTL.exe
PRC - [2012/09/07 20:04:22 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2013/07/03 13:16:11 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/11 21:12:48 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/03/26 01:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/19 21:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/09/07 20:04:22 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/06/20 11:28:03 | 004,145,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/07/05 19:03:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F500641E-2C6E-4D33-BE0C-6EBC9F76159A}\MpKsld12bc1ce.sys -- (MpKsld12bc1ce)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{127CD835-5ECE-441A-B215-94F83A5FBC1A}\MpKslc43a2148.sys -- (MpKslc43a2148)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CF08E110-944A-4BCE-8348-621C1AF5C594}\MpKslaca1c469.sys -- (MpKslaca1c469)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F30A262B-0BF0-4F61-A4B3-808669B80D8A}\MpKsl1675053f.sys -- (MpKsl1675053f)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{708530EA-7DEF-4101-88D7-1D38D24E0050}\MpKsl13cdfd40.sys -- (MpKsl13cdfd40)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{80CBE2AE-E605-470A-8B73-A0AE65C5DBEE}\MpKsl02c4e3cd.sys -- (MpKsl02c4e3cd)
DRV - File not found [Kernel | System | Stopped] -- c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys -- (BdfNdisf)
DRV - [2013/06/27 16:56:13 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/27 16:56:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/27 16:56:13 | 000,175,176 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 04:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/02/19 21:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/08/23 10:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 10:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/01/18 02:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 02:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2012/01/18 02:44:14 | 000,022,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/30 21:59:05 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/20 16:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2007/06/08 09:00:02 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM03Afx.sys -- (OEM03Afx)
DRV - [2007/04/25 09:00:00 | 000,235,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM03Vid.sys -- (OEM03Vid)
DRV - [2007/03/05 18:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM03Vfx.sys -- (OEM03Vfx)
DRV - [2007/01/15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {7FF191D4-96CC-4D62-8972-F1D47D0A912D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 40 6F AE 36 84 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {7FF191D4-96CC-4D62-8972-F1D47D0A912D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...0F90019B90BDD47
IE - HKCU\..\SearchScopes\{39821DE8-9D5F-4B90-B1BC-C270FDCADE81}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{685F3FC7-9B3F-497A-956B-9D873E5A7067}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{7FF191D4-96CC-4D62-8972-F1D47D0A912D}: "URL" = http://search.condui...8283150960&UM=2
IE - HKCU\..\SearchScopes\{E2ED7A04-E2BE-41E3-828B-5CBE580D7D3C}: "URL" = http://websearch.ask...9D-9DB5AC62523A
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect...e=tb50winampie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.ca"
FF - prefs.js..extensions.enabledAddons: %7B0b38152b-1b20-484d-a11f-5e04a9b0661f%7D:5.6.20.9397
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "http://search.condui...UI&UM=UM_ID&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Amanda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Amanda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Amanda\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Amanda\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Amanda\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Amanda\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/24 01:19:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/03 13:15:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/03 13:16:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/03 13:15:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/03 13:16:02 | 000,000,000 | ---D | M]

[2011/05/29 13:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Extensions
[2013/06/21 08:49:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\extensions
[2013/04/02 20:11:15 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2013/05/31 09:55:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/05/23 23:59:04 | 000,002,533 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\aol-search.xml
[2011/05/31 00:37:44 | 000,002,354 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\aol-web-search.xml
[2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\askcom.xml
[2013/05/23 22:13:17 | 000,006,503 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\babylon.xml
[2013/03/04 18:37:50 | 000,000,935 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\conduit.xml
[2013/05/23 22:13:29 | 000,001,294 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\delta.xml
[2013/07/03 13:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/03 13:15:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/07/03 13:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/03 13:16:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/24 01:19:36 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/07/05 02:54:27 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/07/11 17:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: YouTube = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Amanda\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WeatherEye] C:\Users\Amanda\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D62975E2-9BA0-4901-ADEC-32E0D8B275EA}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/10/13 20:41:11 | 000,000,100 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e427c84a-8f87-11e0-8c3c-0019b90bdd47}\Shell - "" = AutoRun
O33 - MountPoints2\{e427c84a-8f87-11e0-8c3c-0019b90bdd47}\Shell\AutoRun\command - "" = I:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/19 01:18:19 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\AVStuff
[2013/07/18 22:55:20 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{C026C6A8-091C-4512-A360-2D9DD72F028B}
[2013/07/18 22:29:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/18 22:15:54 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Oracle
[2013/07/18 22:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/07/18 22:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/07/17 16:03:50 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{42AAE452-DD38-4AA8-A151-358D94334369}
[2013/07/16 10:10:34 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{AE948EDB-1761-4531-9E09-BEC73F5FFEE1}
[2013/07/07 21:38:21 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{AF1E86E4-D3CB-4332-BD73-D4A239A28BBA}
[2013/07/07 21:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/07/05 09:06:53 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{F5D20572-5861-4622-9EA3-7F93DE26464E}
[2013/07/03 13:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/06/22 09:45:49 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{515B4756-9115-44CF-BC3D-FE7775C3076C}
[2013/06/22 09:39:50 | 000,021,576 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/19 01:24:47 | 000,839,864 | ---- | M] () -- C:\Users\Amanda\Documents\treasure_island_nt.pdf
[2013/07/19 01:10:52 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/19 01:10:52 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/19 00:21:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/19 00:21:30 | 1608,527,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/19 00:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/19 00:07:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001UA.job
[2013/07/18 22:24:05 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001UA.job
[2013/07/18 16:24:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001Core.job
[2013/07/18 14:07:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001Core.job
[2013/07/17 16:01:19 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/17 16:01:19 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/16 09:26:24 | 000,357,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/07 21:30:52 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/07/07 21:29:53 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/06/27 16:56:13 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/06/27 16:56:13 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/06/27 16:56:13 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/06/27 16:56:13 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/27 16:56:13 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/27 16:56:13 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/19 01:24:47 | 000,839,864 | ---- | C] () -- C:\Users\Amanda\Documents\treasure_island_nt.pdf
[2013/07/07 21:29:53 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/07/05 09:08:25 | 000,000,965 | ---- | C] () -- C:\Users\Amanda\Desktop\CCleaner.lnk
[2013/06/27 16:56:13 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 20:53:12 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/26 20:53:12 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/05/24 01:19:52 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/05/24 01:19:51 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/05/21 03:24:52 | 000,237,371 | ---- | C] () -- C:\ProgramData\1369120977.bdinstall.bin
[2013/05/21 02:30:02 | 000,442,185 | ---- | C] () -- C:\ProgramData\1369117695.bdinstall.bin
[2013/05/21 01:07:40 | 000,919,411 | ---- | C] () -- C:\ProgramData\1369111318.bdinstall.bin
[2012/08/23 22:39:25 | 000,007,607 | ---- | C] () -- C:\Users\Amanda\AppData\Local\Resmon.ResmonCfg
[2012/01/18 02:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 02:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 02:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/08 01:57:31 | 000,014,188 | -HS- | C] () -- C:\Users\Amanda\AppData\Local\tg2241df7qlm73d86m436gn8m8y1hmqoy104oqcv2y87vy
[2012/01/08 01:57:31 | 000,014,188 | -HS- | C] () -- C:\ProgramData\tg2241df7qlm73d86m436gn8m8y1hmqoy104oqcv2y87vy
[2011/12/14 14:59:51 | 003,166,690 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\UserTile.png
[2011/11/16 21:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/08/12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/06/17 01:01:10 | 001,129,965 | ---- | C] () -- C:\Users\Amanda\AppData\Local\census.cache
[2011/06/17 01:00:49 | 000,126,849 | ---- | C] () -- C:\Users\Amanda\AppData\Local\ars.cache
[2011/06/17 00:41:57 | 000,000,036 | ---- | C] () -- C:\Users\Amanda\AppData\Local\housecall.guid.cache
[2011/06/06 19:01:51 | 000,006,144 | ---- | C] () -- C:\Users\Amanda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/29 15:26:18 | 000,000,810 | RHS- | C] () -- C:\Users\Amanda\ntuser.pol
[2011/05/29 15:19:08 | 000,008,238 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2013/05/17 00:02:53 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\@
[2013/05/17 00:02:53 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\L
[2013/05/17 14:29:03 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\U
[2013/05/17 00:03:20 | 000,000,928 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\U\00000001.@
[2013/05/17 00:03:39 | 000,022,016 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\U\800000cb.@
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/06/06 10:49:12 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Auslogics
[2013/05/23 22:12:53 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Babylon
[2013/01/18 10:46:35 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\DAEMON Tools Lite
[2013/05/23 22:12:23 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\DealPly
[2011/06/05 02:37:45 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\ESET
[2013/05/22 12:45:44 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Foxit Software
[2013/02/22 02:26:18 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Leadertech
[2011/07/30 14:43:21 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\OpenCandy
[2013/07/18 22:15:54 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Oracle
[2012/08/24 17:01:37 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Origin
[2011/06/08 00:12:58 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\PMS
[2013/05/21 00:43:47 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\QuickScan
[2013/03/14 16:51:38 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\RipIt4Me
[2012/06/22 14:09:58 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\SEGA
[2011/11/15 22:20:50 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Thinstall
[2011/11/29 20:40:35 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\tmp
[2013/05/22 15:02:51 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\uTorrent
[2011/09/19 20:03:23 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2012/06/22 10:31:26 | 000,001,123 | ---- | M] ()(C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 ??????????????.lnk) -- C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版.lnk
[2012/06/22 10:31:26 | 000,001,123 | ---- | C] ()(C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 ??????????????.lnk) -- C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版.lnk
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHANTASY STAR ONLINE 2 ??????????????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:233BFF24

< End of report >

Rkill 2.5.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 07/19/2013 01:43:45 AM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Amanda\Desktop\AVStuff\OTL.exe (PID: 1984) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* ALERT: ZEROACCESS rootkit symptoms found!

* C:\$RECYCLE.BIN\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\ [ZA Dir]
* C:\$RECYCLE.BIN\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\@ [ZA File]
* C:\$RECYCLE.BIN\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\L\ [ZA Dir]
* C:\$RECYCLE.BIN\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\U\ [ZA Dir]
* C:\$RECYCLE.BIN\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\U\00000001.@ [ZA File]
* C:\$RECYCLE.BIN\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\U\800000cb.@ [ZA File]

* ALERT: ZEROACCESS Reparse Point/Junction found!

