Internet Explorer says FILENAME.EXE contained a virus and FireFox just deletes the files automatically. I had to put OTL on a flash drive and copy to desktop to get it to run. Could not download RKILL or EXEHELPER either copied to flash. I have a second PC I can download on so it helps.
I wasn't sure if I should include those logs as well but included RKILL log below.
OTL logfile created on: 7/19/13 1:26:18 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amanda\Desktop\AVStuff
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: M/dd/yy
2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.16% Memory free
3.99 Gb Paging File | 3.50 Gb Available in Paging File | 87.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 115.81 Gb Free Space | 38.85% Space Free | Partition Type: NTFS
Drive D: | 303.38 Gb Total Space | 205.36 Gb Free Space | 67.69% Space Free | Partition Type: NTFS
Drive E: | 1559.63 Gb Total Space | 407.90 Gb Free Space | 26.15% Space Free | Partition Type: NTFS
Drive H: | 14.54 Gb Total Space | 11.01 Gb Free Space | 75.75% Space Free | Partition Type: FAT32
Computer Name: AMANDA-PC | User Name: Amanda | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/07/18 23:01:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\AVStuff\OTL.exe
PRC - [2012/09/07 20:04:22 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2013/07/03 13:16:11 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/11 21:12:48 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/03/26 01:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/19 21:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/09/07 20:04:22 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/06/20 11:28:03 | 004,145,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/07/05 19:03:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F500641E-2C6E-4D33-BE0C-6EBC9F76159A}\MpKsld12bc1ce.sys -- (MpKsld12bc1ce)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{127CD835-5ECE-441A-B215-94F83A5FBC1A}\MpKslc43a2148.sys -- (MpKslc43a2148)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CF08E110-944A-4BCE-8348-621C1AF5C594}\MpKslaca1c469.sys -- (MpKslaca1c469)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F30A262B-0BF0-4F61-A4B3-808669B80D8A}\MpKsl1675053f.sys -- (MpKsl1675053f)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{708530EA-7DEF-4101-88D7-1D38D24E0050}\MpKsl13cdfd40.sys -- (MpKsl13cdfd40)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{80CBE2AE-E605-470A-8B73-A0AE65C5DBEE}\MpKsl02c4e3cd.sys -- (MpKsl02c4e3cd)
DRV - File not found [Kernel | System | Stopped] -- c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys -- (BdfNdisf)
DRV - [2013/06/27 16:56:13 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/27 16:56:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/27 16:56:13 | 000,175,176 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 04:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/02/19 21:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/08/23 10:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 10:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/01/18 02:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 02:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2012/01/18 02:44:14 | 000,022,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/30 21:59:05 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/20 16:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2007/06/08 09:00:02 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM03Afx.sys -- (OEM03Afx)
DRV - [2007/04/25 09:00:00 | 000,235,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM03Vid.sys -- (OEM03Vid)
DRV - [2007/03/05 18:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM03Vfx.sys -- (OEM03Vfx)
DRV - [2007/01/15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {7FF191D4-96CC-4D62-8972-F1D47D0A912D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 40 6F AE 36 84 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {7FF191D4-96CC-4D62-8972-F1D47D0A912D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...0F90019B90BDD47
IE - HKCU\..\SearchScopes\{39821DE8-9D5F-4B90-B1BC-C270FDCADE81}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{685F3FC7-9B3F-497A-956B-9D873E5A7067}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{7FF191D4-96CC-4D62-8972-F1D47D0A912D}: "URL" = http://search.condui...8283150960&UM=2
IE - HKCU\..\SearchScopes\{E2ED7A04-E2BE-41E3-828B-5CBE580D7D3C}: "URL" = http://websearch.ask...9D-9DB5AC62523A
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect...e=tb50winampie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.ca"
FF - prefs.js..extensions.enabledAddons: %7B0b38152b-1b20-484d-a11f-5e04a9b0661f%7D:5.6.20.9397
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "http://search.condui...UI&UM=UM_ID&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Amanda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Amanda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Amanda\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Amanda\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Amanda\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Amanda\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/24 01:19:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/03 13:15:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/03 13:16:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/03 13:15:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/03 13:16:02 | 000,000,000 | ---D | M]
[2011/05/29 13:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Extensions
[2013/06/21 08:49:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\extensions
[2013/04/02 20:11:15 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2013/05/31 09:55:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/05/23 23:59:04 | 000,002,533 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\aol-search.xml
[2011/05/31 00:37:44 | 000,002,354 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\aol-web-search.xml
[2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\askcom.xml
[2013/05/23 22:13:17 | 000,006,503 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\babylon.xml
[2013/03/04 18:37:50 | 000,000,935 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\conduit.xml
[2013/05/23 22:13:29 | 000,001,294 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\b7bmfx0o.default\searchplugins\delta.xml
[2013/07/03 13:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/03 13:15:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/07/03 13:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/03 13:16:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/24 01:19:36 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/07/05 02:54:27 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/07/11 17:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: YouTube = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Amanda\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WeatherEye] C:\Users\Amanda\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D62975E2-9BA0-4901-ADEC-32E0D8B275EA}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/10/13 20:41:11 | 000,000,100 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e427c84a-8f87-11e0-8c3c-0019b90bdd47}\Shell - "" = AutoRun
O33 - MountPoints2\{e427c84a-8f87-11e0-8c3c-0019b90bdd47}\Shell\AutoRun\command - "" = I:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/07/19 01:18:19 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\AVStuff
[2013/07/18 22:55:20 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{C026C6A8-091C-4512-A360-2D9DD72F028B}
[2013/07/18 22:29:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/18 22:15:54 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Oracle
[2013/07/18 22:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/07/18 22:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/07/17 16:03:50 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{42AAE452-DD38-4AA8-A151-358D94334369}
[2013/07/16 10:10:34 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{AE948EDB-1761-4531-9E09-BEC73F5FFEE1}
[2013/07/07 21:38:21 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{AF1E86E4-D3CB-4332-BD73-D4A239A28BBA}
[2013/07/07 21:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/07/05 09:06:53 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{F5D20572-5861-4622-9EA3-7F93DE26464E}
[2013/07/03 13:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/06/22 09:45:49 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{515B4756-9115-44CF-BC3D-FE7775C3076C}
[2013/06/22 09:39:50 | 000,021,576 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/07/19 01:24:47 | 000,839,864 | ---- | M] () -- C:\Users\Amanda\Documents\treasure_island_nt.pdf
[2013/07/19 01:10:52 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/19 01:10:52 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/19 00:21:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/19 00:21:30 | 1608,527,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/19 00:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/19 00:07:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001UA.job
[2013/07/18 22:24:05 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001UA.job
[2013/07/18 16:24:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001Core.job
[2013/07/18 14:07:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-308309789-3101581403-1710038212-1001Core.job
[2013/07/17 16:01:19 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/17 16:01:19 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/16 09:26:24 | 000,357,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/07 21:30:52 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/07/07 21:29:53 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/06/27 16:56:13 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/06/27 16:56:13 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/06/27 16:56:13 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/06/27 16:56:13 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/27 16:56:13 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/27 16:56:13 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/07/19 01:24:47 | 000,839,864 | ---- | C] () -- C:\Users\Amanda\Documents\treasure_island_nt.pdf
[2013/07/07 21:29:53 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/07/05 09:08:25 | 000,000,965 | ---- | C] () -- C:\Users\Amanda\Desktop\CCleaner.lnk
[2013/06/27 16:56:13 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 20:53:12 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/26 20:53:12 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/05/24 01:19:52 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/05/24 01:19:51 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/05/21 03:24:52 | 000,237,371 | ---- | C] () -- C:\ProgramData\1369120977.bdinstall.bin
[2013/05/21 02:30:02 | 000,442,185 | ---- | C] () -- C:\ProgramData\1369117695.bdinstall.bin
[2013/05/21 01:07:40 | 000,919,411 | ---- | C] () -- C:\ProgramData\1369111318.bdinstall.bin
[2012/08/23 22:39:25 | 000,007,607 | ---- | C] () -- C:\Users\Amanda\AppData\Local\Resmon.ResmonCfg
[2012/01/18 02:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 02:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 02:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/08 01:57:31 | 000,014,188 | -HS- | C] () -- C:\Users\Amanda\AppData\Local\tg2241df7qlm73d86m436gn8m8y1hmqoy104oqcv2y87vy
[2012/01/08 01:57:31 | 000,014,188 | -HS- | C] () -- C:\ProgramData\tg2241df7qlm73d86m436gn8m8y1hmqoy104oqcv2y87vy
[2011/12/14 14:59:51 | 003,166,690 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\UserTile.png
[2011/11/16 21:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/08/12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/06/17 01:01:10 | 001,129,965 | ---- | C] () -- C:\Users\Amanda\AppData\Local\census.cache
[2011/06/17 01:00:49 | 000,126,849 | ---- | C] () -- C:\Users\Amanda\AppData\Local\ars.cache
[2011/06/17 00:41:57 | 000,000,036 | ---- | C] () -- C:\Users\Amanda\AppData\Local\housecall.guid.cache
[2011/06/06 19:01:51 | 000,006,144 | ---- | C] () -- C:\Users\Amanda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/29 15:26:18 | 000,000,810 | RHS- | C] () -- C:\Users\Amanda\ntuser.pol
[2011/05/29 15:19:08 | 000,008,238 | RHS- | C] () -- C:\ProgramData\ntuser.pol
========== ZeroAccess Check ==========
[2013/05/17 00:02:53 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\@
[2013/05/17 00:02:53 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\L
[2013/05/17 14:29:03 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\U
[2013/05/17 00:03:20 | 000,000,928 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\U\00000001.@
[2013/05/17 00:03:39 | 000,022,016 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\U\800000cb.@
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011/06/06 10:49:12 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Auslogics
[2013/05/23 22:12:53 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Babylon
[2013/01/18 10:46:35 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\DAEMON Tools Lite
[2013/05/23 22:12:23 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\DealPly
[2011/06/05 02:37:45 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\ESET
[2013/05/22 12:45:44 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Foxit Software
[2013/02/22 02:26:18 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Leadertech
[2011/07/30 14:43:21 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\OpenCandy
[2013/07/18 22:15:54 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Oracle
[2012/08/24 17:01:37 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Origin
[2011/06/08 00:12:58 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\PMS
[2013/05/21 00:43:47 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\QuickScan
[2013/03/14 16:51:38 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\RipIt4Me
[2012/06/22 14:09:58 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\SEGA
[2011/11/15 22:20:50 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Thinstall
[2011/11/29 20:40:35 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\tmp
[2013/05/22 15:02:51 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\uTorrent
[2011/09/19 20:03:23 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2012/06/22 10:31:26 | 000,001,123 | ---- | M] ()(C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 ??????????????.lnk) -- C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版.lnk
[2012/06/22 10:31:26 | 000,001,123 | ---- | C] ()(C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 ??????????????.lnk) -- C:\Users\Amanda\Desktop\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版.lnk
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHANTASY STAR ONLINE 2 ??????????????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版
========== Alternate Data Streams ==========
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:233BFF24
< End of report >
Rkill 2.5.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html
Program started at: 07/19/2013 01:43:45 AM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Users\Amanda\Desktop\AVStuff\OTL.exe (PID: 1984) [UP-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* ALERT: ZEROACCESS rootkit symptoms found!
* C:\$RECYCLE.BIN\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\ [ZA Dir]
* C:\$RECYCLE.BIN\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\@ [ZA File]
* C:\$RECYCLE.BIN\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\L\ [ZA Dir]
* C:\$RECYCLE.BIN\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\U\ [ZA Dir]
* C:\$RECYCLE.BIN\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\U\00000001.@ [ZA File]
* C:\$RECYCLE.BIN\S-1-5-18\$4781decc2b0243aa57a3b3846a57ebb2\U\800000cb.@ [ZA File]
* ALERT: ZEROACCESS Reparse Point/Junction found!
* C:\Program Files\Windows Defender\en-US => c:\windows\system32\config\ [Dir]
* C:\Program Files\Windows Defender\MpAsDesc.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpClient.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpCmdRun.exe => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpCommu.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpEvMsg.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpOAV.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpRTP.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpSvc.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MSASCui.exe => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MsMpCom.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MsMpLics.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MsMpRes.dll => c:\windows\system32\config [File]
Checking Windows Service Integrity:
* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic
* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)
* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual
* BFE [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* SharedAccess [Missing ImagePath]
Searching for Missing Digital Signatures:
* C:\Windows\System32\user32.dll : 811,520 : 07/05/2011 07:03 PM : 7bd7f45ff37fa0669cd32ca0ef46e22c [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll : 811,520 : 07/13/2009 09:16 PM : 34b7e222e81fafa885f0c5f2cfa56861 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll : 811,520 : 11/20/2010 08:21 AM : f1dd3acaee5e6b4bbc69bc6df75cef66 [Pos Repl]
Checking HOSTS File:
* No issues found.
Program finished at: 07/19/2013 01:44:02 AM
Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)