Jump to content

luluhifi

Advanced Member
  • Content Count

    1,963
  • Joined

  • Last visited

About luluhifi

  • Rank
    Advanced Member

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Wash.DC, USA
  1. luluhifi

    2019

    Happy New Year to every one 2k19
  2. luluhifi

    Video Downloader for Youtube

    Best is YoutubeByClick
  3. luluhifi

    Windows 10

    Thanks Guys.....No place like home when you need help
  4. luluhifi

    Trojans win32 Sirefef!E2 & E1

    Thank your very much for your help JonTom My system 100% better now>>I did all in post #41>>>idle is bouncing between 15 --22% while i have firefox open which makin me surf much faster than before>.i can see the increase I am goin to do the same with my other system...I Thank u so much.
  5. luluhifi

    Trojans win32 Sirefef!E2 & E1

    [2011/01/30 05:30:55 | 000,084,480 | ---- | C] () -- F:WindowsSystem32ff_vfw.dll [2011/01/29 13:02:14 | 000,003,884 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingdvdae.config [2010/11/14 06:08:43 | 000,001,378 | ---- | C] () -- F:WindowsSystem32SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat [2010/10/23 20:04:09 | 000,130,048 | ---- | C] () -- F:WindowsSystem32SpoonUninstall.exe [2010/10/23 05:02:04 | 000,001,057 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml [2010/10/23 05:00:39 | 000,087,608 | ---- | C] () -- F:UsersTTArmstrongAppDataRoaminginst.exe [2010/10/23 05:00:39 | 000,007,887 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.cat [2010/10/23 05:00:39 | 000,001,144 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.inf [2010/10/16 13:33:30 | 000,308,624 | ---- | C] () -- F:WindowsSystem32brcmbsp.dll [2010/10/16 13:33:30 | 000,206,216 | ---- | C] () -- F:WindowsSystem32bipbsp.dll [2010/10/16 13:31:49 | 000,080,368 | ---- | C] () -- F:WindowsSystem32pbadrvdll.dll [2010/09/30 17:07:06 | 000,000,376 | ---- | C] () -- F:WindowsODBC.INI [2010/09/30 00:22:17 | 001,474,832 | ---- | C] () -- F:WindowsSystem32driverssfi.dat [2010/09/30 00:19:12 | 001,724,416 | ---- | C] () -- F:WindowsSystem32nvwdmcpl.dll [2010/09/30 00:19:12 | 001,657,376 | ---- | C] () -- F:WindowsSystem32nwiz.exe [2010/09/30 00:19:12 | 001,507,328 | ---- | C] () -- F:WindowsSystem32nView.dll [2010/09/30 00:19:12 | 001,101,824 | ---- | C] () -- F:WindowsSystem32nvwimg.dll [2010/09/30 00:19:12 | 000,466,944 | ---- | C] () -- F:WindowsSystem32nvShell.dll [2010/09/30 00:19:12 | 000,449,056 | ---- | C] () -- F:WindowsSystem32nvAppBar.exe [2010/09/30 00:19:12 | 000,267,296 | ---- | C] () -- F:WindowsSystem32nvTaskbar.exe ========== LOP Check ========== [2011/08/13 15:53:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingApowersoft [2010/10/23 09:09:08 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBackTalk [2012/07/22 18:25:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBitTorrent [2010/10/23 20:17:56 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingdBpoweramp [2010/10/02 11:17:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDisk Cleaner [2012/02/01 23:36:24 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDVDFab [2012/07/12 22:43:10 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingf-secure [2011/05/22 13:07:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingFDRLab [2011/08/24 17:01:40 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingImgBurn [2011/10/06 23:15:21 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingIObit [2011/04/20 16:26:24 | 000,000,000 | RHSD | M] -- F:UsersTTArmstrongAppDataRoamingJava [2010/10/17 21:57:31 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingMoonchild Productions [2012/04/04 22:53:16 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingPanda Security [2011/10/30 07:10:05 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingSystemRequirementsLab [2011/06/03 07:03:42 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingUpdater [2012/07/31 08:14:02 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingVso [2012/06/23 07:47:39 | 000,032,606 | ---- | M] () -- F:WindowsTasksSCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %systemroot%*. /rp /s > < MD5 for: EXPLORER.EXE > [2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fcexplorer.exe [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430explorer.exe [2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373explorer.exe [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1explorer.exe [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cefexplorer.exe [2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- F:UsersTTArmstrongAppDataLocaltempRarSFX0procsexplorer.exe [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87caexplorer.exe [2011/05/15 02:53:30 | 007,012,752 | ---- | M] () MD5=497144C537E73165F7A39C24CC29510C -- F:UsersTTArmstrongAppDataRoamingUpdaterexplorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowserdntcacheexplorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowsexplorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84explorer.exe [2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6explorer.exe [2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- F:UsersTTArmstrongAppDataLocaltempRarSFX0hexplorer.exe [2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878explorer.exe [2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691explorer.exe < MD5 for: SVCHOST.EXE > [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:Windowserdntcachesvchost.exe [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:WindowsSystem32svchost.exe [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356svchost.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- F:Program FilesMalwarebytes' Anti-MalwareChameleonsvchost.exe < MD5 for: USERINIT.EXE > [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:Windowserdntcacheuserinit.exe [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:WindowsSystem32userinit.exe [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116userinit.exe [2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7cuserinit.exe [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- F:UsersTTArmstrongAppDataLocaltempRarSFX0userinit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177winlogon.exe [2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2winlogon.exe [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:Windowserdntcachewinlogon.exe [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:WindowsSystem32winlogon.exe [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500winlogon.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- F:Program FilesMalwarebytes' Anti-MalwareChameleonwinlogon.exe [2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166winlogon.exe [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- F:UsersTTArmstrongAppDataLocaltempRarSFX0winlogon.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 105 bytes -> F:ProgramDataTEMP:5C321E34 < End of report >
  6. luluhifi

