Jump to content


Photo

Trojans win32 Sirefef!E2 & E1


  • This topic is locked This topic is locked
43 replies to this topic

#1 luluhifi

luluhifi

    Advanced Member

  • Advanced Member
  • 2,434 posts
  • Location:Wash.DC, USA

Posted 18 July 2012 - 04:09 PM

:adios: Hello Pit >>I found a bunch of these Trojans>>>SiresefE2 on my win7 laptop.I would like to know if anyone in the Pit have a way of getting Rid of these nasty stuff without doing a clean install or a in place install :hammer:

#2 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 19 July 2012 - 12:39 PM

Hello luluhifi

I have moved your thread here as you may need some additional assistance in dealing with this infection.

I found a bunch of these Trojans>>>SiresefE2 on my win7 laptop

Lets see if we are able to get some system scans with the following tools:

  • Please perform the following scan
    • Please download DDS from here and save it to your desktop.
    • Disable any script blocking protection (How to Disable your Security Programs)
    • Right click on the DDS icon and select "Run as Administrator" to run the tool (may take up to 3 minutes to run).
    • When done, DDS.txt will open.
    • After a few moments, attach.txt will open in a second window.
    • Save both reports to your desktop.
    • Please post the contents of the DDS.txt and Attach.txt logs in your next reply.
  • aswMBR
    • Download aswMBR.exe to your desktop.
    • Double click the aswMBR.exe to run it.
    • When asked if you want to download Avast's virus definitions please select Yes.
    • Click the "Scan" button to start scan.
    Posted Image

    • On completion of the scan click save log, save it to your desktop and post in your next reply.
    Posted Image

    Please post both DDS logs and the aswMBR log in your next reply (you may have to make more than one post to fit all of the information in).

Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#3 luluhifi

luluhifi

    Advanced Member

  • Advanced Member
  • 2,434 posts
  • Location:Wash.DC, USA

Posted 19 July 2012 - 10:16 PM

ok thanks :) i going to deal with it now :hammer:

#4 luluhifi

luluhifi

    Advanced Member

  • Advanced Member
  • 2,434 posts
  • Location:Wash.DC, USA

Posted 19 July 2012 - 10:24 PM

DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by TTArmstrong at 23:20:54 on 2012-07-19 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uURLSearchHooks: H - No File uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - f:program filesutorrentbartbuTor.dll mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - f:program filesutorrentbartbuTor.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - f:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - f:program filesconduitengineConduitEngine.dll BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - f:program filesspywareguarddlprotect.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - f:progra~1micros~2office14GROOVEEX.DLL BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - f:program filesjavajre6binssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - f:program filesgooglegoogle toolbarGoogleToolbar_32.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - f:progra~1micros~2office14URLREDIR.DLL BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - f:program filesutorrentbartbuTor.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:program filesjavajre6binjp2ssv.dll TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - f:program filesutorrentbartbuTor.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - f:program filesconduitengineConduitEngine.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - f:program filesgooglegoogle toolbarGoogleToolbar_32.dll uRun: [Sidebar] f:program fileswindows sidebarsidebar.exe /autoRun uRun: [swg] "f:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe" uRun: [Google Update] "f:usersttarmstrongappdatalocalgoogleupdateGoogleUpdate.exe" /c mRun: [KEEBOX 150N Wireless Utility] f:program fileskeebox150n wireless utilityWlanMon.exe mRun: [COMODO Internet Security] "f:program filescomodocomodo internet securitycfp.exe" -h mRun: [PSUNMain] "f:program filespanda securitypanda cloud antivirusPSUNMain.exe" /Traybar mRun: [ThreatFire] f:program filesthreatfireTFTray.exe mRun: [SonneDVDCreator] f:program filesmagic burning studioDVDCreator.exe mRun: [BurnStudio] "f:program filesmagic burning studiombs.exe" Hide StartupFolder: f:usersttarms~1appdataroamingmicros~1windowsstartm~1programsstartupspywar~1.lnk - f:program filesspywareguardsgmain.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: E&xport to Microsoft Excel - f:progra~1micros~2office14EXCEL.EXE/3000 IE: Se&nd to OneNote - f:progra~1micros~2office14ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - f:program filesmicrosoft officeoffice14ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - f:program filesmicrosoft officeoffice14ONBttnIELinkedNotes.dll LSP: mswsock.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 68.105.28.16 68.105.29.17 68.105.29.16 68.105.28.17 TCP: Interfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10} : DhcpNameServer = 68.105.28.16 68.105.29.17 68.105.29.16 68.105.28.17 TCP: Interfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10}351657464697 : DhcpNameServer = 192.168.2.1 TCP: Interfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10}45451427D6374727F6E676731313 : DhcpNameServer = 192.168.0.1 TCP: Interfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10}6427F6E64796562743737323 : DhcpNameServer = 192.168.254.254 TCP: Interfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10}946434D2F40756E6 : DhcpNameServer = 192.168.1.21 TCP: Interfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10}A616D636166656 : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - f:program filescommon filesmicrosoft sharedoffice14MSOXMLMF.DLL Notify: !SASWinLogon - f:program filessuperantispywareSASWINLO.DLL AppInit_DLLs: f:windowssystem32guard32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%system32wpdshserviceobj.dll SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - f:program filesspywareguardspywareguard.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - f:progra~1micros~2office14GROOVEEX.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - f:program filessuperantispywareSASSEH.DLL . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2012-07-18 07:18:31 2345984 ----a-w- f:windowssystem32win32k.sys 2012-07-18 05:55:25 43480 ----a-w- f:windowssystem32driversgtqjbadj.sys 2012-07-18 01:26:03 -------- d--h--w- F:VritualRoot 2012-07-18 00:46:04 56200 ----a-w- f:programdatamicrosoftmicrosoft antimalwaredefinition updates{2356b655-c2c0-4e58-bb14-9f65886a6888}offreg.dll 2012-07-18 00:44:06 713784 ----a-w- f:programdatamicrosoftmicrosoft antimalwaredefinition updates{13315781-abdc-4e56-a8c6-af633331e555}gapaengine.dll 2012-07-18 00:43:56 6891424 ----a-w- f:programdatamicrosoftmicrosoft antimalwaredefinition updates{2356b655-c2c0-4e58-bb14-9f65886a6888}mpengine.dll 2012-07-18 00:13:11 2422272 ----a-w- f:windowssystem32wucltux.dll 2012-07-18 00:12:59 88576 ----a-w- f:windowssystem32wudriver.dll 2012-07-18 00:12:50 33792 ----a-w- f:windowssystem32wuapp.exe 2012-07-18 00:12:50 171904 ----a-w- f:windowssystem32wuwebv.dll 2012-07-18 00:11:47 -------- d-----w- f:program filesMicrosoft Security Client 2012-07-17 23:11:39 7680 ----a-w- f:windows12225517.exe 2012-07-14 12:45:01 69392 ----a-w- f:windowssystem32driversTfSysMon.sys 2012-07-14 12:45:01 51984 ----a-w- f:windowssystem32driversTfFsMon.sys 2012-07-14 12:45:01 33552 ----a-w- f:windowssystem32driversTfNetMon.sys 2012-07-14 12:45:00 -------- d-----w- f:programdataPC Tools 2012-07-14 12:45:00 -------- d-----w- f:program filesThreatFire 2012-07-13 02:43:10 -------- d-----w- f:usersttarmstrongappdataroamingf-secure 2012-07-13 02:42:53 -------- d-----w- f:programdataF-Secure 2012-07-13 02:23:42 14664 ----a-w- f:windowsstinger.sys 2012-07-13 02:22:14 -------- d-----w- f:program filesstinger 2012-07-07 17:28:51 -------- d-----w- f:program filesNewAgeDesign 2012-06-30 20:17:57 6762896 ----a-w- f:programdatamicrosoftwindows defenderdefinition updates{cd6a007c-8d62-4856-a523-23b49072749b}mpengine.dll 2012-06-29 17:39:34 -------- d-----w- f:program files1ClickDownload 2012-06-23 22:19:32 -------- d-----w- F:My Recordings 2012-06-23 12:10:16 -------- d-----w- f:program filesHP 2012-06-23 12:09:59 -------- d-----w- f:usersttarmstrongappdatalocalHP . ==================== Find3M ==================== . 2012-07-12 02:21:10 70344 ----a-w- f:windowssystem32FlashPlayerCPLApp.cpl 2012-07-12 02:21:10 426184 ----a-w- f:windowssystem32FlashPlayerApp.exe 2012-07-03 17:46:44 22344 ----a-w- f:windowssystem32driversmbam.sys 2012-06-06 05:05:52 1390080 ----a-w- f:windowssystem32msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- f:windowssystem32msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- f:windowssystem32cdosys.dll 2012-06-02 08:33:25 1800192 ----a-w- f:windowssystem32jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- f:windowssystem32wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- f:windowssystem32inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- f:windowssystem32ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- f:windowssystem32mshtml.tlb 2012-06-02 04:45:04 67440 ----a-w- f:windowssystem32driversksecdd.sys 2012-06-02 04:45:03 134000 ----a-w- f:windowssystem32driversksecpkg.sys 2012-06-02 04:40:59 369336 ----a-w- f:windowssystem32driverscng.sys 2012-06-02 04:40:39 225280 ----a-w- f:windowssystem32schannel.dll 2012-06-02 04:39:10 219136 ----a-w- f:windowssystem32ncrypt.dll 2012-05-01 04:44:12 164352 ----a-w- f:windowssystem32profsvc.dll 2012-04-28 03:17:07 183808 ----a-w- f:windowssystem32driversrdpwd.sys 2012-04-26 04:45:55 58880 ----a-w- f:windowssystem32rdpwsx.dll 2012-04-26 04:45:54 129536 ----a-w- f:windowssystem32rdpcorekmts.dll 2012-04-26 04:41:16 8192 ----a-w- f:windowssystem32rdrmemptylst.exe 2012-04-24 04:36:42 140288 ----a-w- f:windowssystem32cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- f:windowssystem32crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- f:windowssystem32cryptnet.dll . ============= FINISH: 23:22:47.58 ===============

#5 luluhifi

luluhifi

    Advanced Member

  • Advanced Member
  • 2,434 posts
  • Location:Wash.DC, USA

Posted 19 July 2012 - 10:26 PM

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . . ==== Disk Partitions ========================= . . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 1ClickDownloader 4Videosoft MKV Video Converter Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) Audio Editor Master v5.4.1.238 BioAPI Framework BitTorrent CCleaner Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module CleanMem CleanUp! Comodo Dragon COMODO Internet Security Compatibility Pack for the 2007 Office system Conduit Engine ConvertXtoDVD 4.1.19.365 dBpowerAMP WMA V9.1 Codec Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell ControlVault Host Components Installer Dell Driver Download Manager Dell Security Device Driver Pack Disk Cleaner (remove only) Download Updater (AOL LLC) DVD Audio Extractor 5.2.3 DVD Converter Ultimate 1.4.0.8 DVD Shrink 3.2 DVD Shrink Pro DVDFab 8.1.6.0 (01/02/2012) Qt Emsisoft Anti-Malware ESET Online Scanner v3 EZ Label Xpress Lite ffdshow [rev 2975] [2009-05-28] FormatFactory 2.90 FREE Hi-Q Recorder 1.92 Google Chrome Google Toolbar for Internet Explorer Google Update Helper High-Definition Video Playback 10 HP Deskjet 1050 J410 series Basic Device Software HP Deskjet 1050 J410 series Help ImgBurn Java Auto Updater Java™ 6 Update 31 JPG to PDF Converter 1.0 KEEBOX 150N Wireless Utility Magic Burning Studio 12.3.1.31 Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Antimalware Microsoft Office 2000 Premium Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Primary Interoperability Assemblies 2005 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 10 Menu TemplatePack Basic Nero 10 Movie ThemePack Basic Nero BackItUp 10 Nero BackItUp 10 Help (CHM) Nero Burning ROM 10 Nero BurningROM 10 Help (CHM) Nero BurnRights 10 Nero BurnRights 10 Help (CHM) Nero Control Center 10 Nero ControlCenter 10 Help (CHM) Nero Core Components 10 Nero CoverDesigner 10 Nero CoverDesigner 10 Help (CHM) Nero DiscCopy Gadget 10 Nero DiscCopyGadget 10 Help (CHM) Nero DiscSpeed 10 Nero DiscSpeed 10 Help (CHM) Nero Dolby Files 10 Nero Express 10 Nero Express 10 Help (CHM) Nero InfoTool 10 Nero InfoTool 10 Help (CHM) Nero MediaHub 10 Nero MediaHub 10 Help (CHM) Nero Multimedia Suite 10 Nero Recode 10 Nero Recode 10 Help (CHM) Nero RescueAgent 10 Nero RescueAgent 10 Help (CHM) Nero SoundTrax 10 Nero SoundTrax 10 Help (CHM) Nero StartSmart 10 Nero StartSmart 10 Help (CHM) Nero Update Nero Vision 10 Nero Vision 10 Help (CHM) Nero WaveEditor 10 Nero WaveEditor 10 Help (CHM) NirSoft Wireless Network Watcher NoDupe 32-bit (v1.16.7.2) NVIDIA Drivers NVIDIA nView Desktop Manager Octoshape add-in for Adobe Flash Player Pale Moon (3.6.32) Panda Cloud Antivirus PeerGuardian 2.0 PowerDVD DX Real Alternative 1.8.4 Lite Real Hide IP RedMon - Redirection Port Monitor Secunia PSI (2.0.0.4003) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Service Center Setup Skype™ 5.5 SLOW-PCfighter Smart Defrag 2 Speed Video Splitter 4.3.39 SpywareBlaster 4.6 SpywareGuard v2.2 Streaming Video Recorder V2.2.5 SUPERAntiSpyware Tenda Wireless LAN Card ThreatFire Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553092) UPEK TouchChip Fingerprint Reader uTorrentBar Toolbar VGA USB Camera VirtualDJ PRO Full VLC media player 2.0.1 Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) Windows Installer Clean Up Windows Media Player Firefox Plugin WinRAR archiver Wisdom-soft Set up ScreenHunter 5.1 Pro . ==== End Of File ===========================

#6 luluhifi

luluhifi

    Advanced Member

  • Advanced Member
  • 2,434 posts
  • Location:Wash.DC, USA

Posted 19 July 2012 - 10:43 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-19 23:28:30 ----------------------------- 23:28:30.396 OS Version: Windows 6.1.7601 Service Pack 1 23:28:30.396 Number of processors: 2 586 0x170A 23:28:30.396 ComputerName: TTARMSTRONG-PC UserName: TTArmstrong 23:28:30.937 Initialize success 23:29:07.000 AVAST engine defs: 12071902 23:29:39.288 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIAAStorageDevice-1 23:29:39.290 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 8 23:29:39.312 Disk 0 MBR read successfully 23:29:39.314 Disk 0 MBR scan 23:29:39.319 Disk 0 Windows 7 default MBR code 23:29:39.322 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 266 MB offset 63 23:29:39.376 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 60345 MB offset 546210 23:29:39.382 Disk 0 Partition - 00 0F Extended LBA 92012 MB offset 124134255 23:29:39.399 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 51348 MB offset 124134318 23:29:39.406 Disk 0 Partition - 00 05 Extended 40664 MB offset 229295745 23:29:39.423 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 40664 MB offset 229295808 23:29:39.431 Disk 0 scanning sectors +312576705 23:29:39.486 Disk 0 scanning F:Windowssystem32drivers 23:29:49.886 Service scanning 23:30:15.238 Modules scanning 23:30:23.883 Disk 0 trace - called modules: 23:30:23.908 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorV.sys halmacpi.dll 23:30:23.913 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0x8bba37c8] 23:30:23.918 3 CLASSPNP.SYS[8e5be59e] -> nt!IofCallDriver -> DeviceIdeIAAStorageDevice-1[0x8ad8d028] 23:30:24.504 AVAST engine scan F:Windows 23:30:26.241 AVAST engine scan F:Windowssystem32 23:32:09.375 File: F:WindowsassemblyGACDesktop.ini **INFECTED** Win32:Sirefef-PL [Rtk] 23:32:47.940 AVAST engine scan F:Windowssystem32drivers 23:33:00.543 AVAST engine scan F:UsersTTArmstrong 23:35:30.945 AVAST engine scan F:ProgramData 23:36:25.003 Scan finished successfully 23:42:23.402 Disk 0 MBR has been saved successfully to "F:UsersTTArmstrongDesktopMBR.dat" 23:42:23.408 The log file has been saved successfully to "F:UsersTTArmstrongDesktopaswMBR log.txt"

#7 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 20 July 2012 - 05:56 AM

Hello luluhifi and :wp:

My name is JonTom
  • Malware Logs can sometimes take a lot of time to research and interpret.
  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  • PLEASE NOTE: If you do not reply after 3 days your thread will be closed.

I would like to know if anyone in the Pit have a way of getting Rid of these nasty stuff without doing a clean install or a in place install

There is a serious rootkit infection on this machine so I cannot give you any guarantees. It would be wise to back up all of your important data before we begin since if the infection cannot be cleaned a reformat and reinstallation of the operating system will be the best course of action.


The infection on this machine has password stealing capabilities. If you use this machine for any kind of financial transactions please go to an uninfected system and change all of your passwords as soon as you can.
  • P2P Programs:
    • P2P programs are a major source of Malware infections.
    • From your log I see you have BitTorrent. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
    • The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
    • If you wish to keep the program(s), please do not use them until your computer is cleaned.
    • Information regarding the risk of using these programs can be found from here and here.
    • It is strongly recommend that you uninstall any P2P programs you have on your system.
    • To do this, Click on the "Windows Orb" (bottom left hand corner of your screen), then on "Conrol Panel" and then on the "Programs and Features" tab.
    • A list of currently installed programs will be displayed.
    • Find the "BitTorrent" program, click on it once and then click on the "Uninstall" button.
    • If you are prompted to re-boot your computer to complete the uninstall please do so.


      PLEASE NOTE:
    • Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.
  • Please un-install the following programs
    • Click on "Start" then on "Control Panel" and then on the "Programs and Features" tab.
    • Find the "1ClickDownloader" program, click on it once and then click on the "uninstall" button.
    • If you are prompted to re-boot your computer to complete the uninstall please do so.
    • Repeat for Conduit Engine and uTorrentBar Toolbar.
  • Combofix
    • Download ComboFix from one of the following locations:

      Link 1
      Link 2
    • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
    • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here.
    • Right click on ComboFix.exe and select "Run as Administrator" to run the program. Follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Posted Image

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    Posted Image

    • Click on Yes, to continue scanning for malware.
    • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
    • Should there be issues with internet afterward:

      In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

      In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.
    Please post the Combofix log in your next reply.

Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#8 luluhifi

luluhifi

    Advanced Member

  • Advanced Member
  • 2,434 posts
  • Location:Wash.DC, USA

Posted 22 July 2012 - 04:47 PM

ok JonTom :) thanks

#9 luluhifi

luluhifi

    Advanced Member

  • Advanced Member
  • 2,434 posts
  • Location:Wash.DC, USA

Posted 22 July 2012 - 07:35 PM

ComboFix 12-07-21.01 - TTArmstrong 07/22/2012 19:52:23.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2036.1031 [GMT -4:00] Running from: f:usersTTArmstrongDesktopComboFix.exe AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . f:usersTTArmstrongAppDataRoamingTTArmstronglog.dat f:windows12225517.exe f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}@ f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}L00000004.@ f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}L1afb2d56 f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}L201d3dde f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U00000004.@ f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U00000008.@ f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U000000cb.@ f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U80000000.@ f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U80000032.@ . f:windowssystem32services.exe . . . is infected!! . Infected copy of f:windowssystem32services.exe was found and disinfected Restored copy from - f:windowswinsxsx86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967bservices.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 ))))))))))))))))))))))))))))))) . . 2012-07-23 00:02 . 2012-07-23 00:19 -------- d-----w- f:usersTTArmstrongAppDataLocaltemp 2012-07-23 00:02 . 2012-07-23 00:02 -------- d-----w- f:usersDefaultAppDataLocaltemp 2012-07-21 14:41 . 2012-07-21 14:41 114176 ----a-w- f:programdataMicrosoftWindowsDRMD6B1.tmp 2012-07-21 14:41 . 2012-07-21 14:41 114176 ----a-w- f:programdataMicrosoftWindowsDRMD27B.tmp 2012-07-18 07:18 . 2012-06-12 02:40 2345984 ----a-w- f:windowssystem32win32k.sys 2012-07-18 05:55 . 2012-07-18 05:55 43480 ----a-w- f:windowssystem32driversgtqjbadj.sys 2012-07-18 01:26 . 2012-07-18 01:26 -------- d-----w- F:VritualRoot 2012-07-18 00:46 . 2012-07-18 05:57 56200 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{2356B655-C2C0-4E58-BB14-9F65886A6888}offreg.dll 2012-07-18 00:44 . 2012-07-18 00:43 713784 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{13315781-ABDC-4E56-A8C6-AF633331E555}gapaengine.dll 2012-07-18 00:43 . 2012-06-29 05:44 6891424 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{2356B655-C2C0-4E58-BB14-9F65886A6888}mpengine.dll 2012-07-18 00:13 . 2012-06-02 22:19 53784 ----a-w- f:windowssystem32wuauclt.exe 2012-07-18 00:13 . 2012-06-02 22:19 45080 ----a-w- f:windowssystem32wups2.dll 2012-07-18 00:13 . 2012-06-02 22:19 1933848 ----a-w- f:windowssystem32wuaueng.dll 2012-07-18 00:13 . 2012-06-02 22:12 2422272 ----a-w- f:windowssystem32wucltux.dll 2012-07-18 00:12 . 2012-06-02 22:19 35864 ----a-w- f:windowssystem32wups.dll 2012-07-18 00:12 . 2012-06-02 22:19 577048 ----a-w- f:windowssystem32wuapi.dll 2012-07-18 00:12 . 2012-06-02 22:12 88576 ----a-w- f:windowssystem32wudriver.dll 2012-07-18 00:12 . 2012-06-02 19:19 171904 ----a-w- f:windowssystem32wuwebv.dll 2012-07-18 00:12 . 2012-06-02 19:12 33792 ----a-w- f:windowssystem32wuapp.exe 2012-07-18 00:11 . 2012-07-18 07:17 -------- d-----w- f:program filesMicrosoft Security Client 2012-07-14 12:45 . 2011-02-22 17:57 69392 ----a-w- f:windowssystem32driversTfSysMon.sys 2012-07-14 12:45 . 2011-02-22 17:57 33552 ----a-w- f:windowssystem32driversTfNetMon.sys 2012-07-14 12:45 . 2011-02-22 17:57 51984 ----a-w- f:windowssystem32driversTfFsMon.sys 2012-07-14 12:45 . 2012-07-21 13:49 -------- d-----w- f:program filesThreatFire 2012-07-14 12:45 . 2012-07-14 12:45 -------- d-----w- f:programdataPC Tools 2012-07-13 02:43 . 2012-07-13 02:43 -------- d-----w- f:usersTTArmstrongAppDataRoamingf-secure 2012-07-13 02:42 . 2012-07-13 02:42 -------- d-----w- f:programdataF-Secure 2012-07-13 02:23 . 2012-07-13 02:23 14664 ----a-w- f:windowsstinger.sys 2012-07-13 02:22 . 2012-07-13 02:30 -------- d-----w- f:program filesstinger 2012-07-11 09:43 . 2012-07-11 09:43 -------- d-----w- f:program filesReal 2012-07-07 17:28 . 2012-07-07 17:28 -------- d-----w- f:program filesNewAgeDesign 2012-06-30 20:17 . 2012-05-31 03:41 6762896 ----a-w- f:programdataMicrosoftWindows DefenderDefinition Updates{CD6A007C-8D62-4856-A523-23B49072749B}mpengine.dll 2012-06-29 17:39 . 2012-07-22 22:25 -------- d-----w- f:program files1ClickDownload 2012-06-23 22:19 . 2012-06-24 02:13 -------- d-----w- F:My Recordings 2012-06-23 12:10 . 2012-06-23 12:12 -------- d-----w- f:programdataHP 2012-06-23 12:10 . 2012-06-23 12:10 -------- d-----w- f:program filesHP 2012-06-23 12:09 . 2012-06-23 12:09 -------- d-----w- f:usersTTArmstrongAppDataLocalHP . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 02:21 . 2012-04-04 21:17 426184 ----a-w- f:windowssystem32FlashPlayerApp.exe 2012-07-12 02:21 . 2011-05-17 13:21 70344 ----a-w- f:windowssystem32FlashPlayerCPLApp.cpl 2012-07-03 17:46 . 2010-09-30 04:56 22344 ----a-w- f:windowssystem32driversmbam.sys 2012-05-01 04:44 . 2012-06-18 03:23 164352 ----a-w- f:windowssystem32profsvc.dll 2012-04-28 03:17 . 2012-06-18 03:28 183808 ----a-w- f:windowssystem32driversrdpwd.sys 2012-04-26 04:45 . 2012-06-18 03:23 58880 ----a-w- f:windowssystem32rdpwsx.dll 2012-04-26 04:45 . 2012-06-18 03:23 129536 ----a-w- f:windowssystem32rdpcorekmts.dll 2012-04-26 04:41 . 2012-06-18 03:23 8192 ----a-w- f:windowssystem32rdrmemptylst.exe 2012-04-24 04:36 . 2012-06-18 03:23 140288 ----a-w- f:windowssystem32cryptsvc.dll 2012-04-24 04:36 . 2012-06-18 03:23 1158656 ----a-w- f:windowssystem32crypt32.dll 2012-04-24 04:36 . 2012-06-18 03:23 103936 ----a-w- f:windowssystem32cryptnet.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Sidebar"="f:program filesWindows Sidebarsidebar.exe" [2010-11-20 1174016] "swg"="f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2010-09-30 39408] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "KEEBOX 150N Wireless Utility"="f:program filesKEEBOX150N Wireless UtilityWlanMon.exe" [2010-07-06 835584] "COMODO Internet Security"="f:program filesCOMODOCOMODO Internet Securitycfp.exe" [2012-03-12 6749512] "PSUNMain"="f:program filesPanda SecurityPanda Cloud AntivirusPSUNMain.exe" [2011-04-28 439616] "ThreatFire"="f:program filesThreatFireTFTray.exe" [2011-02-22 378128] "SonneDVDCreator"="f:program filesMagic Burning StudioDVDCreator.exe" [2010-03-09 16537088] "BurnStudio"="f:program filesMagic Burning Studiombs.exe" [2010-02-09 4619264] . f:usersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup SpywareGuard.lnk - f:program filesSpywareGuardsgmain.exe [2003-8-29 360448] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:program filesSUPERAntiSpywareSASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- f:program filesSUPERAntiSpywareSASWINLO.DLL . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows] "AppInit_DLLs"=f:windowsSystem32guard32.dll . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc] @="Service" . [HKLM~startupfolderF:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk] path=f:programdataMicrosoftWindowsStart MenuProgramsStartupSecunia PSI Tray.lnk backup=f:windowspssSecunia PSI Tray.lnk.Commonstartup backupExtension=.Commonstartup . [HKLM~startupfolderF:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk] path=f:programdataMicrosoftWindowsStart MenuProgramsStartupVirtual Router Manager.lnk backup=f:windowspssVirtual Router Manager.lnk.Commonstartup backupExtension=.Commonstartup . [HKLM~startupfolderF:^Users^TTArmstrong^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LvbicEQ.exe] backupExtension=.Startup HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM] 2012-01-03 07:37 843712 ----a-w- f:program filesCommon FilesAdobeARM1.0AdobeARM.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher] 2012-04-04 05:53 35736 ----a-w- f:program filesAdobeReader 10.0Readerreader_sl.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBurnStudio] 2010-02-09 18:42 4619264 ----a-w- f:program filesMagic Burning Studiombs.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGoogle Update] 2010-09-30 04:50 136176 ----atw- f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes' Anti-Malware (reboot)] 2012-07-03 17:46 973488 ----a-w- f:program filesMalwarebytes' Anti-Malwarembam.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBAgent] 2010-03-26 14:52 1234216 ----a-w- f:program filesNeroNero 10Nero BackItUpNBAgent.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNVHotkey] 2009-06-16 14:27 92704 ----a-w- f:windowsSystem32nvhotkey.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz] 2009-06-11 02:59 1657376 ----a-w- f:windowsSystem32nwiz.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPAC7302_Monitor] 2006-11-03 16:01 319488 ----a-w- f:windowsPixartPac7302Monitor.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPDVDDXSrv] 2009-04-02 22:33 128232 ------w- f:program filesCyberLinkPowerDVD DXPDVDDXSrv.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPeerGuardian] 2007-06-02 20:59 1457152 ----a-w- f:program filesPeerGuardian2pg2.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSonneDVDCreator] 2010-03-09 22:16 16537088 ----a-w- f:program filesMagic Burning StudioDVDCreator.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched] 2012-01-18 19:02 254696 ----a-w- f:program filesCommon FilesJavaJava Updatejusched.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg] 2010-09-30 14:10 39408 ----a-w- f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUpdater] 2011-06-21 14:26 26112 ----a-w- f:usersTTArmstrongAppDataRoamingUpdaterupdateloader.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWZCSLDR2] 2010-06-21 18:28 122880 ----a-w- f:program filesKEEBOX150N Wireless UtilityWZCSLDR2.exe . [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-] "swg"="f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-] "PDVDDXSrv"="f:program filesCyberLinkPowerDVD DXPDVDDXSrv.exe" "SunJavaUpdateSched"="f:program filesCommon FilesJavaJava Updatejusched.exe" "Adobe ARM"="f:program filesCommon FilesAdobeARM1.0AdobeARM.exe" "BurnStudio"="f:program filesMagic Burning Studiombs.exe" Hide "BCSSync"="f:program filesMicrosoft OfficeOffice14BCSSync.exe" /DelayServices "NvCplDaemon"=RUNDLL32.EXE f:windowssystem32NvCpl.dll,NvStartup . R1 xeohoein;xeohoein;f:windowssystem32driversxeohoein.sys [x] R2 gupdate;Google Update Service (gupdate);f:program filesGoogleUpdateGoogleUpdate.exe [x] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm); [x] R3 a2acc;a2acc;f:program filesEMSISOFT ANTI-MALWAREa2accx86.sys [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;f:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [x] R3 cvusbdrv;Dell ControlVault;f:windowssystem32Driverscvusbdrv.sys [x] R3 gupdatem;Google Update Service (gupdatem);f:program filesGoogleUpdateGoogleUpdate.exe [x] R3 ivusb;Initio Driver for USB Default Controller;f:windowssystem32DRIVERSivusb.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;f:program filesMicrosoft OfficeOffice14GROOVE.EXE [x] R3 MpNWMon;Microsoft Malware Protection Network Driver;f:windowssystem32DRIVERSMpNWMon.sys [x] R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;f:windowssystem32DRIVERSnetr28u.sys [x] R3 NisDrv;Microsoft Network Inspection System;f:windowssystem32DRIVERSNisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;f:program filesMicrosoft Security ClientAntimalwareNisSrv.exe [x] R3 osppsvc;Office Software Protection Platform;f:program filesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [x] R3 pcouffin;VSO Software pcouffin;f:windowssystem32Driverspcouffin.sys [x] R3 TsUsbFlt;TsUsbFlt;f:windowssystem32driverstsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;f:windowssystem32WatWatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;f:windowssystem32DRIVERSwdcsam.sys [x] S0 SmartDefragDriver;SmartDefragDriver;f:windowsSystem32DriversSmartDefragDriver.sys [x] S0 TfFsMon;TfFsMon;f:windowssystem32driversTfFsMon.sys [x] S0 TfSysMon;TfSysMon;f:windowssystem32driversTfSysMon.sys [x] S1 A2DDA;A2 Direct Disk Access Support Driver;f:program filesEmsisoft Anti-Malwarea2ddax86.sys [x] S1 anodlwf;ANOD Network Security Filter driver;f:windowssystem32DRIVERSanodlwf.sys [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;f:windowssystem32DRIVERScmdguard.sys [x] S1 cmdHlp;COMODO Internet Security Helper Driver;f:windowssystem32DRIVERScmdhlp.sys [x] S1 PSINKNC;PSINKNC;f:windowssystem32DRIVERSpsinknc.sys [x] S1 SASDIFSV;SASDIFSV;f:program filesSUPERAntiSpywareSASDIFSV.SYS [x] S1 SASKUTIL;SASKUTIL;f:program filesSUPERAntiSpywareSASKUTIL.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;f:windowssystem32DRIVERSvwififlt.sys [x] S2 !SASCORE;SAS Core Service;f:program filesSUPERAntiSpywareSASCORE.EXE [x] S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;f:program filesEmsisoft Anti-Malwarea2service.exe [x] S2 AdobeARMservice;Adobe Acrobat Update Service;f:program filesCommon FilesAdobeARM1.0armsvc.exe [x] S2 Credential Vault Host Control Service;Credential Vault Host Control Service;f:program filesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe [x] S2 Credential Vault Host Storage;Credential Vault Host Storage;f:program filesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe [x] S2 NanoServiceMain;Panda Cloud Antivirus Service;f:program filesPanda SecurityPanda Cloud AntivirusPSANHost.exe [x] S2 NAUpdate;Nero Update;f:program filesNeroUpdateNASvc.exe [x] S2 Nonbrand_WUS-N;Nonbrand_WUS-N Service;f:program filesKEEBOX150N Wireless UtilityANIWZCSdS.exe [x] S2 Nonbrand_WUS-N_WPS;Nonbrand_WUS-N_WPS Service;f:program filesKEEBOX150N Wireless UtilityANIWConnService.exe [x] S2 PSINAflt;PSINAflt;f:windowssystem32DRIVERSPSINAflt.sys [x] S2 PSINFile;PSINFile;f:windowssystem32DRIVERSPSINFile.sys [x] S2 PSINProc;PSINProc;f:windowssystem32DRIVERSPSINProc.sys [x] S2 PSINProt;PSINProt;f:windowssystem32DRIVERSPSINProt.sys [x] S2 Secunia PSI Agent;Secunia PSI Agent;f:program filesSecuniaPSIPSIA.exe [x] S2 Secunia Update Agent;Secunia Update Agent;f:program filesSecuniaPSIsua.exe [x] S2 ThreatFire;ThreatFire;f:program filesThreatFireTFService.exe service [x] S3 e1yexpress;Intel® Gigabit Network Connections Driver;f:windowssystem32DRIVERSe1y6232.sys [x] S3 PSI;PSI;f:windowssystem32DRIVERSpsi_mf.sys [x] S3 TfNetMon;TfNetMon;f:windowssystem32driversTfNetMon.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;f:windowssystem32DRIVERSvwifimp.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-07-23 f:windowsTasksAdobe Flash Player Updater.job - f:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-04-04 02:21] . 2012-07-23 f:windowsTasksGoogleUpdateTaskMachineCore.job - f:program filesGoogleUpdateGoogleUpdate.exe [2010-09-30 14:10] . 2012-07-22 f:windowsTasksGoogleUpdateTaskMachineUA.job - f:program filesGoogleUpdateGoogleUpdate.exe [2010-09-30 14:10] . 2012-07-22 f:windowsTasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001Core.job - f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe [2010-09-30 04:50] . 2012-07-23 f:windowsTasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001UA.job - f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe [2010-09-30 04:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - f:progra~1MICROS~2Office14EXCEL.EXE/3000 IE: Se&nd to OneNote - f:progra~1MICROS~2Office14ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.254.254 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) MSConfigStartUp-MSC - f:program filesMicrosoft Security Clientmsseces.exe MSConfigStartUp-Nero Serial KeyGen - (no file) . . . [HKEY_LOCAL_MACHINEsystemControlSet003servicesThreatFire] "AlternateImagePath"="" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINEsystemControlSet003ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINEsystemControlSet003ControlPCWSecurity] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(904) f:program filesThreatFireTFWAH.dll . - - - - - - - > 'lsass.exe'(688) f:windowssystem32guard32.dll f:program filesThreatFireTFWAH.dll . - - - - - - - > 'Explorer.exe'(4044) f:windowssystem32guard32.dll f:program filesThreatFireTfWah.dll f:progra~1MICROS~2Office14GROOVEEX.DLL f:windowsSystem32gameux.dll f:windowssystem32MsftEdit.dll f:windowssystem32authui.dll f:windowssystem32msutb.dll f:windowssystem32prnfldr.dll f:windowssystem32dxp.dll f:windowsSystem32netshell.dll f:windowssystem32PortableDeviceTypes.dll f:windowsSystem32QUtil.dll f:windowsSystem32srchadmin.dll f:windowssystem32wwanapi.dll f:windowsSystem32QAgent.dll f:windowssystem32imapi2.dll . ------------------------ Other Running Processes ------------------------ . f:windowssystem32nvvsvc.exe f:windowssystem32WUDFHost.exe f:windowssystem32nvvsvc.exe f:program filesThreatFireTFService.exe f:windowssystem32taskhost.exe f:windowssystem32conhost.exe f:program filesSpywareGuardsgbhp.exe . ************************************************************************** . Completion time: 2012-07-22 20:26:41 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-23 00:26 . Pre-Run: 11,211,698,176 bytes free Post-Run: 10,949,455,872 bytes free . - - End Of File - - 059893AB569B0923BCD10F60BF72D018

#10 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 23 July 2012 - 09:16 AM

Hello luluhifi

Thank you for the log.

Before we continue I would like to take a closer look at a small number of files:
  • Please scan the following files
  • Please go to VirusTotal
  • On the page you'll find a "Choose File" button.
  • Click on the Choose File button.
  • In the File Upload window which opens, copy and paste this into the File Name box.
f:\programdata\Microsoft\Windows\DRM\D6B1.tmp


  • Next, click the Open button.
  • Then click the "Send File" button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File has already been analyzed: click Reanalyze file now.
  • Once scanned, copy and paste the link to the results page in your next reply.
  • Repeat for the following files:
f:\users\TTArmstrong\AppData\Roaming\Updater\updateloader.exe

F:\Users\TTArmstrong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LvbicEQ.exe

Please post the links to the results pages in your next reply.
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#11 luluhifi

luluhifi

    Advanced Member

  • Advanced Member
  • 2,434 posts
  • Location:Wash.DC, USA

Posted 23 July 2012 - 08:07 PM

https://www.virustot...sis/1343091368/

https://www.virustot...sis/1343091589/


F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupLvbicEQ.exe :hammer: This one say >>>LvbicEQ.exe file not found

#12 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 24 July 2012 - 04:29 AM

Hello luluhifi

Thank you for the scan data.

This one say >>>LvbicEQ.exe file not found

Thats okay.

We need to use Combofix again but this time, we will be running it in a slightly different way.
  • Please work through the following steps
  • Hold down the Windows key (has the Windows symbol on it) and press the "R" key. A Run box will open. Type in Notepad and press Enter then click on "OK").
  • NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.
  • Copy and Paste the text in the codebox below (including the link) into the open Notepad window:

    http://forums.pcpitstop.com/index.php?/topic/199426-trojans-win32-sirefefe2-e1/
    
    Collect::
    f:\windows\system32\drivers\gtqjbadj.sys
    f:\programdata\Microsoft\Windows\DRM\D6B1.tmp
    
    Driver::
    xeohoein
    
    File::
    f:\windows\system32\drivers\xeohoein.sys
    f:\programdata\Microsoft\Windows\DRM\D27B.tmp
    
    Folder::
    f:\program files\1ClickDownload
    
    Reglock::
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    
    
  • Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
  • Close any open browsers.
  • Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Refering to the picture below, drag CFScript.txt into ComboFix.exe

    Posted Image
  • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • Once the log is produced, re-engage your resident anti virus.
  • Note: When ComboFix finishes running, the ComboFix log will open along with a message box - do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
Please post the Combofix log in your next reply.

Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#13 luluhifi

luluhifi

    Advanced Member

  • Advanced Member
  • 2,434 posts
  • Location:Wash.DC, USA

Posted 25 July 2012 - 07:51 AM

I did acouple of times and i didnt see anything like log comes up atall after Combofix>>> :hammer: maybe im doing something wrong

#14 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 25 July 2012 - 09:30 AM

Hello luluhifi

Please check your C drive for the log. If present it will be called C:\ComboFix.txt

If no log has been saved just let me know.
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#15 luluhifi

