Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Agent/Gen-Sality

Started by majorlag , Aug 15 2013 07:42 PM

  • Please log in to reply

#1
majorlag
Posted 15 August 2013 - 07:42 PM

majorlag

    Member

  • Member
  • PipPip
  • 70 posts
Hello,

Superantispyware got a hit on Trojan Agent/Gen-Sality on my WinXP computer a few days ago and appears to have quarantined it, but I've still been noticing sluggish performance. Windows Explorer instances are very slow to load at times, web access is sluggish, and I've noticed some graphical anomalies too: some windows have had weird colors and not been properly refreshing, etc.

Edit: I forgot to mention that after finding the infection, I noticed lots of large, identically-sized files (apparently containing identical html website data from a news aggregator or something) had appeared in my TEMP folder and different but identically-sized root folder. The files in the TEMP folder have all been removed by CCleaner. Files in the root are still there, and are disturbingly recent.

Also, a strange file in the root folder "scramble.log" looks a bit odd.

I would greatly appreciate your help!

Thank you!

OTL logfile created on: 8/15/2013 9:35:37 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\ahutsell2001\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.33 Gb Available Physical Memory | 16.71% Memory free
3.85 Gb Paging File | 2.11 Gb Available in Paging File | 54.88% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 292.97 Gb Total Space | 255.78 Gb Free Space | 87.31% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 295.60 Gb Free Space | 99.16% Space Free | Partition Type: NTFS
Drive E: | 298.08 Gb Total Space | 280.96 Gb Free Space | 94.26% Space Free | Partition Type: NTFS
Drive F: | 698.64 Gb Total Space | 234.34 Gb Free Space | 33.54% Space Free | Partition Type: NTFS
Drive H: | 2.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 172.78 Gb Total Space | 172.46 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
Drive K: | 1.86 Gb Total Space | 1.83 Gb Free Space | 98.46% Space Free | Partition Type: FAT
Drive Y: | 1802.92 Gb Total Space | 1106.31 Gb Free Space | 61.36% Space Free | Partition Type: NTFS