* C:\Program Files\Windows Defender\en-US => c:\windows\system32\config\ [Dir]
* C:\Program Files\Windows Defender\MpAsDesc.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpClient.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpCmdRun.exe => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpCommu.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpEvMsg.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpOAV.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpRTP.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpSvc.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MSASCui.exe => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MsMpCom.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MsMpLics.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MsMpRes.dll => c:\windows\system32\config [File]

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* BFE [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* C:\Windows\System32\user32.dll : 811,520 : 07/05/2011 07:03 PM : 7bd7f45ff37fa0669cd32ca0ef46e22c [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll : 811,520 : 07/13/2009 09:16 PM : 34b7e222e81fafa885f0c5f2cfa56861 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll : 811,520 : 11/20/2010 08:21 AM : f1dd3acaee5e6b4bbc69bc6df75cef66 [Pos Repl]

Checking HOSTS File:

* No issues found.

Program finished at: 07/19/2013 01:44:02 AM
Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)

#2
Phel

Posted 19 July 2013 - 01:14 AM

Trusted Helper

Malware Removal
1,386 posts

Hello, Keldaris and welcome to GeeksToGo!

You can call me Phel and today I will try to help you with your trouble.

Please, read these instructions carefully, because they contain some very useful information.

Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.

Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.

Please, wait for a while now, currently I'm analyzing your logs. Please note, that my answers could come with a slight delay, because they are checked by my teacher.

#3
Phel

Posted 20 July 2013 - 03:36 AM

Trusted Helper

Malware Removal
1,386 posts

Sorry for delay.

Step 1. OTL fix.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files
fsutil reparsepoint delete "C:\Program Files\Windows Defender\en-US" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpAsDesc.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpClient.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpCmdRun.exe" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpCommu.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpEvMsg.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpOAV.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpRTP.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpSvc.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MSASCui.exe" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpCom.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpLics.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpRes.dll" /c

:Commands
[EMPTYTEMP]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again
Under the Custom Scans/Fixes box at the bottom, paste in the following
```
dir "%systemdrive%\*" /S /A:L /C
```
Then click the Run Scan button at the top
Let the program run unhindered
When the scan completes, it will open notepad window - OTL.Txt. This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file, one at a time and post them in your topic.

Step 2. RogueKiller scan.

Download RogueKiller to your desktop

Note: This is a French tool so don't be surprised when you find the page displays with some French.

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
Wait until Prescan has finished...
Click on Scan
Wait for the scan to finish.
The report is created on your desktop.
Click on the Delete button
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of all the RKreport.txt files from your desktop in your next Reply.

Step 3. Virustotal scan.

Please, upload the file C:\Windows\System32\user32.dll to VirusTotal.
If File already analysed window will appear, click on Reanalyse button.
When scan will be finished, post the link to result (you can copy it from address bar in your browser) in your next message.

So, please, don't forget to post in your next message:

OTL log
RogueKiller log
Link to VirusTotal scan

#4
Keldaris

Posted 20 July 2013 - 09:14 PM

New Member

Topic Starter
Member
6 posts

Thank you so much for getting back to me about this issue I GREATLY appreciate it!!! Sorry it took me a little while to respond. Night time is usually when I am free to be on Computer.
Here again is the OTL log file and after running Rogue Killer I will include that log as well.

OTL logfile created on: 7/20/13 10:40:27 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amanda\Desktop\AVStuff
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: M/dd/yy

2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.58% Memory free
3.99 Gb Paging File | 3.25 Gb Available in Paging File | 81.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 114.66 Gb Free Space | 38.47% Space Free | Partition Type: NTFS
Drive D: | 303.38 Gb Total Space | 205.36 Gb Free Space | 67.69% Space Free | Partition Type: NTFS
Drive E: | 1559.63 Gb Total Space | 407.90 Gb Free Space | 26.15% Space Free | Partition Type: NTFS

Computer Name: AMANDA-PC | User Name: Amanda | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/18 23:01:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\AVStuff\OTL.exe
PRC - [2013/07/03 13:16:11 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/07/02 09:17:20 | 000,064,008 | ---- | M] (Google) -- C:\Users\Amanda\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/09/07 20:04:22 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2013/07/03 13:16:10 | 003,285,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2013/07/19 02:51:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/03 13:16:11 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/03/26 01:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/19 21:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/09/07 20:04:22 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/06/20 11:28:03 | 004,145,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/07/05 19:03:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F500641E-2C6E-4D33-BE0C-6EBC9F76159A}\MpKsld12bc1ce.sys -- (MpKsld12bc1ce)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{127CD835-5ECE-441A-B215-94F83A5FBC1A}\MpKslc43a2148.sys -- (MpKslc43a2148)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CF08E110-944A-4BCE-8348-621C1AF5C594}\MpKslaca1c469.sys -- (MpKslaca1c469)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F30A262B-0BF0-4F61-A4B3-808669B80D8A}\MpKsl1675053f.sys -- (MpKsl1675053f)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{708530EA-7DEF-4101-88D7-1D38D24E0050}\MpKsl13cdfd40.sys -- (MpKsl13cdfd40)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{80CBE2AE-E605-470A-8B73-A0AE65C5DBEE}\MpKsl02c4e3cd.sys -- (MpKsl02c4e3cd)
DRV - File not found [Kernel | System | Stopped] -- c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys -- (BdfNdisf)
DRV - [2013/06/27 16:56:13 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/27 16:56:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/27 16:56:13 | 000,175,176 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 04:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/02/19 21:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/08/23 10:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 10:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/01/18 02:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 02:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2012/01/18 02:44:14 | 000,022,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/30 21:59:05 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/20 16:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2007/06/08 09:00:02 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM03Afx.sys -- (OEM03Afx)
DRV - [2007/04/25 09:00:00 | 000,235,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM03Vid.sys -- (OEM03Vid)
DRV - [2007/03/05 18:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM03Vfx.sys -- (OEM03Vfx)
DRV - [2007/01/15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {7FF191D4-96CC-4D62-8972-F1D47D0A912D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 40 6F AE 36 84 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {7FF191D4-96CC-4D62-8972-F1D47D0A912D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...0F90019B90BDD47
IE - HKCU\..\SearchScopes\{39821DE8-9D5F-4B90-B1BC-C270FDCADE81}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{685F3FC7-9B3F-497A-956B-9D873E5A7067}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{7FF191D4-96CC-4D62-8972-F1D47D0A912D}: "URL" = http://search.condui...8283150960&UM=2
IE - HKCU\..\SearchScopes\{E2ED7A04-E2BE-41E3-828B-5CBE580D7D3C}: "URL" = http://websearch.ask...9D-9DB5AC62523A
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect...e=tb50winampie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.ca"
FF - prefs.js..extensions.enabledAddons: %7B0b38152b-1b20-484d-a11f-5e04a9b0661f%7D:5.6.20.9397
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "http://search.condui...UI&UM=UM_ID&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Amanda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Amanda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Amanda\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Amanda\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Amanda\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Amanda\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/24 01:19:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/03 13:15:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/03 13:16:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/03 13:15:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/03 13:16:02 | 000,000,000 | ---D | M]

[2011/05/29 13:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Extensions
[2013/07/19 18:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\extensions
[2013/04/02 20:11:15 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2013/07/19 18:45:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/05/23 23:59:04 | 000,002,533 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\aol-search.xml
[2011/05/31 00:37:44 | 000,002,354 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\aol-web-search.xml
[2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\askcom.xml
[2013/05/23 22:13:17 | 000,006,503 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\babylon.xml
[2013/03/04 18:37:50 | 000,000,935 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\conduit.xml
[2013/05/23 22:13:29 | 000,001,294 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\delta.xml
[2013/07/03 13:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/03 13:15:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/07/03 13:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/03 13:16:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/24 01:19:36 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/07/05 02:54:27 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/07/11 17:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: YouTube = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Amanda\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WeatherEye] C:\Users\Amanda\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D62975E2-9BA0-4901-ADEC-32E0D8B275EA}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/10/13 20:41:11 | 000,000,100 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e427c84a-8f87-11e0-8c3c-0019b90bdd47}\Shell - "" = AutoRun
O33 - MountPoints2\{e427c84a-8f87-11e0-8c3c-0019b90bdd47}\Shell\AutoRun\command - "" = I:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/20 21:06:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/19 02:50:33 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Adobe
[2013/07/19 01:18:19 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\AVStuff
[2013/07/18 22:55:20 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{C026C6A8-091C-4512-A360-2D9DD72F028B}
[2013/07/18 22:29:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/18 22:15:54 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Oracle
[2013/07/18 22:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/07/18 22:14:31 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/07/18 22:14:20 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/07/18 22:14:20 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/07/18 22:14:20 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/07/18 22:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/07/17 16:03:50 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{42AAE452-DD38-4AA8-A151-358D94334369}
[2013/07/16 10:10:34 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{AE948EDB-1761-4531-9E09-BEC73F5FFEE1}
[2013/07/16 09:17:11 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/16 09:17:09 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/16 09:17:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/07/16 09:17:09 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/16 09:17:08 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/16 09:17:07 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/16 09:17:07 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/07/16 09:17:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/07/16 09:17:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/07/16 09:17:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/07/16 09:05:37 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/07/16 09:05:36 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/07/16 09:05:34 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/07/16 09:05:22 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/07/07 21:38:21 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{AF1E86E4-D3CB-4332-BD73-D4A239A28BBA}
[2013/07/07 21:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/07/05 09:06:53 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{F5D20572-5861-4622-9EA3-7F93DE26464E}
[2013/07/03 13:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/06/22 09:45:49 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{515B4756-9115-44CF-BC3D-FE7775C3076C}
[2013/06/22 09:39:50 | 000,021,576 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys

========== Files - Modified Within 30 Days ==========

[2013/07/20 22:37:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/20 22:37:49 | 1608,527,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/20 22:36:43 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/20 21:07:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001UA.job
[2013/07/20 19:24:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001UA.job
[2013/07/20 16:24:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001Core.job
[2013/07/20 15:21:40 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/20 15:21:40 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/20 14:07:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001Core.job
[2013/07/19 02:51:13 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/07/19 02:51:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/07/19 01:24:47 | 000,839,864 | ---- | M] () -- C:\Users\Amanda\Documents\treasure_island_nt.pdf
[2013/07/18 22:14:14 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/07/18 22:14:12 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/07/18 22:14:12 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/07/18 22:14:12 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/07/18 22:14:11 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/07/18 22:14:11 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/07/17 16:01:19 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/17 16:01:19 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/16 09:26:24 | 000,357,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/07 21:30:52 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/07/07 21:29:53 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/06/27 16:56:13 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/06/27 16:56:13 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/06/27 16:56:13 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/06/27 16:56:13 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/27 16:56:13 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/27 16:56:13 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum

========== Files Created - No Company Name ==========

[2013/07/19 01:24:47 | 000,839,864 | ---- | C] () -- C:\Users\Amanda\Documents\treasure_island_nt.pdf
[2013/07/07 21:29:53 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/07/05 09:08:25 | 000,000,965 | ---- | C] () -- C:\Users\Amanda\Desktop\CCleaner.lnk
[2013/06/27 16:56:13 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 20:53:12 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/26 20:53:12 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/05/24 01:19:52 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/05/24 01:19:51 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/05/21 03:24:52 | 000,237,371 | ---- | C] () -- C:\ProgramData\1369120977.bdinstall.bin
[2013/05/21 02:30:02 | 000,442,185 | ---- | C] () -- C:\ProgramData\1369117695.bdinstall.bin
[2013/05/21 01:07:40 | 000,919,411 | ---- | C] () -- C:\ProgramData\1369111318.bdinstall.bin
[2012/08/23 22:39:25 | 000,007,607 | ---- | C] () -- C:\Users\Amanda\AppData\Local\Resmon.ResmonCfg
[2012/01/18 02:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 02:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 02:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/08 01:57:31 | 000,014,188 | -HS- | C] () -- C:\Users\Amanda\AppData\Local\tg2241df7qlm73d86m436gn8m8y1hmqoy104oqcv2y87vy
[2012/01/08 01:57:31 | 000,014,188 | -HS- | C] () -- C:\ProgramData\tg2241df7qlm73d86m436gn8m8y1hmqoy104oqcv2y87vy
[2011/12/14 14:59:51 | 003,166,690 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\UserTile.png
[2011/11/16 21:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/08/12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/06/17 01:01:10 | 001,129,965 | ---- | C] () -- C:\Users\Amanda\AppData\Local\census.cache
[2011/06/17 01:00:49 | 000,126,849 | ---- | C] () -- C:\Users\Amanda\AppData\Local\ars.cache
[2011/06/17 00:41:57 | 000,000,036 | ---- | C] () -- C:\Users\Amanda\AppData\Local\housecall.guid.cache
[2011/06/06 19:01:51 | 000,006,144 | ---- | C] () -- C:\Users\Amanda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/29 15:26:18 | 000,000,810 | RHS- | C] () -- C:\Users\Amanda\ntuser.pol
[2011/05/29 15:19:08 | 000,008,238 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2013/05/17 00:02:53 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\@
[2013/05/17 00:02:53 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\L
[2013/05/17 14:29:03 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\U
[2013/05/17 00:03:20 | 000,000,928 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\U\00000001.@
[2013/05/17 00:03:39 | 000,022,016 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\U\800000cb.@
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 30F9-4308
Directory of C:\
07/14/09 12:53 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/09 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/09 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/09 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/09 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/09 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/09 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/09 12:53 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/09 12:53 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/09 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/09 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/09 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/09 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/09 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/09 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Amanda
05/29/11 01:49 PM <JUNCTION> Application Data [C:\Users\Amanda\AppData\Roaming]
05/29/11 01:49 PM <JUNCTION> Cookies [C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Cookies]
05/29/11 01:49 PM <JUNCTION> Local Settings [C:\Users\Amanda\AppData\Local]
05/29/11 01:49 PM <JUNCTION> My Documents [C:\Users\Amanda\Documents]
05/29/11 01:49 PM <JUNCTION> NetHood [C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/29/11 01:49 PM <JUNCTION> PrintHood [C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/29/11 01:49 PM <JUNCTION> Recent [C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Recent]
05/29/11 01:49 PM <JUNCTION> SendTo [C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\SendTo]
05/29/11 01:49 PM <JUNCTION> Start Menu [C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu]
05/29/11 01:49 PM <JUNCTION> Templates [C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Amanda\AppData\Local
05/29/11 01:49 PM <JUNCTION> Application Data [C:\Users\Amanda\AppData\Local]
05/29/11 01:49 PM <JUNCTION> History [C:\Users\Amanda\AppData\Local\Microsoft\Windows\History]
05/29/11 01:49 PM <JUNCTION> Temporary Internet Files [C:\Users\Amanda\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Amanda\Documents
05/29/11 01:49 PM <JUNCTION> My Music [C:\Users\Amanda\Music]
05/29/11 01:49 PM <JUNCTION> My Pictures [C:\Users\Amanda\Pictures]
05/29/11 01:49 PM <JUNCTION> My Videos [C:\Users\Amanda\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/09 12:53 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/09 12:53 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/09 12:53 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/09 12:53 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/09 12:53 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/09 12:53 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/09 12:53 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/09 12:53 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/09 12:53 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/09 12:53 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/09 12:53 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/09 12:53 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/09 12:53 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/09 12:53 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/09 12:53 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/09 12:53 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/09 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/09 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/09 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser
05/21/13 12:02 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
05/21/13 12:02 PM <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
05/21/13 12:02 PM <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
05/21/13 12:02 PM <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
05/21/13 12:02 PM <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/21/13 12:02 PM <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/21/13 12:02 PM <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
05/21/13 12:02 PM <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
05/21/13 12:02 PM <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
05/21/13 12:02 PM <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\AppData\Local
05/21/13 12:02 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]
05/21/13 12:02 PM <JUNCTION> History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
05/21/13 12:02 PM <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\Documents
05/21/13 12:02 PM <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
05/21/13 12:02 PM <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
05/21/13 12:02 PM <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Windows\assembly\GAC_32\System.EnterpriseServices
05/18/11 10:43 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a [C:\Windows.old\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790]
0 File(s) 0 bytes
Directory of C:\Windows.old\Windows\assembly\GAC_MSIL\IEExecRemote
05/18/11 10:43 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a [C:\Windows.old\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e]
0 File(s) 0 bytes
Directory of C:\Windows.old\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
05/18/11 10:39 PM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a [C:\Windows.old\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492]
0 File(s) 0 bytes
Directory of C:\Windows.old\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
09/30/10 05:59 PM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35 [C:\Windows.old\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
70 Dir(s) 123,045,347,328 bytes free

========== Files - Unicode (All) ==========
[2012/06/22 10:31:26 | 000,001,123 | ---- | M] ()(C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 ??????????????.lnk) -- C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版.lnk
[2012/06/22 10:31:26 | 000,001,123 | ---- | C] ()(C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 ??????????????.lnk) -- C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版.lnk
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHANTASY STAR ONLINE 2 ??????????????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:233BFF24

< End of report >

#5
Keldaris

Posted 20 July 2013 - 09:25 PM

New Member

Topic Starter
Member
6 posts

Ok Here are the RKreport file and Virus total reports.

To make it easier to find here is the virus total link: https://www.virustot...sis/1374376974/

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User : Amanda [Admin rights]
Mode : Remove -- Date : 07/20/2013 23:17:52
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : DisableCMD (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[SCREENSVR][SUSP PATH] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Windows\LIVING~1.SCR [-]) -> REPLACED (C:\Windows\system32\logon.scr)
[EXT RUN][SUSP PATH] HKLM\ON_D:\[...]\Run : OEM03Mon.exe (C:\WINDOWS\OEM03Mon.exe [7]) -> DELETED
[EXT RUN][SUSP PATH] HKLM\ON_D:\[...]\Run : VX1000 (C:\WINDOWS\vVX1000.exe [7]) -> DELETED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc000035f] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM
C:\WINDOWS\system32
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
-> D:\windows\system32\config\SOFTWARE
C:\WINDOWS\system32
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
-> D:\windows\system32\config\SECURITY
C:\WINDOWS\system32
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
-> D:\windows\system32\config\SAM
C:\WINDOWS\system32
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
-> D:\windows\system32\config\DEFAULT
C:\WINDOWS\system32
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
-> D:\Documents and Settings\Administrator\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
-> D:\Documents and Settings\All Users\NTUSER.DAT
C:\WINDOWS\system32

-> D:\Documents and Settings\Default User\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
-> D:\Documents and Settings\HP_Administrator\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
-> D:\Documents and Settings\LocalService\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\LocalService\Start Menu\Programs\Startup
-> D:\Documents and Settings\NetworkService\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\NetworkService\Start Menu\Programs\Startup

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST332062 0AS SCSI Disk Device +++++
--- User ---
[MBR] 340b2242d60ef72f3d9923cda1881deb
[BSP] 83c18d2e04eb08d97fa47a02d855e0ea : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: ST332062 0AS SCSI Disk Device +++++
--- User ---
[MBR] 8ccc59a882bb5d5c1ba368091e74742f
[BSP] 5aea854a135ef401d73c08d659a9df63 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 310662 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 636239872 | Size: 1597062 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_07202013_231752.txt >>
RKreport[0]_S_07202013_231623.txt

#6
Phel

Posted 21 July 2013 - 03:53 AM

Trusted Helper

Malware Removal
1,386 posts

1. Please download The Avenger by Swandog46 to your Desktop.

Right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Folders to delete:
C:\$Recycle.Bin\S-1-5-18

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh OTL log.

#7
Keldaris

Posted 22 July 2013 - 10:39 PM

New Member

Topic Starter
Member
6 posts

Hey Phel thanks for working with me on this. Here are the logs requested.

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\$Recycle.Bin\S-1-5-18" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

OTL logfile created on: 7/23/13 12:16:36 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amanda\Desktop\AVStuff
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: M/dd/yy

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.47% Memory free
3.99 Gb Paging File | 3.49 Gb Available in Paging File | 87.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 113.63 Gb Free Space | 38.12% Space Free | Partition Type: NTFS
Drive D: | 303.38 Gb Total Space | 205.36 Gb Free Space | 67.69% Space Free | Partition Type: NTFS
Drive E: | 1559.63 Gb Total Space | 407.90 Gb Free Space | 26.15% Space Free | Partition Type: NTFS

