Symptoms began about one week ago when I returned home to find my computer locked up while trying to shut down (on its own), with an unclearable error message about a DCOM error of some sort (I forget the exact syntax). A review of the system Event Log after reboot shows hundreds of DCOM errors from UpdatusUser (nvidia driver updater?) just before the incident. Concerned, I ran a number of malware scans (Superantispyware, Malwarebytes, Trend Micro Housecall, and ESET). After several passes, SAS caught Trojan Agent/Gen-Nullo hiding in some system restore files. Alarmed, I disabled System Restore and proceeded to check packet traffic with SmartSniff 1.72. Noting a great deal of UDP outbound traffic to external IPs (more than one to the Netherlands), I made some adjustments to my firewall settings to squelch UDP traffic outside my home network. Several scans (SAS, MBAM, ESET, Trend Micro) afterwards are still coming up clean, but in general computer performance seems to be slower than normal and a couple of days ago I had an unexpected computer self-restart (no power outage or similar).
In short, I'm very suspicious of my computer's behavior, and some sort of trojan was onboard. Can you help me to determine if it's clean? Thank you so much for your time!!
OTL Log follows:
OTL logfile created on: 10/21/2012 6:42:25 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = F:\ACH\My Documents\My Download Files
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.67% Memory free
3.85 Gb Paging File | 2.51 Gb Available in Paging File | 65.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 292.97 Gb Total Space | 92.58 Gb Free Space | 31.60% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 294.60 Gb Free Space | 98.83% Space Free | Partition Type: NTFS
Drive E: | 298.08 Gb Total Space | 292.24 Gb Free Space | 98.04% Space Free | Partition Type: NTFS
Drive F: | 698.64 Gb Total Space | 275.64 Gb Free Space | 39.45% Space Free | Partition Type: NTFS
Drive I: | 172.78 Gb Total Space | 172.46 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
Drive K: | 1.86 Gb Total Space | 1.36 Gb Free Space | 72.93% Space Free | Partition Type: FAT
Drive L: | 1.86 Gb Total Space | 1.83 Gb Free Space | 98.33% Space Free | Partition Type: FAT
Computer Name: HUTSELL1 | User Name: ahutsell2001 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/10/21 18:10:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\ACH\My Documents\My Download Files\OTL(1).exe
PRC - [2012/10/17 19:55:45 | 004,762,496 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/10/10 21:05:57 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 23:04:27 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/06 14:24:28 | 001,099,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\Launchpad.exe
PRC - [2012/06/17 03:51:58 | 000,466,704 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012/06/17 03:51:58 | 000,075,536 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/03/22 15:45:10 | 011,057,008 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Picasa3\Picasa3.exe
PRC - [2012/03/11 17:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/03/11 17:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2012/01/12 12:26:20 | 000,040,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
PRC - [2011/12/16 21:39:38 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
PRC - [2011/05/25 02:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/12 21:14:31 | 000,057,344 | ---- | M] (NirSoft) -- C:\Program Files\smsniff\smsniff.exe
PRC - [2011/03/02 15:46:44 | 000,027,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
PRC - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
PRC - [2011/03/02 13:54:44 | 000,162,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
PRC - [2009/12/24 10:31:28 | 000,928,496 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) -- C:\WINDOWS\system32\cypherixsrv.exe
PRC - [2009/02/03 10:32:28 | 003,550,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\system32\procexp.exe
PRC - [2009/01/08 14:54:39 | 010,965,504 | ---- | M] (QUALCOMM Incorporated) -- C:\Program Files\Eudora\eudora.exe
PRC - [2008/06/09 10:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/01 13:32:12 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
========== Modules (No Company Name) ==========
MOD - [2012/10/21 03:01:14 | 001,819,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12102100\algo.dll
MOD - [2012/10/18 16:31:38 | 001,819,136 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12101802\algo.dll
MOD - [2012/10/17 20:00:35 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/10/14 20:45:51 | 009,814,968 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/10/10 21:05:59 | 002,294,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/17 13:23:23 | 000,253,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\9d59cf7eb15733ca09736eaaa2acaef6\WindowsFormsIntegration.ni.dll
MOD - [2012/06/17 13:22:32 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