Computer Name: HUTSELL1 | User Name: ahutsell2001 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/11 18:41:45 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\4266f4ad-6a08-4983-ae66-23e3c8fe3f57.com
PRC - [2013/08/11 02:08:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ahutsell2001\Desktop\OTL.exe
PRC - [2013/08/10 12:44:56 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/08/07 18:44:43 | 004,556,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\Install\Windows-KB890830-V5.3-delta.exe
PRC - [2013/08/06 22:52:10 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/08/06 21:02:00 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2013/08/05 16:00:38 | 000,089,736 | ---- | M] (Microsoft Corporation) -- d:\fe4ed96ef578adb19c334512448708\mrtstub.exe
PRC - [2013/06/24 21:40:38 | 000,166,296 | ---- | M] (Spencer Kimball, Peter Mattis and the GIMP Development Team) -- C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\script-fu.exe
PRC - [2013/06/24 21:36:52 | 005,158,856 | ---- | M] (Spencer Kimball, Peter Mattis and the GIMP Development Team) -- C:\Program Files\GIMP 2\bin\gimp-2.8.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/02 09:02:58 | 000,080,992 | ---- | M] (NirSoft) -- C:\Program Files\smsniff\SmartSniff\smsniff.exe
PRC - [2012/11/07 19:37:37 | 001,990,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/11/07 19:37:11 | 006,756,048 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2012/11/02 22:07:24 | 001,099,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\Launchpad.exe
PRC - [2012/09/07 23:04:27 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/06/17 03:51:58 | 000,466,704 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012/06/17 03:51:58 | 000,075,536 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/01/12 12:26:20 | 000,040,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
PRC - [2011/05/25 02:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/02 15:46:44 | 000,027,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
PRC - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
PRC - [2011/03/02 13:54:44 | 000,162,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
PRC - [2011/03/02 11:20:58 | 000,224,256 | ---- | M] () -- C:\Program Files\GNU\GnuPG\dirmngr.exe
PRC - [2009/12/24 10:31:28 | 000,928,496 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) -- C:\WINDOWS\system32\cypherixsrv.exe
PRC - [2009/02/03 10:32:28 | 003,550,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\system32\procexp.exe
PRC - [2008/06/09 10:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2008/04/13 20:12:40 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/15 13:53:14 | 002,092,544 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13081501\algo.dll
MOD - [2013/08/06 22:52:07 | 003,534,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/08/06 21:02:02 | 002,244,504 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2013/08/06 21:02:02 | 000,158,104 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2013/08/06 21:02:02 | 000,022,424 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2013/07/31 20:31:02 | 016,166,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/07/10 15:53:29 | 000,253,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\41009db1b6120bff064313a0a7bc1622\WindowsFormsIntegration.ni.dll
MOD - [2013/07/10 15:52:17 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\36d4abefb9287140975d11057bb8f7ee\System.Management.ni.dll
MOD - [2013/07/10 15:52:11 | 001,078,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\f4cf6be9712d6940838585e4a70efdb4\System.IdentityModel.ni.dll
MOD - [2013/07/10 15:52:09 | 018,101,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a6bd2f8159d0a7f364f4b34fb2123e01\System.ServiceModel.ni.dll
MOD - [2013/07/10 15:50:23 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9f22d07e9863e4e1bf4f47ef4c3862e6\System.ServiceProcess.ni.dll
MOD - [2013/07/10 15:50:06 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\faa947d3cf5ddf23a46cf292df004a35\System.EnterpriseServices.ni.dll
MOD - [2013/07/10 15:50:06 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\faa947d3cf5ddf23a46cf292df004a35\System.EnterpriseServices.Wrapper.dll
MOD - [2013/07/10 15:50:05 | 001,021,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\146c1e45baba9c81ed88ef28a368f215\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/07/10 15:50:05 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\5ec5f80f35fbc6665e2eddb7711a8410\System.Transactions.ni.dll
MOD - [2013/07/10 15:50:04 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\81cce7362766900e91afb51f2c48abb0\SMDiagnostics.ni.dll
MOD - [2013/07/10 15:50:03 | 002,646,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d040bb34ddf0766f4de0fb9cc5191ca8\System.Runtime.Serialization.ni.dll
MOD - [2013/07/10 15:50:01 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\a9e3c09042ad08eba13462acbd482c30\System.Xml.Linq.ni.dll
MOD - [2013/07/10 15:49:27 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\e8aafadcd1fc0f8f406434176fb97477\System.Xaml.ni.dll
MOD - [2013/07/10 15:39:50 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\aa78c26d45f57e7bb99a7356154de49b\PresentationFramework.ni.dll
MOD - [2013/07/10 15:39:35 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ea5ee4386d67f4b432a27c40fbff93c\System.Windows.Forms.ni.dll
MOD - [2013/07/10 15:39:31 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\b8562544df44384d9800def1ab7d096b\PresentationCore.ni.dll
MOD - [2013/07/10 15:39:31 | 000,309,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\18f6b0b91a3f19afe42333e11a7534be\PresentationFramework.Classic.ni.dll
MOD - [2013/07/10 15:39:25 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\5326f0da29e8171624f520a81f6e3eb1\System.Core.ni.dll
MOD - [2013/07/10 15:39:23 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\91c185bd043af039dcdc93e3fcf87f3d\System.Xml.ni.dll
MOD - [2013/07/10 15:39:21 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\fc07e5bc2553d060a814674b67f50318\WindowsBase.ni.dll