Computer Name: AMANDA-PC | User Name: Amanda | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/18 23:01:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\AVStuff\OTL.exe
PRC - [2013/07/03 13:16:11 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/07/02 09:17:20 | 000,064,008 | ---- | M] (Google) -- C:\Users\Amanda\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/09/07 20:04:22 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2013/07/03 13:16:10 | 003,285,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/04/02 17:01:12 | 000,020,296 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\winamp.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2013/07/19 02:51:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/03 13:16:11 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/03/26 01:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/19 21:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/09/07 20:04:22 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/06/20 11:28:03 | 004,145,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/07/05 19:03:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Windows\system32\TrueSight.sys -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F500641E-2C6E-4D33-BE0C-6EBC9F76159A}\MpKsld12bc1ce.sys -- (MpKsld12bc1ce)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{127CD835-5ECE-441A-B215-94F83A5FBC1A}\MpKslc43a2148.sys -- (MpKslc43a2148)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CF08E110-944A-4BCE-8348-621C1AF5C594}\MpKslaca1c469.sys -- (MpKslaca1c469)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F30A262B-0BF0-4F61-A4B3-808669B80D8A}\MpKsl1675053f.sys -- (MpKsl1675053f)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{708530EA-7DEF-4101-88D7-1D38D24E0050}\MpKsl13cdfd40.sys -- (MpKsl13cdfd40)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{80CBE2AE-E605-470A-8B73-A0AE65C5DBEE}\MpKsl02c4e3cd.sys -- (MpKsl02c4e3cd)
DRV - File not found [Kernel | System | Stopped] -- c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys -- (BdfNdisf)
DRV - [2013/06/27 16:56:13 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/27 16:56:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/27 16:56:13 | 000,175,176 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 04:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/02/19 21:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/08/23 10:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 10:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/01/18 02:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 02:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2012/01/18 02:44:14 | 000,022,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/30 21:59:05 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/20 16:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2007/06/08 09:00:02 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM03Afx.sys -- (OEM03Afx)
DRV - [2007/04/25 09:00:00 | 000,235,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM03Vid.sys -- (OEM03Vid)
DRV - [2007/03/05 18:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM03Vfx.sys -- (OEM03Vfx)
DRV - [2007/01/15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {7FF191D4-96CC-4D62-8972-F1D47D0A912D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 40 6F AE 36 84 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {7FF191D4-96CC-4D62-8972-F1D47D0A912D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...0F90019B90BDD47
IE - HKCU\..\SearchScopes\{39821DE8-9D5F-4B90-B1BC-C270FDCADE81}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{685F3FC7-9B3F-497A-956B-9D873E5A7067}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{7FF191D4-96CC-4D62-8972-F1D47D0A912D}: "URL" = http://search.condui...8283150960&UM=2
IE - HKCU\..\SearchScopes\{E2ED7A04-E2BE-41E3-828B-5CBE580D7D3C}: "URL" = http://websearch.ask...9D-9DB5AC62523A
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect...e=tb50winampie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.ca"
FF - prefs.js..extensions.enabledAddons: %7B0b38152b-1b20-484d-a11f-5e04a9b0661f%7D:5.6.20.9397
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "http://search.condui...UI&UM=UM_ID&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Amanda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Amanda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Amanda\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Amanda\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Amanda\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Amanda\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/24 01:19:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/03 13:15:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/03 13:16:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/03 13:15:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/03 13:16:02 | 000,000,000 | ---D | M]

[2011/05/29 13:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Extensions
[2013/07/19 18:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\extensions
[2013/04/02 20:11:15 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2013/07/19 18:45:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/05/23 23:59:04 | 000,002,533 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\aol-search.xml
[2011/05/31 00:37:44 | 000,002,354 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\aol-web-search.xml
[2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\askcom.xml
[2013/05/23 22:13:17 | 000,006,503 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\babylon.xml
[2013/03/04 18:37:50 | 000,000,935 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\conduit.xml
[2013/05/23 22:13:29 | 000,001,294 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\delta.xml
[2013/07/03 13:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/03 13:15:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/07/03 13:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/03 13:16:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/24 01:19:36 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/07/05 02:54:27 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/07/11 17:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: YouTube = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Amanda\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WeatherEye] C:\Users\Amanda\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O4 - HKLM..\RunOnce: [Cleanup] C:\cleanup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D62975E2-9BA0-4901-ADEC-32E0D8B275EA}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/10/13 20:41:11 | 000,000,100 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e427c84a-8f87-11e0-8c3c-0019b90bdd47}\Shell - "" = AutoRun
O33 - MountPoints2\{e427c84a-8f87-11e0-8c3c-0019b90bdd47}\Shell\AutoRun\command - "" = I:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/23 00:10:44 | 000,000,000 | ---D | C] -- C:\Avenger
[2013/07/23 00:08:38 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\avenger
[2013/07/21 09:08:28 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{AD1257DA-FCE4-43B7-B85E-752A95C19D7E}
[2013/07/20 23:08:24 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\RK_Quarantine
[2013/07/20 21:06:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/19 02:50:33 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Adobe
[2013/07/19 01:18:19 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\AVStuff
[2013/07/18 22:55:20 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{C026C6A8-091C-4512-A360-2D9DD72F028B}
[2013/07/18 22:29:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/18 22:15:54 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Oracle
[2013/07/18 22:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/07/18 22:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/07/17 16:03:50 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{42AAE452-DD38-4AA8-A151-358D94334369}
[2013/07/16 10:10:34 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{AE948EDB-1761-4531-9E09-BEC73F5FFEE1}
[2013/07/07 21:38:21 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{AF1E86E4-D3CB-4332-BD73-D4A239A28BBA}
[2013/07/07 21:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/07/05 09:06:53 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{F5D20572-5861-4622-9EA3-7F93DE26464E}
[2013/07/03 13:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/07/23 00:10:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/23 00:10:47 | 1608,527,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/23 00:09:37 | 000,135,168 | ---- | M] () -- C:\zip.exe
[2013/07/23 00:09:37 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[2013/07/23 00:09:37 | 000,000,574 | ---- | M] () -- C:\cleanup.bat
[2013/07/23 00:07:44 | 000,724,952 | ---- | M] () -- C:\Users\Amanda\Desktop\avenger.zip
[2013/07/23 00:04:27 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/23 00:04:27 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/22 23:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/22 23:07:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001UA.job
[2013/07/22 22:24:02 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001UA.job
[2013/07/22 16:24:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001Core.job
[2013/07/22 14:07:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001Core.job
[2013/07/21 00:12:55 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/21 00:12:55 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/19 01:24:47 | 000,839,864 | ---- | M] () -- C:\Users\Amanda\Documents\treasure_island_nt.pdf
[2013/07/16 09:26:24 | 000,357,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/07 21:30:52 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/07/07 21:29:53 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/06/27 16:56:13 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/06/27 16:56:13 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/06/27 16:56:13 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/06/27 16:56:13 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/27 16:56:13 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/27 16:56:13 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum

========== Files Created - No Company Name ==========

[2013/07/23 00:09:37 | 000,135,168 | ---- | C] () -- C:\zip.exe
[2013/07/23 00:09:37 | 000,019,286 | ---- | C] () -- C:\cleanup.exe
[2013/07/23 00:09:37 | 000,000,574 | ---- | C] () -- C:\cleanup.bat
[2013/07/23 00:07:43 | 000,724,952 | ---- | C] () -- C:\Users\Amanda\Desktop\avenger.zip
[2013/07/19 01:24:47 | 000,839,864 | ---- | C] () -- C:\Users\Amanda\Documents\treasure_island_nt.pdf
[2013/07/07 21:29:53 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/07/05 09:08:25 | 000,000,965 | ---- | C] () -- C:\Users\Amanda\Desktop\CCleaner.lnk
[2013/06/27 16:56:13 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 20:53:12 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/26 20:53:12 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/05/24 01:19:52 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/05/24 01:19:51 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/05/21 03:24:52 | 000,237,371 | ---- | C] () -- C:\ProgramData\1369120977.bdinstall.bin
[2013/05/21 02:30:02 | 000,442,185 | ---- | C] () -- C:\ProgramData\1369117695.bdinstall.bin
[2013/05/21 01:07:40 | 000,919,411 | ---- | C] () -- C:\ProgramData\1369111318.bdinstall.bin
[2012/08/23 22:39:25 | 000,007,607 | ---- | C] () -- C:\Users\Amanda\AppData\Local\Resmon.ResmonCfg
[2012/01/18 02:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 02:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 02:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/08 01:57:31 | 000,014,188 | -HS- | C] () -- C:\Users\Amanda\AppData\Local\tg2241df7qlm73d86m436gn8m8y1hmqoy104oqcv2y87vy
[2012/01/08 01:57:31 | 000,014,188 | -HS- | C] () -- C:\ProgramData\tg2241df7qlm73d86m436gn8m8y1hmqoy104oqcv2y87vy
[2011/12/14 14:59:51 | 003,166,690 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\UserTile.png
[2011/11/16 21:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/08/12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/06/17 01:01:10 | 001,129,965 | ---- | C] () -- C:\Users\Amanda\AppData\Local\census.cache
[2011/06/17 01:00:49 | 000,126,849 | ---- | C] () -- C:\Users\Amanda\AppData\Local\ars.cache
[2011/06/17 00:41:57 | 000,000,036 | ---- | C] () -- C:\Users\Amanda\AppData\Local\housecall.guid.cache
[2011/06/06 19:01:51 | 000,006,144 | ---- | C] () -- C:\Users\Amanda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/29 15:26:18 | 000,000,810 | RHS- | C] () -- C:\Users\Amanda\ntuser.pol
[2011/05/29 15:19:08 | 000,008,238 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/06/06 10:49:12 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Auslogics
[2013/05/23 22:12:53 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Babylon
[2013/01/18 10:46:35 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\DAEMON Tools Lite
[2013/05/23 22:12:23 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\DealPly
[2011/06/05 02:37:45 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\ESET
[2013/05/22 12:45:44 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Foxit Software
[2013/02/22 02:26:18 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Leadertech
[2011/07/30 14:43:21 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\OpenCandy
[2013/07/18 22:15:54 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Oracle
[2012/08/24 17:01:37 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Origin
[2011/06/08 00:12:58 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\PMS
[2013/05/21 00:43:47 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\QuickScan
[2013/03/14 16:51:38 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\RipIt4Me
[2012/06/22 14:09:58 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\SEGA
[2011/11/15 22:20:50 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Thinstall
[2011/11/29 20:40:35 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\tmp
[2013/05/22 15:02:51 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\uTorrent
[2011/09/19 20:03:23 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2012/06/22 10:31:26 | 000,001,123 | ---- | M] ()(C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 ??????????????.lnk) -- C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版.lnk
[2012/06/22 10:31:26 | 000,001,123 | ---- | C] ()(C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 ??????????????.lnk) -- C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版.lnk
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHANTASY STAR ONLINE 2 ??????????????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:233BFF24

< End of report >

#8
Phel

Posted 23 July 2013 - 03:12 PM

Trusted Helper

Malware Removal
1,386 posts

Have you used Microsoft Security Essentials, ESET and BitDefender before?

Step 1. AdwCleaner scan.

Please, download AdwCleaner from here to your Desktop.
Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
Adwcleaner window should appear.
Click on the Delete button.
Click on OK.
Computer will be rebooted automatically, when program will finish it's job.
After fix Notepad window with report should appear. Post the contents of the report in your next message.

Step 2. Repairing Windows Services.