MOD - [2012/06/14 23:23:06 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll
MOD - [2012/06/14 23:18:20 | 017,998,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\5d585d5428ce69abc28238ffa9f4d3a2\PresentationFramework.ni.dll
MOD - [2012/06/14 23:18:06 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\fe068ba4be8f6cb7d6a58bccff05c75e\PresentationCore.ni.dll
MOD - [2012/06/14 23:17:56 | 003,856,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\62f103f9e662d263ec2ecacc49d4525b\WindowsBase.ni.dll
MOD - [2012/06/14 23:17:50 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll
MOD - [2012/05/09 21:21:09 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\1409dc3832b37f850569c69a795f834b\System.Management.ni.dll
MOD - [2012/05/09 21:20:58 | 001,072,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a90d8ca6c54f70507704d788fd0d3ded\System.IdentityModel.ni.dll
MOD - [2012/05/09 21:20:56 | 017,996,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5be1370b1331393f73af710d0d71b02d\System.ServiceModel.ni.dll
MOD - [2012/05/09 21:18:37 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
MOD - [2012/05/09 21:18:37 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.Wrapper.dll
MOD - [2012/05/09 21:18:35 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
MOD - [2012/05/09 21:18:34 | 001,020,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a40c42510e312339018486b1d7076e0a\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/05/09 21:18:33 | 000,142,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\9115e9f656b00fc4e46da91537ef1358\SMDiagnostics.ni.dll
MOD - [2012/05/09 21:18:32 | 002,637,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9bfda0add366eea12ea0402e60d01e84\System.Runtime.Serialization.ni.dll
MOD - [2012/05/09 21:18:29 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f44e12702dadeae606b8eaca609b1336\System.Xml.Linq.ni.dll
MOD - [2012/05/09 21:17:30 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\9b6f1bcb2cf4e6ad429cd721b942f30f\System.Xaml.ni.dll
MOD - [2012/05/09 19:10:36 | 000,309,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\45d2307fb0898a18dec5a04ff9f8b85c\PresentationFramework.Classic.ni.dll
MOD - [2012/05/09 19:00:05 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/05/09 19:00:05 | 000,729,088 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\efe46aa882d9ac31f7fbbdc004fc99d5\System.Security.ni.dll
MOD - [2012/05/09 19:00:03 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/05/09 18:59:55 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/05/09 18:59:43 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/05/09 18:59:34 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012/03/22 15:45:26 | 026,011,504 | ---- | M] () -- C:\Program Files\Google\Picasa3\Picasa3i18n.dll
MOD - [2012/03/22 15:08:28 | 000,425,984 | ---- | M] () -- C:\Program Files\Google\Picasa3\plugins\ytITivo.yti
MOD - [2012/03/22 15:01:34 | 000,401,408 | ---- | M] () -- C:\Program Files\Google\Picasa3\plugins\CDVDR\CDVDR.yti
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/12/16 21:39:39 | 000,048,640 | ---- | M] () -- C:\WINDOWS\mmfs.dll
MOD - [2011/12/16 21:39:38 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
MOD - [2011/05/05 00:02:44 | 000,355,432 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/06/06 10:20:02 | 000,065,344 | ---- | M] () -- C:\WINDOWS\system32\PDFreDirectMonNT.dll
MOD - [2009/11/19 11:20:44 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/11/19 11:20:42 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/11/19 11:20:42 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/01/08 14:54:40 | 000,155,648 | ---- | M] () -- C:\Program Files\Eudora\nsldap32v60.dll
MOD - [2009/01/08 14:54:40 | 000,014,848 | ---- | M] () -- C:\Program Files\Eudora\nsldappr32v60.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/11/12 13:00:50 | 000,236,032 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll
MOD - [2005/05/03 19:38:42 | 000,064,512 | ---- | M] () -- C:\WINDOWS\system32\P17.dll
========== Services (SafeList) ==========
SRV - [2012/10/12 13:07:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/07 23:04:27 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/06/17 03:51:58 | 000,075,536 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/03/11 17:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/01/12 12:26:20 | 000,040,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe -- (ServiceProviderRegistry)
SRV - [2011/12/16 21:39:38 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2011/05/25 02:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/02 15:46:44 | 000,027,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\LANConfigSvc.exe -- (LANConfig)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (WSS_ComputerBackupProviderSvc)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (SqmProviderSvc)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (providers_system)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (NotificationsProviderSvc)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (initMonitor)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (HealthAlertsSvc)