MOD - [2013/07/10 15:39:21 | 000,749,568 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\dc48e3e467309e2bbde8a876614b38e4\System.Security.ni.dll
MOD - [2013/07/10 15:39:20 | 001,013,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\256b7bb1216345c5a66ced50c1cf239d\System.Configuration.ni.dll
MOD - [2013/07/10 15:39:19 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4787bb699ed4291859fb86f15d793add\System.Drawing.ni.dll
MOD - [2013/07/10 15:39:16 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll
MOD - [2013/07/10 15:39:09 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/06/24 21:37:52 | 000,031,656 | ---- | M] () -- C:\Program Files\GIMP 2\lib\gimp\2.0\modules\libdisplay-filter-lcms.dll
MOD - [2013/06/24 21:37:26 | 001,216,232 | ---- | M] () -- C:\Program Files\GIMP 2\bin\libgimpwidgets-2.0-0.dll
MOD - [2013/06/24 21:37:24 | 000,138,024 | ---- | M] () -- C:\Program Files\GIMP 2\bin\libgimpui-2.0-0.dll
MOD - [2013/06/24 21:37:18 | 000,047,016 | ---- | M] () -- C:\Program Files\GIMP 2\bin\libgimpthumb-2.0-0.dll
MOD - [2013/06/24 21:37:16 | 000,030,744 | ---- | M] () -- C:\Program Files\GIMP 2\bin\libgimpmodule-2.0-0.dll
MOD - [2013/06/24 21:37:14 | 000,032,984 | ---- | M] () -- C:\Program Files\GIMP 2\bin\libgimpmath-2.0-0.dll
MOD - [2013/06/24 21:37:10 | 000,072,608 | ---- | M] () -- C:\Program Files\GIMP 2\bin\libgimpconfig-2.0-0.dll
MOD - [2013/06/24 21:37:06 | 000,061,280 | ---- | M] () -- C:\Program Files\GIMP 2\bin\libgimpcolor-2.0-0.dll
MOD - [2013/06/24 21:37:02 | 000,088,928 | ---- | M] () -- C:\Program Files\GIMP 2\bin\libgimpbase-2.0-0.dll
MOD - [2013/06/24 21:37:00 | 000,220,936 | ---- | M] () -- C:\Program Files\GIMP 2\bin\libgimp-2.0-0.dll
MOD - [2013/06/22 03:57:24 | 000,212,097 | ---- | M] () -- C:\Program Files\GIMP 2\bin\liblcms-1.dll
MOD - [2013/06/22 03:53:32 | 000,442,783 | ---- | M] () -- C:\Program Files\GIMP 2\bin\libtiff-5.dll
MOD - [2013/06/22 03:39:32 | 000,241,850 | ---- | M] () -- C:\Program Files\GIMP 2\bin\libfontconfig-1.dll
MOD - [2013/06/22 03:38:28 | 000,279,279 | ---- | M] () -- C:\Program Files\GIMP 2\bin\libjasper-1.dll
MOD - [2013/06/22 03:36:52 | 000,218,650 | ---- | M] () -- C:\Program Files\GIMP 2\bin\libjpeg-8.dll
MOD - [2013/06/22 03:36:04 | 001,169,897 | ---- | M] () -- C:\Program Files\GIMP 2\bin\libxml2-2.dll
MOD - [2013/06/22 03:35:02 | 000,501,844 | ---- | M] () -- C:\Program Files\GIMP 2\bin\libfreetype-6.dll
MOD - [2013/06/22 03:34:50 | 000,173,623 | ---- | M] () -- C:\Program Files\GIMP 2\bin\libpng15-15.dll
MOD - [2013/06/22 03:28:00 | 000,629,673 | ---- | M] () -- C:\Program Files\GIMP 2\bin\libpixman-1-0.dll
MOD - [2013/06/22 03:26:32 | 000,106,234 | ---- | M] () -- C:\Program Files\GIMP 2\bin\zlib1.dll
MOD - [2013/06/22 03:26:22 | 000,052,640 | ---- | M] () -- C:\Program Files\GIMP 2\bin\libffi-6.dll
MOD - [2013/06/21 21:58:42 | 000,406,761 | ---- | M] () -- C:\Program Files\GIMP 2\bin\libgegl-0.2-0.dll
MOD - [2013/06/21 21:46:14 | 000,088,051 | ---- | M] () -- C:\Program Files\GIMP 2\lib\gtk-2.0\2.10.0\engines\libwimp.dll
MOD - [2013/06/21 21:26:16 | 000,303,727 | ---- | M] () -- C:\Program Files\GIMP 2\bin\libharfbuzz-0.dll
MOD - [2013/06/21 21:25:20 | 000,143,089 | ---- | M] () -- C:\Program Files\GIMP 2\bin\libbabl-0.1-0.dll
MOD - [2013/06/21 21:10:44 | 000,648,818 | ---- | M] () -- C:\Program Files\GIMP 2\bin\libcairo-2.dll
MOD - [2013/06/21 20:37:14 | 000,117,730 | ---- | M] () -- C:\Program Files\GIMP 2\bin\libgcc_s_sjlj-1.dll
MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/03/02 11:20:58 | 000,224,256 | ---- | M] () -- C:\Program Files\GNU\GnuPG\dirmngr.exe
MOD - [2011/03/02 11:17:18 | 000,603,136 | ---- | M] () -- C:\Program Files\GNU\GnuPG\libgcrypt-11.dll
MOD - [2011/03/02 11:16:20 | 000,208,384 | ---- | M] () -- C:\Program Files\GNU\GnuPG\libksba-8.dll
MOD - [2011/03/02 11:16:08 | 000,073,216 | ---- | M] () -- C:\Program Files\GNU\GnuPG\libassuan-0.dll
MOD - [2011/03/02 11:13:52 | 000,048,640 | ---- | M] () -- C:\Program Files\GNU\GnuPG\libgpg-error-0.dll
MOD - [2011/03/02 11:11:52 | 000,038,400 | ---- | M] () -- C:\Program Files\GNU\GnuPG\libw32pth-0.dll
MOD - [2010/06/06 10:20:02 | 000,065,344 | ---- | M] () -- C:\WINDOWS\system32\PDFreDirectMonNT.dll
MOD - [2008/04/13 20:12:40 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE
MOD - [2008/04/13 20:12:08 | 000,214,528 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\wbemcomn.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\runservice.exe -- (LicCtrlService)
SRV - [2013/08/10 12:44:56 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/08/06 22:52:07 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/07 19:37:37 | 001,990,464 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/09/07 23:04:27 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/06/17 03:51:58 | 000,075,536 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/01/12 12:26:20 | 000,040,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe -- (ServiceProviderRegistry)
SRV - [2011/05/25 02:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/02 15:46:44 | 000,027,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\LANConfigSvc.exe -- (LANConfig)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (WSS_ComputerBackupProviderSvc)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (SqmProviderSvc)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (providers_system)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (NotificationsProviderSvc)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (initMonitor)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (HealthAlertsSvc)
SRV - [2011/03/02 13:54:44 | 000,162,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe -- (WSConnectorUpdate)
SRV - [2011/03/02 11:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Program Files\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2009/12/24 10:31:28 | 000,928,496 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cypherixsrv.exe -- (cypherixservice)