Download Restore Important Windows Services by tweaking.com from here to your Desktop.
Right-click on Tweaking.com-RestoreImportantWindowsServices.exe on your Desktop->Run as Administrator.
The program window should appear.
Click on the Start button.
Fix could take some time. Please, wait until in the Log section will appear Done entry.

Step 3. OTL fix.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...0F90019B90BDD47
IE - HKCU\..\SearchScopes\{7FF191D4-96CC-4D62-8972-F1D47D0A912D}: "URL" = http://search.condui...8283150960&UM=2
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect...e=tb50winampie7
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "uTorrentControl2 Customized Web Search"
FF - prefs.js..extensions.enabledAddons: %7B0b38152b-1b20-484d-a11f-5e04a9b0661f%7D:5.6.20.9397
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q="
[2013/04/02 20:11:15 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2013/05/23 22:13:17 | 000,006,503 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\babylon.xml
[2013/03/04 18:37:50 | 000,000,935 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\conduit.xml
[2013/05/23 22:13:29 | 000,001,294 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\delta.xml
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
[2012/01/08 01:57:31 | 000,014,188 | -HS- | C] () -- C:\Users\Amanda\AppData\Local\tg2241df7qlm73d86m436gn8m8y1hmqoy104oqcv2y87vy
[2012/01/08 01:57:31 | 000,014,188 | -HS- | C] () -- C:\ProgramData\tg2241df7qlm73d86m436gn8m8y1hmqoy104oqcv2y87vy
[2011/11/29 20:40:35 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\tmp
[2011/07/30 14:43:21 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\OpenCandy
[2013/05/23 22:12:23 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\DealPly
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:233BFF24

:Commands
[REBOOT]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again
Under the Custom Scans/Fixes box at the bottom, paste in the following
```
BASESERVICES
```
Then click the Run Scan button at the top
Let the program run unhindered
When the scan completes, it will open notepad window - OTL.Txt. This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file, one at a time and post them in your topic.

So, please, don't forget to post in your next message:

OTL log
AdwCleaner log

#9
Keldaris

Posted 23 July 2013 - 08:34 PM

New Member

Topic Starter
Member
6 posts

Hey Phel yes I have used Microsoft Security Essentials, ESET and Bit Defender before. Eset license ran out, Microsoft didn't seem to be working as well as I had hoped and Bit Defender was a trial and after install it blocked my internet access totally. Anyways here are the log files:

OTL logfile created on: 7/23/13 10:10:12 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amanda\Desktop\AVStuff
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: M/dd/yy

2.00 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 52.91% Memory free
3.99 Gb Paging File | 2.21 Gb Available in Paging File | 55.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 112.90 Gb Free Space | 37.88% Space Free | Partition Type: NTFS
Drive D: | 303.38 Gb Total Space | 205.36 Gb Free Space | 67.69% Space Free | Partition Type: NTFS
Drive E: | 1559.63 Gb Total Space | 407.90 Gb Free Space | 26.15% Space Free | Partition Type: NTFS

Computer Name: AMANDA-PC | User Name: Amanda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/18 23:01:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\AVStuff\OTL.exe
PRC - [2013/07/03 13:16:11 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/15 21:07:23 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/02/19 21:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/01/31 05:01:06 | 000,865,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/01/31 05:01:05 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/07 20:04:22 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/20 05:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/01/12 22:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/11/20 08:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/09/21 18:22:20 | 000,309,104 | ---- | M] (Pelmorex Media Inc.) -- C:\Users\Amanda\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
PRC - [2010/05/20 16:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/07/13 21:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2007/05/19 09:00:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM03Mon.exe

========== Modules (No Company Name) ==========

MOD - [2013/07/03 13:16:10 | 003,285,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/11 15:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 15:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 15:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 15:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 15:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/01/12 21:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
MOD - [2011/01/12 21:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
MOD - [2009/04/22 17:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 19:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 18:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 18:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 18:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 18:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 18:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 18:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 18:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 18:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 18:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2013/07/19 02:51:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/03 13:16:11 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/03/26 01:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/19 21:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/09/07 20:04:22 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/06/20 11:28:03 | 004,145,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/07/05 19:03:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Windows\system32\TrueSight.sys -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F500641E-2C6E-4D33-BE0C-6EBC9F76159A}\MpKsld12bc1ce.sys -- (MpKsld12bc1ce)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{127CD835-5ECE-441A-B215-94F83A5FBC1A}\MpKslc43a2148.sys -- (MpKslc43a2148)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CF08E110-944A-4BCE-8348-621C1AF5C594}\MpKslaca1c469.sys -- (MpKslaca1c469)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F30A262B-0BF0-4F61-A4B3-808669B80D8A}\MpKsl1675053f.sys -- (MpKsl1675053f)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{708530EA-7DEF-4101-88D7-1D38D24E0050}\MpKsl13cdfd40.sys -- (MpKsl13cdfd40)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{80CBE2AE-E605-470A-8B73-A0AE65C5DBEE}\MpKsl02c4e3cd.sys -- (MpKsl02c4e3cd)
DRV - File not found [Kernel | System | Stopped] -- c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys -- (BdfNdisf)
DRV - [2013/06/27 16:56:13 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/27 16:56:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/27 16:56:13 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 04:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/02/19 21:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/08/23 10:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 10:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/01/18 02:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 02:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2012/01/18 02:44:14 | 000,022,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/30 21:59:05 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/20 16:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2007/06/08 09:00:02 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM03Afx.sys -- (OEM03Afx)
DRV - [2007/04/25 09:00:00 | 000,235,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM03Vid.sys -- (OEM03Vid)
DRV - [2007/03/05 18:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM03Vfx.sys -- (OEM03Vfx)
DRV - [2007/01/15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 40 6F AE 36 84 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{39821DE8-9D5F-4B90-B1BC-C270FDCADE81}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{685F3FC7-9B3F-497A-956B-9D873E5A7067}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{E2ED7A04-E2BE-41E3-828B-5CBE580D7D3C}: "URL" = http://websearch.ask...9D-9DB5AC62523A
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.ca"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Amanda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Amanda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Amanda\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Amanda\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Amanda\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Amanda\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/24 01:19:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/03 13:15:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/03 13:16:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/03 13:15:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/03 13:16:02 | 000,000,000 | ---D | M]

[2011/05/29 13:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Extensions
[2013/07/23 21:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\extensions
[2013/07/19 18:45:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/05/23 23:59:04 | 000,002,533 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\aol-search.xml
[2013/07/03 13:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/03 13:15:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/07/03 13:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/03 13:16:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/24 01:19:36 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/07/05 02:54:27 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/07/11 17:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: YouTube = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Amanda\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WeatherEye] C:\Users\Amanda\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D62975E2-9BA0-4901-ADEC-32E0D8B275EA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/10/13 20:41:11 | 000,000,100 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e427c84a-8f87-11e0-8c3c-0019b90bdd47}\Shell - "" = AutoRun
O33 - MountPoints2\{e427c84a-8f87-11e0-8c3c-0019b90bdd47}\Shell\AutoRun\command - "" = I:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/23 22:00:26 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/07/23 21:56:46 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2013/07/23 13:42:54 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Skype
[2013/07/23 13:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/07/23 13:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/07/23 13:42:44 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/07/23 13:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/07/23 09:28:29 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{3C21F383-C06E-4A4B-9EBC-32F9283FCB55}
[2013/07/23 00:10:44 | 000,000,000 | ---D | C] -- C:\Avenger
[2013/07/23 00:08:38 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\avenger
[2013/07/21 09:08:28 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{AD1257DA-FCE4-43B7-B85E-752A95C19D7E}
[2013/07/20 23:08:24 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\RK_Quarantine
[2013/07/20 21:06:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/19 02:50:33 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Adobe
[2013/07/19 01:18:19 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\AVStuff
[2013/07/18 22:55:20 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{C026C6A8-091C-4512-A360-2D9DD72F028B}
[2013/07/18 22:29:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/18 22:15:54 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Oracle
[2013/07/18 22:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/07/18 22:14:31 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/07/18 22:14:20 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/07/18 22:14:20 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/07/18 22:14:20 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/07/18 22:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/07/17 16:03:50 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{42AAE452-DD38-4AA8-A151-358D94334369}
[2013/07/16 10:10:34 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{AE948EDB-1761-4531-9E09-BEC73F5FFEE1}
[2013/07/16 09:17:11 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/16 09:17:09 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/16 09:17:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/07/16 09:17:09 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/16 09:17:08 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/16 09:17:07 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/16 09:17:07 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/07/16 09:17:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/07/16 09:17:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/07/16 09:17:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/07/16 09:05:37 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/07/16 09:05:36 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/07/16 09:05:34 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/07/16 09:05:22 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/07/07 21:38:21 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{AF1E86E4-D3CB-4332-BD73-D4A239A28BBA}
[2013/07/07 21:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/07/05 09:06:53 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{F5D20572-5861-4622-9EA3-7F93DE26464E}
[2013/07/03 13:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/07/23 22:07:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001UA.job
[2013/07/23 22:06:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/23 22:06:34 | 1608,527,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/23 22:03:38 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/23 22:03:38 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/23 22:00:26 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/07/23 21:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/23 19:24:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001UA.job
[2013/07/23 16:24:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001Core.job
[2013/07/23 14:07:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001Core.job
[2013/07/23 13:42:45 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/23 00:07:44 | 000,724,952 | ---- | M] () -- C:\Users\Amanda\Desktop\avenger.zip
[2013/07/23 00:04:27 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/23 00:04:27 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/19 02:51:13 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/07/19 02:51:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/07/19 01:24:47 | 000,839,864 | ---- | M] () -- C:\Users\Amanda\Documents\treasure_island_nt.pdf
[2013/07/18 22:14:14 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/07/18 22:14:12 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/07/18 22:14:12 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/07/18 22:14:12 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/07/18 22:14:11 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/07/18 22:14:11 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/07/16 09:26:24 | 000,357,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/07 21:30:52 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/07/07 21:29:53 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/06/27 16:56:13 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/06/27 16:56:13 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/06/27 16:56:13 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/06/27 16:56:13 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/27 16:56:13 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/27 16:56:13 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum

========== Files Created - No Company Name ==========

[2013/07/23 13:42:45 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/23 00:07:43 | 000,724,952 | ---- | C] () -- C:\Users\Amanda\Desktop\avenger.zip
[2013/07/19 01:24:47 | 000,839,864 | ---- | C] () -- C:\Users\Amanda\Documents\treasure_island_nt.pdf
[2013/07/07 21:29:53 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/07/05 09:08:25 | 000,000,965 | ---- | C] () -- C:\Users\Amanda\Desktop\CCleaner.lnk
[2013/06/27 16:56:13 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 20:53:12 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/26 20:53:12 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/05/24 01:19:52 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/05/24 01:19:51 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/05/21 03:24:52 | 000,237,371 | ---- | C] () -- C:\ProgramData\1369120977.bdinstall.bin
[2013/05/21 02:30:02 | 000,442,185 | ---- | C] () -- C:\ProgramData\1369117695.bdinstall.bin
[2013/05/21 01:07:40 | 000,919,411 | ---- | C] () -- C:\ProgramData\1369111318.bdinstall.bin
[2012/08/23 22:39:25 | 000,007,607 | ---- | C] () -- C:\Users\Amanda\AppData\Local\Resmon.ResmonCfg
[2012/01/18 02:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 02:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 02:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/12/14 14:59:51 | 003,166,690 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\UserTile.png
[2011/11/16 21:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/08/12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/06/17 01:01:10 | 001,129,965 | ---- | C] () -- C:\Users\Amanda\AppData\Local\census.cache
[2011/06/17 01:00:49 | 000,126,849 | ---- | C] () -- C:\Users\Amanda\AppData\Local\ars.cache
[2011/06/17 00:41:57 | 000,000,036 | ---- | C] () -- C:\Users\Amanda\AppData\Local\housecall.guid.cache
[2011/06/06 19:01:51 | 000,006,144 | ---- | C] () -- C:\Users\Amanda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/29 15:26:18 | 000,000,810 | RHS- | C] () -- C:\Users\Amanda\ntuser.pol
[2011/05/29 15:19:08 | 000,008,238 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/13 21:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013/02/27 00:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/13 21:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 08:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
No service found with a name of BFE
SRV - [2011/11/17 01:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 17:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/05/13 00:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 08:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 01:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/13 21:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
No service found with a name of SharedAccess
SRV - [2010/11/20 08:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/13 21:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 21:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/13 21:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/03 12:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/13 21:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 06:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 01:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/17 01:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/13 21:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 08:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/13 21:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/17 01:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
No service found with a name of wscsvc
SRV - [2010/11/20 08:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 08:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 08:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 08:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/05/01 00:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 08:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 08:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 08:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 08:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV - [2010/11/20 08:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
No service found with a name of MpsSvc
SRV - [2010/11/20 08:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 18:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 08:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/13 21:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 08:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

========== Files - Unicode (All) ==========
[2012/06/22 10:31:26 | 000,001,123 | ---- | M] ()(C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 ??????????????.lnk) -- C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版.lnk
[2012/06/22 10:31:26 | 000,001,123 | ---- | C] ()(C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 ??????????????.lnk) -- C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版.lnk
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHANTASY STAR ONLINE 2 ??????????????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版

< End of report >

# AdwCleaner v2.306 - Logfile created 07/23/2013 at 21:48:17
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Amanda - AMANDA-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Amanda\Desktop\AVStuff\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\aol-web-search.xml
File Deleted : C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\delta.xml
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\optimizer pro
Folder Deleted : C:\Program Files\uTorrentControl2
Folder Deleted : C:\Program Files\Winamp Toolbar
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Winamp Toolbar
Folder Deleted : C:\Users\Amanda\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Amanda\AppData\Local\Conduit
Folder Deleted : C:\Users\Amanda\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Amanda\AppData\Local\Winamp Toolbar
Folder Deleted : C:\Users\Amanda\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Amanda\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Amanda\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Amanda\AppData\Roaming\DealPly
Folder Deleted : C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Folder Deleted : C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Folder Deleted : C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\WinampToolbarData
Folder Deleted : C:\Users\Amanda\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKCU\Software\Winamp Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282812
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{263763C9-AD78-4776-8CF5-0A1698BBC86F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C58DAF2B-82DD-4EE1-9F4D-E3A4B31E93AA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\uTorrentControl2
Key Deleted : HKLM\Software\Winamp Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\prefs.js

C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\user.js ... Deleted !

Deleted : user_pref("CT3282812_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=1[...]
Deleted : user_pref("aol_toolbar.surf.date", "212");
Deleted : user_pref("aol_toolbar.surf.lastDate", "23");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "6");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2013");
Deleted : user_pref("aol_toolbar.surf.month", "2438");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "3831");
Deleted : user_pref("aol_toolbar.surf.total", "34181");
Deleted : user_pref("aol_toolbar.surf.week", "250");
Deleted : user_pref("aol_toolbar.surf.year", "28956");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&Sea[...]
Deleted : user_pref("browser.search.selectedEngine", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Deleted : user_pref("extensions.delta.id", "30f943080000000000000019b90bdd47");
Deleted : user_pref("extensions.delta.instlDay", "15849");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.522:13:28");
Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Deleted : user_pref("extensions.delta_i.babExt", "");
Deleted : user_pref("extensions.delta_i.babTrack", "affID=119816&tt=gc_");
Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&CU[...]
Deleted : user_pref("winamp_toolbar.button.facebook_46704.click", "1");
Deleted : user_pref("winamp_toolbar.buttons.layout", "shoutcast_30026;mobile/android_33522;post_to_twitter_466[...]
Deleted : user_pref("winamp_toolbar.curtain.congrats", "none");
Deleted : user_pref("winamp_toolbar.firsttime.showwindow", false);
Deleted : user_pref("winamp_toolbar.guid", "{FFF67213-1D1B-B630-3E38-12758DA7E634}");
Deleted : user_pref("winamp_toolbar.homepageprotection.enabled", false);
Deleted : user_pref("winamp_toolbar.install.distroid", "");
Deleted : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.20.9397");
Deleted : user_pref("winamp_toolbar.install.lid", "");
Deleted : user_pref("winamp_toolbar.install.mtmhp", "");
Deleted : user_pref("winamp_toolbar.install.ncid", "");
Deleted : user_pref("winamp_toolbar.metrics.activestampdate", "23");
Deleted : user_pref("winamp_toolbar.metrics.activestampmonth", "6");
Deleted : user_pref("winamp_toolbar.metrics.activestampyear", "2013");
Deleted : user_pref("winamp_toolbar.metrics.log", false);
Deleted : user_pref("winamp_toolbar.metrics.originalDate", "23");
Deleted : user_pref("winamp_toolbar.metrics.originalHours", "4");
Deleted : user_pref("winamp_toolbar.metrics.originalMinutes", "0");
Deleted : user_pref("winamp_toolbar.metrics.originalMonth", "5");
Deleted : user_pref("winamp_toolbar.metrics.originalSeconds", "0");
Deleted : user_pref("winamp_toolbar.metrics.originalYear", "2013");
Deleted : user_pref("winamp_toolbar.relatednews.enabled", false);
Deleted : user_pref("winamp_toolbar.remote..xml", "1374629844610");
Deleted : user_pref("winamp_toolbar.remote.publish.xml", "1374602791962");
Deleted : user_pref("winamp_toolbar.search.button", true);
Deleted : user_pref("winamp_toolbar.search.cid", "23-05-2013");
Deleted : user_pref("winamp_toolbar.search.instd", "20110531032642214");
Deleted : user_pref("winamp_toolbar.search.oid", "23-05-2013");
Deleted : user_pref("winamp_toolbar.search.placement", "left");
Deleted : user_pref("winamp_toolbar.search.populateoncomplete", false);
Deleted : user_pref("winamp_toolbar.search.savehistory", false);
Deleted : user_pref("winamp_toolbar.search.searchtype", "web");
Deleted : user_pref("winamp_toolbar.search.source", "winamp-ff");
Deleted : user_pref("winamp_toolbar.searchprotection.enabled", false);
Deleted : user_pref("winamp_toolbar.skin.custom", true);
Deleted : user_pref("winamp_toolbar.upgrade.showwindow", false);
Deleted : user_pref("winamp_toolbar.weather.degc", "27");
Deleted : user_pref("winamp_toolbar.weather.degf", "80");
Deleted : user_pref("winamp_toolbar.weather.image", "chrome://winamptoolbar/skin/weather/29_n.png");
Deleted : user_pref("winamp_toolbar.weather.locationid", "USNY0996");
Deleted : user_pref("winamp_toolbar.weather.metric", true);
Deleted : user_pref("winamp_toolbar.weather.tooltip", "New York , NY : Partly Cloudy");
Deleted : user_pref("winamp_toolbar.weather.update", "1374629844611");
Deleted : user_pref("winamp_toolbar.winamp.artist", "");
Deleted : user_pref("winamp_toolbar.winamp.button.focus", true);
Deleted : user_pref("winamp_toolbar.winamp.button.forward", true);
Deleted : user_pref("winamp_toolbar.winamp.button.open", true);
Deleted : user_pref("winamp_toolbar.winamp.button.pause", true);
Deleted : user_pref("winamp_toolbar.winamp.button.play", true);
Deleted : user_pref("winamp_toolbar.winamp.button.rewind", true);
Deleted : user_pref("winamp_toolbar.winamp.button.stop", false);
Deleted : user_pref("winamp_toolbar.winamp.button.volume", true);
Deleted : user_pref("winamp_toolbar.winamp.ticker.show", true);
Deleted : user_pref("winamp_toolbar.winamp.title", "-999999");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [15350 octets] - [23/07/2013 21:48:17]

########## EOF - C:\AdwCleaner[S1].txt - [15411 octets] ##########

#10
Phel

Posted 24 July 2013 - 02:23 PM

Trusted Helper

Malware Removal
1,386 posts

Step 1. AdwCleaner scan.

Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
Adwcleaner window should appear.
Click on the Delete button.
Click on OK.
Computer will be rebooted automatically, when program will finish it's job.

After reboot:

Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
AdwCleaner window should appear.
Click on the Search button.
After scan Notepad window with report should appear. Post the contents of the report in your next message.

Step 2. Removing ESET leftovers.

Please, follow these instructions to remove ESET leftovers from your computer.

Step 3. Removing BitDefender leftovers.

Please, follow instructions here (start from option B, ignore option A) to remove BitDefender from your computer completely.

Step 4. Removing MSE leftovers.

Download Microsoft Security Essentials Removal Tool from here to your Desktop.
Launch MicrosoftFixit50535.msi file on your Desktop.
Pick a tick near I agree option.
Click on Next > button.
When finished, MSE will be completetly uninstalled form you computer.
Reboot your computer.

Step 5. Restoring broken services.

Download ESET Services Repair tool from here to your Desktop.
Launch ServicesRepair.exe on your Desktop.
Click Yes to start repair.
When finished, click Yes to reboot you computer.
Post the contents of the log from CC Support folder on your Desktop in your next message.

Step 6. OTL scan.

Open OTL again
Under the Custom Scans/Fixes box at the bottom, paste in the following
```
BASESERVICES
```
Then click the Run Scan button at the top
Let the program run unhindered
When the scan completes, it will open notepad window - OTL.Txt. This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file, one at a time and post them in your topic.