luluhifi

    Advanced Member

  • Advanced Member
  • 2,434 posts
  • Location:Wash.DC, USA

Posted 26 July 2012 - 07:37 AM

I update ComboFix and this is what i got ComboFix 12-07-27.01 - TTArmstrong 07/26/2012 8:10.2.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2036.1001 [GMT -4:00] Running from: f:usersTTArmstrongDesktopComboFix.exe Command switches used :: f:usersTTArmstrongDesktopCFScript.txt AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C} FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . FILE :: "f:programdataMicrosoftWindowsDRMD27B.tmp" "f:windowssystem32driversxeohoein.sys" . file zipped: f:programdataMicrosoftWindowsDRMD6B1.tmp file zipped: f:windowssystem32driversgtqjbadj.sys . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . f:program files1ClickDownload . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------Service_xeohoein . . ((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 ))))))))))))))))))))))))))))))) . . 2012-07-26 12:20 . 2012-07-26 12:20 -------- d-----w- f:windowssystem32configsystemprofileAppDataLocaltemp 2012-07-26 12:20 . 2012-07-26 12:20 -------- d-----w- f:usersDefaultAppDataLocaltemp 2012-07-26 12:20 . 2012-07-26 12:20 -------- d-----w- f:usersAdministratorAppDataLocaltemp 2012-07-23 16:52 . 2011-03-10 22:04 46280 ----a-w- f:windowssystem32driversPSKMAD.sys 2012-07-23 10:00 . 2012-06-29 08:44 6891424 ----a-w- f:programdataMicrosoftWindows DefenderDefinition Updates{7E85B3AA-67D7-43B3-9B57-2104D0602929}mpengine.dll 2012-07-23 00:02 . 2012-07-26 12:24 -------- d-----w- f:usersTTArmstrongAppDataLocaltemp 2012-07-21 14:41 . 2012-07-21 14:41 114176 ----a-w- f:programdataMicrosoftWindowsDRMD27B.tmp 2012-07-18 07:18 . 2012-06-12 02:40 2345984 ----a-w- f:windowssystem32win32k.sys 2012-07-18 05:55 . 2012-07-26 12:09 43480 ----a-w- f:windowssystem32driversgtqjbadj.sys 2012-07-18 01:26 . 2012-07-18 01:26 -------- d-----w- F:VritualRoot 2012-07-18 00:46 . 2012-07-18 05:57 56200 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{2356B655-C2C0-4E58-BB14-9F65886A6888}offreg.dll 2012-07-18 00:44 . 2012-07-18 00:43 713784 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{13315781-ABDC-4E56-A8C6-AF633331E555}gapaengine.dll 2012-07-18 00:43 . 2012-06-29 05:44 6891424 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{2356B655-C2C0-4E58-BB14-9F65886A6888}mpengine.dll 2012-07-18 00:13 . 2012-06-02 22:19 53784 ----a-w- f:windowssystem32wuauclt.exe 2012-07-18 00:13 . 2012-06-02 22:19 45080 ----a-w- f:windowssystem32wups2.dll 2012-07-18 00:13 . 2012-06-02 22:19 1933848 ----a-w- f:windowssystem32wuaueng.dll 2012-07-18 00:13 . 2012-06-02 22:12 2422272 ----a-w- f:windowssystem32wucltux.dll 2012-07-18 00:12 . 2012-06-02 22:19 35864 ----a-w- f:windowssystem32wups.dll 2012-07-18 00:12 . 2012-06-02 22:19 577048 ----a-w- f:windowssystem32wuapi.dll 2012-07-18 00:12 . 2012-06-02 22:12 88576 ----a-w- f:windowssystem32wudriver.dll 2012-07-18 00:12 . 2012-06-02 19:19 171904 ----a-w- f:windowssystem32wuwebv.dll 2012-07-18 00:12 . 2012-06-02 19:12 33792 ----a-w- f:windowssystem32wuapp.exe 2012-07-18 00:11 . 2012-07-18 07:17 -------- d-----w- f:program filesMicrosoft Security Client 2012-07-14 12:45 . 2011-02-22 17:57 69392 ----a-w- f:windowssystem32driversTfSysMon.sys 2012-07-14 12:45 . 2011-02-22 17:57 33552 ----a-w- f:windowssystem32driversTfNetMon.sys 2012-07-14 12:45 . 2011-02-22 17:57 51984 ----a-w- f:windowssystem32driversTfFsMon.sys 2012-07-14 12:45 . 2012-07-21 13:49 -------- d-----w- f:program filesThreatFire 2012-07-14 12:45 . 2012-07-14 12:45 -------- d-----w- f:programdataPC Tools 2012-07-13 11:02 . 2012-07-13 11:02 174632 ----a-w- f:windowssystem32driversPSINKNC.sys 2012-07-13 11:02 . 2012-07-13 11:02 120872 ----a-w- f:windowssystem32driversPSINProt.sys 2012-07-13 11:02 . 2012-07-13 11:02 114216 ----a-w- f:windowssystem32driversPSINProc.sys 2012-07-13 11:02 . 2012-07-13 11:02 148520 ----a-w- f:windowssystem32driversPSINAflt.sys 2012-07-13 11:02 . 2012-07-13 11:02 103464 ----a-w- f:windowssystem32driversPSINFile.sys 2012-07-13 02:43 . 2012-07-13 02:43 -------- d-----w- f:usersTTArmstrongAppDataRoamingf-secure 2012-07-13 02:42 . 2012-07-13 02:42 -------- d-----w- f:programdataF-Secure 2012-07-13 02:23 . 2012-07-13 02:23 14664 ----a-w- f:windowsstinger.sys 2012-07-13 02:22 . 2012-07-13 02:30 -------- d-----w- f:program filesstinger 2012-07-12 15:18 . 2012-07-12 15:18 206632 ----a-w- f:windowssystem32driversNNSStrm.sys 2012-07-11 09:43 . 2012-07-11 09:43 -------- d-----w- f:program filesReal 2012-07-07 17:28 . 2012-07-07 17:28 -------- d-----w- f:program filesNewAgeDesign 2012-06-27 19:51 . 2012-06-27 19:51 92840 ----a-w- f:windowssystem32driversNNStlsc.sys 2012-06-27 19:51 . 2012-06-27 19:51 286376 ----a-w- f:windowssystem32driversNNSProt.sys 2012-06-27 19:51 . 2012-06-27 19:51 153000 ----a-w- f:windowssystem32driversNNSPrv.sys 2012-06-27 19:51 . 2012-06-27 19:51 106536 ----a-w- f:windowssystem32driversNNSSmtp.sys 2012-06-27 19:51 . 2012-06-27 19:51 60968 ----a-w- f:windowssystem32driversNNSPihsw.sys 2012-06-27 19:51 . 2012-06-27 19:51 104104 ----a-w- f:windowssystem32driversNNSPop3.sys 2012-06-27 19:51 . 2012-06-27 19:51 93992 ----a-w- f:windowssystem32driversNNSpicc.sys 2012-06-27 19:51 . 2012-06-27 19:51 28712 ----a-w- f:windowssystem32driversNNSNAHSL.sys 2012-06-27 19:51 . 2012-06-27 19:51 122664 ----a-w- f:windowssystem32driversNNSIds.sys 2012-06-27 19:51 . 2012-06-27 19:51 82472 ----a-w- f:windowssystem32driversNNSAlpc.sys 2012-06-27 19:51 . 2012-06-27 19:51 120744 ----a-w- f:windowssystem32driversNNSHttp.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 02:21 . 2012-04-04 21:17 426184 ----a-w- f:windowssystem32FlashPlayerApp.exe 2012-07-12 02:21 . 2011-05-17 13:21 70344 ----a-w- f:windowssystem32FlashPlayerCPLApp.cpl 2012-07-03 17:46 . 2010-09-30 04:56 22344 ----a-w- f:windowssystem32driversmbam.sys 2012-05-01 04:44 . 2012-06-18 03:23 164352 ----a-w- f:windowssystem32profsvc.dll 2012-04-28 03:17 . 2012-06-18 03:28 183808 ----a-w- f:windowssystem32driversrdpwd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Sidebar"="f:program filesWindows Sidebarsidebar.exe" [2010-11-20 1174016] "swg"="f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2010-09-30 39408] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "KEEBOX 150N Wireless Utility"="f:program filesKEEBOX150N Wireless UtilityWlanMon.exe" [2010-07-06 835584] "COMODO Internet Security"="f:program filesCOMODOCOMODO Internet Securitycfp.exe" [2012-03-12 6749512] "ThreatFire"="f:program filesThreatFireTFTray.exe" [2011-02-22 378128] "SonneDVDCreator"="f:program filesMagic Burning StudioDVDCreator.exe" [2010-03-09 16537088] "BurnStudio"="f:program filesMagic Burning Studiombs.exe" [2010-02-09 4619264] "PSUAMain"="f:program filesPanda SecurityPanda Cloud AntivirusPSUAMain.exe" [2012-07-13 37152] . f:usersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup SpywareGuard.lnk - f:program filesSpywareGuardsgmain.exe [2003-8-29 360448] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:program filesSUPERAntiSpywareSASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- f:program filesSUPERAntiSpywareSASWINLO.DLL . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows] "AppInit_DLLs"=f:windowsSystem32guard32.dll . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc] @="Service" . [HKLM~startupfolderF:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk] path=f:programdataMicrosoftWindowsStart MenuProgramsStartupSecunia PSI Tray.lnk backup=f:windowspssSecunia PSI Tray.lnk.Commonstartup backupExtension=.Commonstartup . [HKLM~startupfolderF:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk] path=f:programdataMicrosoftWindowsStart MenuProgramsStartupVirtual Router Manager.lnk backup=f:windowspssVirtual Router Manager.lnk.Commonstartup backupExtension=.Commonstartup . [HKLM~startupfolderF:^Users^TTArmstrong^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LvbicEQ.exe] backupExtension=.Startup . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM] 2012-01-03 07:37 843712 ----a-w- f:program filesCommon FilesAdobeARM1.0AdobeARM.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher] 2012-04-04 05:53 35736 ----a-w- f:program filesAdobeReader 10.0Readerreader_sl.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBurnStudio] 2010-02-09 18:42 4619264 ----a-w- f:program filesMagic Burning Studiombs.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGoogle Update] 2010-09-30 04:50 136176 ----atw- f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes' Anti-Malware (reboot)] 2012-07-03 17:46 973488 ----a-w- f:program filesMalwarebytes' Anti-Malwarembam.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBAgent] 2010-03-26 14:52 1234216 ----a-w- f:program filesNeroNero 10Nero BackItUpNBAgent.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNVHotkey] 2009-06-16 14:27 92704 ----a-w- f:windowsSystem32nvhotkey.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz] 2009-06-11 02:59 1657376 ----a-w- f:windowsSystem32nwiz.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPAC7302_Monitor] 2006-11-03 16:01 319488 ----a-w- f:windowsPixartPac7302Monitor.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPDVDDXSrv] 2009-04-02 22:33 128232 ------w- f:program filesCyberLinkPowerDVD DXPDVDDXSrv.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPeerGuardian] 2007-06-02 20:59 1457152 ----a-w- f:program filesPeerGuardian2pg2.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSonneDVDCreator] 2010-03-09 22:16 16537088 ----a-w- f:program filesMagic Burning StudioDVDCreator.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched] 2012-01-18 19:02 254696 ----a-w- f:program filesCommon FilesJavaJava Updatejusched.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg] 2010-09-30 14:10 39408 ----a-w- f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUpdater] 2011-06-21 14:26 26112 ----a-w- f:usersTTArmstrongAppDataRoamingUpdaterupdateloader.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWZCSLDR2] 2010-06-21 18:28 122880 ----a-w- f:program filesKEEBOX150N Wireless UtilityWZCSLDR2.exe . [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-] "swg"="f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-] "PDVDDXSrv"="f:program filesCyberLinkPowerDVD DXPDVDDXSrv.exe" "SunJavaUpdateSched"="f:program filesCommon FilesJavaJava Updatejusched.exe" "Adobe ARM"="f:program filesCommon FilesAdobeARM1.0AdobeARM.exe" "BurnStudio"="f:program filesMagic Burning Studiombs.exe" Hide "BCSSync"="f:program filesMicrosoft OfficeOffice14BCSSync.exe" /DelayServices "NvCplDaemon"=RUNDLL32.EXE f:windowssystem32NvCpl.dll,NvStartup . R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;f:windowssystem32DRIVERSNNSNAHSL.sys [x] R2 gupdate;Google Update Service (gupdate);f:program filesGoogleUpdateGoogleUpdate.exe [x] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm); [x] R3 a2acc;a2acc;f:program filesEMSISOFT ANTI-MALWAREa2accx86.sys [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;f:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [x] R3 CFcatchme;CFcatchme;f:usersTTARMS~1AppDataLocalTempCFcatchme.sys [x] R3 cvusbdrv;Dell ControlVault;f:windowssystem32Driverscvusbdrv.sys [x] R3 gupdatem;Google Update Service (gupdatem);f:program filesGoogleUpdateGoogleUpdate.exe [x] R3 ivusb;Initio Driver for USB Default Controller;f:windowssystem32DRIVERSivusb.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;f:program filesMicrosoft OfficeOffice14GROOVE.EXE [x] R3 MpNWMon;Microsoft Malware Protection Network Driver;f:windowssystem32DRIVERSMpNWMon.sys [x] R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;f:windowssystem32DRIVERSnetr28u.sys [x] R3 NisDrv;Microsoft Network Inspection System;f:windowssystem32DRIVERSNisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;f:program filesMicrosoft Security ClientAntimalwareNisSrv.exe [x] R3 osppsvc;Office Software Protection Platform;f:program filesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [x] R3 pcouffin;VSO Software pcouffin;f:windowssystem32Driverspcouffin.sys [x] R3 PSI;PSI;f:windowssystem32DRIVERSpsi_mf.sys [x] R3 TsUsbFlt;TsUsbFlt;f:windowssystem32driverstsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;f:windowssystem32WatWatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;f:windowssystem32DRIVERSwdcsam.sys [x] R4 NNSPIHSW;NNSPIHSW;f:windowssystem32DRIVERSNNSPihsw.sys [x] S0 SmartDefragDriver;SmartDefragDriver;f:windowsSystem32DriversSmartDefragDriver.sys [x] S0 TfFsMon;TfFsMon;f:windowssystem32driversTfFsMon.sys [x] S0 TfSysMon;TfSysMon;f:windowssystem32driversTfSysMon.sys [x] S1 A2DDA;A2 Direct Disk Access Support Driver;f:program filesEmsisoft Anti-Malwarea2ddax86.sys [x] S1 anodlwf;ANOD Network Security Filter driver;f:windowssystem32DRIVERSanodlwf.sys [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;f:windowssystem32DRIVERScmdguard.sys [x] S1 cmdHlp;COMODO Internet Security Helper Driver;f:windowssystem32DRIVERScmdhlp.sys [x] S1 NNSALPC;NNSALPC;f:windowssystem32DRIVERSNNSAlpc.sys [x] S1 NNSHTTP;NNSHTTP;f:windowssystem32DRIVERSNNSHttp.sys [x] S1 NNSIDS;NNSIDS;f:windowssystem32DRIVERSNNSIds.sys [x] S1 NNSPICC;NNSPICC;f:windowssystem32DRIVERSNNSPicc.sys [x] S1 NNSPOP3;NNSPOP3;f:windowssystem32DRIVERSNNSPop3.sys [x] S1 NNSPROT;NNSPROT;f:windowssystem32DRIVERSNNSProt.sys [x] S1 NNSPRV;NNSPRV;f:windowssystem32DRIVERSNNSPrv.sys [x] S1 NNSSMTP;NNSSMTP;f:windowssystem32DRIVERSNNSSmtp.sys [x] S1 NNSSTRM;NNSSTRM;f:windowssystem32DRIVERSNNSStrm.sys [x] S1 NNSTLSC;NNSTLSC;f:windowssystem32DRIVERSNNSTlsc.sys [x] S1 PSINKNC;PSINKNC;f:windowssystem32DRIVERSpsinknc.sys [x] S1 SASDIFSV;SASDIFSV;f:program filesSUPERAntiSpywareSASDIFSV.SYS [x] S1 SASKUTIL;SASKUTIL;f:program filesSUPERAntiSpywareSASKUTIL.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;f:windowssystem32DRIVERSvwififlt.sys [x] S2 !SASCORE;SAS Core Service;f:program filesSUPERAntiSpywareSASCORE.EXE [x] S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;f:program filesEmsisoft Anti-Malwarea2service.exe [x] S2 AdobeARMservice;Adobe Acrobat Update Service;f:program filesCommon FilesAdobeARM1.0armsvc.exe [x] S2 Credential Vault Host Control Service;Credential Vault Host Control Service;f:program filesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe [x] S2 Credential Vault Host Storage;Credential Vault Host Storage;f:program filesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe [x] S2 NanoServiceMain;Panda Cloud Antivirus Service;f:program filesPanda SecurityPanda Cloud AntivirusPSANHost.exe [x] S2 NAUpdate;Nero Update;f:program filesNeroUpdateNASvc.exe [x] S2 Nonbrand_WUS-N;Nonbrand_WUS-N Service;f:program filesKEEBOX150N Wireless UtilityANIWZCSdS.exe [x] S2 Nonbrand_WUS-N_WPS;Nonbrand_WUS-N_WPS Service;f:program filesKEEBOX150N Wireless UtilityANIWConnService.exe [x] S2 PSINAflt;PSINAflt;f:windowssystem32DRIVERSPSINAflt.sys [x] S2 PSINFile;PSINFile;f:windowssystem32DRIVERSPSINFile.sys [x] S2 PSINProc;PSINProc;f:windowssystem32DRIVERSPSINProc.sys [x] S2 PSINProt;PSINProt;f:windowssystem32DRIVERSPSINProt.sys [x] S2 PSUAService;Panda Product Service;f:program filesPanda SecurityPanda Cloud AntivirusPSUAService.exe [x] S2 Secunia PSI Agent;Secunia PSI Agent;f:program filesSecuniaPSIPSIA.exe [x] S2 Secunia Update Agent;Secunia Update Agent;f:program filesSecuniaPSIsua.exe [x] S2 ThreatFire;ThreatFire;f:program filesThreatFireTFService.exe service [x] S3 e1yexpress;Intel® Gigabit Network Connections Driver;f:windowssystem32DRIVERSe1y6232.sys [x] S3 PSKMAD;PSKMAD;f:windowssystem32DRIVERSPSKMAD.sys [x] S3 TfNetMon;TfNetMon;f:windowssystem32driversTfNetMon.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;f:windowssystem32DRIVERSvwifimp.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-07-26 f:windowsTasksAdobe Flash Player Updater.job - f:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-04-04 02:21] . 2012-07-26 f:windowsTasksGoogleUpdateTaskMachineCore.job - f:program filesGoogleUpdateGoogleUpdate.exe [2010-09-30 14:10] . 2012-07-25 f:windowsTasksGoogleUpdateTaskMachineUA.job - f:program filesGoogleUpdateGoogleUpdate.exe [2010-09-30 14:10] . 2012-07-22 f:windowsTasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001Core.job - f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe [2010-09-30 04:50] . 2012-07-26 f:windowsTasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001UA.job - f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe [2010-09-30 04:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - f:progra~1MICROS~2Office14EXCEL.EXE/3000 IE: Se&nd to OneNote - f:progra~1MICROS~2Office14ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.254.254 . . [HKEY_LOCAL_MACHINEsystemControlSet003servicesThreatFire] "AlternateImagePath"="" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINEsystemControlSet003ControlPCWSecurity] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1564) f:program filesThreatFireTFWAH.dll . - - - - - - - > 'lsass.exe'(1360) f:windowssystem32guard32.dll f:program filesThreatFireTFWAH.dll . - - - - - - - > 'Explorer.exe'(1580) f:windowssystem32guard32.dll f:program filesThreatFireTfWah.dll f:progra~1MICROS~2Office14GROOVEEX.DLL f:progra~1COMMON~1MICROS~1OFFICE14Culturesoffice.odf f:windowssystem32MsftEdit.dll f:windowssystem32authui.dll f:windowssystem32BatMeter.dll f:windowssystem32prnfldr.dll f:windowssystem32dxp.dll f:windowsSystem32netshell.dll f:windowssystem32dhcpcsvc.DLL f:windowsSystem32srchadmin.dll f:windowssystem32dhcpcsvc6.DLL f:windowssystem32imapi2.dll f:windowssystem32wwanapi.dll f:windowsSystem32provsvc.dll . ------------------------ Other Running Processes ------------------------ . f:windowssystem32nvvsvc.exe f:windowssystem32WUDFHost.exe f:windowssystem32nvvsvc.exe f:program filesThreatFireTFService.exe f:windowssystem32taskhost.exe f:windowssystem32conhost.exe f:?f:windowssystem32wbemWMIADAP.EXE f:program filesSpywareGuardsgbhp.exe . ************************************************************************** . Completion time: 2012-07-26 08:30:54 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-26 12:30 ComboFix2.txt 2012-07-23 00:26 . Pre-Run: 10,893,877,248 bytes free Post-Run: 10,502,070,272 bytes free . - - End Of File - - E2A9FE3C888559099D94DFFAD916E0A3 Upload was successful

#16 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 26 July 2012 - 12:53 PM

Hello luluhifi

Thank you for the log.

It looks as though some of the malicious files have re-spawned (this infection can sometimes be a real pain to remove).

In order to get a better picture of what is going on we will need to run some extra scans.

Please do the following:
  • Download and run OTL by Oldtimer
    • Please download OTL by Oldtimer by clicking here and save the file (called OTL.exe) to your desktop.
    • Close all open windows on your computer then Right click on the OTL.exe icon and select "Run as Administrator" to run the program.
    • Check the boxes beside "LOP Check" and "Purity Check".
    • Under Custom Scan paste this in:

    %systemroot%\*. /rp /s
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    • Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.
    • Please Copy and Paste the contents of the OTL.Txt log in your next reply.
  • aswMBR
    • Please re-scan your machine with aswMBR as you did before and post the log in your next reply.
    The next scan may give you the option to remove anything that has been detected. At this point, we only need to see the log. Please do not instruct the scanner to remove anything at this time.
  • TDSS Killer
    • Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and Right click on TDSSKiller.exe and select "Run as Administrator" to run the application.
    • When the window opens, click on Change Parameters.
    • Under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”.
    • Click on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Skip.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
    Please post the OTL logs, the aswMBR log and the TDSSKiller log in your next reply.

    You may have to make more than one post to fit all of the required information in.

Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#17 luluhifi

luluhifi

    Advanced Member

  • Advanced Member
  • 2,434 posts
  • Location:Wash.DC, USA

Posted 26 July 2012 - 02:37 PM

Ok Here is the OTL



OTL logfile created on: 7/26/2012 3:26:09 PM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = F:UsersTTArmstrongDesktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.26% Memory free
3.98 Gb Paging File | 2.61 Gb Available in Paging File | 65.70% Paging File free
Paging file location(s): ?:pagefile.sys [binary data]

%SystemDrive% = F: | %SystemRoot% = F:Windows | %ProgramFiles% = F:Program Files
Drive C: | 58.93 Gb Total Space | 3.53 Gb Free Space | 5.98% Space Free | Partition Type: NTFS
Drive E: | 39.71 Gb Total Space | 23.76 Gb Free Space | 59.83% Space Free | Partition Type: NTFS
Drive F: | 50.14 Gb Total Space | 9.29 Gb Free Space | 18.53% Space Free | Partition Type: NTFS
Drive K: | 14.90 Gb Total Space | 1.12 Gb Free Space | 7.54% Space Free | Partition Type: FAT32

Computer Name: TTARMSTRONG-PC | User Name: TTArmstrong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe
PRC - [2012/07/13 07:15:56 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe
PRC - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe
PRC - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe
PRC - [2012/06/29 13:38:24 | 003,069,752 | ---- | M] (Emsisoft GmbH) -- F:Program FilesEmsisoft Anti-Malwarea2service.exe
PRC - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe
PRC - [2012/03/11 21:13:02 | 006,749,512 | ---- | M] (COMODO) -- F:Program FilesCOMODOCOMODO Internet Securitycfp.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe
PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIpsia.exe
PRC - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIsua.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- F:Program FilesSUPERAntiSpywareSASCore.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- F:Windowsexplorer.exe
PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFTray.exe
PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFService.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- F:WindowsSystem32taskhost.exe
PRC - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe
PRC - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe
PRC - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe
PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- F:Program FilesNeroUpdateNASvc.exe
PRC - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe
PRC - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/10 00:09:00 | 000,438,296 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppgooglenaclpluginchrome.dll
MOD - [2012/07/10 00:08:59 | 003,972,120 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll
MOD - [2012/07/10 00:07:39 | 000,554,520 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libglesv2.dll
MOD - [2012/07/10 00:07:37 | 000,117,784 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libegl.dll
MOD - [2012/07/10 00:07:22 | 000,140,328 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avutil-51.dll
MOD - [2012/07/10 00:07:21 | 000,262,184 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avformat-54.dll
MOD - [2012/07/10 00:07:19 | 002,386,984 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avcodec-54.dll
MOD - [2011/11/17 08:51:58 | 000,073,728 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANPDApi.dll
MOD - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe
MOD - [2010/07/05 18:41:40 | 000,299,008 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless Utilitywlanapp.dll
MOD - [2010/06/29 17:42:42 | 000,040,960 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- F:Program FilesWinRARRarExt.dll
MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- F:Program FilesMicrosoft OfficeOffice141033GrooveIntlResource.dll
MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- F:Program FilesCommon Filesmicrosoft sharedOFFICE14CulturesOFFICE.ODF
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (tgsrvc_verizondm)
SRV - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe -- (PSUAService)
SRV - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe -- (NanoServiceMain)
SRV - [2012/07/11 22:21:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:WindowsSystem32MacromedFlashFlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/29 13:38:24 | 003,069,752 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- F:Program FilesEmsisoft Anti-Malwarea2service.exe -- (a2AntiMalware)
SRV - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe -- (cmdAgent)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIpsia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIsua.exe -- (Secunia Update Agent)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- F:Program FilesSUPERAntiSpywareSASCore.exe -- (!SASCORE)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- F:Program FilesThreatFireTFService.exe -- (ThreatFire)
SRV - [2010/10/01 12:50:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32WatWatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe -- (Nonbrand_WUS-N)
SRV - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe -- (Nonbrand_WUS-N_WPS)
SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- F:Program FilesNeroUpdateNASvc.exe -- (NAUpdate)
SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft OfficeOffice14GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:Program FilesWindows DefenderMpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempCFcatchme.sys -- (CFcatchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempcatchme.sys -- (catchme)
DRV - [2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversPSINKNC.sys -- (PSINKNC)
DRV - [2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINProt.sys -- (PSINProt)
DRV - [2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINProc.sys -- (PSINProc)
DRV - [2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINAflt.sys -- (PSINAflt)
DRV - [2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINFile.sys -- (PSINFile)
DRV - [2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSStrm.sys -- (NNSSTRM)
DRV - [2012/06/29 13:37:46 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- F:Program FilesEmsisoft Anti-Malwarea2accx86.sys -- (a2acc)
DRV - [2012/06/27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNStlsc.sys -- (NNSTLSC)
DRV - [2012/06/27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSProt.sys -- (NNSPROT)
DRV - [2012/06/27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPrv.sys -- (NNSPRV)
DRV - [2012/06/27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSSmtp.sys -- (NNSSMTP)
DRV - [2012/06/27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPop3.sys -- (NNSPOP3)
DRV - [2012/06/27 15:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- F:WindowsSystem32driversNNSPihsw.sys -- (NNSPIHSW)
DRV - [2012/06/27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSIds.sys -- (NNSIDS)
DRV - [2012/06/27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSpicc.sys -- (NNSPICC)
DRV - [2012/06/27 15:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- F:WindowsSystem32driversNNSNAHSL.sys -- (NNSNAHSL)
DRV - [2012/06/27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSHttp.sys -- (NNSHTTP)
DRV - [2012/06/27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSAlpc.sys -- (NNSALPC)
DRV - [2012/03/11 21:13:38 | 000,039,640 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driverscmdhlp.sys -- (cmdHlp)
DRV - [2012/03/11 21:13:36 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- F:WindowsSystem32driverscmdGuard.sys -- (cmdGuard)
DRV - [2012/02/03 19:27:48 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driversinspect.sys -- (inspect)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywaresasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywareSASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- F:Program FilesEmsisoft Anti-Malwarea2ddax86.sys -- (A2DDA)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversNisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversMpNWMon.sys -- (MpNWMon)
DRV - [2011/03/10 18:04:57 | 000,046,280 | ---- | M] (Panda Security) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversPSKMAD.sys -- (PSKMAD)
DRV - [2011/02/23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- F:WindowsSystem32driversSmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011/02/22 13:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfSysMon.sys -- (TfSysMon)
DRV - [2011/02/22 13:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversTfNetMon.sys -- (TfNetMon)
DRV - [2011/02/22 13:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfFsMon.sys -- (TfFsMon)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversTsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverswinusb.sys -- (WinUsb)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- F:WindowsSystem32driverspsi_mf.sys -- (PSI)
DRV - [2010/07/29 01:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversivusb.sys -- (ivusb)
DRV - [2010/06/21 14:28:02 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- F:WindowsSystem32driversanodlwf.sys -- (anodlwf)
DRV - [2010/05/26 21:29:42 | 000,856,928 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversnetr28u.sys -- (netr28u)
DRV - [2009/11/03 16:40:42 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverscvusbdrv.sys -- (cvusbdrv)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversvwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Stopped] -- F:WindowsSystem32driversserial.sys -- (Serial)
DRV - [2009/06/16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversnvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/13 01:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverse1y6232.sys -- (e1yexpress)
DRV - [2009/04/03 00:25:50 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- F:WindowsSystem32driversrimmptsk.sys -- (rimmptsk)
DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- F:WindowsSystem32driversPBADRV.sys -- (PBADRV)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverswdcsam.sys -- (WDC_SAM)
DRV - [2007/06/14 16:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversPAC7302.SYS -- (PAC7302)
DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:Program FilesPeerGuardian2pgfilter.sys -- (pgfilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com/
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 32 3B 56 CC 32 DD CB 01 [binary data]
IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS399
IE - HKCU..SearchScopes{7DA22919-2250-49B5-B6AF-6EDF78DB766E}: "URL" = http://search.yahoo....39,17118,0,18,0
IE - HKCU..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://go.microsoft..../?LinkId=69157"
FF - prefs.js..extensions.enabledItems: facadazzle@atlinkcom.com:1.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: F:Windowssystem32MacromedFlashNPSWF32_11_3_300_265.dll ()
FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: F:Program FilesJavajre6binplugin2npjp2.dll (Sun Microsystems, Inc.)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/SharePoint,version=14.0: F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@mozilla.zeniko.ch/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found
FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=6.0.11.2852: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=6.0.12.1662: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)
FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)
FF - HKLMSoftwareMozillaPlugins@videolan.org/vlc,version=2.0.1: F:Program FilesVideoLANVLCnpvlc.dll (VideoLAN)
FF - HKLMSoftwareMozillaPluginsAdobe Reader: F:Program FilesAdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)
FF - HKCUSoftwareMozillaPlugins@mozilla.zeniko.ch/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found
FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)
FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsComponents: F:Program FilesPale Mooncomponents [2012/07/22 21:39:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsPlugins: F:Program FilesPale Moonplugins [2012/07/22 21:04:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensions{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: F:Program FilesPriceGong2.1.0FF

[2012/02/15 13:45:42 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaExtensions
[2012/06/29 13:40:23 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensions
[2012/06/29 13:40:23 | 000,000,000 | ---D | M] (OneClickDownloader) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.com
[2012/07/22 17:10:21 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfiles0extensions
[2012/07/22 17:10:21 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfiles0extensionsOneClickDownload@OneClickDownload.com
[2012/02/15 09:13:57 | 000,000,000 | ---D | M] (No name found) -- F:Program FilesMozilla Firefoxextensions
[2011/07/07 09:43:57 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/24 01:58:25 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012/02/26 15:32:27 | 000,000,000 | ---D | M] (PageFont) -- F:USERSTTARMSTRONGAPPDATAROAMINGMOONCHILD PRODUCTIONSPALE MOONPROFILES7WJJ87FK.DEFAULTEXTENSIONSFACADAZZLE@ATLINKCOM.COM

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataPepperFlash11.2.31.144pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = F:Windowssystem32MacromedFlashNPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = F:Program FilesAdobeReader 10.0ReaderBrowsernppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnprpjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = F:Program FilesGoogleUpdate1.3.21.111npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = F:Program FilesJavajre6binplugin2npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = F:Program FilesVideoLANVLCnpvlc.dll
CHR - Extension: YouTube = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0
CHR - Extension: Google Search = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0
CHR - Extension: Gmail = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0

O1 HOSTS File: ([2012/07/26 08:23:41 | 000,000,027 | ---- | M]) - F:WindowsSystem32driversetchosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:Program FilesSpywareGuarddlprotect.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:Program FilesJavajre6binssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:Program FilesMicrosoft OfficeOffice14URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM..Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation)
O4 - HKLM..Run: [BurnStudio] F:Program FilesMagic Burning Studiombs.exe (MagicVideoSoftware Inc.)
O4 - HKLM..Run: [COMODO Internet Security] F:Program FilesCOMODOCOMODO Internet Securitycfp.exe (COMODO)
O4 - HKLM..Run: [KEEBOX 150N Wireless Utility] F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe ()
O4 - HKLM..Run: [PSUAMain] F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..Run: [SonneDVDCreator] F:Program FilesMagic Burning StudioDVDCreator.exe (MagicVideoSoftware Inc.)
O4 - HKLM..Run: [ThreatFire] F:Program FilesThreatFireTFTray.exe (PC Tools)
O4 - Startup: F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSpywareGuard.lnk = F:Program FilesSpywareGuardsgmain.exe ()
O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLinkedConnections = 1
O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - F:Program FilesMicrosoft OfficeOffice14EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.254.254
O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10}: DhcpNameServer = 192.168.254.254
O18 - ProtocolHandlervnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation)
O20 - AppInit_DLLs: (F:WindowsSystem32guard32.dll) - F:WindowsSystem32guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:Windowsexplorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (F:Windowssystem32userinit.exe) - F:WindowsSystem32userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:WindowsSystem32SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - WinlogonNotify!SASWinLogon: DllName - (F:Program FilesSUPERAntiSpywareSASWINLO.DLL) - F:Program FilesSUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:Program FilesSUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - F:Program FilesSpywareGuardspywareguard.dll ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - F:autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM..comfile [open] -- "%1" %*
O35 - HKLM..exefile [open] -- "%1" %*
O37 - HKLM...com [@ = ComFile] -- "%1" %*
O37 - HKLM...exe [@ = exefile] -- "%1" %*
O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystemsWindows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/26 15:19:55 | 004,731,392 | ---- | C] (AVAST Software) -- F:UsersTTArmstrongDesktopaswMBR.exe
[2012/07/26 15:02:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe
[2012/07/26 11:35:48 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys
[2012/07/26 11:35:48 | 000,131,344 | ---- | C] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys
[2012/07/26 11:09:33 | 000,000,000 | ---D | C] -- F:ProgramDataSophos
[2012/07/26 11:09:24 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsSophos
[2012/07/26 11:09:20 | 000,000,000 | ---D | C] -- F:Program FilesSophos
[2012/07/26 08:29:29 | 000,000,000 | -HSD | C] -- F:$RECYCLE.BIN
[2012/07/23 12:52:00 | 000,046,280 | ---- | C] (Panda Security) -- F:WindowsSystem32driversPSKMAD.sys
[2012/07/23 12:49:13 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPanda Cloud Antivirus
[2012/07/22 20:02:33 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataLocaltemp
[2012/07/22 19:49:13 | 000,518,144 | ---- | C] (SteelWerX) -- F:WindowsSWREG.exe
[2012/07/22 19:49:13 | 000,406,528 | ---- | C] (SteelWerX) -- F:WindowsSWSC.exe
[2012/07/22 19:49:13 | 000,060,416 | ---- | C] (NirSoft) -- F:WindowsNIRCMD.exe
[2012/07/22 18:59:15 | 000,000,000 | ---D | C] -- F:Windowserdnt
[2012/07/22 18:56:03 | 004,721,680 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe
[2012/07/22 18:32:51 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopdvdmoviecover
[2012/07/22 09:33:06 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopHIPHOP
[2012/07/21 14:16:19 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoporignal dance
[2012/07/21 13:20:04 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopwedding songs
[2012/07/19 23:17:06 | 000,607,260 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr
[2012/07/18 11:34:09 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoprockerz2 joe gibbs
[2012/07/18 03:21:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32mshtml.tlb
[2012/07/18 03:21:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieui.dll
[2012/07/18 03:21:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieUnatt.exe
[2012/07/18 03:21:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jsproxy.dll
[2012/07/18 03:21:38 | 001,800,192 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jscript9.dll
[2012/07/18 03:21:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32url.dll
[2012/07/18 03:21:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32inetcpl.cpl
[2012/07/18 03:18:31 | 002,345,984 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32win32k.sys
[2012/07/17 21:26:03 | 000,000,000 | ---D | C] -- F:VritualRoot
[2012/07/17 20:17:45 | 000,219,136 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ncrypt.dll
[2012/07/17 20:17:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32msxml3r.dll
[2012/07/17 20:17:41 | 000,805,376 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32cdosys.dll
[2012/07/17 20:13:11 | 002,422,272 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wucltux.dll
[2012/07/17 20:13:11 | 000,045,080 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups2.dll
[2012/07/17 20:12:59 | 000,577,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapi.dll
[2012/07/17 20:12:59 | 000,088,576 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wudriver.dll
[2012/07/17 20:12:59 | 000,035,864 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups.dll
[2012/07/17 20:12:50 | 000,171,904 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuwebv.dll
[2012/07/17 20:12:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapp.exe
[2012/07/17 20:11:47 | 000,000,000 | ---D | C] -- F:Program FilesMicrosoft Security Client
[2012/07/14 08:45:02 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsThreatFire
[2012/07/14 08:45:01 | 000,069,392 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfSysMon.sys
[2012/07/14 08:45:01 | 000,051,984 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfFsMon.sys
[2012/07/14 08:45:01 | 000,033,552 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfNetMon.sys
[2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:Program FilesThreatFire
[2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:ProgramDataPC Tools
[2012/07/13 07:02:16 | 000,174,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys
[2012/07/13 07:02:16 | 000,120,872 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys
[2012/07/13 07:02:16 | 000,114,216 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys
[2012/07/13 07:02:15 | 000,148,520 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys
[2012/07/13 07:02:15 | 000,103,464 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys
[2012/07/12 22:43:10 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingf-secure
[2012/07/12 22:42:53 | 000,000,000 | ---D | C] -- F:ProgramDataF-Secure
[2012/07/12 22:23:42 | 000,014,664 | ---- | C] (McAfee, Inc.) -- F:Windowsstinger.sys
[2012/07/12 22:22:14 | 000,000,000 | ---D | C] -- F:Program Filesstinger
[2012/07/12 11:18:32 | 000,206,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys
[2012/07/11 19:25:56 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopWEDDIN SONG JULY 15
[2012/07/11 05:43:36 | 000,000,000 | ---D | C] -- F:Program FilesReal
[2012/07/10 20:45:16 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopnew riddim & cover april 30
[2012/07/07 16:16:44 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopsamplesforkingcd
[2012/07/07 13:28:51 | 000,000,000 | ---D | C] -- F:Program FilesNewAgeDesign
[2012/07/01 20:12:45 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopwowWORSHIP
[2012/07/01 17:25:05 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopWOW GOSPEL MUSIC
[2012/06/30 16:18:31 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopSIZZLA VS KHAGO CLASH
[2012/06/27 15:51:07 | 000,092,840 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNStlsc.sys
[2012/06/27 15:51:06 | 000,286,376 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSProt.sys
[2012/06/27 15:51:06 | 000,153,000 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPrv.sys
[2012/06/27 15:51:06 | 000,106,536 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSSmtp.sys
[2012/06/27 15:51:05 | 000,104,104 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPop3.sys
[2012/06/27 15:51:05 | 000,060,968 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPihsw.sys
[2012/06/27 15:51:04 | 000,122,664 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSIds.sys
[2012/06/27 15:51:04 | 000,093,992 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSpicc.sys
[2012/06/27 15:51:04 | 000,028,712 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSNAHSL.sys
[2012/06/27 15:51:03 | 000,120,744 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSHttp.sys
[2012/06/27 15:51:03 | 000,082,472 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSAlpc.sys
[2010/10/23 05:00:39 | 000,047,360 | ---- | C] (VSO Software) -- F:UsersTTArmstrongAppDataRoamingpcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/07/26 15:23:04 | 004,731,392 | ---- | M] (AVAST Software) -- F:UsersTTArmstrongDesktopaswMBR.exe
[2012/07/26 15:17:01 | 000,000,830 | ---- | M] () -- F:WindowstasksAdobe Flash Player Updater.job
[2012/07/26 15:08:01 | 000,000,932 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001UA.job
[2012/07/26 15:03:43 | 002,117,108 | ---- | M] () -- F:UsersTTArmstrongDesktoptdsskiller.zip
[2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe
[2012/07/26 14:40:01 | 000,000,896 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineUA.job
[2012/07/26 14:40:01 | 000,000,892 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineCore.job
[2012/07/26 14:30:29 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/26 14:30:29 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/26 14:29:34 | 000,626,486 | ---- | M] () -- F:WindowsSystem32perfh009.dat
[2012/07/26 14:29:34 | 000,107,730 | ---- | M] () -- F:WindowsSystem32perfc009.dat
[2012/07/26 14:23:03 | 000,065,536 | ---- | M] () -- F:WindowsSystem32Ikeext.etl
[2012/07/26 14:22:56 | 000,067,584 | --S- | M] () -- F:Windowsbootstat.dat
[2012/07/26 14:22:53 | 1601,097,728 | -HS- | M] () -- F:hiberfil.sys
[2012/07/26 11:35:48 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys
[2012/07/26 11:35:48 | 000,131,344 | ---- | M] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys
[2012/07/26 11:09:24 | 000,003,221 | ---- | M] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk
[2012/07/26 08:23:41 | 000,000,027 | ---- | M] () -- F:WindowsSystem32driversetchosts
[2012/07/26 08:09:37 | 000,043,480 | ---- | M] () -- F:WindowsSystem32driversgtqjbadj.sys
[2012/07/26 08:04:12 | 004,721,680 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe
[2012/07/23 21:45:55 | 000,001,057 | ---- | M] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml
[2012/07/23 12:51:42 | 000,462,152 | ---- | M] () -- F:WindowsSystem32FNTCACHE.DAT
[2012/07/23 12:50:26 | 000,000,000 | ---- | M] () -- F:ProgramData0x0304A000.sfl
[2012/07/22 21:39:21 | 000,000,758 | ---- | M] () -- F:UsersPublicDesktopPale Moon.lnk
[2012/07/22 21:05:36 | 000,001,952 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchPale Moon.lnk
[2012/07/22 17:08:01 | 000,000,880 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001Core.job
[2012/07/21 10:54:16 | 001,729,604 | ---- | M] () -- F:UsersTTArmstrongDesktopTim McGraw - Its Your Love - Instrumental _ Karaoke.mp3
[2012/07/19 23:42:23 | 000,000,512 | ---- | M] () -- F:UsersTTArmstrongDesktopMBR.dat
[2012/07/19 23:16:58 | 000,607,260 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr
[2012/07/19 19:24:18 | 076,128,300 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj005.wav
[2012/07/19 19:17:06 | 031,125,548 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj004.wav
[2012/07/19 19:14:10 | 046,991,404 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj003.wav
[2012/07/19 19:09:44 | 032,616,492 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj002.wav
[2012/07/19 19:06:39 | 012,724,268 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj001.wav
[2012/07/19 19:05:27 | 024,307,756 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj000.wav
[2012/07/18 04:31:41 | 051,150,892 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav
[2012/07/18 04:26:51 | 022,272,044 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav
[2012/07/18 04:24:45 | 028,700,716 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav
[2012/07/18 04:22:02 | 027,181,100 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav
[2012/07/18 04:19:28 | 035,190,828 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav
[2012/07/18 04:16:09 | 040,550,444 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav
[2012/07/18 04:12:19 | 031,346,732 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav
[2012/07/18 04:09:21 | 045,740,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav
[2012/07/18 04:05:02 | 052,380,232 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav
[2012/07/18 04:00:01 | 020,090,924 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav
[2012/07/18 03:58:07 | 029,100,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav
[2012/07/18 03:18:29 | 000,002,141 | ---- | M] () -- F:Windowsepplauncher.mif
[2012/07/17 19:11:39 | 000,000,090 | ---- | M] () -- F:Windows12225517.dat
[2012/07/16 21:58:09 | 000,146,216 | ---- | M] () -- F:UsersTTArmstrongDesktop33271375750985781045.jpg
[2012/07/16 17:27:15 | 000,052,001 | ---- | M] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg
[2012/07/14 08:45:02 | 000,000,939 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk
[2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys
[2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys
[2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys
[2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys
[2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys
[2012/07/12 23:01:43 | 000,281,862 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalcensus.cache
[2012/07/12 23:01:22 | 000,158,340 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalars.cache
[2012/07/12 22:53:41 | 000,000,036 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache
[2012/07/12 22:23:42 | 000,014,664 | ---- | M] (McAfee, Inc.) -- F:Windowsstinger.sys
[2012/07/12 22:23:03 | 000,000,045 | RH-- | M] () -- F:UsersTTArmstrongDesktopstinger.opt
[2012/07/12 22:06:02 | 000,001,078 | ---- | M] () -- F:UsersPublicDesktopMalwarebytes Anti-Malware.lnk
[2012/07/12 14:36:12 | 000,002,445 | ---- | M] () -- F:UsersTTArmstrongDesktopGoogle Chrome.lnk
[2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys
[2012/07/11 22:21:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerApp.exe
[2012/07/11 22:21:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerCPLApp.cpl
[2012/07/08 18:36:53 | 002,616,633 | ---- | M] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- F:WindowsSystem32driversmbam.sys
[2012/07/02 16:51:55 | 000,041,909 | ---- | M] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg
[2012/07/01 15:35:20 | 004,589,338 | ---- | M] () -- F:UsersTTArmstrongDesktopGo Get It.mp3
[2012/06/30 16:14:35 | 000,057,212 | ---- | M] () -- F:UsersTTArmstrongDesktop306571_392582317467151_742435903_n.jpg
[2012/06/27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNStlsc.sys
[2012/06/27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSProt.sys
[2012/06/27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPrv.sys
[2012/06/27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSSmtp.sys
[2012/06/27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPop3.sys
[2012/06/27 15:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPihsw.sys
[2012/06/27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSIds.sys
[2012/06/27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSpicc.sys
[2012/06/27 15:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSNAHSL.sys
[2012/06/27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSHttp.sys
[2012/06/27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSAlpc.sys

========== Files Created - No Company Name ==========

[2012/07/26 15:03:04 | 002,117,108 | ---- | C] () -- F:UsersTTArmstrongDesktoptdsskiller.zip
[2012/07/26 11:09:24 | 000,003,221 | ---- | C] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk
[2012/07/23 12:50:26 | 000,000,000 | ---- | C] () -- F:ProgramData0x0304A000.sfl
[2012/07/22 21:05:37 | 000,000,770 | ---- | C] () -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPale Moon.lnk
[2012/07/22 21:05:37 | 000,000,758 | ---- | C] () -- F:UsersPublicDesktopPale Moon.lnk
[2012/07/22 19:49:13 | 000,256,000 | ---- | C] () -- F:WindowsPEV.exe
[2012/07/22 19:49:13 | 000,208,896 | ---- | C] () -- F:WindowsMBR.exe
[2012/07/22 19:49:13 | 000,098,816 | ---- | C] () -- F:Windowssed.exe
[2012/07/22 19:49:13 | 000,080,412 | ---- | C] () -- F:Windowsgrep.exe
[2012/07/22 19:49:13 | 000,068,096 | ---- | C] () -- F:Windowszip.exe
[2012/07/21 10:53:02 | 001,729,604 | ---- | C] () -- F:UsersTTArmstrongDesktopTim McGraw - Its Your Love - Instrumental _ Karaoke.mp3
[2012/07/19 23:42:23 | 000,000,512 | ---- | C] () -- F:UsersTTArmstrongDesktopMBR.dat
[2012/07/19 19:17:06 | 076,128,300 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj005.wav
[2012/07/19 19:14:10 | 031,125,548 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj004.wav
[2012/07/19 19:09:44 | 046,991,404 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj003.wav
[2012/07/19 19:06:39 | 032,616,492 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj002.wav
[2012/07/19 19:05:27 | 012,724,268 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj001.wav
[2012/07/19 19:03:09 | 024,307,756 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj000.wav
[2012/07/18 04:26:51 | 051,150,892 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav
[2012/07/18 04:24:45 | 022,272,044 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav
[2012/07/18 04:22:02 | 028,700,716 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav
[2012/07/18 04:19:28 | 027,181,100 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav
[2012/07/18 04:16:09 | 035,190,828 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav
[2012/07/18 04:12:19 | 040,550,444 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav
[2012/07/18 04:09:21 | 031,346,732 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav
[2012/07/18 04:05:02 | 045,740,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav
[2012/07/18 01:55:25 | 000,043,480 | ---- | C] () -- F:WindowsSystem32driversgtqjbadj.sys
[2012/07/17 20:12:11 | 000,002,141 | ---- | C] () -- F:Windowsepplauncher.mif
[2012/07/17 19:11:39 | 000,000,090 | ---- | C] () -- F:Windows12225517.dat
[2012/07/16 21:58:14 | 000,146,216 | ---- | C] () -- F:UsersTTArmstrongDesktop33271375750985781045.jpg
[2012/07/16 17:27:26 | 000,052,001 | ---- | C] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg
[2012/07/14 08:45:02 | 000,000,939 | ---- | C] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk
[2012/07/13 09:18:58 | 052,380,232 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav
[2012/07/13 09:11:36 | 020,090,924 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav
[2012/07/13 08:44:28 | 029,100,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav
[2012/07/12 23:01:43 | 000,281,862 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalcensus.cache
[2012/07/12 23:01:22 | 000,158,340 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalars.cache
[2012/07/12 22:53:41 | 000,000,036 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache
[2012/07/12 22:22:19 | 000,000,045 | RH-- | C] () -- F:UsersTTArmstrongDesktopstinger.opt
[2012/07/08 18:32:23 | 002,616,633 | ---- | C] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3
[2012/07/08 06:41:30 | 005,213,752 | ---- | C] () -- F:UsersTTArmstrongDesktopShana Wilson Press In Your Presence.mp3
[2012/07/08 06:39:47 | 004,589,338 | ---- | C] () -- F:UsersTTArmstrongDesktopGo Get It.mp3
[2012/07/07 17:36:45 | 000,213,141 | R--- | C] () -- F:UsersTTArmstrongDesktop00-sanchez-best_of_sanchez_(dj_rondon)-bootleg-cd-2006-spliff.jpg
[2012/07/02 16:51:55 | 000,041,909 | ---- | C] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg
[2012/06/30 19:31:03 | 000,100,352 | ---- | C] () -- F:UsersTTArmstrongDocumentsVYBZ KARTEL COLORING BOOK JUNE 2K11.jwl
[2012/06/30 19:31:03 | 000,057,856 | ---- | C] () -- F:UsersTTArmstrongDocumentsZIGGY MARLEY WILD AND FREE.jwl
[2012/06/30 19:31:02 | 000,074,752 | ---- | C] () -- F:UsersTTArmstrongDocumentsTyrone Taylor Sings Members Only.jwl
[2012/06/30 19:31:02 | 000,045,568 | ---- | C] () -- F:UsersTTArmstrongDocumentsTrust.jwl
[2012/06/30 19:31:02 | 000,038,400 | ---- | C] () -- F:UsersTTArmstrongDocumentsUNREPORTED GUNS VOTES AND MONEY.jwl
[2012/06/30 19:31:01 | 000,127,488 | ---- | C] () -- F:UsersTTArmstrongDocumentsSTONE LOVE SWAGG TUESDAY VOL 5 PART 1 JUNE 2K11.jwl
[2012/06/30 19:31:01 | 000,118,272 | ---- | C] () -- F:UsersTTArmstrongDocumentsSTONE LOVE SWAGG TUESDAY VOL 5 PART 2 JUNE 2K11.jwl
[2012/06/30 19:31:01 | 000,105,984 | ---- | C] () -- F:UsersTTArmstrongDocumentsSnoop Dogg Dubstep.jwl
[2012/06/30 19:31:01 | 000,061,952 | ---- | C] () -- F:UsersTTArmstrongDocumentsScientist The People s Choice.jwl
[2012/06/30 19:31:01 | 000,044,544 | ---- | C] () -- F:UsersTTArmstrongDocumentsPat Kelly Wish It Would Rain.jwl
[2012/06/30 19:31:01 | 000,018,944 | ---- | C] () -- F:UsersTTArmstrongDocumentsSMALL ISLAND.jwl
[2012/06/30 19:31:00 | 000,208,384 | ---- | C] () -- F:UsersTTArmstrongDocumentsJohnny Osbourne Dancing Time.jwl
[2012/06/30 19:31:00 | 000,143,360 | ---- | C] () -- F:UsersTTArmstrongDocumentsFrankie Paul SHOWCASE.jwl
[2012/06/30 19:31:00 | 000,112,640 | ---- | C] () -- F:UsersTTArmstrongDocumentsDelroy Wilson SHOWCASE.jwl
[2012/06/30 19:31:00 | 000,073,728 | ---- | C] () -- F:UsersTTArmstrongDocumentsDJ KENNY CULTURAL LOVERS ROCK 2011 JUNE 2K11.jwl
[2012/06/30 19:31:00 | 000,068,608 | ---- | C] () -- F:UsersTTArmstrongDocumentsDJ BLAZER VYBZ KARTEL DA WORLD BOSS JUNE 2K11.jwl
[2012/06/30 19:30:59 | 000,339,968 | ---- | C] () -- F:UsersTTArmstrongDocumentsCarib Vybz Di Teacha XXXclusive 2011.jwl
[2012/06/30 19:30:59 | 000,050,176 | ---- | C] () -- F:UsersTTArmstrongDocumentsBLACK UHURU DUBBIN IT LIVE.jwl
[2012/06/30 16:14:30 | 000,057,212 | ---- | C] () -- F:UsersTTArmstrongDesktop306571_392582317467151_742435903_n.jpg
[2012/06/29 15:32:49 | 000,002,441 | ---- | C] () -- F:ProgramDataMicrosoftWindowsStart MenuProgramsAdobe Reader X.lnk
[2012/03/26 11:55:00 | 000,147,456 | ---- | C] () -- F:WindowsSystem32DiagFunc.dll
[2012/03/26 11:55:00 | 000,000,451 | ---- | C] () -- F:WindowsSystem32DiagFunc.ini
[2012/03/07 19:24:25 | 000,116,224 | ---- | C] () -- F:WindowsSystem32redmonnt.dll
[2012/03/07 19:24:25 | 000,045,056 | ---- | C] () -- F:WindowsSystem32unredmon.exe
[2012/02/16 06:21:03 | 000,032,768 | ---- | C] () -- F:WindowsSystem32driverssp_rsdrv2.sys
[2011/11/17 08:53:51 | 000,003,284 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingANIWZCS{A21875C3-23CF-4FF2-ACA3-6B9A1DE459D5}
[2011/11/17 08:50:28 | 000,012,800 | ---- | C] () -- F:WindowsSystem32driversanodlwf.sys
[2011/11/17 08:50:27 | 000,014,051 | ---- | C] () -- F:WindowsSystem32RaCoInst.dat
[2011/11/09 19:55:48 | 000,000,566 | ---- | C] () -- F:WindowsSystem32SP7302.INI
[2011/07/27 08:53:38 | 000,000,000 | ---- | C] () -- F:UsersTTArmstrongAppDataLocal{DEB393EC-9D07-4AAF-B6DE-442513357526}
[2011/03/24 22:02:01 | 000,029,008 | ---- | C] () -- F:WindowsSystem32SmartDefragBootTime.exe
[2011/03/24 22:02:01 | 000,016,184 | ---- | C] () -- F:WindowsSystem32driversSmartDefragDriver.sys
[2011/01/30 05:30:55 | 000,084,480 | ---- | C] () -- F:WindowsSystem32ff_vfw.dll
[2011/01/29 13:02:14 | 000,003,884 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingdvdae.config
[2010/11/14 06:08:43 | 000,001,378 | ---- | C] () -- F:WindowsSystem32SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
[2010/10/23 20:04:09 | 000,130,048 | ---- | C] () -- F:WindowsSystem32SpoonUninstall.exe
[2010/10/23 05:02:04 | 000,001,057 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml
[2010/10/23 05:00:39 | 000,087,608 | ---- | C] () -- F:UsersTTArmstrongAppDataRoaminginst.exe
[2010/10/23 05:00:39 | 000,007,887 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.cat
[2010/10/23 05:00:39 | 000,001,144 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.inf
[2010/10/16 13:33:30 | 000,308,624 | ---- | C] () -- F:WindowsSystem32brcmbsp.dll
[2010/10/16 13:33:30 | 000,206,216 | ---- | C] () -- F:WindowsSystem32bipbsp.dll
[2010/10/16 13:31:49 | 000,080,368 | ---- | C] () -- F:WindowsSystem32pbadrvdll.dll
[2010/09/30 17:07:06 | 000,000,376 | ---- | C] () -- F:WindowsODBC.INI
[2010/09/30 00:22:17 | 001,474,832 | ---- | C] () -- F:WindowsSystem32driverssfi.dat
[2010/09/30 00:19:12 | 001,724,416 | ---- | C] () -- F:WindowsSystem32nvwdmcpl.dll
[2010/09/30 00:19:12 | 001,657,376 | ---- | C] () -- F:WindowsSystem32nwiz.exe
[2010/09/30 00:19:12 | 001,507,328 | ---- | C] () -- F:WindowsSystem32nView.dll
[2010/09/30 00:19:12 | 001,101,824 | ---- | C] () -- F:WindowsSystem32nvwimg.dll
[2010/09/30 00:19:12 | 000,466,944 | ---- | C] () -- F:WindowsSystem32nvShell.dll
[2010/09/30 00:19:12 | 000,449,056 | ---- | C] () -- F:WindowsSystem32nvAppBar.exe
[2010/09/30 00:19:12 | 000,267,296 | ---- | C] () -- F:WindowsSystem32nvTaskbar.exe

========== LOP Check ==========

[2011/08/13 15:53:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingApowersoft
[2010/10/23 09:09:08 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBackTalk
[2012/07/22 18:25:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBitTorrent
[2010/10/23 20:17:56 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingdBpoweramp
[2010/10/02 11:17:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDisk Cleaner
[2012/02/01 23:36:24 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDVDFab
[2012/07/12 22:43:10 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingf-secure
[2011/05/22 13:07:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingFDRLab
[2011/08/24 17:01:40 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingImgBurn
[2011/10/06 23:15:21 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingIObit
[2011/04/20 16:26:24 | 000,000,000 | RHSD | M] -- F:UsersTTArmstrongAppDataRoamingJava
[2010/10/17 21:57:31 | 000,000,

#18 luluhifi

luluhifi

    Advanced Member

  • Advanced Member
  • 2,434 posts
  • Location:Wash.DC, USA

Posted 26 July 2012 - 03:17 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-26 15:39:12 ----------------------------- 15:39:12.760 OS Version: Windows 6.1.7601 Service Pack 1 15:39:12.760 Number of processors: 2 586 0x170A 15:39:12.760 ComputerName: TTARMSTRONG-PC UserName: TTArmstrong 15:39:13.852 Initialize success 15:47:07.175 AVAST engine defs: 12072601 15:47:17.611 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIAAStorageDevice-1 15:47:17.611 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 8 15:47:17.627 Disk 0 MBR read successfully 15:47:17.627 Disk 0 MBR scan 15:47:17.642 Disk 0 Windows 7 default MBR code 15:47:17.642 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 266 MB offset 63 15:47:17.658 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 60345 MB offset 546210 15:47:17.673 Disk 0 Partition - 00 0F Extended LBA 92012 MB offset 124134255 15:47:17.689 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 51348 MB offset 124134318 15:47:17.689 Disk 0 Partition - 00 05 Extended 40664 MB offset 229295745 15:47:17.705 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 40664 MB offset 229295808 15:47:17.720 Disk 0 scanning sectors +312576705 15:47:17.783 Disk 0 scanning F:Windowssystem32drivers 15:47:28.609 Service scanning 15:47:53.163 Modules scanning 15:47:58.670 Disk 0 trace - called modules: 15:47:58.717 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorV.sys halmacpi.dll 15:47:58.717 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0x8bba8810] 15:47:58.733 3 CLASSPNP.SYS[8e5bd59e] -> nt!IofCallDriver -> DeviceIdeIAAStorageDevice-1[0x8ad95028] 15:47:59.357 AVAST engine scan F:Windows 15:48:01.182 AVAST engine scan F:Windowssystem32 15:50:20.818 AVAST engine scan F:Windowssystem32drivers 15:50:33.766 AVAST engine scan F:UsersTTArmstrong 15:53:21.123 AVAST engine scan F:ProgramData 15:53:43.415 File: F:ProgramDataMicrosoftWindowsDRMD27B.tmp **INFECTED** Win32:Crypt-NKI [Trj] 15:54:11.542 Scan finished successfully 16:16:33.498 Disk 0 MBR has been saved successfully to "F:UsersTTArmstrongDesktopMBR.dat" 16:16:33.498 The log file has been saved successfully to "F:UsersTTArmstrongDesktopaswMBR july.txt"

#19 luluhifi

luluhifi

    Advanced Member

  • Advanced Member
  • 2,434 posts
  • Location:Wash.DC, USA

Posted 26 July 2012 - 03:35 PM

16:23:03.0231 4288 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 16:23:04.0042 4288 ============================================================ 16:23:04.0042 4288 Current date / time: 2012/07/26 16:23:04.0042 16:23:04.0042 4288 SystemInfo: 16:23:04.0042 4288 16:23:04.0042 4288 OS Version: 6.1.7601 ServicePack: 1.0 16:23:04.0042 4288 Product type: Workstation 16:23:04.0042 4288 ComputerName: TTARMSTRONG-PC 16:23:04.0042 4288 UserName: TTArmstrong 16:23:04.0042 4288 Windows directory: F:Windows 16:23:04.0042 4288 System windows directory: F:Windows 16:23:04.0042 4288 Processor architecture: Intel x86 16:23:04.0042 4288 Number of processors: 2 16:23:04.0042 4288 Page size: 0x1000 16:23:04.0042 4288 Boot type: Normal boot 16:23:04.0042 4288 ============================================================ 16:23:05.0524 4288 Drive DeviceHarddisk0DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 16:23:05.0524 4288 ============================================================ 16:23:05.0524 4288 DeviceHarddisk0DR0: 16:23:05.0524 4288 MBR partitions: 16:23:05.0524 4288 DeviceHarddisk0DR0Partition0: MBR, Type 0x7, StartLBA 0x855A2, BlocksNum 0x75DCDCD 16:23:05.0555 4288 DeviceHarddisk0DR0Partition1: MBR, Type 0x7, StartLBA 0x76623AE, BlocksNum 0x644A2D3 16:23:05.0571 4288 DeviceHarddisk0DR0Partition2: MBR, Type 0x7, StartLBA 0xDAAC6C0, BlocksNum 0x4F6C401 16:23:05.0571 4288 ============================================================ 16:23:05.0602 4288 C: <-> DeviceHarddisk0DR0Partition0 16:23:05.0618 4288 E: <-> DeviceHarddisk0DR0Partition2 16:23:05.0633 4288 F: <-> DeviceHarddisk0DR0Partition1 16:23:05.0633 4288 ============================================================ 16:23:05.0633 4288 Initialize success 16:23:05.0633 4288 ============================================================ 16:24:23.0985 4192 ============================================================ 16:24:23.0985 4192 Scan started 16:24:23.0985 4192 Mode: Manual; TDLFS; 16:24:23.0985 4192 ============================================================ 16:24:24.0734 4192 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) F:Program FilesSUPERAntiSpywareSASCORE.EXE 16:24:24.0734 4192 !SASCORE - ok 16:24:24.0890 4192 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) F:Windowssystem32drivers1394ohci.sys 16:24:24.0890 4192 1394ohci - ok 16:24:24.0952 4192 a2acc (a8a4e18857cdfd8d9ab81e2c9eaf89b5) F:PROGRAM FILESEMSISOFT ANTI-MALWAREa2accx86.sys 16:24:24.0952 4192 a2acc - ok 16:24:25.0124 4192 a2AntiMalware (8b75ba256bcada2b73ffa5bd77aa9e6c) F:Program FilesEmsisoft Anti-Malwarea2service.exe 16:24:25.0140 4192 a2AntiMalware - ok 16:24:25.0171 4192 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) F:Program FilesEmsisoft Anti-Malwarea2ddax86.sys 16:24:25.0171 4192 A2DDA - ok 16:24:25.0264 4192 ACPI (cea80c80bed809aa0da6febc04733349) F:Windowssystem32driversACPI.sys 16:24:25.0264 4192 ACPI - ok 16:24:25.0296 4192 AcpiPmi (1efbc664abff416d1d07db115dcb264f) F:Windowssystem32driversacpipmi.sys 16:24:25.0296 4192 AcpiPmi - ok 16:24:25.0374 4192 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) F:Program FilesCommon FilesAdobeARM1.0armsvc.exe 16:24:25.0374 4192 AdobeARMservice - ok 16:24:25.0436 4192 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) F:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe 16:24:25.0452 4192 AdobeFlashPlayerUpdateSvc - ok 16:24:25.0483 4192 adp94xx (21e785ebd7dc90a06391141aac7892fb) F:Windowssystem32DRIVERSadp94xx.sys 16:24:25.0498 4192 adp94xx - ok 16:24:25.0514 4192 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) F:Windowssystem32DRIVERSadpahci.sys 16:24:25.0530 4192 adpahci - ok 16:24:25.0545 4192 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) F:Windowssystem32DRIVERSadpu320.sys 16:24:25.0545 4192 adpu320 - ok 16:24:25.0576 4192 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) F:WindowsSystem32aelupsvc.dll 16:24:25.0576 4192 AeLookupSvc - ok 16:24:25.0623 4192 AFD (9ebbba55060f786f0fcaa3893bfa2806) F:Windowssystem32driversafd.sys 16:24:25.0623 4192 AFD - ok 16:24:25.0670 4192 agp440 (507812c3054c21cef746b6ee3d04dd6e) F:Windowssystem32driversagp440.sys 16:24:25.0670 4192 agp440 - ok 16:24:25.0686 4192 aic78xx (8b30250d573a8f6b4bd23195160d8707) F:Windowssystem32DRIVERSdjsvs.sys 16:24:25.0686 4192 aic78xx - ok 16:24:25.0717 4192 ALG (18a54e132947cd98fea9accc57f98f13) F:WindowsSystem32alg.exe 16:24:25.0717 4192 ALG - ok 16:24:25.0732 4192 aliide (0d40bcf52ea90fc7df2aeab6503dea44) F:Windowssystem32driversaliide.sys 16:24:25.0732 4192 aliide - ok 16:24:25.0779 4192 amdagp (3c6600a0696e90a463771c7422e23ab5) F:Windowssystem32driversamdagp.sys 16:24:25.0779 4192 amdagp - ok 16:24:25.0795 4192 amdide (cd5914170297126b6266860198d1d4f0) F:Windowssystem32driversamdide.sys 16:24:25.0795 4192 amdide - ok 16:24:25.0810 4192 AmdK8 (00dda200d71bac534bf56a9db5dfd666) F:Windowssystem32DRIVERSamdk8.sys 16:24:25.0810 4192 AmdK8 - ok 16:24:25.0826 4192 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) F:Windowssystem32DRIVERSamdppm.sys 16:24:25.0826 4192 AmdPPM - ok 16:24:25.0857 4192 amdsata (d320bf87125326f996d4904fe24300fc) F:Windowssystem32driversamdsata.sys 16:24:25.0857 4192 amdsata - ok 16:24:25.0888 4192 amdsbs (ea43af0c423ff267355f74e7a53bdaba) F:Windowssystem32DRIVERSamdsbs.sys 16:24:25.0888 4192 amdsbs - ok 16:24:25.0904 4192 amdxata (46387fb17b086d16dea267d5be23a2f2) F:Windowssystem32driversamdxata.sys 16:24:25.0904 4192 amdxata - ok 16:24:25.0951 4192 anodlwf (48e008cf2edcf8fc91a9d3507865a51d) F:Windowssystem32DRIVERSanodlwf.sys 16:24:25.0951 4192 anodlwf - ok 16:24:25.0982 4192 AppID (aea177f783e20150ace5383ee368da19) F:Windowssystem32driversappid.sys 16:24:25.0982 4192 AppID - ok 16:24:25.0998 4192 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) F:WindowsSystem32appidsvc.dll 16:24:25.0998 4192 AppIDSvc - ok 16:24:26.0044 4192 Appinfo (fb1959012294d6ad43e5304df65e3c26) F:WindowsSystem32appinfo.dll 16:24:26.0044 4192 Appinfo - ok 16:24:26.0091 4192 arc (2932004f49677bd84dbc72edb754ffb3) F:Windowssystem32DRIVERSarc.sys 16:24:26.0091 4192 arc - ok 16:24:26.0107 4192 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) F:Windowssystem32DRIVERSarcsas.sys 16:24:26.0107 4192 arcsas - ok 16:24:26.0122 4192 AsyncMac (add2ade1c2b285ab8378d2daaf991481) F:Windowssystem32DRIVERSasyncmac.sys 16:24:26.0122 4192 AsyncMac - ok 16:24:26.0138 4192 atapi (338c86357871c167a96ab976519bf59e) F:Windowssystem32driversatapi.sys 16:24:26.0138 4192 atapi - ok 16:24:26.0185 4192 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) F:WindowsSystem32Audiosrv.dll 16:24:26.0185 4192 AudioEndpointBuilder - ok 16:24:26.0200 4192 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) F:WindowsSystem32Audiosrv.dll 16:24:26.0200 4192 Audiosrv - ok 16:24:26.0247 4192 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) F:WindowsSystem32AxInstSV.dll 16:24:26.0247 4192 AxInstSV - ok 16:24:26.0278 4192 b06bdrv (1a231abec60fd316ec54c66715543cec) F:Windowssystem32DRIVERSbxvbdx.sys 16:24:26.0294 4192 b06bdrv - ok 16:24:26.0325 4192 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) F:Windowssystem32DRIVERSb57nd60x.sys 16:24:26.0325 4192 b57nd60x - ok 16:24:26.0434 4192 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) F:Windowssystem32DRIVERSbcmwl6.sys 16:24:26.0450 4192 BCM43XX - ok 16:24:26.0466 4192 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) F:WindowsSystem32bdesvc.dll 16:24:26.0466 4192 BDESVC - ok 16:24:26.0512 4192 Beep (505506526a9d467307b3c393dedaf858) F:Windowssystem32driversBeep.sys 16:24:26.0512 4192 Beep - ok 16:24:26.0590 4192 BFE (1e2bac209d184bb851e1a187d8a29136) F:WindowsSystem32bfe.dll 16:24:26.0590 4192 BFE - ok 16:24:26.0637 4192 blbdrive (2287078ed48fcfc477b05b20cf38f36f) F:Windowssystem32DRIVERSblbdrive.sys 16:24:26.0637 4192 blbdrive - ok 16:24:26.0668 4192 bowser (8f2da3028d5fcbd1a060a3de64cd6506) F:Windowssystem32DRIVERSbowser.sys 16:24:26.0668 4192 bowser - ok 16:24:26.0684 4192 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) F:Windowssystem32DRIVERSBrFiltLo.sys 16:24:26.0684 4192 BrFiltLo - ok 16:24:26.0700 4192 BrFiltUp (56801ad62213a41f6497f96dee83755a) F:Windowssystem32DRIVERSBrFiltUp.sys 16:24:26.0700 4192 BrFiltUp - ok 16:24:26.0715 4192 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) F:Windowssystem32DRIVERSbridge.sys 16:24:26.0715 4192 BridgeMP - ok 16:24:26.0793 4192 Browser (6e11f33d14d020f58d5e02e4d67dfa19) F:WindowsSystem32browser.dll 16:24:26.0793 4192 Browser - ok 16:24:26.0824 4192 Brserid (845b8ce732e67f3b4133164868c666ea) F:Windowssystem32DRIVERSBrSerId.sys 16:24:26.0824 4192 Brserid - ok 16:24:26.0856 4192 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) F:WindowsSystem32DriversBrSerWdm.sys 16:24:26.0856 4192 BrSerWdm - ok 16:24:26.0871 4192 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) F:WindowsSystem32DriversBrUsbMdm.sys 16:24:26.0871 4192 BrUsbMdm - ok 16:24:26.0887 4192 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) F:Windowssystem32DRIVERSBrUsbSer.sys 16:24:26.0887 4192 BrUsbSer - ok 16:24:26.0902 4192 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) F:Windowssystem32DRIVERSbthmodem.sys 16:24:26.0902 4192 BTHMODEM - ok 16:24:26.0918 4192 bthserv (1df19c96eef6c29d1c3e1a8678e07190) F:Windowssystem32bthserv.dll 16:24:26.0918 4192 bthserv - ok 16:24:26.0980 4192 catchme - ok 16:24:27.0012 4192 cdfs (77ea11b065e0a8ab902d78145ca51e10) F:Windowssystem32DRIVERScdfs.sys 16:24:27.0012 4192 cdfs - ok 16:24:27.0043 4192 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) F:Windowssystem32DRIVERScdrom.sys 16:24:27.0058 4192 cdrom - ok 16:24:27.0074 4192 CertPropSvc (319c6b309773d063541d01df8ac6f55f) F:WindowsSystem32certprop.dll 16:24:27.0074 4192 CertPropSvc - ok 16:24:27.0121 4192 CFcatchme - ok 16:24:27.0152 4192 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) F:Windowssystem32DRIVERScirclass.sys 16:24:27.0152 4192 circlass - ok 16:24:27.0199 4192 CLFS (635181e0e9bbf16871bf5380d71db02d) F:Windowssystem32CLFS.sys 16:24:27.0214 4192 CLFS - ok 16:24:27.0246 4192 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) F:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe 16:24:27.0261 4192 clr_optimization_v2.0.50727_32 - ok 16:24:27.0308 4192 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) F:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe 16:24:27.0308 4192 clr_optimization_v4.0.30319_32 - ok 16:24:27.0324 4192 CmBatt (dea805815e587dad1dd2c502220b5616) F:Windowssystem32DRIVERSCmBatt.sys 16:24:27.0324 4192 CmBatt - ok 16:24:27.0480 4192 cmdAgent (907324001ae25ac5959c91eaa34cabae) F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe 16:24:27.0495 4192 cmdAgent - ok 16:24:27.0620 4192 cmdGuard (ed042da80d9d6a087e83df395ceefd65) F:Windowssystem32DRIVERScmdguard.sys 16:24:27.0620 4192 cmdGuard - ok 16:24:27.0651 4192 cmdHlp (ed6b6a222cb9adf6751e02ad478a89fb) F:Windowssystem32DRIVERScmdhlp.sys 16:24:27.0651 4192 cmdHlp - ok 16:24:27.0698 4192 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) F:Windowssystem32driverscmdide.sys 16:24:27.0698 4192 cmdide - ok 16:24:27.0745 4192 CNG (247b4ce2dab1160cd422d532d5241e1f) F:Windowssystem32Driverscng.sys 16:24:27.0760 4192 CNG - ok 16:24:27.0760 4192 Compbatt (a6023d3823c37043986713f118a89bee) F:Windowssystem32DRIVERScompbatt.sys 16:24:27.0760 4192 Compbatt - ok 16:24:27.0792 4192 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) F:Windowssystem32driversCompositeBus.sys 16:24:27.0792 4192 CompositeBus - ok 16:24:27.0792 4192 COMSysApp - ok 16:24:27.0807 4192 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) F:Windowssystem32DRIVERScrcdisk.sys 16:24:27.0807 4192 crcdisk - ok 16:24:27.0916 4192 Credential Vault Host Control Service (4163c86ea091f9621017b899ad66a8be) F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe 16:24:27.0948 4192 Credential Vault Host Control Service - ok 16:24:27.0963 4192 Credential Vault Host Storage (ad6ba00e4f4e847151a3b4a0a2945c7c) F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe 16:24:27.0963 4192 Credential Vault Host Storage - ok 16:24:27.0994 4192 CryptSvc (06e771aa596b8761107ab57e99f128d7) F:Windowssystem32cryptsvc.dll 16:24:27.0994 4192 CryptSvc - ok 16:24:28.0010 4192 cvusbdrv (d1697063e2cdb6575aa46d668ffee825) F:Windowssystem32Driverscvusbdrv.sys 16:24:28.0010 4192 cvusbdrv - ok 16:24:28.0057 4192 DcomLaunch (7660f01d3b38aca1747e397d21d790af) F:Windowssystem32rpcss.dll 16:24:28.0072 4192 DcomLaunch - ok 16:24:28.0104 4192 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) F:WindowsSystem32defragsvc.dll 16:24:28.0119 4192 defragsvc - ok 16:24:28.0150 4192 DfsC (f024449c97ec1e464aaffda18593db88) F:Windowssystem32Driversdfsc.sys 16:24:28.0150 4192 DfsC - ok 16:24:28.0197 4192 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) F:Windowssystem32dhcpcore.dll 16:24:28.0213 4192 Dhcp - ok 16:24:28.0244 4192 discache (1a050b0274bfb3890703d490f330c0da) F:Windowssystem32driversdiscache.sys 16:24:28.0244 4192 discache - ok 16:24:28.0260 4192 Disk (565003f326f99802e68ca78f2a68e9ff) F:Windowssystem32DRIVERSdisk.sys 16:24:28.0260 4192 Disk - ok 16:24:28.0291 4192 Dnscache (33ef4861f19a0736b11314aad9ae28d0) F:WindowsSystem32dnsrslvr.dll 16:24:28.0291 4192 Dnscache - ok 16:24:28.0338 4192 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) F:WindowsSystem32dot3svc.dll 16:24:28.0353 4192 dot3svc - ok 16:24:28.0384 4192 DPS (8ec04ca86f1d68da9e11952eb85973d6) F:Windowssystem32dps.dll 16:24:28.0384 4192 DPS - ok 16:24:28.0416 4192 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) F:Windowssystem32driversdrmkaud.sys 16:24:28.0416 4192 drmkaud - ok 16:24:28.0478 4192 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) F:WindowsSystem32driversdxgkrnl.sys 16:24:28.0494 4192 DXGKrnl - ok 16:24:28.0540 4192 e1yexpress (44a91d98d6719b49bcd649a863225b5c) F:Windowssystem32DRIVERSe1y6232.sys 16:24:28.0556 4192 e1yexpress - ok 16:24:28.0572 4192 EapHost (8600142fa91c1b96367d3300ad0f3f3a) F:WindowsSystem32eapsvc.dll 16:24:28.0572 4192 EapHost - ok 16:24:28.0728 4192 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) F:Windowssystem32DRIVERSevbdx.sys 16:24:28.0774 4192 ebdrv - ok 16:24:28.0868 4192 EFS (81951f51e318aecc2d68559e47485cc4) F:WindowsSystem32lsass.exe 16:24:28.0868 4192 EFS - ok 16:24:28.0915 4192 ehRecvr (a8c362018efc87beb013ee28f29c0863) F:WindowsehomeehRecvr.exe 16:24:28.0930 4192 ehRecvr - ok 16:24:28.0946 4192 ehSched (d389bff34f80caede417bf9d1507996a) F:Windowsehomeehsched.exe 16:24:28.0946 4192 ehSched - ok 16:24:28.0993 4192 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) F:Windowssystem32DRIVERSelxstor.sys 16:24:29.0008 4192 elxstor - ok 16:24:29.0040 4192 ErrDev (8fc3208352dd3912c94367a206ab3f11) F:Windowssystem32driverserrdev.sys 16:24:29.0040 4192 ErrDev - ok 16:24:29.0133 4192 EventSystem (f6916efc29d9953d5d0df06882ae8e16) F:Windowssystem32es.dll 16:24:29.0133 4192 EventSystem - ok 16:24:29.0149 4192 exfat (2dc9108d74081149cc8b651d3a26207f) F:Windowssystem32driversexfat.sys 16:24:29.0164 4192 exfat - ok 16:24:29.0180 4192 fastfat (7e0ab74553476622fb6ae36f73d97d35) F:Windowssystem32driversfastfat.sys 16:24:29.0180 4192 fastfat - ok 16:24:29.0242 4192 Fax (967ea5b213e9984cbe270205df37755b) F:Windowssystem32fxssvc.exe 16:24:29.0242 4192 Fax - ok 16:24:29.0258 4192 fdc (e817a017f82df2a1f8cfdbda29388b29) F:Windowssystem32DRIVERSfdc.sys 16:24:29.0274 4192 fdc - ok 16:24:29.0274 4192 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) F:Windowssystem32fdPHost.dll 16:24:29.0274 4192 fdPHost - ok 16:24:29.0289 4192 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) F:Windowssystem32fdrespub.dll 16:24:29.0289 4192 FDResPub - ok 16:24:29.0289 4192 FileInfo (6cf00369c97f3cf563be99be983d13d8) F:Windowssystem32driversfileinfo.sys 16:24:29.0289 4192 FileInfo - ok 16:24:29.0305 4192 Filetrace (42c51dc94c91da21cb9196eb64c45db9) F:Windowssystem32driversfiletrace.sys 16:24:29.0305 4192 Filetrace - ok 16:24:29.0320 4192 flpydisk (87907aa70cb3c56600f1c2fb8841579b) F:Windowssystem32DRIVERSflpydisk.sys 16:24:29.0320 4192 flpydisk - ok 16:24:29.0352 4192 FltMgr (7520ec808e0c35e0ee6f841294316653) F:Windowssystem32driversfltmgr.sys 16:24:29.0352 4192 FltMgr - ok 16:24:29.0398 4192 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) F:Windowssystem32FntCache.dll 16:24:29.0414 4192 FontCache - ok 16:24:29.0461 4192 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) F:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe 16:24:29.0461 4192 FontCache3.0.0.0 - ok 16:24:29.0476 4192 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) F:Windowssystem32driversFsDepends.sys 16:24:29.0476 4192 FsDepends - ok 16:24:29.0539 4192 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) F:Windowssystem32driversFs_Rec.sys 16:24:29.0539 4192 Fs_Rec - ok 16:24:29.0570 4192 fvevol (8a73e79089b282100b9393b644cb853b) F:Windowssystem32DRIVERSfvevol.sys 16:24:29.0586 4192 fvevol - ok 16:24:29.0601 4192 gagp30kx (65ee0c7a58b65e74ae05637418153938) F:Windowssystem32DRIVERSgagp30kx.sys 16:24:29.0601 4192 gagp30kx - ok 16:24:29.0648 4192 gpsvc (e897eaf5ed6ba41e081060c9b447a673) F:WindowsSystem32gpsvc.dll 16:24:29.0664 4192 gpsvc - ok 16:24:29.0773 4192 gupdate (f02a533f517eb38333cb12a9e8963773) F:Program FilesGoogleUpdateGoogleUpdate.exe 16:24:29.0773 4192 gupdate - ok 16:24:29.0788 4192 gupdatem (f02a533f517eb38333cb12a9e8963773) F:Program FilesGoogleUpdateGoogleUpdate.exe 16:24:29.0788 4192 gupdatem - ok 16:24:29.0804 4192 gusvc (cc839e8d766cc31a7710c9f38cf3e375) F:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe 16:24:29.0804 4192 gusvc - ok 16:24:29.0820 4192 hcw85cir (c44e3c2bab6837db337ddee7544736db) F:Windowssystem32drivershcw85cir.sys 16:24:29.0820 4192 hcw85cir - ok 16:24:29.0866 4192 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) F:Windowssystem32driversHdAudio.sys 16:24:29.0866 4192 HdAudAddService - ok 16:24:29.0882 4192 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) F:Windowssystem32driversHDAudBus.sys 16:24:29.0882 4192 HDAudBus - ok 16:24:29.0898 4192 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) F:Windowssystem32DRIVERSHidBatt.sys 16:24:29.0913 4192 HidBatt - ok 16:24:29.0929 4192 HidBth (89448f40e6df260c206a193a4683ba78) F:Windowssystem32DRIVERShidbth.sys 16:24:29.0929 4192 HidBth - ok 16:24:29.0944 4192 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) F:Windowssystem32DRIVERShidir.sys 16:24:29.0944 4192 HidIr - ok 16:24:29.0976 4192 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) F:WindowsSystem32hidserv.dll 16:24:29.0976 4192 hidserv - ok 16:24:30.0007 4192 HidUsb (10c19f8290891af023eaec0832e1eb4d) F:Windowssystem32DRIVERShidusb.sys 16:24:30.0007 4192 HidUsb - ok 16:24:30.0054 4192 hkmsvc (196b4e3f4cccc24af836ce58facbb699) F:Windowssystem32kmsvc.dll 16:24:30.0054 4192 hkmsvc - ok 16:24:30.0100 4192 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) F:Windowssystem32ListSvc.dll 16:24:30.0100 4192 HomeGroupListener - ok 16:24:30.0147 4192 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) F:Windowssystem32provsvc.dll 16:24:30.0147 4192 HomeGroupProvider - ok 16:24:30.0163 4192 HpSAMD (295fdc419039090eb8b49ffdbb374549) F:Windowssystem32driversHpSAMD.sys 16:24:30.0163 4192 HpSAMD - ok 16:24:30.0210 4192 HTTP (871917b07a141bff43d76d8844d48106) F:Windowssystem32driversHTTP.sys 16:24:30.0225 4192 HTTP - ok 16:24:30.0272 4192 hwpolicy (0c4e035c7f105f1299258c90886c64c5) F:Windowssystem32drivershwpolicy.sys 16:24:30.0272 4192 hwpolicy - ok 16:24:30.0303 4192 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) F:Windowssystem32driversi8042prt.sys 16:24:30.0303 4192 i8042prt - ok 16:24:30.0350 4192 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) F:Windowssystem32driversiaStorV.sys 16:24:30.0350 4192 iaStorV - ok 16:24:30.0490 4192 idsvc (c521d7eb6497bb1af6afa89e322fb43c) F:WindowsMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe 16:24:30.0506 4192 idsvc - ok 16:24:30.0584 4192 iirsp (4173ff5708f3236cf25195fecd742915) F:Windowssystem32DRIVERSiirsp.sys 16:24:30.0584 4192 iirsp - ok 16:24:30.0646 4192 IKEEXT (f95622f161474511b8d80d6b093aa610) F:WindowsSystem32ikeext.dll 16:24:30.0662 4192 IKEEXT - ok 16:24:30.0709 4192 inspect (2ee3db2c1760171c6f72f2f1792a47b5) F:Windowssystem32DRIVERSinspect.sys 16:24:30.0709 4192 inspect - ok 16:24:30.0709 4192 intelide (a0f12f2c9ba6c72f3987ce780e77c130) F:Windowssystem32driversintelide.sys 16:24:30.0724 4192 intelide - ok 16:24:30.0740 4192 intelppm (3b514d27bfc4accb4037bc6685f766e0) F:Windowssystem32DRIVERSintelppm.sys 16:24:30.0740 4192 intelppm - ok 16:24:30.0756 4192 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) F:Windowssystem32ipbusenum.dll 16:24:30.0756 4192 IPBusEnum - ok 16:24:30.0771 4192 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) F:Windowssystem32DRIVERSipfltdrv.sys 16:24:30.0771 4192 IpFilterDriver - ok 16:24:30.0849 4192 iphlpsvc (4d65a07b795d6674312f879d09aa7663) F:WindowsSystem32iphlpsvc.dll 16:24:30.0849 4192 iphlpsvc - ok 16:24:30.0880 4192 IPMIDRV (4bd7134618c1d2a27466a099062547bf) F:Windowssystem32driversIPMIDrv.sys 16:24:30.0880 4192 IPMIDRV - ok 16:24:30.0927 4192 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) F:Windowssystem32driversipnat.sys 16:24:30.0927 4192 IPNAT - ok 16:24:30.0958 4192 IRENUM (42996cff20a3084a56017b7902307e9f) F:Windowssystem32driversirenum.sys 16:24:30.0958 4192 IRENUM - ok 16:24:30.0958 4192 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) F:Windowssystem32driversisapnp.sys 16:24:30.0974 4192 isapnp - ok 16:24:31.0005 4192 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) F:Windowssystem32driversmsiscsi.sys 16:24:31.0021 4192 iScsiPrt - ok 16:24:31.0068 4192 ivusb (994ebb45c4b438e1f6ea0b958ae9b9a3) F:Windowssystem32DRIVERSivusb.sys 16:24:31.0068 4192 ivusb - ok 16:24:31.0114 4192 kbdclass (adef52ca1aeae82b50df86b56413107e) F:Windowssystem32driverskbdclass.sys 16:24:31.0114 4192 kbdclass - ok 16:24:31.0146 4192 kbdhid (9e3ced91863e6ee98c24794d05e27a71) F:Windowssystem32driverskbdhid.sys 16:24:31.0146 4192 kbdhid - ok 16:24:31.0177 4192 KeyIso (81951f51e318aecc2d68559e47485cc4) F:Windowssystem32lsass.exe 16:24:31.0177 4192 KeyIso - ok 16:24:31.0224 4192 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) F:Windowssystem32Driversksecdd.sys 16:24:31.0224 4192 KSecDD - ok 16:24:31.0255 4192 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) F:Windowssystem32Driversksecpkg.sys 16:24:31.0255 4192 KSecPkg - ok 16:24:31.0286 4192 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) F:Windowssystem32msdtckrm.dll 16:24:31.0302 4192 KtmRm - ok 16:24:31.0364 4192 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) F:WindowsSystem32srvsvc.dll 16:24:31.0364 4192 LanmanServer - ok 16:24:31.0395 4192 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) F:WindowsSystem32wkssvc.dll 16:24:31.0395 4192 LanmanWorkstation - ok 16:24:31.0411 4192 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) F:Windowssystem32DRIVERSlltdio.sys 16:24:31.0426 4192 lltdio - ok 16:24:31.0442 4192 lltdsvc (5700673e13a2117fa3b9020c852c01e2) F:WindowsSystem32lltdsvc.dll 16:24:31.0458 4192 lltdsvc - ok 16:24:31.0473 4192 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) F:WindowsSystem32lmhsvc.dll 16:24:31.0473 4192 lmhosts - ok 16:24:31.0504 4192 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) F:Windowssystem32DRIVERSlsi_fc.sys 16:24:31.0504 4192 LSI_FC - ok 16:24:31.0520 4192 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) F:Windowssystem32DRIVERSlsi_sas.sys 16:24:31.0520 4192 LSI_SAS - ok 16:24:31.0536 4192 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) F:Windowssystem32DRIVERSlsi_sas2.sys 16:24:31.0536 4192 LSI_SAS2 - ok 16:24:31.0551 4192 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) F:Windowssystem32DRIVERSlsi_scsi.sys 16:24:31.0551 4192 LSI_SCSI - ok 16:24:31.0582 4192 luafv (6703e366cc18d3b6e534f5cf7df39cee) F:Windowssystem32driversluafv.sys 16:24:31.0598 4192 luafv - ok 16:24:31.0629 4192 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) F:Windowssystem32Mcx2Svc.dll 16:24:31.0629 4192 Mcx2Svc - ok 16:24:31.0645 4192 megasas (0fff5b045293002ab38eb1fd1fc2fb74) F:Windowssystem32DRIVERSmegasas.sys 16:24:31.0645 4192 megasas - ok 16:24:31.0676 4192 MegaSR (dcbab2920c75f390caf1d29f675d03d6) F:Windowssystem32DRIVERSMegaSR.sys 16:24:31.0676 4192 MegaSR - ok 16:24:31.0770 4192 Microsoft SharePoint Workspace Audit Service - ok 16:24:31.0801 4192 MMCSS (146b6f43a673379a3c670e86d89be5ea) F:Windowssystem32mmcss.dll 16:24:31.0801 4192 MMCSS - ok 16:24:31.0816 4192 Modem (f001861e5700ee84e2d4e52c712f4964) F:Windowssystem32driversmodem.sys 16:24:31.0816 4192 Modem - ok 16:24:31.0863 4192 monitor (79d10964de86b292320e9dfe02282a23) F:Windowssystem32DRIVERSmonitor.sys 16:24:31.0863 4192 monitor - ok 16:24:31.0894 4192 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) F:Windowssystem32DRIVERSmouclass.sys 16:24:31.0894 4192 mouclass - ok 16:24:31.0910 4192 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) F:Windowssystem32DRIVERSmouhid.sys 16:24:31.0910 4192 mouhid - ok 16:24:31.0926 4192 mountmgr (fc8771f45ecccfd89684e38842539b9b) F:Windowssystem32driversmountmgr.sys 16:24:31.0941 4192 mountmgr - ok 16:24:32.0004 4192 MpFilter (fee0baded54222e9f1dae9541212aab1) F:Windowssystem32DRIVERSMpFilter.sys 16:24:32.0004 4192 MpFilter - ok 16:24:32.0035 4192 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) F:Windowssystem32driversmpio.sys 16:24:32.0050 4192 mpio - ok 16:24:32.0050 4192 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) F:Windowssystem32DRIVERSMpNWMon.sys 16:24:32.0050 4192 MpNWMon - ok 16:24:32.0082 4192 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) F:Windowssystem32driversmpsdrv.sys 16:24:32.0082 4192 mpsdrv - ok 16:24:32.0160 4192 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) F:Windowssystem32mpssvc.dll 16:24:32.0160 4192 MpsSvc - ok 16:24:32.0206 4192 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) F:Windowssystem32driversmrxdav.sys 16:24:32.0206 4192 MRxDAV - ok 16:24:32.0269 4192 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) F:Windowssystem32DRIVERSmrxsmb.sys 16:24:32.0269 4192 mrxsmb - ok 16:24:32.0316 4192 mrxsmb10 (6d17a4791aca19328c685d256349fefc) F:Windowssystem32DRIVERSmrxsmb10.sys 16:24:32.0316 4192 mrxsmb10 - ok 16:24:32.0362 4192 mrxsmb20 (b81f204d146000be76651a50670a5e9e) F:Windowssystem32DRIVERSmrxsmb20.sys 16:24:32.0378 4192 mrxsmb20 - ok 16:24:32.0378 4192 msahci (012c5f4e9349e711e11e0f19a8589f0a) F:Windowssystem32driversmsahci.sys 16:24:32.0378 4192 msahci - ok 16:24:32.0394 4192 msdsm (55055f8ad8be27a64c831322a780a228) F:Windowssystem32driversmsdsm.sys 16:24:32.0394 4192 msdsm - ok 16:24:32.0425 4192 MSDTC (e1bce74a3bd9902b72599c0192a07e27) F:WindowsSystem32msdtc.exe 16:24:32.0425 4192 MSDTC - ok 16:24:32.0456 4192 Msfs (daefb28e3af5a76abcc2c3078c07327f) F:Windowssystem32driversMsfs.sys 16:24:32.0456 4192 Msfs - ok 16:24:32.0456 4192 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) F:WindowsSystem32driversmshidkmdf.sys 16:24:32.0472 4192 mshidkmdf - ok 16:24:32.0503 4192 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) F:Windowssystem32driversmsisadrv.sys 16:24:32.0503 4192 msisadrv - ok 16:24:32.0518 4192 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) F:Windowssystem32iscsiexe.dll 16:24:32.0518 4192 MSiSCSI - ok 16:24:32.0534 4192 msiserver - ok 16:24:32.0550 4192 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) F:Windowssystem32driversMSKSSRV.sys 16:24:32.0565 4192 MSKSSRV - ok 16:24:32.0690 4192 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) F:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe 16:24:32.0690 4192 MsMpSvc - ok 16:24:32.0706 4192 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) F:Windowssystem32driversMSPCLOCK.sys 16:24:32.0706 4192 MSPCLOCK - ok 16:24:32.0706 4192 MSPQM (f456e973590d663b1073e9c463b40932) F:Windowssystem32driversMSPQM.sys 16:24:32.0706 4192 MSPQM - ok 16:24:32.0737 4192 MsRPC (0e008fc4819d238c51d7c93e7b41e560) F:Windowssystem32driversMsRPC.sys 16:24:32.0737 4192 MsRPC - ok 16:24:32.0752 4192 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) F:Windowssystem32driversmssmbios.sys 16:24:32.0752 4192 mssmbios - ok 16:24:32.0784 4192 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) F:Windowssystem32driversMSTEE.sys 16:24:32.0784 4192 MSTEE - ok 16:24:32.0799 4192 MTConfig (33599130f44e1f34631cea241de8ac84) F:Windowssystem32DRIVERSMTConfig.sys 16:24:32.0799 4192 MTConfig - ok 16:24:32.0815 4192 Mup (159fad02f64e6381758c990f753bcc80) F:Windowssystem32Driversmup.sys 16:24:32.0815 4192 Mup - ok 16:24:32.0924 4192 NanoServiceMain (07b2740cf3294b98380b9e1bf8ab05b8) F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe 16:24:32.0940 4192 NanoServiceMain - ok 16:24:32.0971 4192 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) F:Windowssystem32qagentRT.dll 16:24:32.0986 4192 napagent - ok 16:24:33.0018 4192 NativeWifiP (26384429fcd85d83746f63e798ab1480) F:Windowssystem32DRIVERSnwifi.sys 16:24:33.0018 4192 NativeWifiP - ok 16:24:33.0111 4192 NAUpdate (e4534bccdd1ea7a7a256bb9d6688a5fc) F:Program FilesNeroUpdateNASvc.exe 16:24:33.0111 4192 NAUpdate - ok 16:24:33.0174 4192 NDIS (e7c54812a2aaf43316eb6930c1ffa108) F:Windowssystem32driversndis.sys 16:24:33.0189 4192 NDIS - ok 16:24:33.0205 4192 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) F:Windowssystem32DRIVERSndiscap.sys 16:24:33.0205 4192 NdisCap - ok 16:24:33.0220 4192 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) F:Windowssystem32DRIVERSndistapi.sys 16:24:33.0220 4192 NdisTapi - ok 16:24:33.0252 4192 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) F:Windowssystem32DRIVERSndisuio.sys 16:24:33.0252 4192 Ndisuio - ok 16:24:33.0298 4192 NdisWan (38fbe267e7e6983311179230facb1017) F:Windowssystem32DRIVERSndiswan.sys 16:24:33.0298 4192 NdisWan - ok 16:24:33.0423 4192 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) F:Windowssystem32driversNDProxy.sys 16:24:33.0423 4192 NDProxy - ok 16:24:33.0470 4192 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) F:Windowssystem32DRIVERSnetbios.sys 16:24:33.0470 4192 NetBIOS - ok 16:24:33.0501 4192 NetBT (280122ddcf04b378edd1ad54d71c1e54) F:Windowssystem32DRIVERSnetbt.sys 16:24:33.0501 4192 NetBT - ok 16:24:33.0532 4192 Netlogon (81951f51e318aecc2d68559e47485cc4) F:Windowssystem32lsass.exe 16:24:33.0548 4192 Netlogon - ok 16:24:33.0579 4192 Netman (7cccfca7510684768da22092d1fa4db2) F:WindowsSystem32netman.dll 16:24:33.0595 4192 Netman - ok 16:24:33.0610 4192 netprofm (8c338238c16777a802d6a9211eb2ba50) F:WindowsSystem32netprofm.dll 16:24:33.0626 4192 netprofm - ok 16:24:33.0688 4192 netr28u (efd7c94281882cbba8ec1b967e9f73d8) F:Windowssystem32DRIVERSnetr28u.sys 16:24:33.0688 4192 netr28u - ok 16:24:33.0766 4192 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) F:WindowsMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe 16:24:33.0766 4192 NetTcpPortSharing - ok 16:24:33.0782 4192 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) F:Windowssystem32DRIVERSnfrd960.sys 16:24:33.0782 4192 nfrd960 - ok 16:24:33.0829 4192 NisDrv (7b01c6172cfd0b10116175e09200d4b4) F:Windowssystem32DRIVERSNisDrvWFP.sys 16:24:33.0829 4192 NisDrv - ok 16:24:33.0907 4192 NisSrv (a5cb074f34bbd89948e34a630d459c0c) F:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe 16:24:33.0907 4192 NisSrv - ok 16:24:33.0954 4192 NlaSvc (912084381d30d8b89ec4e293053f4710) F:WindowsSystem32nlasvc.dll 16:24:33.0969 4192 NlaSvc - ok 16:24:34.0016 4192 NNSALPC (cfee15a88280d369672da0e378bbc702) F:Windowssystem32DRIVERSNNSAlpc.sys 16:24:34.0016 4192 NNSALPC - ok 16:24:34.0063 4192 NNSHTTP (2708799adc223c4412341f0c68d032e3) F:Windowssystem32DRIVERSNNSHttp.sys 16:24:34.0063 4192 NNSHTTP - ok 16:24:34.0110 4192 NNSIDS (533f19056b98d9cce466b64186905bc1) F:Windowssystem32DRIVERSNNSIds.sys 16:24:34.0110 4192 NNSIDS - ok 16:24:34.0141 4192 NNSNAHSL (bf5295ec6f9e4737f891f58fea879b31) F:Windowssystem32DRIVERSNNSNAHSL.sys 16:24:34.0141 4192 NNSNAHSL - ok 16:24:34.0203 4192 NNSPICC (1f054c5ca627fcd3983538d74574016b) F:Windowssystem32DRIVERSNNSPicc.sys 16:24:34.0219 4192 NNSPICC - ok 16:24:34.0266 4192 NNSPIHSW (a15b00ecd15dacfb9dd33f0ce26ee60d) F:Windowssystem32DRIVERSNNSPihsw.sys 16:24:34.0266 4192 NNSPIHSW - ok 16:24:34.0281 4192 NNSPOP3 (5f8c023775b8f4a0a8ffc93dd0a27285) F:Windowssystem32DRIVERSNNSPop3.sys 16:24:34.0281 4192 NNSPOP3 - ok 16:24:34.0328 4192 NNSPROT (ca541ce4a1fc034eec8cfd6c155b9d30) F:Windowssystem32DRIVERSNNSProt.sys 16:24:34.0344 4192 NNSPROT - ok 16:24:34.0359 4192 NNSPRV (938e8ccc7ac5922f2e3dbdf3e7a3035c) F:Windowssystem32DRIVERSNNSPrv.sys 16:24:34.0359 4192 NNSPRV - ok 16:24:34.0390 4192 NNSSMTP (2458e950f0a0dd9ad08385209b5e1702) F:Windowssystem32DRIVERSNNSSmtp.sys 16:24:34.0390 4192 NNSSMTP - ok 16:24:34.0406 4192 NNSSTRM (75d990651236a570c4c80ed56bfb4009) F:Windowssystem32DRIVERSNNSStrm.sys 16:24:34.0406 4192 NNSSTRM - ok 16:24:34.0437 4192 NNSTLSC (9d526b79e7d438056ed7d382ab94019a) F:Windowssystem32DRIVERSNNSTlsc.sys 16:24:34.0437 4192 NNSTLSC - ok 16:24:34.0500 4192 Nonbrand_WUS-N (f195fbc375342bd25c936982245a8fb0) F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe 16:24:34.0500 4192 Nonbrand_WUS-N - ok 16:24:34.0531 4192 Nonbrand_WUS-N_WPS (c062a2b158ed9c643d24f8e33a607c9f) F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe 16:24:34.0531 4192 Nonbrand_WUS-N_WPS - ok 16:24:34.0546 4192 Npfs (1db262a9f8c087e8153d89bef3d2235f) F:Windowssystem32driversNpfs.sys 16:24:34.0546 4192 Npfs - ok 16:24:34.0562 4192 nsi (ba387e955e890c8a88306d9b8d06bf17) F:Windowssystem32nsisvc.dll 16:24:34.0562 4192 nsi - ok 16:24:34.0578 4192 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) F:Windowssystem32driversnsiproxy.sys 16:24:34.0578 4192 nsiproxy - ok 16:24:34.0671 4192 Ntfs (81189c3d7763838e55c397759d49007a) F:Windowssystem32driversNtfs.sys 16:24:34.0671 4192 Ntfs - ok 16:24:34.0718 4192 Null (f9756a98d69098dca8945d62858a812c) F:Windowssystem32driversNull.sys 16:24:34.0718 4192 Null - ok 16:24:35.0155 4192 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) F:Windowssystem32DRIVERSnvlddmkm.sys 16:24:35.0264 4192 nvlddmkm - ok 16:24:35.0373 4192 nvraid (b3e25ee28883877076e0e1ff877d02e0) F:Windowssystem32driversnvraid.sys 16:24:35.0373 4192 nvraid - ok 16:24:35.0389 4192 nvstor (4380e59a170d88c4f1022eff6719a8a4) F:Windowssystem32driversnvstor.sys 16:24:35.0404 4192 nvstor - ok 16:24:35.0436 4192 nvsvc (ded8f2c0070478f13c37f7bd849b83fa) F:Windowssystem32nvvsvc.exe 16:24:35.0436 4192 nvsvc - ok 16:24:35.0467 4192 nv_agp (5a0983915f02bae73267cc2a041f717d) F:Windowssystem32driversnv_agp.sys 16:24:35.0467 4192 nv_agp - ok 16:24:35.0514 4192 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) F:Windowssystem32driversohci1394.sys 16:24:35.0514 4192 ohci1394 - ok 16:24:35.0576 4192 ose (9d10f99a6712e28f8acd5641e3a7ea6b) F:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE 16:24:35.0576 4192 ose - ok 16:24:35.0826 4192 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) F:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE 16:24:35.0872 4192 osppsvc - ok 16:24:35.0966 4192 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) F:Windowssystem32pnrpsvc.dll 16:24:35.0966 4192 p2pimsvc - ok 16:24:35.0997 4192 p2psvc (59c3ddd501e39e006dac31bf55150d91) F:Windowssystem32p2psvc.dll 16:24:36.0044 4192 p2psvc - ok 16:24:36.0106 4192 PAC7302 (aff9a1986555e4592de8092f9a5fa2d2) F:Windowssystem32DRIVERSPAC7302.SYS 16:24:36.0122 4192 PAC7302 - ok 16:24:36.0169 4192 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) F:Windowssystem32DRIVERSparport.sys 16:24:36.0169 4192 Parport - ok 16:24:36.0200 4192 partmgr (3f34a1b4c5f6475f320c275e63afce9b) F:Windowssystem32driverspartmgr.sys 16:24:36.0200 4192 partmgr - ok 16:24:36.0247 4192 Parvdm (eb0a59f29c19b86479d36b35983daadc) F:Windowssystem32DRIVERSparvdm.sys 16:24:36.0247 4192 Parvdm - ok 16:24:36.0278 4192 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) F:Windowssystem32DRIVERSPBADRV.sys 16:24:36.0278 4192 PBADRV - ok 16:24:36.0330 4192 PcaSvc (358ab7956d3160000726574083dfc8a6) F:WindowsSystem32pcasvc.dll 16:24:36.0343 4192 PcaSvc - ok 16:24:36.0379 4192 pci (673e55c3498eb970088e812ea820aa8f) F:Windowssystem32driverspci.sys 16:24:36.0381 4192 pci - ok 16:24:36.0399 4192 pciide (afe86f419014db4e5593f69ffe26ce0a) F:Windowssystem32driverspciide.sys 16:24:36.0400 4192 pciide - ok 16:24:36.0422 4192 pcmcia (f396431b31693e71e8a80687ef523506) F:Windowssystem32DRIVERSpcmcia.sys 16:24:36.0424 4192 pcmcia - ok 16:24:36.0459 4192 pcouffin (5b6c11de7e839c05248ced8825470fef) F:Windowssystem32Driverspcouffin.sys 16:24:36.0460 4192 pcouffin - ok 16:24:36.0506 4192 pcw (250f6b43d2b613172035c6747aeeb19f) F:Windowssystem32driverspcw.sys 16:24:36.0507 4192 pcw - ok 16:24:36.0572 4192 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) F:Windowssystem32driverspeauth.sys 16:24:36.0588 4192 PEAUTH - ok 16:24:36.0640 4192 pgfilter (2cf226173b467ab48f89d77e89936951) F:Program FilesPeerGuardian2pgfilter.sys 16:24:36.0641 4192 pgfilter - ok 16:24:36.0743 4192 pla (414bba67a3ded1d28437eb66aeb8a720) F:Windowssystem32pla.dll 16:24:36.0771 4192 pla - ok 16:24:36.0856 4192 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) F:Windowssystem32umpnpmgr.dll 16:24:36.0861 4192 PlugPlay - ok 16:24:36.0876 4192 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) F:Windowssystem32pnrpauto.dll 16:24:36.0879 4192 PNRPAutoReg - ok 16:24:36.0905 4192 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) F:Windowssystem32pnrpsvc.dll 16:24:36.0908 4192 PNRPsvc - ok 16:24:36.0973 4192 PolicyAgent (53946b69ba0836bd95b03759530c81ec) F:WindowsSystem32ipsecsvc.dll 16:24:36.0988 4192 PolicyAgent - ok 16:24:37.0030 4192 Power (f87d30e72e03d579a5199ccb3831d6ea) F:Windowssystem32umpo.dll 16:24:37.0034 4192 Power - ok 16:24:37.0065 4192 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) F:Windowssystem32DRIVERSraspptp.sys 16:24:37.0067 4192 PptpMiniport - ok 16:24:37.0085 4192 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) F:Windowssystem32DRIVERSprocessr.sys 16:24:37.0086 4192 Processor - ok 16:24:37.0119 4192 ProfSvc (cadefac453040e370a1bdff3973be00d) F:Windowssystem32profsvc.dll 16:24:37.0123 4192 ProfSvc - ok 16:24:37.0158 4192 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) F:Windowssystem32lsass.exe 16:24:37.0160 4192 ProtectedStorage - ok 16:24:37.0181 4192 Psched (6270ccae2a86de6d146529fe55b3246a) F:Windowssystem32DRIVERSpacer.sys 16:24:37.0182 4192 Psched - ok 16:24:37.0228 4192 PSI (d24dfd16a1e2a76034df5aa18125c35d) F:Windowssystem32DRIVERSpsi_mf.sys 16:24:37.0229 4192 PSI - ok 16:24:37.0276 4192 PSINAflt (389d8cc1f8d7c5ec736bded9d1a98c4c) F:Windowssystem32DRIVERSPSINAflt.sys 16:24:37.0278 4192 PSINAflt - ok 16:24:37.0322 4192 PSINFile (04e2992c67ab310409531be99e66dd1f) F:Windowssystem32DRIVERSPSINFile.sys 16:24:37.0322 4192 PSINFile - ok 16:24:37.0322 4192 PSINKNC (5292037b8839d9de8ace23eba1268a34) F:Windowssystem32DRIVERSpsinknc.sys 16:24:37.0338 4192 PSINKNC - ok 16:24:37.0354 4192 PSINProc (b10d97ff830f677a1295f3b9e5e6f8fb) F:Windowssystem32DRIVERSPSINProc.sys 16:24:37.0354 4192 PSINProc - ok 16:24:37.0369 4192 PSINProt (49dd888c415611da5654ce895b9f37d9) F:Windowssystem32DRIVERSPSINProt.sys 16:24:37.0385 4192 PSINProt - ok 16:24:37.0432 4192 PSKMAD (476769481841007583875023f7ecc4ca) F:Windowssystem32DRIVERSPSKMAD.sys 16:24:37.0432 4192 PSKMAD - ok 16:24:37.0525 4192 PSUAService (98a9d3236c6301503571de79b86e8538) F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe 16:24:37.0525 4192 PSUAService - ok 16:24:37.0603 4192 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) F:Windowssystem32DRIVERSql2300.sys 16:24:37.0634 4192 ql2300 - ok 16:24:37.0728 4192 ql40xx (b4dd51dd25182244b86737dc51af2270) F:Windowssystem32DRIVERSql40xx.sys 16:24:37.0728 4192 ql40xx - ok 16:24:37.0744 4192 QWAVE (31ac809e7707eb580b2bdb760390765a) F:Windowssystem32qwave.dll 16:24:37.0759 4192 QWAVE - ok 16:24:37.0775 4192 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) F:Windowssystem32driversqwavedrv.sys 16:24:37.0775 4192 QWAVEdrv - ok 16:24:37.0790 4192 RasAcd (30a81b53c766d0133bb86d234e5556ab) F:Windowssystem32DRIVERSrasacd.sys 16:24:37.0790 4192 RasAcd - ok 16:24:37.0822 4192 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) F:Windowssystem32DRIVERSAgileVpn.sys 16:24:37.0837 4192 RasAgileVpn - ok 16:24:37.0853 4192 RasAuto (a60f1839849c0c00739787fd5ec03f13) F:WindowsSystem32rasauto.dll 16:24:37.0853 4192 RasAuto - ok 16:24:37.0868 4192 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) F:Windowssystem32DRIVERSrasl2tp.sys 16:24:37.0884 4192 Rasl2tp - ok 16:24:37.0915 4192 RasMan (cb9e04dc05eacf5b9a36ca276d475006) F:WindowsSystem32rasmans.dll 16:24:37.0931 4192 RasMan - ok 16:24:37.0946 4192 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) F:Windowssystem32DRIVERSraspppoe.sys 16:24:37.0946 4192 RasPppoe - ok 16:24:37.0962 4192 RasSstp (44101f495a83ea6401d886e7fd70096b) F:Windowssystem32DRIVERSrassstp.sys 16:24:37.0962 4192 RasSstp - ok 16:24:38.0009 4192 rdbss (d528bc58a489409ba40334ebf96a311b) F:Windowssystem32DRIVERSrdbss.sys 16:24:38.0024 4192 rdbss - ok 16:24:38.0040 4192 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) F:Windowssystem32DRIVERSrdpbus.sys 16:24:38.0040 4192 rdpbus - ok 16:24:38.0071 4192 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) F:Windowssystem32DRIVERSRDPCDD.sys 16:24:38.0071 4192 RDPCDD - ok 16:24:38.0102 4192 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) F:Windowssystem32driversrdpencdd.sys 16:24:38.0102 4192 RDPENCDD - ok 16:24:38.0118 4192 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) F:Windowssystem32driversrdprefmp.sys 16:24:38.0118 4192 RDPREFMP - ok 16:24:38.0149 4192 RDPWD (f031683e6d1fea157abb2ff260b51e61) F:Windowssystem32driversRDPWD.sys 16:24:38.0149 4192 RDPWD - ok 16:24:38.0212 4192 rdyboost (518395321dc96fe2c9f0e96ac743b656) F:Windowssystem32driversrdyboost.sys 16:24:38.0212 4192 rdyboost - ok 16:24:38.0243 4192 RemoteAccess (7b5e1419717fac363a31cc302895217a) F:WindowsSystem32mprdim.dll 16:24:38.0243 4192 RemoteAccess - ok 16:24:38.0258 4192 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) F:Windowssystem32regsvc.dll 16:24:38.0258 4192 RemoteRegistry - ok 16:24:38.0305 4192 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) F:Windowssystem32DRIVERSrimmptsk.sys 16:24:38.0305 4192 rimmptsk - ok 16:24:38.0336 4192 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) F:WindowsSystem32RpcEpMap.dll 16:24:38.0336 4192 RpcEptMapper - ok 16:24:38.0368 4192 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) F:Windowssystem32locator.exe 16:24:38.0368 4192 RpcLocator - ok 16:24:38.0414 4192 RpcSs (7660f01d3b38aca1747e397d21d790af) F:Windowssystem32rpcss.dll 16:24:38.0414 4192 RpcSs - ok 16:24:38.0446 4192 rspndr (032b0d36ad92b582d869879f5af5b928) F:Windowssystem32DRIVERSrspndr.sys 16:24:38.0446 4192 rspndr - ok 16:24:38.0492 4192 SamSs (81951f51e318aecc2d68559e47485cc4) F:Windowssystem32lsass.exe 16:24:38.0492 4192 SamSs - ok 16:24:38.0586 4192 SASDIFSV (39763504067962108505bff25f024345) F:Program FilesSUPERAntiSpywareSASDIFSV.SYS 16:24:38.0586 4192 SASDIFSV - ok 16:24:38.0602 4192 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) F:Program FilesSUPERAntiSpywareSASKUTIL.SYS 16:24:38.0602 4192 SASKUTIL - ok 16:24:38.0633 4192 sbp2port (05d860da1040f111503ac416ccef2bca) F:Windowssystem32driverssbp2port.sys 16:24:38.0633 4192 sbp2port - ok 16:24:38.0664 4192 SCardSvr (8fc518ffe9519c2631d37515a68009c4) F:WindowsSystem32SCardSvr.dll 16:24:38.0680 4192 SCardSvr - ok 16:24:38.0695 4192 scfilter (0693b5ec673e34dc147e195779a4dcf6) F:Windowssystem32DRIVERSscfilter.sys 16:24:38.0695 4192 scfilter - ok 16:24:38.0758 4192 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) F:Windowssystem32schedsvc.dll 16:24:38.0773 4192 Schedule - ok 16:24:38.0804 4192 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) F:WindowsSystem32certprop.dll 16:24:38.0804 4192 SCPolicySvc - ok 16:24:38.0851 4192 sdbus (0328be1c7f1cba23848179f8762e391c) F:Windowssystem32driverssdbus.sys 16:24:38.0851 4192 sdbus - ok 16:24:38.0898 4192 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) F:WindowsSystem32SDRSVC.dll 16:24:38.0898 4192 SDRSVC - ok 16:24:38.0914 4192 secdrv (90a3935d05b494a5a39d37e71f09a677) F:Windowssystem32driverssecdrv.sys 16:24:38.0914 4192 secdrv - ok 16:24:38.0929 4192 seclogon (a59b3a4442c52060cc7a85293aa3546f) F:Windowssystem32seclogon.dll 16:24:38.0929 4192 seclogon - ok 16:24:39.0023 4192 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) F:Program FilesSecuniaPSIPSIA.exe 16:24:39.0038 4192 Secunia PSI Agent - ok 16:24:39.0070 4192 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) F:Program FilesSecuniaPSIsua.exe 16:24:39.0070 4192 Secunia Update Agent - ok 16:24:39.0148 4192 SENS (dcb7fcdcc97f87360f75d77425b81737) F:Windowssystem32sens.dll 16:24:39.0163 4192 SENS - ok 16:24:39.0179 4192 SensrSvc (50087fe1ee447009c9cc2997b90de53f) F:Windowssystem32sensrsvc.dll 16:24:39.0179 4192 SensrSvc - ok 16:24:39.0210 4192 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) F:Windowssystem32DRIVERSserenum.sys 16:24:39.0210 4192 Serenum - ok 16:24:39.0241 4192 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) F:Windowssystem32DRIVERSserial.sys 16:24:39.0241 4192 Serial - ok 16:24:39.0272 4192 sermouse (79bffb520327ff916a582dfea17aa813) F:Windowssystem32DRIVERSsermouse.sys 16:24:39.0272 4192 sermouse - ok 16:24:39.0319 4192 SessionEnv (4ae380f39a0032eab7dd953030b26d28) F:Windowssystem32sessenv.dll 16:24:39.0319 4192 SessionEnv - ok 16:24:39.0382 4192 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) F:Windowssystem32DRIVERSsffdisk.sys 16:24:39.0382 4192 sffdisk - ok 16:24:39.0397 4192 sffp_mmc (932a68ee27833cfd57c1639d375f2731) F:Windowssystem32driverssffp_mmc.sys 16:24:39.0397 4192 sffp_mmc - ok 16:24:39.0428 4192 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) F:Windowssystem32DRIVERSsffp_sd.sys 16:24:39.0444 4192 sffp_sd - ok 16:24:39.0460 4192 sfloppy (db96666cc8312ebc45032f30b007a547) F:Windowssystem32DRIVERSsfloppy.sys 16:24:39.0460 4192 sfloppy - ok 16:24:39.0522 4192 SharedAccess (d1a079a0de2ea524513b6930c24527a2) F:WindowsSystem32ipnathlp.dll 16:24:39.0538 4192 SharedAccess - ok 16:24:39.0600 4192 ShellHWDetection (414da952a35bf5d50192e28263b40577) F:WindowsSystem32shsvcs.dll 16:24:39.0616 4192 ShellHWDetection - ok 16:24:39.0662 4192 sisagp (2565cac0dc9fe0371bdce60832582b2e) F:Windowssystem32driverssisagp.sys 16:24:39.0662 4192 sisagp - ok 16:24:39.0678 4192 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) F:Windowssystem32DRIVERSSiSRaid2.sys 16:24:39.0678 4192 SiSRaid2 - ok 16:24:39.0709 4192 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) F:Windowssystem32DRIVERSsisraid4.sys 16:24:39.0709 4192 SiSRaid4 - ok 16:24:39.0756 4192 SmartDefragDriver (4aa2772a355226e9ac96d01ba431d253) F:Windowssystem32DriversSmartDefragDriver.sys 16:24:39.0756 4192 SmartDefragDriver - ok 16:24:39.0772 4192 Smb (3e21c083b8a01cb70ba1f09303010fce) F:Windowssystem32DRIVERSsmb.sys 16:24:39.0772 4192 Smb - ok 16:24:39.0803 4192 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) F:WindowsSystem32snmptrap.exe 16:24:39.0803 4192 SNMPTRAP - ok 16:24:39.0818 4192 spldr (95cf1ae7527fb70f7816563cbc09d942) F:Windowssystem32driversspldr.sys 16:24:39.0818 4192 spldr - ok 16:24:39.0865 4192 Spooler (866a43013535dc8587c258e43579c764) F:WindowsSystem32spoolsv.exe 16:24:39.0865 4192 Spooler - ok 16:24:40.0037 4192 sppsvc (cf87a1de791347e75b98885214ced2b8) F:Windowssystem32sppsvc.exe 16:24:40.0052 4192 sppsvc - ok 16:24:40.0146 4192 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) F:Windowssystem32sppuinotify.dll 16:24:40.0146 4192 sppuinotify - ok 16:24:40.0240 4192 srv (e4c2764065d66ea1d2d3ebc28fe99c46) F:Windowssystem32DRIVERSsrv.sys 16:24:40.0240 4192 srv - ok 16:24:40.0318 4192 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) F:Windowssystem32DRIVERSsrv2.sys 16:24:40.0318 4192 srv2 - ok 16:24:40.0364 4192 srvnet (be6bd660caa6f291ae06a718a4fa8abc) F:Windowssystem32DRIVERSsrvnet.sys 16:24:40.0364 4192 srvnet - ok 16:24:40.0396 4192 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) F:WindowsSystem32ssdpsrv.dll 16:24:40.0396 4192 SSDPSRV - ok 16:24:40.0411 4192 SstpSvc (d318f23be45d5e3a107469eb64815b50) F:Windowssystem32sstpsvc.dll 16:24:40.0427 4192 SstpSvc - ok 16:24:40.0442 4192 stexstor (db32d325c192b801df274bfd12a7e72b) F:Windowssystem32DRIVERSstexstor.sys 16:24:40.0442 4192 stexstor - ok 16:24:40.0489 4192 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) F:WindowsSystem32wiaservc.dll 16:24:40.0505 4192 StiSvc - ok 16:24:40.0536 4192 swenum (e58c78a848add9610a4db6d214af5224) F:Windowssystem32driversswenum.sys 16:24:40.0536 4192 swenum - ok 16:24:40.0567 4192 swprv (a28bd92df340e57b024ba433165d34d7) F:WindowsSystem32swprv.dll 16:24:40.0583 4192 swprv - ok 16:24:40.0661 4192 SysMain (36650d618ca34c9d357dfd3d89b2c56f) F:Windowssystem32sysmain.dll 16:24:40.0676 4192 SysMain - ok 16:24:40.0723 4192 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) F:WindowsSystem32TabSvc.dll 16:24:40.0723 4192 TabletInputService - ok 16:24:40.0770 4192 TapiSrv (613bf4820361543956909043a265c6ac) F:WindowsSystem32tapisrv.dll 16:24:40.0770 4192 TapiSrv - ok 16:24:40.0786 4192 TBS (b799d9fdb26111737f58288d8dc172d9) F:WindowsSystem32tbssvc.dll 16:24:40.0786 4192 TBS - ok 16:24:40.0895 4192 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) F:Windowssystem32driverstcpip.sys 16:24:40.0910 4192 Tcpip - ok 16:24:41.0035 4192 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) F:Windowssystem32DRIVERStcpip.sys 16:24:41.0035 4192 TCPIP6 - ok 16:24:41.0098 4192 tcpipreg (cca24162e055c3714ce5a88b100c64ed) F:Windowssystem32driverstcpipreg.sys 16:24:41.0098 4192 tcpipreg - ok 16:24:41.0144 4192 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) F:Windowssystem32driverstdpipe.sys 16:24:41.0144 4192 TDPIPE - ok 16:24:41.0176 4192 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) F:Windowssystem32driverstdtcp.sys 16:24:41.0176 4192 TDTCP - ok 16:24:41.0222 4192 tdx (b459575348c20e8121d6039da063c704) F:Windowssystem32DRIVERStdx.sys 16:24:41.0222 4192 tdx - ok 16:24:41.0254 4192 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) F:Windowssystem32driverstermdd.sys 16:24:41.0269 4192 TermDD - ok 16:24:41.0316 4192 TermService (382c804c92811be57829d8e550a900e2) F:WindowsSystem32termsrv.dll 16:24:41.0332 4192 TermService - ok 16:24:41.0363 4192 TfFsMon (a56ec942ecabfb7849bfa76060f929fb) F:Windowssystem32driversTfFsMon.sys 16:24:41.0363 4192 TfFsMon - ok 16:24:41.0410 4192 TfNetMon (917ef522563f6047685486efa486fb3c) F:Windowssystem32driversTfNetMon.sys 16:24:41.0410 4192 TfNetMon - ok 16:24:41.0456 4192 TfSysMon (57edbb5fe7ff09bb21121d13bb950ba5) F:Windowssystem32driversTfSysMon.sys 16:24:41.0456 4192 TfSysMon - ok 16:24:41.0472 4192 Themes (42fb6afd6b79d9fe07381609172e7ca4) F:Windowssystem32themeservice.dll 16:24:41.0472 4192 Themes - ok 16:24:41.0503 4192 THREADORDER (146b6f43a673379a3c670e86d89be5ea) F:Windowssystem32mmcss.dll 16:24:41.0503 4192 THREADORDER - ok 16:24:41.0534 4192 ThreatFire - ok 16:24:41.0550 4192 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) F:WindowsSystem32trkwks.dll 16:24:41.0566 4192 TrkWks - ok 16:24:41.0597 4192 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) F:WindowsservicingTrustedInstaller.exe 16:24:41.0612 4192 TrustedInstaller - ok 16:24:41.0644 4192 tssecsrv (254bb140eee3c59d6114c1a86b636877) F:Windowssystem32DRIVERStssecsrv.sys 16:24:41.0644 4192 tssecsrv - ok 16:24:41.0659 4192 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) F:Windowssystem32driverstsusbflt.sys 16:24:41.0659 4192 TsUsbFlt - ok 16:24:41.0706 4192 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) F:Windowssystem32DRIVERStunnel.sys 16:24:41.0706 4192 tunnel - ok 16:24:41.0737 4192 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) F:Windowssystem32DRIVERSuagp35.sys 16:24:41.0737 4192 uagp35 - ok 16:24:41.0784 4192 udfs (ee43346c7e4b5e63e54f927babbb32ff) F:Windowssystem32DRIVERSudfs.sys 16:24:41.0784 4192 udfs - ok 16:24:41.0815 4192 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) F:Windowssystem32UI0Detect.exe 16:24:41.0815 4192 UI0Detect - ok 16:24:41.0862 4192 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) F:Windowssystem32driversuliagpkx.sys 16:24:41.0862 4192 uliagpkx - ok 16:24:41.0909 4192 umbus (d295bed4b898f0fd999fcfa9b32b071b) F:Windowssystem32driversumbus.sys 16:24:41.0909 4192 umbus - ok 16:24:41.0924 4192 UmPass (7550ad0c6998ba1cb4843e920ee0feac) F:Windowssystem32DRIVERSumpass.sys 16:24:41.0924 4192 UmPass - ok 16:24:41.0956 4192 upnphost (833fbb672460efce8011d262175fad33) F:WindowsSystem32upnphost.dll 16:24:41.0956 4192 upnphost - ok 16:24:42.0002 4192 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) F:Windowssystem32driversusbaudio.sys 16:24:42.0002 4192 usbaudio - ok 16:24:42.0049 4192 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) F:Windowssystem32DRIVERSusbccgp.sys 16:24:42.0049 4192 usbccgp - ok 16:24:42.0080 4192 usbcir (04ec7cec62ec3b6d9354eee93327fc82) F:Windowssystem32driversusbcir.sys 16:24:42.0080 4192 usbcir - ok 16:24:42.0096 4192 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) F:Windowssystem32DRIVERSusbehci.sys 16:24:42.0096 4192 usbehci - ok 16:24:42.0143 4192 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) F:Windowssystem32DRIVERSusbhub.sys 16:24:42.0143 4192 usbhub - ok 16:24:42.0158 4192 usbohci (a6fb7957ea7afb1165991e54ce934b74) F:Windowssystem32DRIVERSusbohci.sys 16:24:42.0158 4192 usbohci - ok 16:24:42.0205 4192 usbprint (797d862fe0875e75c7cc4c1ad7b30252) F:Windowssystem32DRIVERSusbprint.sys 16:24:42.0205 4192 usbprint - ok 16:24:42.0236 4192 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) F:Windowssystem32DRIVERSusbscan.sys 16:24:42.0252 4192 usbscan - ok 16:24:42.0283 4192 USBSTOR (f991ab9cc6b908db552166768176896a) F:Windowssystem32DRIVERSUSBSTOR.SYS 16:24:42.0283 4192 USBSTOR - ok 16:24:42.0314 4192 usbuhci (68df884cf41cdada664beb01daf67e3d) F:Windowssystem32DRIVERSusbuhci.sys 16:24:42.0314 4192 usbuhci - ok 16:24:42.0330 4192 UxSms (081e6e1c91aec36758902a9f727cd23c) F:WindowsSystem32uxsms.dll 16:24:42.0330 4192 UxSms - ok 16:24:42.0361 4192 VaultSvc (81951f51e318aecc2d68559e47485cc4) F:Windowssystem32lsass.exe 16:24:42.0361 4192 VaultSvc - ok 16:24:42.0377 4192 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) F:Windowssystem32driversvdrvroot.sys 16:24:42.0377 4192 vdrvroot - ok 16:24:42.0455 4192 vds (c3cd30495687c2a2f66a65ca6fd89be9) F:WindowsSystem32vds.exe 16:24:42.0470 4192 vds - ok 16:24:42.0486 4192 vga (17c408214ea61696cec9c66e388b14f3) F:Windowssystem32DRIVERSvgapnp.sys 16:24:42.0486 4192 vga - ok 16:24:42.0502 4192 VgaSave (8e38096ad5c8570a6f1570a61e251561) F:WindowsSystem32driversvga.sys 16:24:42.0502 4192 VgaSave - ok 16:24:42.0533 4192 vhdmp (5461686cca2fda57b024547733ab42e3) F:Windowssystem32driversvhdmp.sys 16:24:42.0533 4192 vhdmp - ok 16:24:42.0564 4192 viaagp (c829317a37b4bea8f39735d4b076e923) F:Windowssystem32driversviaagp.sys 16:24:42.0564 4192 viaagp - ok 16:24:42.0595 4192 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) F:Windowssystem32DRIVERSviac7.sys 16:24:42.0595 4192 ViaC7 - ok 16:24:42.0611 4192 viaide (e43574f6a56a0ee11809b48c09e4fd3c) F:Windowssystem32driversviaide.sys 16:24:42.0611 4192 viaide - ok 16:24:42.0611 4192 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) F:Windowssystem32driversvolmgr.sys 16:24:42.0626 4192 volmgr - ok 16:24:42.0642 4192 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) F:Windowssystem32driversvolmgrx.sys 16:24:42.0658 4192 volmgrx - ok 16:24:42.0689 4192 volsnap (f497f67932c6fa693d7de2780631cfe7) F:Windowssystem32driversvolsnap.sys 16:24:42.0689 4192 volsnap - ok 16:24:42.0720 4192 vsmraid (9dfa0cc2f8855a04816729651175b631) F:Windowssystem32DRIVERSvsmraid.sys 16:24:42.0720 4192 vsmraid - ok 16:24:42.0798 4192 VSS (209a3b1901b83aeb8527ed211cce9e4c) F:Windowssystem32vssvc.exe 16:24:42.0814 4192 VSS - ok 16:24:42.0845 4192 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) F:Windowssystem32DRIVERSvwifibus.sys 16:24:42.0845 4192 vwifibus - ok 16:24:42.0860 4192 vwififlt (7090d3436eeb4e7da3373090a23448f7) F:Windowssystem32DRIVERSvwififlt.sys 16:24:42.0876 4192 vwififlt - ok 16:24:42.0907 4192 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) F:Windowssystem32DRIVERSvwifimp.sys 16:24:42.0907 4192 vwifimp - ok 16:24:42.0954 4192 W32Time (55187fd710e27d5095d10a472c8baf1c) F:Windowssystem32w32time.dll 16:24:42.0985 4192 W32Time - ok 16:24:43.0001 4192 WacomPen (de3721e89c653aa281428c8a69745d90) F:Windowssystem32DRIVERSwacompen.sys 16:24:43.0001 4192 WacomPen - ok 16:24:43.0032 4192 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) F:Windowssystem32DRIVERSwanarp.sys 16:24:43.0032 4192 WANARP - ok 16:24:43.0048 4192 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) F:Windowssystem32DRIVERSwanarp.sys 16:24:43.0048 4192 Wanarpv6 - ok 16:24:43.0141 4192 WatAdminSvc (353a04c

#20 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 27 July 2012 - 08:20 AM

Hello luluhifi

Thank you for the aswMBR log.

Unfortunately it looks as though the OTL log and the TDSSKiller log were cut off (this can sometimes happen when the logs are over a certain length).

Please post the remainder of the OTL log (beginning from the ========== LOP Check ========== section) and the remainder of the TDSSKiller log (beginning from 16:24:42.0798 4192 VSS (209a3b1901b83aeb8527ed211cce9e4c) F:\Windows\system32\vssvc.exe).

Many thanks

JonTom
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users