SRV - [2008/06/09 10:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/06/27 15:45:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/27 15:45:12 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/27 15:45:12 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/07 19:38:17 | 000,099,080 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/11/07 19:38:16 | 000,032,640 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/11/07 19:38:14 | 000,497,952 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/06/17 03:51:54 | 000,137,488 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/02 13:33:12 | 000,053,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BackupReader.sys -- (BackupReader)
DRV - [2010/02/09 09:52:54 | 000,097,784 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cyphxdrv.sys -- (cyphxdrv)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/10/20 23:22:32 | 001,425,280 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/07/28 04:55:00 | 000,143,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/06/15 10:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/01/10 18:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 18:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://myvaughnmelton.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Eudora 8.0.0b5\extensions\\Components: C:\Program Files\Eudora\components [2013/05/26 09:14:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Eudora 8.0.0b5\extensions\\Plugins: C:\Program Files\Eudora\plugins [2013/05/26 09:14:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/14 23:50:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/06 22:51:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/06 22:51:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 21:01:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/08/01 21:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ahutsell2001\Application Data\Mozilla\Extensions
[2011/08/01 21:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ahutsell2001\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/08/14 22:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ahutsell2001\Application Data\Mozilla\Firefox\Profiles\pz8ot46n.default\extensions
[2013/08/14 22:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ahutsell2001\Application Data\Mozilla\Firefox\Profiles\pz8ot46n.default\extensions\staged
[2013/08/08 18:45:00 | 000,534,178 | ---- | M] () (No name found) -- C:\Documents and Settings\ahutsell2001\Application Data\Mozilla\Firefox\Profiles\pz8ot46n.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/08/14 22:11:54 | 000,534,203 | ---- | M] () (No name found) -- C:\Documents and Settings\ahutsell2001\Application Data\Mozilla\Firefox\Profiles\pz8ot46n.default\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/08/06 22:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/06 22:51:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/08/06 22:51:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/08/06 22:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/06 22:52:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/07/10 03:47:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Launchpad] C:\Program Files\Windows Server\Bin\Launchpad.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe (Corel TW Corp.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\ahutsell2001\Start Menu\Programs\Startup\Shortcut to procexp.lnk = C:\WINDOWS\system32\procexp.exe (Sysinternals - www.sysinternals.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://myvaughnmelton.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1344404936000 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09023F61-51CB-4D61-828F-B6CF496B9DB1}: DhcpNameServer = 192.168.0.2
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/01 01:29:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/03/13 22:09:25 | 000,000,173 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008/08/26 18:53:56 | 000,000,000 | R--D | M] - H:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2008/03/12 15:18:36 | 000,425,088 | R--- | M] (Individual Software Inc.) - H:\autorun.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/15 21:12:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/08/11 19:24:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ahutsell2001\Recent
[2013/08/11 02:08:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ahutsell2001\Desktop\OTL.exe
[2013/08/07 23:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\gtk-2.0
[2013/08/07 23:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\gegl-0.2
[2013/08/07 23:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ahutsell2001\.gimp-2.8
[2013/08/07 23:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013/08/06 22:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/06 21:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013/07/31 20:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\Adobe
[2013/07/31 00:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/07/31 00:31:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/07/27 17:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ahutsell2001\Application Data\gtk-2.0
[2013/07/23 01:02:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/15 21:31:07 | 000,502,718 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/15 21:31:07 | 000,088,242 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/15 21:29:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/15 21:29:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/15 21:23:42 | 000,000,774 | ---- | M] () -- C:\WINDOWS\tasks\Alert Evaluations.job
[2013/08/15 21:21:09 | 000,000,862 | ---- | M] () -- C:\WINDOWS\tasks\Health Definition Updates.job
[2013/08/15 21:21:09 | 000,000,788 | ---- | M] () -- C:\WINDOWS\tasks\InstallAddIns.job
[2013/08/15 21:21:03 | 000,000,794 | ---- | M] () -- C:\WINDOWS\tasks\RenewClientCertificate.job