    Trojans win32 Sirefef!E2 & E1

    OTL logfile created on: 8/1/2012 8:47:10 AM - Run 3 OTL by OldTimer - Version 3.2.54.1 Folder = F:UsersTTArmstrongDesktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.63% Memory free 3.98 Gb Paging File | 2.43 Gb Available in Paging File | 61.12% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = F: | %SystemRoot% = F:Windows | %ProgramFiles% = F:Program Files Drive C: | 58.93 Gb Total Space | 6.95 Gb Free Space | 11.79% Space Free | Partition Type: NTFS Drive E: | 39.71 Gb Total Space | 30.29 Gb Free Space | 76.28% Space Free | Partition Type: NTFS Drive F: | 50.14 Gb Total Space | 9.10 Gb Free Space | 18.15% Space Free | Partition Type: NTFS Computer Name: TTARMSTRONG-PC | User Name: TTArmstrong | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/31 10:19:38 | 003,075,920 | ---- | M] (Emsisoft GmbH) -- F:Program FilesEmsisoft Anti-Malwarea2service.exe PRC - [2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe PRC - [2012/07/13 07:15:56 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe PRC - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe PRC - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe PRC - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIpsia.exe PRC - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIsua.exe PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- F:Program FilesSUPERAntiSpywareSASCore.exe PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- F:Windowsexplorer.exe PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFTray.exe PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFService.exe PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- F:WindowsSystem32taskhost.exe PRC - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe PRC - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe PRC - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- F:Program FilesNeroUpdateNASvc.exe PRC - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe PRC - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- F:Program FilesSpybot - Search & DestroyTeaTimer.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- F:Program FilesSpybot - Search & DestroySDWinSec.exe PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe ========== Modules (No Company Name) ========== MOD - [2012/07/10 00:09:00 | 000,438,296 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppgooglenaclpluginchrome.dll MOD - [2012/07/10 00:08:59 | 003,972,120 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll MOD - [2012/07/10 00:07:39 | 000,554,520 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libglesv2.dll MOD - [2012/07/10 00:07:37 | 000,117,784 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libegl.dll MOD - [2012/07/10 00:07:22 | 000,140,328 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avutil-51.dll MOD - [2012/07/10 00:07:21 | 000,262,184 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avformat-54.dll MOD - [2012/07/10 00:07:19 | 002,386,984 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avcodec-54.dll MOD - [2012/07/09 22:17:27 | 009,255,112 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57gcswf32.dll MOD - [2011/11/17 08:51:58 | 000,073,728 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANPDApi.dll MOD - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe MOD - [2010/07/05 18:41:40 | 000,299,008 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless Utilitywlanapp.dll MOD - [2010/06/29 17:42:42 | 000,040,960 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.dll MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- F:Program FilesMicrosoft OfficeOffice141033GrooveIntlResource.dll MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- F:Program FilesCommon Filesmicrosoft sharedOFFICE14CulturesOFFICE.ODF MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (tgsrvc_verizondm) SRV - File not found [Auto | Running] -- F:Program FilesSpybot -- (SBSDWSCService) SRV - [2012/07/31 10:19:38 | 003,075,920 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- F:Program FilesEmsisoft Anti-Malwarea2service.exe -- (a2AntiMalware) SRV - [2012/07/28 22:19:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:WindowsSystem32MacromedFlashFlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe -- (PSUAService) SRV - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe -- (NanoServiceMain) SRV - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe -- (cmdAgent) SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe -- (AdobeARMservice) SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIpsia.exe -- (Secunia PSI Agent) SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIsua.exe -- (Secunia Update Agent) SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- F:Program FilesSUPERAntiSpywareSASCore.exe -- (!SASCORE) SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe -- (NisSrv) SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc) SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- F:Program FilesThreatFireTFService.exe -- (ThreatFire) SRV - [2010/10/01 12:50:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32WatWatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe -- (Nonbrand_WUS-N) SRV - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe -- (Nonbrand_WUS-N_WPS) SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- F:Program FilesNeroUpdateNASvc.exe -- (NAUpdate) SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft OfficeOffice14GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe -- (Credential Vault Host Control Service) SRV - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe -- (Credential Vault Host Storage) SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:Program FilesWindows DefenderMpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempCFcatchme.sys -- (CFcatchme) DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempcatchme.sys -- (catchme) DRV - [2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversPSINKNC.sys -- (PSINKNC) DRV - [2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINProt.sys -- (PSINProt) DRV - [2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINProc.sys -- (PSINProc) DRV - [2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINAflt.sys -- (PSINAflt) DRV - [2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINFile.sys -- (PSINFile) DRV - [2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSStrm.sys -- (NNSSTRM) DRV - [2012/06/29 13:37:46 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- F:Program FilesEmsisoft Anti-Malwarea2accx86.sys -- (a2acc) DRV - [2012/06/27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNStlsc.sys -- (NNSTLSC) DRV - [2012/06/27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSProt.sys -- (NNSPROT) DRV - [2012/06/27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPrv.sys -- (NNSPRV) DRV - [2012/06/27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSSmtp.sys -- (NNSSMTP) DRV - [2012/06/27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPop3.sys -- (NNSPOP3) DRV - [2012/06/27 15:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- F:WindowsSystem32driversNNSPihsw.sys -- (NNSPIHSW) DRV - [2012/06/27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSIds.sys -- (NNSIDS) DRV - [2012/06/27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSpicc.sys -- (NNSPICC) DRV - [2012/06/27 15:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- F:WindowsSystem32driversNNSNAHSL.sys -- (NNSNAHSL) DRV - [2012/06/27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSHttp.sys -- (NNSHTTP) DRV - [2012/06/27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSAlpc.sys -- (NNSALPC) DRV - [2012/03/11 21:13:38 | 000,039,640 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driverscmdhlp.sys -- (cmdHlp) DRV - [2012/03/11 21:13:36 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- F:WindowsSystem32driverscmdGuard.sys -- (cmdGuard) DRV - [2012/02/03 19:27:48 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driversinspect.sys -- (inspect) DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywaresasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywareSASKUTIL.SYS -- (SASKUTIL) DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- F:Program FilesEmsisoft Anti-Malwarea2ddax86.sys -- (A2DDA) DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversNisDrvWFP.sys -- (NisDrv) DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversMpNWMon.sys -- (MpNWMon) DRV - [2011/03/10 18:04:57 | 000,046,280 | ---- | M] (Panda Security) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversPSKMAD.sys -- (PSKMAD) DRV - [2011/02/23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- F:WindowsSystem32driversSmartDefragDriver.sys -- (SmartDefragDriver) DRV - [2011/02/22 13:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfSysMon.sys -- (TfSysMon) DRV - [2011/02/22 13:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversTfNetMon.sys -- (TfNetMon) DRV - [2011/02/22 13:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfFsMon.sys -- (TfFsMon) DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversTsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverswinusb.sys -- (WinUsb) DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- F:WindowsSystem32driverspsi_mf.sys -- (PSI) DRV - [2010/07/29 01:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversivusb.sys -- (ivusb) DRV - [2010/06/21 14:28:02 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- F:WindowsSystem32driversanodlwf.sys -- (anodlwf) DRV - [2010/05/26 21:29:42 | 000,856,928 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversnetr28u.sys -- (netr28u) DRV - [2009/11/03 16:40:42 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverscvusbdrv.sys -- (cvusbdrv) DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversvwifimp.sys -- (vwifimp) DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Stopped] -- F:WindowsSystem32driversserial.sys -- (Serial) DRV - [2009/06/16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversnvlddmkm.sys -- (nvlddmkm) DRV - [2009/06/13 01:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverse1y6232.sys -- (e1yexpress) DRV - [2009/04/03 00:25:50 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- F:WindowsSystem32driversrimmptsk.sys -- (rimmptsk) DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- F:WindowsSystem32driversPBADRV.sys -- (PBADRV) DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverswdcsam.sys -- (WDC_SAM) DRV - [2007/06/14 16:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversPAC7302.SYS -- (PAC7302) DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:Program FilesPeerGuardian2pgfilter.sys -- (pgfilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com/ IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 32 3B 56 CC 32 DD CB 01 [binary data] IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS399 IE - HKCU..SearchScopes{7DA22919-2250-49B5-B6AF-6EDF78DB766E}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110939,17118,0,18,0 IE - HKCU..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157" FF - prefs.js..extensions.enabledItems: facadazzle@atlinkcom.com:1.0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: F:Windowssystem32MacromedFlashNPSWF32_11_3_300_268.dll () FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: F:Program FilesJavajre6binplugin2npjp2.dll (Sun Microsystems, Inc.) FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/SharePoint,version=14.0: F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@mozilla.zeniko.ch/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=6.0.11.2852: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=6.0.12.1662: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKLMSoftwareMozillaPlugins@videolan.org/vlc,version=2.0.1: F:Program FilesVideoLANVLCnpvlc.dll (VideoLAN) FF - HKLMSoftwareMozillaPluginsAdobe Reader: F:Program FilesAdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.) FF - HKCUSoftwareMozillaPlugins@mozilla.zeniko.ch/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsComponents: F:Program FilesPale Mooncomponents [2012/07/22 21:39:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsPlugins: F:Program FilesPale Moonplugins [2012/07/22 21:04:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensions{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: F:Program FilesPriceGong2.1.0FF [2012/02/15 13:45:42 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaExtensions [2012/07/29 20:58:45 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensions [2012/07/29 20:58:45 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfiles0extensions [2012/02/15 09:13:57 | 000,000,000 | ---D | M] (No name found) -- F:Program FilesMozilla Firefoxextensions [2011/07/07 09:43:57 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011/10/24 01:58:25 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2012/02/26 15:32:27 | 000,000,000 | ---D | M] (PageFont) -- F:USERSTTARMSTRONGAPPDATAROAMINGMOONCHILD PRODUCTIONSPALE MOONPROFILES7WJJ87FK.DEFAULTEXTENSIONSFACADAZZLE@ATLINKCOM.COM ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll CHR - plugin: Shockwave Flash (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataPepperFlash11.2.31.144pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = F:Windowssystem32MacromedFlashNPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Disabled) = F:Program FilesAdobeReader 10.0ReaderBrowsernppdf32.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnprpjplug.dll CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = F:Program FilesGoogleUpdate1.3.21.111npGoogleUpdate3.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = F:Program FilesJavajre6binplugin2npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll CHR - plugin: VLC Web Plugin (Enabled) = F:Program FilesVideoLANVLCnpvlc.dll CHR - Extension: YouTube = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0 CHR - Extension: Google Search = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0 CHR - Extension: Gmail = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0 O1 HOSTS File: ([2012/07/26 18:47:24 | 000,443,084 | R--- | M]) - F:WindowsSystem32driversetchosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15245 more lines... O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:Program FilesSpywareGuarddlprotect.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:Program FilesJavajre6binssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:Program FilesMicrosoft OfficeOffice14URLREDIR.DLL (Microsoft Corporation) O3 - HKLM..Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation) O3 - HKLM..Toolbar: (no name) - InprocServer32 - No CLSID value found. O4 - HKLM..Run: [COMODO Internet Security] F:Program FilesCOMODOCOMODO Internet Securitycfp.exe (COMODO) O4 - HKLM..Run: [KEEBOX 150N Wireless Utility] F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe () O4 - HKLM..Run: [PSUAMain] F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe (Panda Security, S.L.) O4 - HKLM..Run: [ThreatFire] F:Program FilesThreatFireTFTray.exe (PC Tools) O4 - HKCU..Run: [spybotSD TeaTimer] F:Program FilesSpybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSpywareGuard.lnk = F:Program FilesSpywareGuardsgmain.exe () O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLinkedConnections = 1 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - F:Program FilesMicrosoft OfficeOffice14EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10}: DhcpNameServer = 192.168.1.1 O18 - ProtocolHandlervnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation) O20 - AppInit_DLLs: (F:WindowsSystem32guard32.dll) - F:WindowsSystem32guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:Windowsexplorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (F:Windowssystem32userinit.exe) - F:WindowsSystem32userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:WindowsSystem32SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - WinlogonNotify!SASWinLogon: DllName - (F:Program FilesSUPERAntiSpywareSASWINLO.DLL) - F:Program FilesSUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:Program FilesSUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - F:Program FilesSpywareGuardspywareguard.dll () O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - F:autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM..comfile [open] -- "%1" %* O35 - HKLM..exefile [open] -- "%1" %* O37 - HKLM...com [@ = ComFile] -- "%1" %* O37 - HKLM...exe [@ = exefile] -- "%1" %* O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystemsWindows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/31 17:50:21 | 000,046,280 | ---- | C] (Panda Security) -- F:WindowsSystem32driversPSKMAD.sys [2012/07/30 06:11:06 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopSOUND EFFECTS2 [2012/07/30 06:08:44 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopKINGVIPER VDJ AUG [2012/07/29 20:58:44 | 000,000,000 | ---D | C] -- F:_OTL [2012/07/29 03:38:00 | 000,000,000 | ---D | C] -- F:ProgramDataKaspersky Lab [2012/07/28 22:19:24 | 009,821,896 | ---- | C] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerInstaller.exe [2012/07/26 18:41:04 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy [2012/07/26 18:40:41 | 000,000,000 | ---D | C] -- F:ProgramDataSpybot - Search & Destroy [2012/07/26 18:40:41 | 000,000,000 | ---D | C] -- F:Program FilesSpybot - Search & Destroy [2012/07/26 15:02:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe [2012/07/26 11:35:48 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys [2012/07/26 11:35:48 | 000,131,344 | ---- | C] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys [2012/07/26 11:09:33 | 000,000,000 | ---D | C] -- F:ProgramDataSophos [2012/07/26 11:09:24 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsSophos [2012/07/26 11:09:20 | 000,000,000 | ---D | C] -- F:Program FilesSophos [2012/07/26 08:29:29 | 000,000,000 | -HSD | C] -- F:$RECYCLE.BIN [2012/07/23 12:49:13 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPanda Cloud Antivirus [2012/07/22 20:02:33 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataLocaltemp [2012/07/22 19:49:13 | 000,518,144 | ---- | C] (SteelWerX) -- F:WindowsSWREG.exe [2012/07/22 19:49:13 | 000,406,528 | ---- | C] (SteelWerX) -- F:WindowsSWSC.exe [2012/07/22 19:49:13 | 000,060,416 | ---- | C] (NirSoft) -- F:WindowsNIRCMD.exe [2012/07/22 18:59:15 | 000,000,000 | ---D | C] -- F:Windowserdnt [2012/07/22 18:56:03 | 004,721,680 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe [2012/07/22 18:32:51 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopdvdmoviecover [2012/07/22 09:33:06 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopHIPHOP [2012/07/21 14:16:19 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoporignal dance [2012/07/21 13:20:04 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopwedding songs [2012/07/19 23:17:06 | 000,607,260 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr [2012/07/18 11:34:09 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoprockerz2 joe gibbs [2012/07/18 03:21:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32mshtml.tlb [2012/07/18 03:21:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieui.dll [2012/07/18 03:21:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieUnatt.exe [2012/07/18 03:21:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jsproxy.dll [2012/07/18 03:21:38 | 001,800,192 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jscript9.dll [2012/07/18 03:21:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32url.dll [2012/07/18 03:21:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32inetcpl.cpl [2012/07/18 03:18:31 | 002,345,984 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32win32k.sys [2012/07/17 21:26:03 | 000,000,000 | ---D | C] -- F:VritualRoot [2012/07/17 20:17:45 | 000,219,136 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ncrypt.dll [2012/07/17 20:17:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32msxml3r.dll [2012/07/17 20:17:41 | 000,805,376 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32cdosys.dll [2012/07/17 20:13:11 | 002,422,272 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wucltux.dll [2012/07/17 20:13:11 | 000,045,080 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups2.dll [2012/07/17 20:12:59 | 000,577,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapi.dll [2012/07/17 20:12:59 | 000,088,576 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wudriver.dll [2012/07/17 20:12:59 | 000,035,864 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups.dll [2012/07/17 20:12:50 | 000,171,904 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuwebv.dll [2012/07/17 20:12:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapp.exe [2012/07/17 20:11:47 | 000,000,000 | ---D | C] -- F:Program FilesMicrosoft Security Client [2012/07/14 08:45:02 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsThreatFire [2012/07/14 08:45:01 | 000,069,392 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfSysMon.sys [2012/07/14 08:45:01 | 000,051,984 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfFsMon.sys [2012/07/14 08:45:01 | 000,033,552 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfNetMon.sys [2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:Program FilesThreatFire [2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:ProgramDataPC Tools [2012/07/13 07:02:16 | 000,174,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys [2012/07/13 07:02:16 | 000,120,872 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys [2012/07/13 07:02:16 | 000,114,216 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys [2012/07/13 07:02:15 | 000,148,520 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys [2012/07/13 07:02:15 | 000,103,464 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys [2012/07/12 22:43:10 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingf-secure [2012/07/12 22:42:53 | 000,000,000 | ---D | C] -- F:ProgramDataF-Secure [2012/07/12 22:23:42 | 000,014,664 | ---- | C] (McAfee, Inc.) -- F:Windowsstinger.sys [2012/07/12 22:22:14 | 000,000,000 | ---D | C] -- F:Program Filesstinger [2012/07/12 11:18:32 | 000,206,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys [2012/07/11 19:25:56 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopWEDDIN SONG JULY 15 [2012/07/11 05:43:36 | 000,000,000 | ---D | C] -- F:Program FilesReal [2012/07/10 20:45:16 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopnew riddim & cover april 30 [2012/07/07 16:16:44 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopsamplesforkingcd [2012/07/07 13:28:51 | 000,000,000 | ---D | C] -- F:Program FilesNewAgeDesign [2010/10/23 05:00:39 | 000,047,360 | ---- | C] (VSO Software) -- F:UsersTTArmstrongAppDataRoamingpcouffin.sys ========== Files - Modified Within 30 Days ========== [2012/08/01 08:47:15 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/01 08:47:15 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/01 08:42:27 | 000,000,830 | ---- | M] () -- F:WindowstasksAdobe Flash Player Updater.job [2012/08/01 08:42:26 | 000,000,932 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001UA.job [2012/08/01 08:42:26 | 000,000,896 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineUA.job [2012/08/01 08:42:15 | 000,067,584 | --S- | M] () -- F:Windowsbootstat.dat [2012/07/31 21:00:59 | 000,626,486 | ---- | M] () -- F:WindowsSystem32perfh009.dat [2012/07/31 21:00:59 | 000,107,730 | ---- | M] () -- F:WindowsSystem32perfc009.dat [2012/07/31 20:53:50 | 000,000,892 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineCore.job [2012/07/31 20:53:41 | 000,065,536 | ---- | M] () -- F:WindowsSystem32Ikeext.etl [2012/07/31 20:53:28 | 1601,097,728 | -HS- | M] () -- F:hiberfil.sys [2012/07/31 08:58:45 | 000,003,232 | ---- | M] () -- F:UsersTTArmstrongDesktopmed.jpg [2012/07/31 08:14:02 | 000,001,057 | ---- | M] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml [2012/07/30 20:47:34 | 018,282,540 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj009.wav [2012/07/30 20:45:51 | 029,122,604 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj008.wav [2012/07/30 20:43:05 | 036,538,412 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj007.wav [2012/07/30 20:39:38 | 045,281,324 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj006.wav [2012/07/30 20:35:22 | 036,782,124 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj005.wav [2012/07/30 20:31:53 | 035,053,612 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj004.wav [2012/07/30 20:28:34 | 027,793,452 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj003.wav [2012/07/30 20:25:57 | 052,572,204 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj002.wav [2012/07/30 20:20:59 | 035,688,492 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj001.wav [2012/07/30 20:17:37 | 047,814,700 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj000.wav [2012/07/30 19:31:56 | 038,260,780 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj005.wav [2012/07/30 19:28:19 | 022,362,156 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj004.wav [2012/07/30 19:26:12 | 035,506,220 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj003.wav [2012/07/30 19:22:51 | 053,954,604 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj002.wav [2012/07/30 19:17:45 | 031,518,764 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj001.wav [2012/07/30 19:14:46 | 062,074,924 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj000.wav [2012/07/30 19:00:48 | 000,067,072 | ---- | M] () -- F:UsersTTArmstrongDesktopFuture Pluto Mixtape.jwl [2012/07/30 18:48:06 | 000,099,328 | ---- | M] () -- F:UsersTTArmstrongDesktopDJ SMALL RNB 12 SUPER JAY 124.jwl [2012/07/30 18:35:24 | 000,042,496 | ---- | M] () -- F:UsersTTArmstrongDesktopDJ Black Reggae Mix best of 2011 Mixtape.jwl [2012/07/30 18:24:56 | 000,091,648 | ---- | M] () -- F:UsersTTArmstrongDesktopdj scream dj smallz.jwl [2012/07/30 17:08:01 | 000,000,880 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001Core.job [2012/07/30 15:34:21 | 000,045,070 | ---- | M] () -- F:UsersTTArmstrongDesktop215276_10150168504124133_4115803_n.jpg [2012/07/30 06:41:02 | 004,339,756 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj008.wav [2012/07/30 06:40:37 | 024,279,084 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj007.wav [2012/07/30 06:38:20 | 024,641,580 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj006.wav [2012/07/30 06:36:00 | 030,982,188 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj005.wav [2012/07/30 06:33:04 | 042,895,404 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj004.wav [2012/07/30 06:29:01 | 033,499,180 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj003.wav [2012/07/30 06:25:51 | 025,878,572 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj002.wav [2012/07/30 06:23:24 | 025,231,404 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj001.wav [2012/07/30 06:21:01 | 034,054,188 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj000.wav [2012/07/30 06:03:32 | 000,006,656 | ---- | M] () -- F:UsersTTArmstrongDesktopsoca.jwl [2012/07/30 04:24:19 | 000,165,376 | ---- | M] () -- F:UsersTTArmstrongDesktopThe Tall Man.jwl [2012/07/30 04:21:25 | 000,107,335 | ---- | M] () -- F:UsersTTArmstrongDesktop56056892538297718450.jpg [2012/07/30 04:21:15 | 001,498,112 | ---- | M] () -- F:UsersTTArmstrongDesktopCole Younger & The Black Train.jwl [2012/07/30 04:17:30 | 000,165,376 | ---- | M] () -- F:UsersTTArmstrongDesktopHeadhunters.jwl [2012/07/30 04:13:20 | 000,122,880 | ---- | M] () -- F:UsersTTArmstrongDesktopAirborne.jwl [2012/07/30 04:10:34 | 000,129,024 | ---- | M] () -- F:UsersTTArmstrongDesktopSiones 2 Unfinished Business.jwl [2012/07/30 04:07:27 | 000,040,448 | ---- | M] () -- F:UsersTTArmstrongDesktopCellular.jwl [2012/07/30 04:02:38 | 000,052,224 | ---- | M] () -- F:UsersTTArmstrongDesktopLizzie.jwl [2012/07/29 04:17:53 | 000,105,601 | ---- | M] () -- F:UsersTTArmstrongDesktop523955_3764822717353_643435299_n.jpg [2012/07/28 22:19:26 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerApp.exe [2012/07/28 22:19:26 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerCPLApp.cpl [2012/07/28 22:19:24 | 009,821,896 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerInstaller.exe [2012/07/26 18:47:24 | 000,443,084 | R--- | M] () -- F:WindowsSystem32driversetchosts [2012/07/26 18:44:57 | 000,443,084 | R--- | M] () -- F:WindowsSystem32driversetchosts.20120726-184724.backup [2012/07/26 18:41:05 | 000,001,251 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk [2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe [2012/07/26 11:35:48 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys [2012/07/26 11:35:48 | 000,131,344 | ---- | M] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys [2012/07/26 11:09:24 | 000,003,221 | ---- | M] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk [2012/07/26 08:23:41 | 000,000,027 | ---- | M] () -- F:WindowsSystem32driversetchosts.20120726-184457.backup [2012/07/26 08:04:12 | 004,721,680 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe [2012/07/23 12:51:42 | 000,462,152 | ---- | M] () -- F:WindowsSystem32FNTCACHE.DAT [2012/07/23 12:50:26 | 000,000,000 | ---- | M] () -- F:ProgramData0x0304A000.sfl [2012/07/22 21:39:21 | 000,000,758 | ---- | M] () -- F:UsersPublicDesktopPale Moon.lnk [2012/07/22 21:05:36 | 000,001,952 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchPale Moon.lnk [2012/07/19 23:16:58 | 000,607,260 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr [2012/07/18 04:31:41 | 051,150,892 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav [2012/07/18 04:26:51 | 022,272,044 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav [2012/07/18 04:24:45 | 028,700,716 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav [2012/07/18 04:22:02 | 027,181,100 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav [2012/07/18 04:19:28 | 035,190,828 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav [2012/07/18 04:16:09 | 040,550,444 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav [2012/07/18 04:12:19 | 031,346,732 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav [2012/07/18 04:09:21 | 045,740,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav [2012/07/18 04:05:02 | 052,380,232 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav [2012/07/18 04:00:01 | 020,090,924 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav [2012/07/18 03:58:07 | 029,100,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav [2012/07/18 03:18:29 | 000,002,141 | ---- | M] () -- F:Windowsepplauncher.mif [2012/07/16 17:27:15 | 000,052,001 | ---- | M] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg [2012/07/14 08:45:02 | 000,000,939 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk [2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys [2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys [2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys [2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys [2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys [2012/07/12 23:01:43 | 000,281,862 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalcensus.cache [2012/07/12 23:01:22 | 000,158,340 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalars.cache [2012/07/12 22:53:41 | 000,000,036 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache [2012/07/12 22:23:42 | 000,014,664 | ---- | M] (McAfee, Inc.) -- F:Windowsstinger.sys [2012/07/12 22:23:03 | 000,000,045 | RH-- | M] () -- F:UsersTTArmstrongDesktopstinger.opt [2012/07/12 22:06:02 | 000,001,078 | ---- | M] () -- F:UsersPublicDesktopMalwarebytes Anti-Malware.lnk [2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys [2012/07/08 18:36:53 | 002,616,633 | ---- | M] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3 [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- F:WindowsSystem32driversmbam.sys [2012/07/02 16:51:55 | 000,041,909 | ---- | M] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg ========== Files Created - No Company Name ========== [2012/07/31 08:59:11 | 000,003,232 | ---- | C] () -- F:UsersTTArmstrongDesktopmed.jpg [2012/07/30 20:45:51 | 018,282,540 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj009.wav [2012/07/30 20:43:05 | 029,122,604 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj008.wav [2012/07/30 20:39:38 | 036,538,412 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj007.wav [2012/07/30 20:35:22 | 045,281,324 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj006.wav [2012/07/30 20:31:53 | 036,782,124 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj005.wav [2012/07/30 20:28:34 | 035,053,612 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj004.wav [2012/07/30 20:25:57 | 027,793,452 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj003.wav [2012/07/30 20:20:59 | 052,572,204 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj002.wav [2012/07/30 20:17:37 | 035,688,492 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj001.wav [2012/07/30 20:13:05 | 047,814,700 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj000.wav [2012/07/30 19:28:19 | 038,260,780 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj005.wav [2012/07/30 19:26:12 | 022,362,156 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj004.wav [2012/07/30 19:22:51 | 035,506,220 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj003.wav [2012/07/30 19:17:45 | 053,954,604 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj002.wav [2012/07/30 19:14:46 | 031,518,764 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj001.wav [2012/07/30 19:08:54 | 062,074,924 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj000.wav [2012/07/30 19:00:48 | 000,067,072 | ---- | C] () -- F:UsersTTArmstrongDesktopFuture Pluto Mixtape.jwl [2012/07/30 18:48:06 | 000,099,328 | ---- | C] () -- F:UsersTTArmstrongDesktopDJ SMALL RNB 12 SUPER JAY 124.jwl [2012/07/30 18:35:24 | 000,042,496 | ---- | C] () -- F:UsersTTArmstrongDesktopDJ Black Reggae Mix best of 2011 Mixtape.jwl [2012/07/30 18:24:56 | 000,091,648 | ---- | C] () -- F:UsersTTArmstrongDesktopdj scream dj smallz.jwl [2012/07/30 15:34:26 | 000,045,070 | ---- | C] () -- F:UsersTTArmstrongDesktop215276_10150168504124133_4115803_n.jpg [2012/07/30 06:40:37 | 004,339,756 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj008.wav [2012/07/30 06:38:20 | 024,279,084 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj007.wav [2012/07/30 06:36:00 | 024,641,580 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj006.wav [2012/07/30 06:33:04 | 030,982,188 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj005.wav [2012/07/30 06:29:01 | 042,895,404 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj004.wav [2012/07/30 06:25:51 | 033,499,180 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj003.wav [2012/07/30 06:23:24 | 025,878,572 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj002.wav [2012/07/30 06:21:01 | 025,231,404 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj001.wav [2012/07/30 06:17:48 | 034,054,188 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj000.wav [2012/07/30 06:03:32 | 000,006,656 | ---- | C] () -- F:UsersTTArmstrongDesktopsoca.jwl [2012/07/30 04:24:19 | 000,165,376 | ---- | C] () -- F:UsersTTArmstrongDesktopThe Tall Man.jwl [2012/07/30 04:21:27 | 000,107,335 | ---- | C] () -- F:UsersTTArmstrongDesktop56056892538297718450.jpg [2012/07/30 04:21:14 | 001,498,112 | ---- | C] () -- F:UsersTTArmstrongDesktopCole Younger & The Black Train.jwl [2012/07/30 04:17:29 | 000,165,376 | ---- | C] () -- F:UsersTTArmstrongDesktopHeadhunters.jwl [2012/07/30 04:13:20 | 000,122,880 | ---- | C] () -- F:UsersTTArmstrongDesktopAirborne.jwl [2012/07/30 04:10:34 | 000,129,024 | ---- | C] () -- F:UsersTTArmstrongDesktopSiones 2 Unfinished Business.jwl [2012/07/30 04:07:27 | 000,040,448 | ---- | C] () -- F:UsersTTArmstrongDesktopCellular.jwl [2012/07/30 04:02:38 | 000,052,224 | ---- | C] () -- F:UsersTTArmstrongDesktopLizzie.jwl [2012/07/29 04:18:00 | 000,105,601 | ---- | C] () -- F:UsersTTArmstrongDesktop523955_3764822717353_643435299_n.jpg [2012/07/26 18:41:05 | 000,001,251 | ---- | C] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk [2012/07/26 11:09:24 | 000,003,221 | ---- | C] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk [2012/07/23 12:50:26 | 000,000,000 | ---- | C] () -- F:ProgramData0x0304A000.sfl [2012/07/22 21:05:37 | 000,000,770 | ---- | C] () -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPale Moon.lnk [2012/07/22 21:05:37 | 000,000,758 | ---- | C] () -- F:UsersPublicDesktopPale Moon.lnk [2012/07/22 19:49:13 | 000,256,000 | ---- | C] () -- F:WindowsPEV.exe [2012/07/22 19:49:13 | 000,208,896 | ---- | C] () -- F:WindowsMBR.exe [2012/07/22 19:49:13 | 000,098,816 | ---- | C] () -- F:Windowssed.exe [2012/07/22 19:49:13 | 000,080,412 | ---- | C] () -- F:Windowsgrep.exe [2012/07/22 19:49:13 | 000,068,096 | ---- | C] () -- F:Windowszip.exe [2012/07/18 04:26:51 | 051,150,892 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav [2012/07/18 04:24:45 | 022,272,044 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav [2012/07/18 04:22:02 | 028,700,716 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav [2012/07/18 04:19:28 | 027,181,100 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav [2012/07/18 04:16:09 | 035,190,828 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav [2012/07/18 04:12:19 | 040,550,444 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav [2012/07/18 04:09:21 | 031,346,732 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav [2012/07/18 04:05:02 | 045,740,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav [2012/07/17 20:12:11 | 000,002,141 | ---- | C] () -- F:Windowsepplauncher.mif [2012/07/16 17:27:26 | 000,052,001 | ---- | C] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg [2012/07/14 08:45:02 | 000,000,939 | ---- | C] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk [2012/07/13 09:18:58 | 052,380,232 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav [2012/07/13 09:11:36 | 020,090,924 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav [2012/07/13 08:44:28 | 029,100,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav [2012/07/12 23:01:43 | 000,281,862 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalcensus.cache [2012/07/12 23:01:22 | 000,158,340 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalars.cache [2012/07/12 22:53:41 | 000,000,036 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache [2012/07/12 22:22:19 | 000,000,045 | RH-- | C] () -- F:UsersTTArmstrongDesktopstinger.opt [2012/07/08 18:32:23 | 002,616,633 | ---- | C] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3 [2012/07/08 06:41:30 | 005,213,752 | ---- | C] () -- F:UsersTTArmstrongDesktopShana Wilson Press In Your Presence.mp3 [2012/07/08 06:39:47 | 004,589,338 | ---- | C] () -- F:UsersTTArmstrongDesktopGo Get It.mp3 [2012/07/07 17:36:45 | 000,213,141 | R--- | C] () -- F:UsersTTArmstrongDesktop00-sanchez-best_of_sanchez_(dj_rondon)-bootleg-cd-2006-spliff.jpg [2012/07/02 16:51:55 | 000,041,909 | ---- | C] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg [2012/03/26 11:55:00 | 000,147,456 | ---- | C] () -- F:WindowsSystem32DiagFunc.dll [2012/03/26 11:55:00 | 000,000,451 | ---- | C] () -- F:WindowsSystem32DiagFunc.ini [2012/03/07 19:24:25 | 000,116,224 | ---- | C] () -- F:WindowsSystem32redmonnt.dll [2012/03/07 19:24:25 | 000,045,056 | ---- | C] () -- F:WindowsSystem32unredmon.exe [2012/02/16 06:21:03 | 000,032,768 | ---- | C] () -- F:WindowsSystem32driverssp_rsdrv2.sys [2011/11/17 08:53:51 | 000,003,284 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingANIWZCS{A21875C3-23CF-4FF2-ACA3-6B9A1DE459D5} [2011/11/17 08:50:28 | 000,012,800 | ---- | C] () -- F:WindowsSystem32driversanodlwf.sys [2011/11/17 08:50:27 | 000,014,051 | ---- | C] () -- F:WindowsSystem32RaCoInst.dat [2011/11/09 19:55:48 | 000,000,566 | ---- | C] () -- F:WindowsSystem32SP7302.INI [2011/07/27 08:53:38 | 000,000,000 | ---- | C] () -- F:UsersTTArmstrongAppDataLocal{DEB393EC-9D07-4AAF-B6DE-442513357526} [2011/03/24 22:02:01 | 000,029,008 | ---- | C] () -- F:WindowsSystem32SmartDefragBootTime.exe [2011/03/24 22:02:01 | 000,016,184 | ---- | C] () -- F:WindowsSystem32drivers
  7. luluhifi

    Trojans win32 Sirefef!E2 & E1

    F:QooboxQuarantineFWindowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U000000cb.@.vir Win32/Conedex.E trojan cleaned by deleting - quarantined Make sure that the option to "Remove Found Threats" is UN checked. i miss doin this before the scan sorry ESET
  8. luluhifi

    Trojans win32 Sirefef!E2 & E1

    The system is running much better now and only one thing seem funny to me is that in a idle state my CPU is bouncing between 50% -60% Eset in next post.
  9. luluhifi

    Trojans win32 Sirefef!E2 & E1

    Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.31.13 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 TTArmstrong :: TTARMSTRONG-PC [administrator] 7/31/2012 7:47:54 PM mbam-log-2012-07-31 (19-47-54).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206811 Time elapsed: 4 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  10. luluhifi

    Trojans win32 Sirefef!E2 & E1

    I run the ESET Scan yesturday before post #32 and this is what the log is>>i will run both scan again posted in #32 and post log F:Program FilesLoarisTrojan Remover 1.2ltr12.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined F:QooboxQuarantineFWindowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U00000004.@.vir Win32/Conedex.D trojan cleaned by deleting - quarantined F:QooboxQuarantineFWindowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U80000000.@.vir a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined F:QooboxQuarantineFWindowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U80000032.@.vir a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined F:QooboxQuarantineFWindowsSystem32services.exe.vir Win32/Sirefef.FC trojan deleted - quarantined F:_OTLMovedFiles07292012_205844F_ProgramDataMicrosoftWindowsDRMD27B.tmp a variant of Win32/Kryptik.AITT trojan cleaned by deleting - quarantined
  11. luluhifi

    Trojans win32 Sirefef!E2 & E1

    [2011/11/17 08:50:28 | 000,012,800 | ---- | C] () -- F:WindowsSystem32driversanodlwf.sys [2011/11/17 08:50:27 | 000,014,051 | ---- | C] () -- F:WindowsSystem32RaCoInst.dat [2011/11/09 19:55:48 | 000,000,566 | ---- | C] () -- F:WindowsSystem32SP7302.INI [2011/07/27 08:53:38 | 000,000,000 | ---- | C] () -- F:UsersTTArmstrongAppDataLocal{DEB393EC-9D07-4AAF-B6DE-442513357526} [2011/03/24 22:02:01 | 000,029,008 | ---- | C] () -- F:WindowsSystem32SmartDefragBootTime.exe [2011/03/24 22:02:01 | 000,016,184 | ---- | C] () -- F:WindowsSystem32driversSmartDefragDriver.sys [2011/01/30 05:30:55 | 000,084,480 | ---- | C] () -- F:WindowsSystem32ff_vfw.dll [2011/01/29 13:02:14 | 000,003,884 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingdvdae.config [2010/11/14 06:08:43 | 000,001,378 | ---- | C] () -- F:WindowsSystem32SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat [2010/10/23 20:04:09 | 000,130,048 | ---- | C] () -- F:WindowsSystem32SpoonUninstall.exe [2010/10/23 05:02:04 | 000,001,057 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml [2010/10/23 05:00:39 | 000,087,608 | ---- | C] () -- F:UsersTTArmstrongAppDataRoaminginst.exe [2010/10/23 05:00:39 | 000,007,887 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.cat [2010/10/23 05:00:39 | 000,001,144 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.inf [2010/10/16 13:33:30 | 000,308,624 | ---- | C] () -- F:WindowsSystem32brcmbsp.dll [2010/10/16 13:33:30 | 000,206,216 | ---- | C] () -- F:WindowsSystem32bipbsp.dll [2010/10/16 13:31:49 | 000,080,368 | ---- | C] () -- F:WindowsSystem32pbadrvdll.dll [2010/09/30 17:07:06 | 000,000,376 | ---- | C] () -- F:WindowsODBC.INI [2010/09/30 00:22:17 | 001,474,832 | ---- | C] () -- F:WindowsSystem32driverssfi.dat [2010/09/30 00:19:12 | 001,724,416 | ---- | C] () -- F:WindowsSystem32nvwdmcpl.dll [2010/09/30 00:19:12 | 001,657,376 | ---- | C] () -- F:WindowsSystem32nwiz.exe [2010/09/30 00:19:12 | 001,507,328 | ---- | C] () -- F:WindowsSystem32nView.dll [2010/09/30 00:19:12 | 001,101,824 | ---- | C] () -- F:WindowsSystem32nvwimg.dll [2010/09/30 00:19:12 | 000,466,944 | ---- | C] () -- F:WindowsSystem32nvShell.dll [2010/09/30 00:19:12 | 000,449,056 | ---- | C] () -- F:WindowsSystem32nvAppBar.exe [2010/09/30 00:19:12 | 000,267,296 | ---- | C] () -- F:WindowsSystem32nvTaskbar.exe ========== LOP Check ========== [2011/08/13 15:53:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingApowersoft [2010/10/23 09:09:08 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBackTalk [2012/07/22 18:25:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBitTorrent [2010/10/23 20:17:56 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingdBpoweramp [2010/10/02 11:17:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDisk Cleaner [2012/02/01 23:36:24 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDVDFab [2012/07/12 22:43:10 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingf-secure [2011/05/22 13:07:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingFDRLab [2011/08/24 17:01:40 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingImgBurn [2011/10/06 23:15:21 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingIObit [2011/04/20 16:26:24 | 000,000,000 | RHSD | M] -- F:UsersTTArmstrongAppDataRoamingJava [2010/10/17 21:57:31 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingMoonchild Productions [2012/04/04 22:53:16 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingPanda Security [2011/10/30 07:10:05 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingSystemRequirementsLab [2011/06/03 07:03:42 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingUpdater [2012/07/28 09:25:40 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingVso [2012/06/23 07:47:39 | 000,032,606 | ---- | M] () -- F:WindowsTasksSCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %systemroot%*. /rp /s > < MD5 for: EXPLORER.EXE > [2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fcexplorer.exe [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430explorer.exe [2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373explorer.exe [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1explorer.exe [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cefexplorer.exe [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87caexplorer.exe [2011/05/15 02:53:30 | 007,012,752 | ---- | M] () MD5=497144C537E73165F7A39C24CC29510C -- F:UsersTTArmstrongAppDataRoamingUpdaterexplorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowserdntcacheexplorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowsexplorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84explorer.exe [2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6explorer.exe [2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878explorer.exe [2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691explorer.exe < MD5 for: SVCHOST.EXE > [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:Windowserdntcachesvchost.exe [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:WindowsSystem32svchost.exe [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356svchost.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- F:Program FilesMalwarebytes' Anti-MalwareChameleonsvchost.exe < MD5 for: USERINIT.EXE > [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:Windowserdntcacheuserinit.exe [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:WindowsSystem32userinit.exe [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116userinit.exe [2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7cuserinit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177winlogon.exe [2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2winlogon.exe [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:Windowserdntcachewinlogon.exe [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:WindowsSystem32winlogon.exe [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500winlogon.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- F:Program FilesMalwarebytes' Anti-MalwareChameleonwinlogon.exe [2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166winlogon.exe < End of report > YEA this is the part
  12. luluhifi

    Trojans win32 Sirefef!E2 & E1

    OTL logfile created on: 7/30/2012 9:57:44 PM - Run 2 OTL by OldTimer - Version 3.2.54.1 Folder = F:UsersTTArmstrongDesktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.66% Memory free 3.98 Gb Paging File | 2.34 Gb Available in Paging File | 58.92% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = F: | %SystemRoot% = F:Windows | %ProgramFiles% = F:Program Files Drive C: | 58.93 Gb Total Space | 6.95 Gb Free Space | 11.79% Space Free | Partition Type: NTFS Drive E: | 39.71 Gb Total Space | 29.45 Gb Free Space | 74.16% Space Free | Partition Type: NTFS Drive F: | 50.14 Gb Total Space | 8.77 Gb Free Space | 17.49% Space Free | Partition Type: NTFS Computer Name: TTARMSTRONG-PC | User Name: TTArmstrong | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe PRC - [2012/07/13 07:15:56 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe PRC - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe PRC - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe PRC - [2012/06/29 13:38:24 | 003,069,752 | ---- | M] (Emsisoft GmbH) -- F:Program FilesEmsisoft Anti-Malwarea2service.exe PRC - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe PRC - [2012/03/11 21:13:02 | 006,749,512 | ---- | M] (COMODO) -- F:Program FilesCOMODOCOMODO Internet Securitycfp.exe PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIpsia.exe PRC - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIsua.exe PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- F:Program FilesSUPERAntiSpywareSASCore.exe PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- F:Windowsexplorer.exe PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFTray.exe PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFService.exe PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- F:WindowsSystem32taskhost.exe PRC - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe PRC - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe PRC - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- F:Program FilesNeroUpdateNASvc.exe PRC - [2010/03/24 12:16:02 | 029,373,736 | ---- | M] (Nero AG) -- F:Program FilesNeroNero 10Nero ExpressNeroExpress.exe PRC - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe PRC - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- F:Program FilesSpybot - Search & DestroyTeaTimer.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- F:Program FilesSpybot - Search & DestroySDWinSec.exe PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe ========== Modules (No Company Name) ========== MOD - [2012/07/10 00:09:00 | 000,438,296 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppgooglenaclpluginchrome.dll MOD - [2012/07/10 00:08:59 | 003,972,120 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll MOD - [2012/07/10 00:07:39 | 000,554,520 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libglesv2.dll MOD - [2012/07/10 00:07:37 | 000,117,784 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libegl.dll MOD - [2012/07/10 00:07:22 | 000,140,328 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avutil-51.dll MOD - [2012/07/10 00:07:21 | 000,262,184 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avformat-54.dll MOD - [2012/07/10 00:07:19 | 002,386,984 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avcodec-54.dll MOD - [2011/11/17 08:51:58 | 000,073,728 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANPDApi.dll MOD - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe MOD - [2010/07/05 18:41:40 | 000,299,008 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless Utilitywlanapp.dll MOD - [2010/06/29 17:42:42 | 000,040,960 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.dll MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- F:Program FilesWinRARRarExt.dll MOD - [2010/03/04 13:22:14 | 000,374,056 | ---- | M] () -- F:Program FilesNeroNero 10Nero ExpressAudioPluginMgrlame_enc.dll MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- F:Program FilesMicrosoft OfficeOffice141033GrooveIntlResource.dll MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- F:Program FilesCommon Filesmicrosoft sharedOFFICE14CulturesOFFICE.ODF MOD - [2009/12/11 13:44:02 | 000,045,864 | R--- | M] () -- F:Program FilesNeroNero 10Nero ExpressBCGPOleAcc.dll MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (tgsrvc_verizondm) SRV - File not found [Auto | Running] -- F:Program FilesSpybot -- (SBSDWSCService) SRV - [2012/07/28 22:19:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:WindowsSystem32MacromedFlashFlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe -- (PSUAService) SRV - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe -- (NanoServiceMain) SRV - [2012/06/29 13:38:24 | 003,069,752 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- F:Program FilesEmsisoft Anti-Malwarea2service.exe -- (a2AntiMalware) SRV - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe -- (cmdAgent) SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe -- (AdobeARMservice) SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIpsia.exe -- (Secunia PSI Agent) SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIsua.exe -- (Secunia Update Agent) SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- F:Program FilesSUPERAntiSpywareSASCore.exe -- (!SASCORE) SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe -- (NisSrv) SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc) SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- F:Program FilesThreatFireTFService.exe -- (ThreatFire) SRV - [2010/10/01 12:50:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32WatWatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe -- (Nonbrand_WUS-N) SRV - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe -- (Nonbrand_WUS-N_WPS) SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- F:Program FilesNeroUpdateNASvc.exe -- (NAUpdate) SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft OfficeOffice14GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe -- (Credential Vault Host Control Service) SRV - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe -- (Credential Vault Host Storage) SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:Program FilesWindows DefenderMpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempCFcatchme.sys -- (CFcatchme) DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempcatchme.sys -- (catchme) DRV - [2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversPSINKNC.sys -- (PSINKNC) DRV - [2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINProt.sys -- (PSINProt) DRV - [2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINProc.sys -- (PSINProc) DRV - [2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINAflt.sys -- (PSINAflt) DRV - [2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINFile.sys -- (PSINFile) DRV - [2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSStrm.sys -- (NNSSTRM) DRV - [2012/06/29 13:37:46 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- F:Program FilesEmsisoft Anti-Malwarea2accx86.sys -- (a2acc) DRV - [2012/06/27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNStlsc.sys -- (NNSTLSC) DRV - [2012/06/27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSProt.sys -- (NNSPROT) DRV - [2012/06/27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPrv.sys -- (NNSPRV) DRV - [2012/06/27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSSmtp.sys -- (NNSSMTP) DRV - [2012/06/27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPop3.sys -- (NNSPOP3) DRV - [2012/06/27 15:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- F:WindowsSystem32driversNNSPihsw.sys -- (NNSPIHSW) DRV - [2012/06/27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSIds.sys -- (NNSIDS) DRV - [2012/06/27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSpicc.sys -- (NNSPICC) DRV - [2012/06/27 15:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- F:WindowsSystem32driversNNSNAHSL.sys -- (NNSNAHSL) DRV - [2012/06/27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSHttp.sys -- (NNSHTTP) DRV - [2012/06/27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSAlpc.sys -- (NNSALPC) DRV - [2012/03/11 21:13:38 | 000,039,640 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driverscmdhlp.sys -- (cmdHlp) DRV - [2012/03/11 21:13:36 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- F:WindowsSystem32driverscmdGuard.sys -- (cmdGuard) DRV - [2012/02/03 19:27:48 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driversinspect.sys -- (inspect) DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywaresasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywareSASKUTIL.SYS -- (SASKUTIL) DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- F:Program FilesEmsisoft Anti-Malwarea2ddax86.sys -- (A2DDA) DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversNisDrvWFP.sys -- (NisDrv) DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversMpNWMon.sys -- (MpNWMon) DRV - [2011/03/10 18:04:57 | 000,046,280 | ---- | M] (Panda Security) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversPSKMAD.sys -- (PSKMAD) DRV - [2011/02/23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- F:WindowsSystem32driversSmartDefragDriver.sys -- (SmartDefragDriver) DRV - [2011/02/22 13:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfSysMon.sys -- (TfSysMon) DRV - [2011/02/22 13:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversTfNetMon.sys -- (TfNetMon) DRV - [2011/02/22 13:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfFsMon.sys -- (TfFsMon) DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversTsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverswinusb.sys -- (WinUsb) DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- F:WindowsSystem32driverspsi_mf.sys -- (PSI) DRV - [2010/07/29 01:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversivusb.sys -- (ivusb) DRV - [2010/06/21 14:28:02 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- F:WindowsSystem32driversanodlwf.sys -- (anodlwf) DRV - [2010/05/26 21:29:42 | 000,856,928 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversnetr28u.sys -- (netr28u) DRV - [2009/11/03 16:40:42 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverscvusbdrv.sys -- (cvusbdrv) DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversvwifimp.sys -- (vwifimp) DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Stopped] -- F:WindowsSystem32driversserial.sys -- (Serial) DRV - [2009/06/16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversnvlddmkm.sys -- (nvlddmkm) DRV - [2009/06/13 01:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverse1y6232.sys -- (e1yexpress) DRV - [2009/04/03 00:25:50 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- F:WindowsSystem32driversrimmptsk.sys -- (rimmptsk) DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- F:WindowsSystem32driversPBADRV.sys -- (PBADRV) DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverswdcsam.sys -- (WDC_SAM) DRV - [2007/06/14 16:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversPAC7302.SYS -- (PAC7302) DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:Program FilesPeerGuardian2pgfilter.sys -- (pgfilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com/ IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 32 3B 56 CC 32 DD CB 01 [binary data] IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS399 IE - HKCU..SearchScopes{7DA22919-2250-49B5-B6AF-6EDF78DB766E}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110939,17118,0,18,0 IE - HKCU..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157" FF - prefs.js..extensions.enabledItems: facadazzle@atlinkcom.com:1.0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: F:Windowssystem32MacromedFlashNPSWF32_11_3_300_268.dll () FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: F:Program FilesJavajre6binplugin2npjp2.dll (Sun Microsystems, Inc.) FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/SharePoint,version=14.0: F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@mozilla.zeniko.ch/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=6.0.11.2852: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=6.0.12.1662: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKLMSoftwareMozillaPlugins@videolan.org/vlc,version=2.0.1: F:Program FilesVideoLANVLCnpvlc.dll (VideoLAN) FF - HKLMSoftwareMozillaPluginsAdobe Reader: F:Program FilesAdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.) FF - HKCUSoftwareMozillaPlugins@mozilla.zeniko.ch/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsComponents: F:Program FilesPale Mooncomponents [2012/07/22 21:39:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsPlugins: F:Program FilesPale Moonplugins [2012/07/22 21:04:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensions{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: F:Program FilesPriceGong2.1.0FF [2012/02/15 13:45:42 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaExtensions [2012/07/29 20:58:45 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensions [2012/07/29 20:58:45 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfiles0extensions [2012/02/15 09:13:57 | 000,000,000 | ---D | M] (No name found) -- F:Program FilesMozilla Firefoxextensions [2011/07/07 09:43:57 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011/10/24 01:58:25 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2012/02/26 15:32:27 | 000,000,000 | ---D | M] (PageFont) -- F:USERSTTARMSTRONGAPPDATAROAMINGMOONCHILD PRODUCTIONSPALE MOONPROFILES7WJJ87FK.DEFAULTEXTENSIONSFACADAZZLE@ATLINKCOM.COM ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll CHR - plugin: Shockwave Flash (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataPepperFlash11.2.31.144pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = F:Windowssystem32MacromedFlashNPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Disabled) = F:Program FilesAdobeReader 10.0ReaderBrowsernppdf32.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnprpjplug.dll CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = F:Program FilesGoogleUpdate1.3.21.111npGoogleUpdate3.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = F:Program FilesJavajre6binplugin2npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll CHR - plugin: VLC Web Plugin (Enabled) = F:Program FilesVideoLANVLCnpvlc.dll CHR - Extension: YouTube = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0 CHR - Extension: Google Search = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0 CHR - Extension: Gmail = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0 O1 HOSTS File: ([2012/07/26 18:47:24 | 000,443,084 | R--- | M]) - F:WindowsSystem32driversetchosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15245 more lines... O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:Program FilesSpywareGuarddlprotect.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:Program FilesJavajre6binssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:Program FilesMicrosoft OfficeOffice14URLREDIR.DLL (Microsoft Corporation) O3 - HKLM..Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation) O3 - HKLM..Toolbar: (no name) - InprocServer32 - No CLSID value found. O4 - HKLM..Run: [burnStudio] F:Program FilesMagic Burning Studiombs.exe (MagicVideoSoftware Inc.) O4 - HKLM..Run: [COMODO Internet Security] F:Program FilesCOMODOCOMODO Internet Securitycfp.exe (COMODO) O4 - HKLM..Run: [KEEBOX 150N Wireless Utility] F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe () O4 - HKLM..Run: [PSUAMain] F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe (Panda Security, S.L.) O4 - HKLM..Run: [sonneDVDCreator] F:Program FilesMagic Burning StudioDVDCreator.exe (MagicVideoSoftware Inc.) O4 - HKLM..Run: [ThreatFire] F:Program FilesThreatFireTFTray.exe (PC Tools) O4 - HKCU..Run: [spybotSD TeaTimer] F:Program FilesSpybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSpywareGuard.lnk = F:Program FilesSpywareGuardsgmain.exe () O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLinkedConnections = 1 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - F:Program FilesMicrosoft OfficeOffice14EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.254.254 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10}: DhcpNameServer = 192.168.254.254 O18 - ProtocolHandlervnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation) O20 - AppInit_DLLs: (F:WindowsSystem32guard32.dll) - F:WindowsSystem32guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:Windowsexplorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (F:Windowssystem32userinit.exe) - F:WindowsSystem32userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:WindowsSystem32SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - WinlogonNotify!SASWinLogon: DllName - (F:Program FilesSUPERAntiSpywareSASWINLO.DLL) - F:Program FilesSUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:Program FilesSUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - F:Program FilesSpywareGuardspywareguard.dll () O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - F:autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM..comfile [open] -- "%1" %* O35 - HKLM..exefile [open] -- "%1" %* O37 - HKLM...com [@ = ComFile] -- "%1" %* O37 - HKLM...exe [@ = exefile] -- "%1" %* O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystemsWindows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/30 06:11:06 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopSOUND EFFECTS2 [2012/07/30 06:08:44 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopKINGVIPER VDJ AUG [2012/07/29 21:00:35 | 000,046,280 | ---- | C] (Panda Security) -- F:WindowsSystem32driversPSKMAD.sys [2012/07/29 20:58:44 | 000,000,000 | ---D | C] -- F:_OTL [2012/07/29 03:38:00 | 000,000,000 | ---D | C] -- F:ProgramDataKaspersky Lab [2012/07/28 22:19:24 | 009,821,896 | ---- | C] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerInstaller.exe [2012/07/26 18:41:04 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy [2012/07/26 18:40:41 | 000,000,000 | ---D | C] -- F:ProgramDataSpybot - Search & Destroy [2012/07/26 18:40:41 | 000,000,000 | ---D | C] -- F:Program FilesSpybot - Search & Destroy [2012/07/26 15:02:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe [2012/07/26 11:35:48 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys [2012/07/26 11:35:48 | 000,131,344 | ---- | C] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys [2012/07/26 11:09:33 | 000,000,000 | ---D | C] -- F:ProgramDataSophos [2012/07/26 11:09:24 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsSophos [2012/07/26 11:09:20 | 000,000,000 | ---D | C] -- F:Program FilesSophos [2012/07/26 08:29:29 | 000,000,000 | -HSD | C] -- F:$RECYCLE.BIN [2012/07/23 12:49:13 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPanda Cloud Antivirus [2012/07/22 20:02:33 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataLocaltemp [2012/07/22 19:49:13 | 000,518,144 | ---- | C] (SteelWerX) -- F:WindowsSWREG.exe [2012/07/22 19:49:13 | 000,406,528 | ---- | C] (SteelWerX) -- F:WindowsSWSC.exe [2012/07/22 19:49:13 | 000,060,416 | ---- | C] (NirSoft) -- F:WindowsNIRCMD.exe [2012/07/22 18:59:15 | 000,000,000 | ---D | C] -- F:Windowserdnt [2012/07/22 18:56:03 | 004,721,680 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe [2012/07/22 18:32:51 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopdvdmoviecover [2012/07/22 09:33:06 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopHIPHOP [2012/07/21 14:16:19 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoporignal dance [2012/07/21 13:20:04 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopwedding songs [2012/07/19 23:17:06 | 000,607,260 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr [2012/07/18 11:34:09 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoprockerz2 joe gibbs [2012/07/18 03:21:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32mshtml.tlb [2012/07/18 03:21:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieui.dll [2012/07/18 03:21:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieUnatt.exe [2012/07/18 03:21:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jsproxy.dll [2012/07/18 03:21:38 | 001,800,192 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jscript9.dll [2012/07/18 03:21:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32url.dll [2012/07/18 03:21:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32inetcpl.cpl [2012/07/18 03:18:31 | 002,345,984 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32win32k.sys [2012/07/17 21:26:03 | 000,000,000 | ---D | C] -- F:VritualRoot [2012/07/17 20:17:45 | 000,219,136 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ncrypt.dll [2012/07/17 20:17:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32msxml3r.dll [2012/07/17 20:17:41 | 000,805,376 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32cdosys.dll [2012/07/17 20:13:11 | 002,422,272 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wucltux.dll [2012/07/17 20:13:11 | 000,045,080 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups2.dll [2012/07/17 20:12:59 | 000,577,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapi.dll [2012/07/17 20:12:59 | 000,088,576 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wudriver.dll [2012/07/17 20:12:59 | 000,035,864 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups.dll [2012/07/17 20:12:50 | 000,171,904 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuwebv.dll [2012/07/17 20:12:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapp.exe [2012/07/17 20:11:47 | 000,000,000 | ---D | C] -- F:Program FilesMicrosoft Security Client [2012/07/14 08:45:02 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsThreatFire [2012/07/14 08:45:01 | 000,069,392 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfSysMon.sys [2012/07/14 08:45:01 | 000,051,984 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfFsMon.sys [2012/07/14 08:45:01 | 000,033,552 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfNetMon.sys [2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:Program FilesThreatFire [2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:ProgramDataPC Tools [2012/07/13 07:02:16 | 000,174,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys [2012/07/13 07:02:16 | 000,120,872 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys [2012/07/13 07:02:16 | 000,114,216 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys [2012/07/13 07:02:15 | 000,148,520 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys [2012/07/13 07:02:15 | 000,103,464 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys [2012/07/12 22:43:10 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingf-secure [2012/07/12 22:42:53 | 000,000,000 | ---D | C] -- F:ProgramDataF-Secure [2012/07/12 22:23:42 | 000,014,664 | ---- | C] (McAfee, Inc.) -- F:Windowsstinger.sys [2012/07/12 22:22:14 | 000,000,000 | ---D | C] -- F:Program Filesstinger [2012/07/12 11:18:32 | 000,206,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys [2012/07/11 19:25:56 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopWEDDIN SONG JULY 15 [2012/07/11 05:43:36 | 000,000,000 | ---D | C] -- F:Program FilesReal [2012/07/10 20:45:16 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopnew riddim & cover april 30 [2012/07/07 16:16:44 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopsamplesforkingcd [2012/07/07 13:28:51 | 000,000,000 | ---D | C] -- F:Program FilesNewAgeDesign [2012/07/01 20:12:45 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopwowWORSHIP [2012/07/01 17:25:05 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopWOW GOSPEL MUSIC [2010/10/23 05:00:39 | 000,047,360 | ---- | C] (VSO Software) -- F:UsersTTArmstrongAppDataRoamingpcouffin.sys ========== Files - Modified Within 30 Days ========== [2012/07/30 21:40:02 | 000,000,896 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineUA.job [2012/07/30 21:17:01 | 000,000,830 | ---- | M] () -- F:WindowstasksAdobe Flash Player Updater.job [2012/07/30 21:08:00 | 000,000,932 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001UA.job [2012/07/30 20:47:34 | 018,282,540 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj009.wav [2012/07/30 20:45:51 | 029,122,604 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj008.wav [2012/07/30 20:43:05 | 036,538,412 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj007.wav [2012/07/30 20:39:38 | 045,281,324 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj006.wav [2012/07/30 20:35:22 | 036,782,124 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj005.wav [2012/07/30 20:31:53 | 035,053,612 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj004.wav [2012/07/30 20:28:34 | 027,793,452 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj003.wav [2012/07/30 20:25:57 | 052,572,204 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj002.wav [2012/07/30 20:20:59 | 035,688,492 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj001.wav [2012/07/30 20:17:37 | 047,814,700 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj000.wav [2012/07/30 19:31:56 | 038,260,780 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj005.wav [2012/07/30 19:28:19 | 022,362,156 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj004.wav [2012/07/30 19:26:12 | 035,506,220 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj003.wav [2012/07/30 19:22:51 | 053,954,604 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj002.wav [2012/07/30 19:17:45 | 031,518,764 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj001.wav [2012/07/30 19:14:46 | 062,074,924 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj000.wav [2012/07/30 19:00:48 | 000,067,072 | ---- | M] () -- F:UsersTTArmstrongDesktopFuture Pluto Mixtape.jwl [2012/07/30 18:48:06 | 000,099,328 | ---- | M] () -- F:UsersTTArmstrongDesktopDJ SMALL RNB 12 SUPER JAY 124.jwl [2012/07/30 18:35:24 | 000,042,496 | ---- | M] () -- F:UsersTTArmstrongDesktopDJ Black Reggae Mix best of 2011 Mixtape.jwl [2012/07/30 18:24:56 | 000,091,648 | ---- | M] () -- F:UsersTTArmstrongDesktopdj scream dj smallz.jwl [2012/07/30 17:08:01 | 000,000,880 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001Core.job [2012/07/30 16:38:38 | 000,067,584 | --S- | M] () -- F:Windowsbootstat.dat [2012/07/30 15:34:21 | 000,045,070 | ---- | M] () -- F:UsersTTArmstrongDesktop215276_10150168504124133_4115803_n.jpg [2012/07/30 15:24:27 | 000,000,892 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineCore.job [2012/07/30 07:04:46 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/30 07:04:46 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/30 07:04:24 | 000,626,486 | ---- | M] () -- F:WindowsSystem32perfh009.dat [2012/07/30 07:04:24 | 000,107,730 | ---- | M] () -- F:WindowsSystem32perfc009.dat [2012/07/30 06:57:12 | 000,065,536 | ---- | M] () -- F:WindowsSystem32Ikeext.etl [2012/07/30 06:56:58 | 1601,097,728 | -HS- | M] () -- F:hiberfil.sys [2012/07/30 06:41:02 | 004,339,756 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj008.wav [2012/07/30 06:40:37 | 024,279,084 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj007.wav [2012/07/30 06:38:20 | 024,641,580 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj006.wav [2012/07/30 06:36:00 | 030,982,188 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj005.wav [2012/07/30 06:33:04 | 042,895,404 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj004.wav [2012/07/30 06:29:01 | 033,499,180 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj003.wav [2012/07/30 06:25:51 | 025,878,572 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj002.wav [2012/07/30 06:23:24 | 025,231,404 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj001.wav [2012/07/30 06:21:01 | 034,054,188 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj000.wav [2012/07/30 04:24:19 | 000,165,376 | ---- | M] () -- F:UsersTTArmstrongDesktopThe Tall Man.jwl [2012/07/30 04:21:25 | 000,107,335 | ---- | M] () -- F:UsersTTArmstrongDesktop56056892538297718450.jpg [2012/07/30 04:21:15 | 001,498,112 | ---- | M] () -- F:UsersTTArmstrongDesktopCole Younger & The Black Train.jwl [2012/07/30 04:17:30 | 000,165,376 | ---- | M] () -- F:UsersTTArmstrongDesktopHeadhunters.jwl [2012/07/30 04:13:20 | 000,122,880 | ---- | M] () -- F:UsersTTArmstrongDesktopAirborne.jwl [2012/07/30 04:10:34 | 000,129,024 | ---- | M] () -- F:UsersTTArmstrongDesktopSiones 2 Unfinished Business.jwl [2012/07/30 04:07:27 | 000,040,448 | ---- | M] () -- F:UsersTTArmstrongDesktopCellular.jwl [2012/07/30 04:02:38 | 000,052,224 | ---- | M] () -- F:UsersTTArmstrongDesktopLizzie.jwl [2012/07/29 04:17:53 | 000,105,601 | ---- | M] () -- F:UsersTTArmstrongDesktop523955_3764822717353_643435299_n.jpg [2012/07/28 22:19:26 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerApp.exe [2012/07/28 22:19:26 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerCPLApp.cpl [2012/07/28 22:19:24 | 009,821,896 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerInstaller.exe [2012/07/28 10:01:16 | 000,001,057 | ---- | M] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml [2012/07/26 18:47:24 | 000,443,084 | R--- | M] () -- F:WindowsSystem32driversetchosts [2012/07/26 18:44:57 | 000,443,084 | R--- | M] () -- F:WindowsSystem32driversetchosts.20120726-184724.backup [2012/07/26 18:41:05 | 000,001,251 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk [2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe [2012/07/26 11:35:48 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys [2012/07/26 11:35:48 | 000,131,344 | ---- | M] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys [2012/07/26 11:09:24 | 000,003,221 | ---- | M] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk [2012/07/26 08:23:41 | 000,000,027 | ---- | M] () -- F:WindowsSystem32driversetchosts.20120726-184457.backup [2012/07/26 08:04:12 | 004,721,680 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe [2012/07/23 12:51:42 | 000,462,152 | ---- | M] () -- F:WindowsSystem32FNTCACHE.DAT [2012/07/23 12:50:26 | 000,000,000 | ---- | M] () -- F:ProgramData0x0304A000.sfl [2012/07/22 21:39:21 | 000,000,758 | ---- | M] () -- F:UsersPublicDesktopPale Moon.lnk [2012/07/22 21:05:36 | 000,001,952 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchPale Moon.lnk [2012/07/19 23:16:58 | 000,607,260 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr [2012/07/18 04:31:41 | 051,150,892 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav [2012/07/18 04:26:51 | 022,272,044 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav [2012/07/18 04:24:45 | 028,700,716 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav [2012/07/18 04:22:02 | 027,181,100 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav [2012/07/18 04:19:28 | 035,190,828 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav [2012/07/18 04:16:09 | 040,550,444 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav [2012/07/18 04:12:19 | 031,346,732 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav [2012/07/18 04:09:21 | 045,740,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav [2012/07/18 04:05:02 | 052,380,232 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav [2012/07/18 04:00:01 | 020,090,924 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav [2012/07/18 03:58:07 | 029,100,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav [2012/07/18 03:18:29 | 000,002,141 | ---- | M] () -- F:Windowsepplauncher.mif [2012/07/16 17:27:15 | 000,052,001 | ---- | M] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg [2012/07/14 08:45:02 | 000,000,939 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk [2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys [2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys [2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys [2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys [2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys [2012/07/12 23:01:43 | 000,281,862 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalcensus.cache [2012/07/12 23:01:22 | 000,158,340 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalars.cache [2012/07/12 22:53:41 | 000,000,036 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache [2012/07/12 22:23:42 | 000,014,664 | ---- | M] (McAfee, Inc.) -- F:Windowsstinger.sys [2012/07/12 22:23:03 | 000,000,045 | RH-- | M] () -- F:UsersTTArmstrongDesktopstinger.opt [2012/07/12 22:06:02 | 000,001,078 | ---- | M] () -- F:UsersPublicDesktopMalwarebytes Anti-Malware.lnk [2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys [2012/07/08 18:36:53 | 002,616,633 | ---- | M] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3 [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- F:WindowsSystem32driversmbam.sys [2012/07/02 16:51:55 | 000,041,909 | ---- | M] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg [2012/07/01 15:35:20 | 004,589,338 | ---- | M] () -- F:UsersTTArmstrongDesktopGo Get It.mp3 ========== Files Created - No Company Name ========== [2012/07/30 20:45:51 | 018,282,540 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj009.wav [2012/07/30 20:43:05 | 029,122,604 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj008.wav [2012/07/30 20:39:38 | 036,538,412 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj007.wav [2012/07/30 20:35:22 | 045,281,324 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj006.wav [2012/07/30 20:31:53 | 036,782,124 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj005.wav [2012/07/30 20:28:34 | 035,053,612 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj004.wav [2012/07/30 20:25:57 | 027,793,452 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj003.wav [2012/07/30 20:20:59 | 052,572,204 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj002.wav [2012/07/30 20:17:37 | 035,688,492 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj001.wav [2012/07/30 20:13:05 | 047,814,700 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj000.wav [2012/07/30 19:28:19 | 038,260,780 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj005.wav [2012/07/30 19:26:12 | 022,362,156 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj004.wav [2012/07/30 19:22:51 | 035,506,220 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj003.wav [2012/07/30 19:17:45 | 053,954,604 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj002.wav [2012/07/30 19:14:46 | 031,518,764 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj001.wav [2012/07/30 19:08:54 | 062,074,924 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj000.wav [2012/07/30 19:00:48 | 000,067,072 | ---- | C] () -- F:UsersTTArmstrongDesktopFuture Pluto Mixtape.jwl [2012/07/30 18:48:06 | 000,099,328 | ---- | C] () -- F:UsersTTArmstrongDesktopDJ SMALL RNB 12 SUPER JAY 124.jwl [2012/07/30 18:35:24 | 000,042,496 | ---- | C] () -- F:UsersTTArmstrongDesktopDJ Black Reggae Mix best of 2011 Mixtape.jwl [2012/07/30 18:24:56 | 000,091,648 | ---- | C] () -- F:UsersTTArmstrongDesktopdj scream dj smallz.jwl [2012/07/30 15:34:26 | 000,045,070 | ---- | C] () -- F:UsersTTArmstrongDesktop215276_10150168504124133_4115803_n.jpg [2012/07/30 06:40:37 | 004,339,756 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj008.wav [2012/07/30 06:38:20 | 024,279,084 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj007.wav [2012/07/30 06:36:00 | 024,641,580 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj006.wav [2012/07/30 06:33:04 | 030,982,188 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj005.wav [2012/07/30 06:29:01 | 042,895,404 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj004.wav [2012/07/30 06:25:51 | 033,499,180 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj003.wav [2012/07/30 06:23:24 | 025,878,572 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj002.wav [2012/07/30 06:21:01 | 025,231,404 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj001.wav [2012/07/30 06:17:48 | 034,054,188 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj000.wav [2012/07/30 04:24:19 | 000,165,376 | ---- | C] () -- F:UsersTTArmstrongDesktopThe Tall Man.jwl [2012/07/30 04:21:27 | 000,107,335 | ---- | C] () -- F:UsersTTArmstrongDesktop56056892538297718450.jpg [2012/07/30 04:21:14 | 001,498,112 | ---- | C] () -- F:UsersTTArmstrongDesktopCole Younger & The Black Train.jwl [2012/07/30 04:17:29 | 000,165,376 | ---- | C] () -- F:UsersTTArmstrongDesktopHeadhunters.jwl [2012/07/30 04:13:20 | 000,122,880 | ---- | C] () -- F:UsersTTArmstrongDesktopAirborne.jwl [2012/07/30 04:10:34 | 000,129,024 | ---- | C] () -- F:UsersTTArmstrongDesktopSiones 2 Unfinished Business.jwl [2012/07/30 04:07:27 | 000,040,448 | ---- | C] () -- F:UsersTTArmstrongDesktopCellular.jwl [2012/07/30 04:02:38 | 000,052,224 | ---- | C] () -- F:UsersTTArmstrongDesktopLizzie.jwl [2012/07/29 04:18:00 | 000,105,601 | ---- | C] () -- F:UsersTTArmstrongDesktop523955_3764822717353_643435299_n.jpg [2012/07/26 18:41:05 | 000,001,251 | ---- | C] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk [2012/07/26 11:09:24 | 000,003,221 | ---- | C] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk [2012/07/23 12:50:26 | 000,000,000 | ---- | C] () -- F:ProgramData0x0304A000.sfl [2012/07/22 21:05:37 | 000,000,770 | ---- | C] () -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPale Moon.lnk [2012/07/22 21:05:37 | 000,000,758 | ---- | C] () -- F:UsersPublicDesktopPale Moon.lnk [2012/07/22 19:49:13 | 000,256,000 | ---- | C] () -- F:WindowsPEV.exe [2012/07/22 19:49:13 | 000,208,896 | ---- | C] () -- F:WindowsMBR.exe [2012/07/22 19:49:13 | 000,098,816 | ---- | C] () -- F:Windowssed.exe [2012/07/22 19:49:13 | 000,080,412 | ---- | C] () -- F:Windowsgrep.exe [2012/07/22 19:49:13 | 000,068,096 | ---- | C] () -- F:Windowszip.exe [2012/07/18 04:26:51 | 051,150,892 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav [2012/07/18 04:24:45 | 022,272,044 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav [2012/07/18 04:22:02 | 028,700,716 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav [2012/07/18 04:19:28 | 027,181,100 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav [2012/07/18 04:16:09 | 035,190,828 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav [2012/07/18 04:12:19 | 040,550,444 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav [2012/07/18 04:09:21 | 031,346,732 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav [2012/07/18 04:05:02 | 045,740,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav [2012/07/17 20:12:11 | 000,002,141 | ---- | C] () -- F:Windowsepplauncher.mif [2012/07/16 17:27:26 | 000,052,001 | ---- | C] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg [2012/07/14 08:45:02 | 000,000,939 | ---- | C] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk [2012/07/13 09:18:58 | 052,380,232 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav [2012/07/13 09:11:36 | 020,090,924 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav [2012/07/13 08:44:28 | 029,100,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav [2012/07/12 23:01:43 | 000,281,862 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalcensus.cache [2012/07/12 23:01:22 | 000,158,340 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalars.cache [2012/07/12 22:53:41 | 000,000,036 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache [2012/07/12 22:22:19 | 000,000,045 | RH-- | C] () -- F:UsersTTArmstrongDesktopstinger.opt [2012/07/08 18:32:23 | 002,616,633 | ---- | C] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3 [2012/07/08 06:41:30 | 005,213,752 | ---- | C] () -- F:UsersTTArmstrongDesktopShana Wilson Press In Your Presence.mp3 [2012/07/08 06:39:47 | 004,589,338 | ---- | C] () -- F:UsersTTArmstrongDesktopGo Get It.mp3 [2012/07/07 17:36:45 | 000,213,141 | R--- | C] () -- F:UsersTTArmstrongDesktop00-sanchez-best_of_sanchez_(dj_rondon)-bootleg-cd-2006-spliff.jpg [2012/07/02 16:51:55 | 000,041,909 | ---- | C] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg [2012/03/26 11:55:00 | 000,147,456 | ---- | C] () -- F:WindowsSystem32DiagFunc.dll [2012/03/26 11:55:00 | 000,000,451 | ---- | C] () -- F:WindowsSystem32DiagFunc.ini [2012/03/07 19:24:25 | 000,116,224 | ---- | C] () -- F:WindowsSystem32redmonnt.dll [2012/03/07 19:24:25 | 000,045,056 | ---- | C] () -- F:WindowsSystem32unredmon.exe [2012/02/16 06:21:03 | 000,032,768 | ---- | C] () -- F:WindowsSystem32driverssp_rsdrv2.sys [2011/11/17 08:53:51 | 000,003,284 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingANIWZCS{A21875C3-23CF-4FF2-ACA3-
  13. luluhifi

    Trojans win32 Sirefef!E2 & E1

    Here you go All processes killed ========== OTL ========== File HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensions{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: F:Program FilesPriceGong2.1.0FF not found. F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.comskin folder moved successfully. F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.comlocaleen-US folder moved successfully. F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.comlocale folder moved successfully. F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.comdefaultspreferences folder moved successfully. F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.comdefaults folder moved successfully. F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.comchromecontent folder moved successfully. F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.comchrome folder moved successfully. F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.com folder moved successfully. F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfiles0extensionsOneClickDownload@OneClickDownload.com folder moved successfully. Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{02478D38-C3F9-4efb-9B51-7695ECA05670} not found. Registry key HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftInternet ExplorerRestrictions deleted successfully. Registry key HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet ExplorerControl Panel deleted successfully. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Registry error reading value HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{E2883E8F-472F-4FB0-9522-AC9BF37916A7}DownloadInformationINF . Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{E2883E8F-472F-4FB0-9522-AC9BF37916A7} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2883E8F-472F-4FB0-9522-AC9BF37916A7} not found. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{E2883E8F-472F-4FB0-9522-AC9BF37916A7} not found. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2883E8F-472F-4FB0-9522-AC9BF37916A7} not found. ADS F:WindowsSystem32driversgtqjbadj.sys:changelist deleted successfully. ADS F:UsersTTArmstrongDesktoporignal dance:Mac_Metadata deleted successfully. ADS F:ProgramDataTEMP:5C321E34 deleted successfully. ========== FILES ========== F:WindowsSystem32driversgtqjbadj.sys moved successfully. F:ProgramDataMicrosoftWindowsDRMD27B.tmp moved successfully. F:Windows12225517.dat moved successfully. FileFolder F:Program FilesPriceGong not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: TTArmstrong ->Temp folder emptied: 16384 bytes ->Temporary Internet Files folder emptied: 65938 bytes ->Java cache emptied: 653092238 bytes ->Google Chrome cache emptied: 73215879 bytes ->Flash cache emptied: 1242012 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%System32 .tmp files removed: 0 bytes %systemroot%System32drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 17310853 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 710.00 mb [EMPTYFLASH] User: Administrator User: All Users User: Default User: Default User User: Public User: TTArmstrong ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.54.1 log created on 07292012_205844 FilesFolders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...
  14. luluhifi

    Trojans win32 Sirefef!E2 & E1

    yet this one was a real nasty one that i could not get rid of>>>Is there any other progam that i can put with and work with the other ones i have to protect me from this again ??I will run the scan when I get back to system in trouble..Thanks alot
  15. luluhifi

    Trojans win32 Sirefef!E2 & E1

    https://www.virustotal.com/file/6aab9ce51d0aad73f64e2159e32f541cf4b95b5a05f0a50655eb70e91a5cf1ba/analysis/1343527972/
×