So, please, don't forget to post in your next message:

OTL log
AdwCleaner log
ESET Services Repair tool log

#11
Keldaris

Posted 24 July 2013 - 10:56 PM

New Member

Topic Starter
Member
6 posts

Hey Phel thanks for helping me get rid of those extra files from my PC I wasn't aware there were removal tools for them.
Here are the log files requested. What we have been doing has been working well, I am able to download files and have them running on my computer with no warnings whatsoever. THANKS AGAIN!!!

OTL logfile created on: 7/25/13 12:15:02 AM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amanda\Desktop\AVStuff
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: M/dd/yy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.83% Memory free
3.99 Gb Paging File | 2.19 Gb Available in Paging File | 54.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 113.57 Gb Free Space | 38.10% Space Free | Partition Type: NTFS
Drive D: | 303.38 Gb Total Space | 205.36 Gb Free Space | 67.69% Space Free | Partition Type: NTFS
Drive E: | 1559.63 Gb Total Space | 407.90 Gb Free Space | 26.15% Space Free | Partition Type: NTFS

Computer Name: AMANDA-PC | User Name: Amanda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/18 23:01:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\AVStuff\OTL.exe
PRC - [2013/07/03 13:16:11 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/15 21:07:23 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/02/19 21:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/01/31 05:01:06 | 000,865,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/01/31 05:01:05 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/07 20:04:22 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/20 05:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/01/12 22:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/11/20 08:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/09/21 18:22:20 | 000,309,104 | ---- | M] (Pelmorex Media Inc.) -- C:\Users\Amanda\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
PRC - [2010/05/20 16:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/07/13 21:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2007/05/19 09:00:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM03Mon.exe

========== Modules (No Company Name) ==========

MOD - [2013/07/03 13:16:10 | 003,285,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/11 15:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 15:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 15:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 15:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 15:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/01/12 21:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
MOD - [2011/01/12 21:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
MOD - [2009/04/22 17:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 19:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 18:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 18:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 18:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 18:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 18:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 18:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 18:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 18:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 18:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2013/07/19 02:51:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/03 13:16:11 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/03/26 01:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/19 21:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/09/07 20:04:22 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/06/20 11:28:03 | 004,145,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/07/05 19:03:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Windows\system32\TrueSight.sys -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F500641E-2C6E-4D33-BE0C-6EBC9F76159A}\MpKsld12bc1ce.sys -- (MpKsld12bc1ce)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{127CD835-5ECE-441A-B215-94F83A5FBC1A}\MpKslc43a2148.sys -- (MpKslc43a2148)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CF08E110-944A-4BCE-8348-621C1AF5C594}\MpKslaca1c469.sys -- (MpKslaca1c469)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F30A262B-0BF0-4F61-A4B3-808669B80D8A}\MpKsl1675053f.sys -- (MpKsl1675053f)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{708530EA-7DEF-4101-88D7-1D38D24E0050}\MpKsl13cdfd40.sys -- (MpKsl13cdfd40)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{80CBE2AE-E605-470A-8B73-A0AE65C5DBEE}\MpKsl02c4e3cd.sys -- (MpKsl02c4e3cd)
DRV - File not found [Kernel | System | Stopped] -- c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys -- (BdfNdisf)
DRV - [2013/06/27 16:56:13 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/27 16:56:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/27 16:56:13 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 04:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/02/19 21:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/08/23 10:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 10:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/01/18 02:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 02:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2012/01/18 02:44:14 | 000,022,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/30 21:59:05 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/20 16:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2007/06/08 09:00:02 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM03Afx.sys -- (OEM03Afx)
DRV - [2007/04/25 09:00:00 | 000,235,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM03Vid.sys -- (OEM03Vid)
DRV - [2007/03/05 18:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM03Vfx.sys -- (OEM03Vfx)
DRV - [2007/01/15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 40 6F AE 36 84 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{39821DE8-9D5F-4B90-B1BC-C270FDCADE81}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{685F3FC7-9B3F-497A-956B-9D873E5A7067}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{E2ED7A04-E2BE-41E3-828B-5CBE580D7D3C}: "URL" = http://websearch.ask...9D-9DB5AC62523A
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.ca"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Amanda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Amanda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Amanda\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Amanda\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Amanda\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Amanda\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/24 01:19:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/03 13:15:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/03 13:16:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/03 13:15:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/03 13:16:02 | 000,000,000 | ---D | M]

[2011/05/29 13:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Extensions
[2013/07/23 21:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\extensions
[2013/07/19 18:45:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/05/23 23:59:04 | 000,002,533 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\aol-search.xml
[2013/07/03 13:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/03 13:15:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/07/03 13:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/03 13:16:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/24 01:19:36 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/07/05 02:54:27 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/07/11 17:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: YouTube = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Amanda\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WeatherEye] C:\Users\Amanda\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D62975E2-9BA0-4901-ADEC-32E0D8B275EA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/10/13 20:41:11 | 000,000,100 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e427c84a-8f87-11e0-8c3c-0019b90bdd47}\Shell - "" = AutoRun
O33 - MountPoints2\{e427c84a-8f87-11e0-8c3c-0019b90bdd47}\Shell\AutoRun\command - "" = I:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/25 00:06:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2013/07/24 23:39:52 | 000,663,552 | ---- | C] (ESET) -- C:\Users\Amanda\Desktop\ESETUninstaller.exe
[2013/07/23 22:00:26 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/07/23 21:56:46 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2013/07/23 13:42:54 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Skype
[2013/07/23 13:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/07/23 13:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/07/23 13:42:44 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/07/23 13:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/07/23 09:28:29 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{3C21F383-C06E-4A4B-9EBC-32F9283FCB55}
[2013/07/23 00:10:44 | 000,000,000 | ---D | C] -- C:\Avenger
[2013/07/23 00:08:38 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\avenger
[2013/07/21 09:08:28 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{AD1257DA-FCE4-43B7-B85E-752A95C19D7E}
[2013/07/20 23:08:24 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\RK_Quarantine
[2013/07/20 21:06:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/19 02:50:33 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Adobe
[2013/07/19 01:18:19 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\AVStuff
[2013/07/18 22:55:20 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{C026C6A8-091C-4512-A360-2D9DD72F028B}
[2013/07/18 22:29:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/18 22:15:54 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Oracle
[2013/07/18 22:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/07/18 22:14:31 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/07/18 22:14:20 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/07/18 22:14:20 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/07/18 22:14:20 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/07/18 22:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/07/17 16:03:50 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{42AAE452-DD38-4AA8-A151-358D94334369}
[2013/07/16 10:10:34 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{AE948EDB-1761-4531-9E09-BEC73F5FFEE1}
[2013/07/16 09:17:11 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/16 09:17:09 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/16 09:17:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/07/16 09:17:09 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/16 09:17:08 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/16 09:17:07 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/16 09:17:07 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/07/16 09:17:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/07/16 09:17:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/07/16 09:17:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/07/16 09:05:37 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/07/16 09:05:36 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/07/16 09:05:34 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/07/16 09:05:22 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/07/07 21:38:21 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{AF1E86E4-D3CB-4332-BD73-D4A239A28BBA}
[2013/07/07 21:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/07/05 09:06:53 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{F5D20572-5861-4622-9EA3-7F93DE26464E}
[2013/07/03 13:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/07/25 00:11:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/25 00:11:15 | 1608,527,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/25 00:04:49 | 004,009,167 | ---- | M] () -- C:\Users\Amanda\Desktop\ServicesRepair.exe
[2013/07/25 00:03:21 | 000,001,826 | ---- | M] () -- C:\FixitRegBackup.reg
[2013/07/25 00:02:10 | 000,899,584 | ---- | M] () -- C:\Users\Amanda\Desktop\MicrosoftFixit50535.msi
[2013/07/24 23:56:10 | 002,935,344 | ---- | M] () -- C:\Users\Amanda\Desktop\BD_Free_Uninstall_Tool.exe
[2013/07/24 23:39:53 | 000,663,552 | ---- | M] (ESET) -- C:\Users\Amanda\Desktop\ESETUninstaller.exe
[2013/07/24 23:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/24 23:07:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001UA.job
[2013/07/24 22:24:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001UA.job
[2013/07/24 16:24:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001Core.job
[2013/07/24 14:07:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001Core.job
[2013/07/23 22:03:38 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/23 22:03:38 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/23 22:00:26 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/07/23 13:42:45 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/23 00:07:44 | 000,724,952 | ---- | M] () -- C:\Users\Amanda\Desktop\avenger.zip
[2013/07/23 00:04:27 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/23 00:04:27 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/19 02:51:13 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/07/19 02:51:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/07/19 01:24:47 | 000,839,864 | ---- | M] () -- C:\Users\Amanda\Documents\treasure_island_nt.pdf
[2013/07/18 22:14:14 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/07/18 22:14:12 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/07/18 22:14:12 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/07/18 22:14:12 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/07/18 22:14:11 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/07/18 22:14:11 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/07/16 09:26:24 | 000,357,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/07 21:30:52 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/07/07 21:29:53 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/06/27 16:56:13 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/06/27 16:56:13 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/06/27 16:56:13 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/06/27 16:56:13 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/27 16:56:13 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/27 16:56:13 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum

========== Files Created - No Company Name ==========

[2013/07/25 00:04:45 | 004,009,167 | ---- | C] () -- C:\Users\Amanda\Desktop\ServicesRepair.exe
[2013/07/25 00:03:20 | 000,001,826 | ---- | C] () -- C:\FixitRegBackup.reg
[2013/07/25 00:02:09 | 000,899,584 | ---- | C] () -- C:\Users\Amanda\Desktop\MicrosoftFixit50535.msi
[2013/07/24 23:56:07 | 002,935,344 | ---- | C] () -- C:\Users\Amanda\Desktop\BD_Free_Uninstall_Tool.exe
[2013/07/23 13:42:45 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/23 00:07:43 | 000,724,952 | ---- | C] () -- C:\Users\Amanda\Desktop\avenger.zip
[2013/07/19 01:24:47 | 000,839,864 | ---- | C] () -- C:\Users\Amanda\Documents\treasure_island_nt.pdf
[2013/07/07 21:29:53 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/07/05 09:08:25 | 000,000,965 | ---- | C] () -- C:\Users\Amanda\Desktop\CCleaner.lnk
[2013/06/27 16:56:13 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 20:53:12 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/26 20:53:12 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/05/24 01:19:52 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/05/24 01:19:51 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/05/21 03:24:52 | 000,237,371 | ---- | C] () -- C:\ProgramData\1369120977.bdinstall.bin
[2013/05/21 02:30:02 | 000,442,185 | ---- | C] () -- C:\ProgramData\1369117695.bdinstall.bin
[2013/05/21 01:07:40 | 000,919,411 | ---- | C] () -- C:\ProgramData\1369111318.bdinstall.bin
[2012/08/23 22:39:25 | 000,007,607 | ---- | C] () -- C:\Users\Amanda\AppData\Local\Resmon.ResmonCfg
[2012/01/18 02:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 02:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 02:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/12/14 14:59:51 | 003,166,690 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\UserTile.png
[2011/11/16 21:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/08/12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/06/17 01:01:10 | 001,129,965 | ---- | C] () -- C:\Users\Amanda\AppData\Local\census.cache
[2011/06/17 01:00:49 | 000,126,849 | ---- | C] () -- C:\Users\Amanda\AppData\Local\ars.cache
[2011/06/17 00:41:57 | 000,000,036 | ---- | C] () -- C:\Users\Amanda\AppData\Local\housecall.guid.cache
[2011/06/06 19:01:51 | 000,006,144 | ---- | C] () -- C:\Users\Amanda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/29 15:26:18 | 000,000,810 | RHS- | C] () -- C:\Users\Amanda\ntuser.pol
[2011/05/29 15:19:08 | 000,008,238 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< >

========== Base Services ==========
SRV - [2009/07/13 21:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013/02/27 00:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/13 21:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 08:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 08:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/17 01:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 17:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/05/13 00:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 08:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 01:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/13 21:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 08:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/13 21:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 21:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/13 21:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/03 12:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/13 21:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 06:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 01:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/17 01:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/13 21:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 08:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/13 21:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/17 01:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/13 21:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 08:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 08:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 08:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 08:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/05/01 00:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 08:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 08:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 08:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 08:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 08:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 08:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 08:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 18:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 08:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/13 21:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 08:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

========== Files - Unicode (All) ==========
[2012/06/22 10:31:26 | 000,001,123 | ---- | M] ()(C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 ??????????????.lnk) -- C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版.lnk
[2012/06/22 10:31:26 | 000,001,123 | ---- | C] ()(C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 ??????????????.lnk) -- C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版.lnk
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHANTASY STAR ONLINE 2 ??????????????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版

< End of report >

>>>>>>>>>>>>>>>>>>>>>>> BEGIN >>>>>>>>>>>>>>>>>>>>>>>
[07/24/13 23:42:33] C:\Users\Amanda\Desktop\ESETUninstaller.exe 6.0.3.0
[07/24/13 23:42:33] Input arguments:
[07/24/13 23:42:34] Online (PC booted from fixed disk) mode detected.

[07/24/13 23:42:34] WARNING! This tool uninstalls AV product in non-standard way. Your PC can be harmed seriously, please back up Your data.
Please keep in mind that as soon as this application is finished your network connection can be down and you will have to restart your PC.
Are you really sure to continue? (y/n): y

[07/24/13 23:42:53] Scanning available operating systems ...

[07/24/13 23:42:53] Available operating systems, which AV product can be removed from:

[07/24/13 23:42:53] [1]
[07/24/13 23:42:53] Product Name: Windows 7 Ultimate
[07/24/13 23:42:53] Current Version: 6.1.1.7601.WinNT.x86
[07/24/13 23:42:53] Volume: C:\
[07/24/13 23:42:53] System Root: C:\Windows
[07/24/13 23:42:53] Program Files: C:\Program Files
[07/24/13 23:42:53] Program Files (x86):
[07/24/13 23:42:53] Common files: C:\Program Files\Common Files
[07/24/13 23:42:53] Common files (x86):
[07/24/13 23:42:53] Common application data folder: C:\ProgramData
[07/24/13 23:42:53] Common programs folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[07/24/13 23:42:53] Device path folder: C:\Windows\inf
[07/24/13 23:42:53] Drives mapping:
[07/24/13 23:42:53] Current Letter: C Native Letter: C
[07/24/13 23:42:53] Current Letter: D Native Letter: D
[07/24/13 23:42:53] Current Letter: E Native Letter: E

[07/24/13 23:42:53] Building cache: COM: AppID -> DllName ...
[07/24/13 23:42:53] Building cache: COM: Category -> ReferenceCounter ...
[07/24/13 23:42:53] Scanning installed AV products ...

[07/24/13 23:42:54] Installed AV products:
[07/24/13 23:42:54] 1. ESS/EAV/EMSX
[07/24/13 23:42:54] 2. NODv2
[07/24/13 23:42:54] 3. SEP

[07/24/13 23:42:54] Enter sequence number of AV product to uninstall and press ENTER (hint: to abort press 'q'): 1

[07/24/13 23:43:59] Are you sure to uninstall ESS/EAV/EMSX from this OS? (y/n): y

[07/24/13 23:44:02] Product uninstallation: ESS/EAV/EMSX

[07/24/13 23:44:02] Uninstallation in progress, please wait ...

[07/24/13 23:44:02] Current control set ... ControlSet001

[07/24/13 23:44:02] Services: deleted: ControlSet001\Enum\Root\LEGACY_EHDRV

[07/24/13 23:44:02] WSC: ESS/EAV unregistered of Windows Security Center

[07/24/13 23:44:02] WSC: ESS/EAV (WMI) unregistered of Windows Security Center

[07/24/13 23:44:02] ShellEx: deleted: Classes\*\shellex\ContextMenuHandlers\ESET Smart Security - Context Menu Shell Extension
[07/24/13 23:44:02] ShellEx: deleted: Classes\Drive\shellex\ContextMenuHandlers\ESET Smart Security - Context Menu Shell Extension
[07/24/13 23:44:02] ShellEx: deleted: Classes\Drives\shellex\ContextMenuHandlers\ESET Smart Security - Context Menu Shell Extension
[07/24/13 23:44:02] ShellEx: deleted: Classes\Folder\shellex\ContextMenuHandlers\ESET Smart Security - Context Menu Shell Extension
[07/24/13 23:44:02] ShellEx: deleted value in: Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ...
[07/24/13 23:44:02] deleted: {B089FE88-FB52-11D3-BDF1-0050DA34150D}

[07/24/13 23:44:02] Installer folders: deleted value in: Microsoft\Windows\CurrentVersion\Installer\Folders ...
[07/24/13 23:44:02] deleted: C:\ProgramData\ESET\ESET Smart Security\
[07/24/13 23:44:02] deleted: C:\Program Files\ESET\ESET Smart Security\
[07/24/13 23:44:02] deleted: C:\ProgramData\ESET\ESET Smart Security\Stats\
[07/24/13 23:44:02] deleted: C:\Program Files\ESET\ESET NOD32 Antivirus\
[07/24/13 23:44:02] deleted: C:\ProgramData\ESET\ESET NOD32 Antivirus\

[07/24/13 23:44:03] ESET folder: deleted: C:\ProgramData\ESET\ESET Smart Security\
[07/24/13 23:44:03] ESET folder: deleted: C:\Program Files\ESET\ESET Smart Security\
[07/24/13 23:44:03] ESET folder: deleted: C:\Program Files\ESET\ESET NOD32 Antivirus\
[07/24/13 23:44:03] ESET folder: deleted: C:\ProgramData\ESET\ESET NOD32 Antivirus\
[07/24/13 23:44:03] Delete of empty folders ...
[07/24/13 23:44:03] ESET folder: deleted: C:\Program Files\ESET\
[07/24/13 23:44:03] Installer folders: deleted value in: Microsoft\Windows\CurrentVersion\Installer\Folders ...
[07/24/13 23:44:03] deleted: C:\Program Files\ESET\
[07/24/13 23:44:03] ESET folder: deleted: C:\ProgramData\ESET\
[07/24/13 23:44:03] Installer folders: deleted value in: Microsoft\Windows\CurrentVersion\Installer\Folders ...
[07/24/13 23:44:03] deleted: C:\ProgramData\ESET\

[07/24/13 23:44:03] Email plugins: deleted value in: Mozilla\Thunderbird\Extensions ...
[07/24/13 23:44:03] deleted: [email protected]

[07/24/13 23:44:03] Uninstallation ESS/EAV/EMSX finished successfully.

[07/24/13 23:44:03] Installed AV products:
[07/24/13 23:44:03] 1. NODv2
[07/24/13 23:44:03] 2. SEP

[07/24/13 23:44:03] Enter sequence number of AV product to uninstall and press ENTER (hint: to abort press 'q'): q
[07/24/13 23:44:25] Exit request!

[07/24/13 23:44:25] Log file location: "C:\Users\Amanda\Desktop\~ESETUninstaller.log"

[07/24/13 23:44:25] Uninstallation finished successfully, please restart your PC now.

[07/24/13 23:44:25] Press any key to exit ...
>>>>>>>>>>>>>>>>>>>>>>>> END >>>>>>>>>>>>>>>>>>>>>>>>

# AdwCleaner v2.306 - Logfile created 07/24/2013 at 23:14:34
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Amanda - AMANDA-PC
# Boot Mode : Normal
# Running from : C:\Users\Amanda\Desktop\AVStuff\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [830 octets] - [24/07/2013 23:14:34]
AdwCleaner[S1].txt - [15481 octets] - [23/07/2013 21:48:17]
AdwCleaner[S2].txt - [1018 octets] - [24/07/2013 23:09:24]

########## EOF - C:\AdwCleaner[R1].txt - [1010 octets] ##########

#12
Phel

Posted 25 July 2013 - 03:11 PM

Trusted Helper

Malware Removal
1,386 posts

Can you please post contents of this file?

C:\Users\Public\Desktop\CC Support\Logs\SvcRepair.log

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F500641E-2C6E-4D33-BE0C-6EBC9F76159A}\MpKsld12bc1ce.sys -- (MpKsld12bc1ce)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{127CD835-5ECE-441A-B215-94F83A5FBC1A}\MpKslc43a2148.sys -- (MpKslc43a2148)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CF08E110-944A-4BCE-8348-621C1AF5C594}\MpKslaca1c469.sys -- (MpKslaca1c469)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F30A262B-0BF0-4F61-A4B3-808669B80D8A}\MpKsl1675053f.sys -- (MpKsl1675053f)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{708530EA-7DEF-4101-88D7-1D38D24E0050}\MpKsl13cdfd40.sys -- (MpKsl13cdfd40)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{80CBE2AE-E605-470A-8B73-A0AE65C5DBEE}\MpKsl02c4e3cd.sys -- (MpKsl02c4e3cd)
DRV - File not found [Kernel | System | Stopped] -- c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys -- (BdfNdisf)

:Commands
[REBOOT]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#13
Essexboy

Posted 31 July 2013 - 11:23 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.