[2013/08/15 18:29:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/15 15:41:31 | 000,000,858 | ---- | M] () -- C:\WINDOWS\tasks\UploadCEIPData.job
[2013/08/15 11:50:00 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/08/15 04:00:46 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\SyncToy Music Sync.job
[2013/08/15 02:00:01 | 000,000,524 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 762ceecc-56fb-4a5b-86fc-5278d51db2d7.job
[2013/08/15 02:00:01 | 000,000,524 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 3ff65753-3767-48ed-a63d-2c1855324e99.job
[2013/08/15 01:16:36 | 000,000,842 | ---- | M] () -- C:\WINDOWS\tasks\Backup.job
[2013/08/15 00:00:30 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\SaveCEIPData.job
[2013/08/11 19:08:45 | 000,007,637 | ---- | M] () -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\recently-used.xbel
[2013/08/11 18:59:45 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/11 18:54:23 | 067,625,010 | ---- | M] () -- C:\s41o.1
[2013/08/11 18:54:23 | 067,625,010 | ---- | M] () -- C:\s41o
[2013/08/11 18:54:22 | 067,625,010 | ---- | M] () -- C:\s41o.2
[2013/08/11 18:49:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/08/11 18:44:51 | 067,625,010 | ---- | M] () -- C:\s4qg
[2013/08/11 18:44:50 | 067,625,010 | ---- | M] () -- C:\s4qg.1
[2013/08/11 18:44:49 | 067,625,010 | ---- | M] () -- C:\s4qg.2
[2013/08/11 18:27:48 | 067,625,010 | ---- | M] () -- C:\s5d4.1
[2013/08/11 18:27:48 | 067,625,010 | ---- | M] () -- C:\s5d4
[2013/08/11 18:27:47 | 067,625,010 | ---- | M] () -- C:\s5d4.2
[2013/08/11 14:20:25 | 000,000,021 | ---- | M] () -- C:\WINDOWS\S.dirmngr
[2013/08/11 14:20:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/11 13:58:12 | 000,006,108 | ---- | M] () -- F:\ACH\My Documents\ArcGISTest.csv
[2013/08/11 11:59:29 | 001,540,734 | ---- | M] () -- C:\Documents and Settings\ahutsell2001\Desktop\Kitten.gif
[2013/08/11 03:04:42 | 000,001,668 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2013/08/11 02:08:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ahutsell2001\Desktop\OTL.exe
[2013/08/10 14:52:52 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2013/08/04 15:38:53 | 000,041,135 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2013/07/31 00:35:53 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/07/27 23:26:35 | 000,092,672 | ---- | M] () -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/27 23:09:56 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/07/23 01:02:37 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/11 19:08:45 | 000,007,637 | ---- | C] () -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\recently-used.xbel
[2013/08/11 18:47:23 | 067,625,010 | ---- | C] () -- C:\s41o.2
[2013/08/11 18:47:23 | 067,625,010 | ---- | C] () -- C:\s41o.1
[2013/08/11 18:47:23 | 067,625,010 | ---- | C] () -- C:\s41o
[2013/08/11 18:27:53 | 067,625,010 | ---- | C] () -- C:\s4qg.2
[2013/08/11 18:27:53 | 067,625,010 | ---- | C] () -- C:\s4qg.1
[2013/08/11 18:27:53 | 067,625,010 | ---- | C] () -- C:\s4qg
[2013/08/11 18:21:21 | 067,625,010 | ---- | C] () -- C:\s5d4.2
[2013/08/11 18:21:21 | 067,625,010 | ---- | C] () -- C:\s5d4.1
[2013/08/11 18:21:21 | 067,625,010 | ---- | C] () -- C:\s5d4
[2013/08/11 11:59:29 | 001,540,734 | ---- | C] () -- C:\Documents and Settings\ahutsell2001\Desktop\Kitten.gif
[2013/08/07 23:08:14 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\GIMP 2.lnk
[2013/08/05 00:58:03 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2013/07/31 00:35:53 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/07/31 00:21:34 | 000,000,021 | ---- | C] () -- C:\WINDOWS\S.dirmngr
[2013/07/23 01:02:37 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2013/06/27 15:45:12 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/06/26 23:42:10 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/06/26 23:42:10 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/05/26 15:23:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVM.INI
[2013/05/01 21:02:05 | 000,000,561 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2013/03/15 23:56:25 | 000,175,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/15 23:56:24 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2012/12/01 16:30:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/11/13 20:17:07 | 000,000,101 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2012/10/13 18:48:34 | 000,444,629 | ---- | C] () -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\census.cache
[2012/10/13 18:48:23 | 000,220,087 | ---- | C] () -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\ars.cache
[2012/10/12 23:53:21 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\housecall.guid.cache
[2012/05/04 21:44:28 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI
[2012/02/16 03:07:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 21:23:21 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.tv6
[2011/12/16 21:39:44 | 000,001,393 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys_old
[2011/12/16 21:39:39 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2011/12/16 21:39:38 | 000,002,560 | ---- | C] () -- C:\WINDOWS\Runservice.exe_OLD
[2011/10/07 03:15:29 | 002,868,454 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1220945662-492894223-725345543-1003-0.dat
[2011/10/07 03:15:29 | 000,412,214 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/09/19 19:46:22 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/19 19:29:50 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/08/23 22:09:45 | 000,115,326 | ---- | C] () -- C:\WINDOWS\hpgins21.dat.temp
[2011/08/23 22:09:45 | 000,000,282 | ---- | C] () -- C:\WINDOWS\hpgmdl21.dat.temp
[2011/08/23 21:59:06 | 000,001,758 | ---- | C] () -- C:\WINDOWS\hpwmdl24.dat.temp
[2011/08/23 21:50:14 | 000,115,318 | ---- | C] () -- C:\WINDOWS\hpgins21.dat
[2011/08/23 21:50:14 | 000,000,282 | ---- | C] () -- C:\WINDOWS\hpgmdl21.dat
[2011/08/16 22:56:33 | 000,186,134 | ---- | C] () -- C:\WINDOWS\hpwins24.dat
[2011/08/16 22:56:33 | 000,001,758 | ---- | C] () -- C:\WINDOWS\hpwmdl24.dat