SRV - [2011/03/02 13:54:44 | 000,162,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe -- (WSConnectorUpdate)
SRV - [2009/12/24 10:31:28 | 000,928,496 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cypherixsrv.exe -- (cypherixservice)
SRV - [2008/06/09 10:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\AHUTSE~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/10/21 18:43:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/10/14 22:08:07 | 000,085,969 | ---- | M] (GMER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/06/17 03:51:54 | 000,137,488 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/03/11 17:13:46 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/03/11 17:13:45 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/03/11 17:13:44 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/02 13:33:12 | 000,053,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BackupReader.sys -- (BackupReader)
DRV - [2010/02/09 09:52:54 | 000,097,784 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cyphxdrv.sys -- (cyphxdrv)
DRV - [2009/10/20 23:22:32 | 001,425,280 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/07/28 04:55:00 | 000,143,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/06/15 10:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/01/10 18:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 18:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://myvaughnmelton.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.8
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Eudora 8.0.0b5\extensions\\Components: C:\Program Files\Eudora\components [2012/02/23 21:17:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Eudora 8.0.0b5\extensions\\Plugins: C:\Program Files\Eudora\plugins [2012/01/02 21:53:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/06 21:35:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/16 22:35:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/12 13:07:23 | 000,000,000 | ---D | M]
[2011/08/01 21:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ahutsell2001\Application Data\Mozilla\Extensions
[2011/08/01 21:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ahutsell2001\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/10/18 23:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ahutsell2001\Application Data\Mozilla\Firefox\Profiles\pz8ot46n.default\extensions
[2012/10/18 23:19:58 | 000,529,693 | ---- | M] () (No name found) -- C:\Documents and Settings\ahutsell2001\Application Data\Mozilla\Firefox\Profiles\pz8ot46n.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/10/16 22:35:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/12 13:07:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/12 13:07:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/10 21:06:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/05 13:16:20 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012/10/10 21:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/10 21:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/10/21 16:16:22 | 000,000,080 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.0.176 OVERLORD #Windows Server Added Entry#
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Launchpad] C:\Program Files\Windows Server\Bin\Launchpad.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe (Corel TW Corp.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O4 - Startup: C:\Documents and Settings\ahutsell2001\Start Menu\Programs\Startup\Shortcut to procexp.lnk = C:\WINDOWS\system32\procexp.exe (Sysinternals - www.sysinternals.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Twonky Tray Control.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://myvaughnmelton.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1344404936000 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09023F61-51CB-4D61-828F-B6CF496B9DB1}: DhcpNameServer = 192.168.0.2
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/01 01:29:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/03/09 09:39:20 | 000,000,016 | -H-- | M] () - K:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/10/21 18:43:05 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/10/21 16:40:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ahutsell2001\Recent
[2012/10/15 01:32:55 | 000,316,280 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\Tcpview.exe
[2012/10/15 01:32:55 | 000,199,544 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\Tcpvcon.exe
[2012/10/14 22:08:07 | 000,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2012/10/12 13:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/30 23:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2012/09/30 18:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ahutsell2001\Application Data\Amazon
[2012/09/30 18:32:13 | 000,000,000 | ---D | C] -- F:\ACH\My Documents\Amazon MP3
[2012/09/30 18:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon
[2012/09/30 18:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[45 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/10/21 18:43:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/10/21 18:21:45 | 000,000,842 | ---- | M] () -- C:\WINDOWS\tasks\Backup.job
[2012/10/21 18:21:31 | 000,000,774 | ---- | M] () -- C:\WINDOWS\tasks\Alert Evaluations.job
[2012/10/21 18:21:03 | 000,000,788 | ---- | M] () -- C:\WINDOWS\tasks\InstallAddIns.job
[2012/10/21 18:21:01 | 000,000,794 | ---- | M] () -- C:\WINDOWS\tasks\RenewClientCertificate.job
[2012/10/21 18:02:04 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/10/21 16:44:01 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/10/21 16:21:56 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/21 16:21:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/21 16:16:22 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/10/21 16:14:58 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/21 15:41:30 | 000,000,858 | ---- | M] () -- C:\WINDOWS\tasks\UploadCEIPData.job
[2012/10/21 15:22:00 | 000,000,862 | ---- | M] () -- C:\WINDOWS\tasks\Health Definition Updates.job
[2012/10/21 02:00:00 | 000,000,524 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 762ceecc-56fb-4a5b-86fc-5278d51db2d7.job
[2012/10/21 02:00:00 | 000,000,524 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 3ff65753-3767-48ed-a63d-2c1855324e99.job
[2012/10/21 00:00:30 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\SaveCEIPData.job
[2012/10/19 16:36:32 | 000,001,393 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2012/10/19 16:36:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/19 01:38:54 | 000,444,629 | ---- | M] () -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\census.cache
[2012/10/19 01:38:51 | 000,220,087 | ---- | M] () -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\ars.cache
[2012/10/19 00:22:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/18 22:57:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/16 22:35:18 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\ahutsell2001\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/16 22:35:18 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/10/14 22:08:16 | 000,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2012/10/14 22:08:07 | 000,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2012/10/14 22:08:07 | 000,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2012/10/14 22:08:07 | 000,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2012/10/14 16:56:29 | 001,010,986 | ---- | M] () -- F:\ACH\My Documents\22 Conversion.pdf
[2012/10/12 23:53:21 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\housecall.guid.cache
[2012/10/10 20:27:55 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/09 23:44:14 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/30 23:56:34 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\ahutsell2001\Desktop\Audacity.lnk
[2012/09/30 18:31:50 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/09/30 16:39:37 | 000,005,165 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/24 19:26:39 | 000,000,996 | ---- | M] () -- C:\Documents and Settings\ahutsell2001\Application Data\Microsoft\Internet Explorer\Quick Launch\Combat Mission Beyond Overlord.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[45 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/10/16 22:35:18 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\ahutsell2001\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/15 01:32:55 | 000,041,074 | ---- | C] () -- C:\WINDOWS\System32\tcpview.chm
[2012/10/14 22:08:16 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2012/10/14 22:08:07 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2012/10/14 22:08:07 | 000,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2012/10/14 22:08:07 | 000,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2012/10/14 13:17:39 | 001,010,986 | ---- | C] () -- F:\ACH\My Documents\22 Conversion.pdf
[2012/10/13 18:48:34 | 000,444,629 | ---- | C] () -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\census.cache
[2012/10/13 18:48:23 | 000,220,087 | ---- | C] () -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\ars.cache
[2012/10/12 23:53:21 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\housecall.guid.cache
[2012/10/10 20:27:44 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/09/30 23:56:34 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk
[2012/09/30 23:56:34 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\ahutsell2001\Desktop\Audacity.lnk
[2012/09/30 18:31:50 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/09/24 19:26:39 | 000,000,996 | ---- | C] () -- C:\Documents and Settings\ahutsell2001\Application Data\Microsoft\Internet Explorer\Quick Launch\Combat Mission Beyond Overlord.lnk
[2012/05/04 21:44:28 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI
[2012/02/16 03:07:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 21:23:21 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.tv6
[2011/12/16 21:39:44 | 000,001,393 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2011/12/16 21:39:39 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2011/12/16 21:39:38 | 000,002,560 | ---- | C] () -- C:\WINDOWS\Runservice.exe
[2011/11/27 22:22:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/27 22:22:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/27 22:22:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/27 22:22:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/27 22:22:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/16 17:23:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/07 03:15:29 | 001,053,614 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1220945662-492894223-725345543-1003-0.dat
[2011/10/07 03:15:29 | 000,308,070 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/09/19 19:46:22 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/19 19:29:50 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/08/23 22:09:45 | 000,115,326 | ---- | C] () -- C:\WINDOWS\hpgins21.dat.temp
[2011/08/23 22:09:45 | 000,000,282 | ---- | C] () -- C:\WINDOWS\hpgmdl21.dat.temp
[2011/08/23 21:59:06 | 000,001,758 | ---- | C] () -- C:\WINDOWS\hpwmdl24.dat.temp
[2011/08/23 21:50:14 | 000,115,318 | ---- | C] () -- C:\WINDOWS\hpgins21.dat
[2011/08/23 21:50:14 | 000,000,282 | ---- | C] () -- C:\WINDOWS\hpgmdl21.dat
[2011/08/16 22:56:33 | 000,186,134 | ---- | C] () -- C:\WINDOWS\hpwins24.dat
[2011/08/16 22:56:33 | 000,001,758 | ---- | C] () -- C:\WINDOWS\hpwmdl24.dat
[2011/08/14 11:58:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/08/07 15:49:48 | 000,023,268 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/08/05 13:35:54 | 000,005,165 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011/08/05 13:32:56 | 000,209,040 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011/08/05 13:32:56 | 000,204,944 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011/08/05 13:32:56 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011/08/05 13:32:56 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011/08/05 13:32:56 | 000,192,656 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011/08/05 13:32:56 | 000,024,720 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011/08/05 13:21:54 | 001,271,296 | ---- | C] () -- C:\WINDOWS\System32\IESEngineering04.dll
[2011/08/05 13:21:54 | 001,218,560 | ---- | C] () -- C:\WINDOWS\System32\IESData04.dll
[2011/08/05 13:21:53 | 003,422,720 | ---- | C] () -- C:\WINDOWS\System32\coin2.dll
[2011/08/05 13:21:53 | 000,716,800 | ---- | C] () -- C:\WINDOWS\System32\IESCore04.dll
[2011/08/05 13:21:53 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\libF90MD.dll
[2011/08/05 13:21:53 | 000,328,192 | ---- | C] () -- C:\WINDOWS\System32\sowin1.dll
[2011/08/05 13:21:53 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\libIEPCF90MD.dll
[2011/08/05 13:21:53 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\simage1.dll
[2011/08/05 13:21:53 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\vc6-re200l.dll
[2011/08/05 13:21:53 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\Pgmr120.dll
[2011/08/05 13:21:53 | 000,061,515 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2011/08/05 13:12:25 | 000,137,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/08/05 13:12:20 | 000,268,952 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/08/05 13:12:11 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/08/03 23:54:57 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\ludap17.ini
[2011/08/03 23:54:57 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/08/02 01:07:37 | 000,001,598 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2011/08/01 21:23:09 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/08/01 21:23:09 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/08/01 21:23:09 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/08/01 21:22:52 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/08/01 21:11:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/08/01 01:39:51 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/08/01 01:34:52 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011/08/01 01:34:48 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011/08/01 01:34:47 | 000,049,152 | R--- | C] () -- C:\WINDOWS\DAOD.exe
[2011/08/01 01:34:45 | 000,033,245 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011/08/01 01:34:44 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011/08/01 01:31:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/08/01 01:27:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/31 20:52:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/31 20:51:21 | 000,319,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== ZeroAccess Check ==========
[2011/08/03 19:56:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7833B2E
< End of report >