========== ZeroAccess Check ==========

[2011/08/03 19:56:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/30 18:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahutsell2001\Application Data\Amazon
[2013/08/06 20:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahutsell2001\Application Data\Audacity
[2013/07/13 12:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahutsell2001\Application Data\eLanguage
[2013/07/14 15:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahutsell2001\Application Data\esri
[2012/10/25 23:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahutsell2001\Application Data\f-secure
[2012/05/07 22:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahutsell2001\Application Data\FileZilla
[2013/06/30 11:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahutsell2001\Application Data\Foxit Software
[2011/11/12 11:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahutsell2001\Application Data\Full
[2013/02/14 13:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahutsell2001\Application Data\gnupg
[2013/07/27 22:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahutsell2001\Application Data\gtk-2.0
[2011/08/23 22:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahutsell2001\Application Data\Image Zone Express
[2011/11/05 12:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahutsell2001\Application Data\PDF reDirect
[2011/08/23 22:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahutsell2001\Application Data\Printer Info Cache
[2013/01/05 19:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahutsell2001\Application Data\TaxCut
[2011/08/01 21:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahutsell2001\Application Data\Thunderbird
[2011/09/26 20:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahutsell2001\Application Data\Ulead Systems
[2011/08/04 21:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2013/03/15 23:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/07/13 12:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eLanguage
[2012/10/25 23:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2013/02/09 11:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GNU
[2011/08/05 13:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011/12/12 22:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/11/05 12:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF reDirect
[2012/07/04 19:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegRun
[2011/12/17 18:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2012/12/16 18:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2012/01/02 21:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\twonkyserver
[2011/08/07 15:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

========== Purity Check ==========



< End of report >

Edited by majorlag, 16 August 2013 - 05:02 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP