Jump to content

luluhifi

Advanced Member
  • Content Count

    1,963
  • Joined

  • Last visited

Everything posted by luluhifi

  1. luluhifi

    2019

    Happy New Year to every one 2k19
  2. luluhifi

    Video Downloader for Youtube

    Best is YoutubeByClick
  3. luluhifi

    Windows 10

    Thanks Guys.....No place like home when you need help
  4. Hello Pit >>I found a bunch of these Trojans>>>SiresefE2 on my win7 laptop.I would like to know if anyone in the Pit have a way of getting Rid of these nasty stuff without doing a clean install or a in place install
  5. luluhifi

    Trojans win32 Sirefef!E2 & E1

    Thank your very much for your help JonTom My system 100% better now>>I did all in post #41>>>idle is bouncing between 15 --22% while i have firefox open which makin me surf much faster than before>.i can see the increase I am goin to do the same with my other system...I Thank u so much.
  6. luluhifi

    Trojans win32 Sirefef!E2 & E1

    [2011/01/30 05:30:55 | 000,084,480 | ---- | C] () -- F:WindowsSystem32ff_vfw.dll [2011/01/29 13:02:14 | 000,003,884 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingdvdae.config [2010/11/14 06:08:43 | 000,001,378 | ---- | C] () -- F:WindowsSystem32SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat [2010/10/23 20:04:09 | 000,130,048 | ---- | C] () -- F:WindowsSystem32SpoonUninstall.exe [2010/10/23 05:02:04 | 000,001,057 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml [2010/10/23 05:00:39 | 000,087,608 | ---- | C] () -- F:UsersTTArmstrongAppDataRoaminginst.exe [2010/10/23 05:00:39 | 000,007,887 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.cat [2010/10/23 05:00:39 | 000,001,144 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.inf [2010/10/16 13:33:30 | 000,308,624 | ---- | C] () -- F:WindowsSystem32brcmbsp.dll [2010/10/16 13:33:30 | 000,206,216 | ---- | C] () -- F:WindowsSystem32bipbsp.dll [2010/10/16 13:31:49 | 000,080,368 | ---- | C] () -- F:WindowsSystem32pbadrvdll.dll [2010/09/30 17:07:06 | 000,000,376 | ---- | C] () -- F:WindowsODBC.INI [2010/09/30 00:22:17 | 001,474,832 | ---- | C] () -- F:WindowsSystem32driverssfi.dat [2010/09/30 00:19:12 | 001,724,416 | ---- | C] () -- F:WindowsSystem32nvwdmcpl.dll [2010/09/30 00:19:12 | 001,657,376 | ---- | C] () -- F:WindowsSystem32nwiz.exe [2010/09/30 00:19:12 | 001,507,328 | ---- | C] () -- F:WindowsSystem32nView.dll [2010/09/30 00:19:12 | 001,101,824 | ---- | C] () -- F:WindowsSystem32nvwimg.dll [2010/09/30 00:19:12 | 000,466,944 | ---- | C] () -- F:WindowsSystem32nvShell.dll [2010/09/30 00:19:12 | 000,449,056 | ---- | C] () -- F:WindowsSystem32nvAppBar.exe [2010/09/30 00:19:12 | 000,267,296 | ---- | C] () -- F:WindowsSystem32nvTaskbar.exe ========== LOP Check ========== [2011/08/13 15:53:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingApowersoft [2010/10/23 09:09:08 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBackTalk [2012/07/22 18:25:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBitTorrent [2010/10/23 20:17:56 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingdBpoweramp [2010/10/02 11:17:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDisk Cleaner [2012/02/01 23:36:24 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDVDFab [2012/07/12 22:43:10 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingf-secure [2011/05/22 13:07:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingFDRLab [2011/08/24 17:01:40 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingImgBurn [2011/10/06 23:15:21 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingIObit [2011/04/20 16:26:24 | 000,000,000 | RHSD | M] -- F:UsersTTArmstrongAppDataRoamingJava [2010/10/17 21:57:31 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingMoonchild Productions [2012/04/04 22:53:16 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingPanda Security [2011/10/30 07:10:05 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingSystemRequirementsLab [2011/06/03 07:03:42 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingUpdater [2012/07/31 08:14:02 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingVso [2012/06/23 07:47:39 | 000,032,606 | ---- | M] () -- F:WindowsTasksSCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %systemroot%*. /rp /s > < MD5 for: EXPLORER.EXE > [2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fcexplorer.exe [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430explorer.exe [2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373explorer.exe [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1explorer.exe [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cefexplorer.exe [2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- F:UsersTTArmstrongAppDataLocaltempRarSFX0procsexplorer.exe [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87caexplorer.exe [2011/05/15 02:53:30 | 007,012,752 | ---- | M] () MD5=497144C537E73165F7A39C24CC29510C -- F:UsersTTArmstrongAppDataRoamingUpdaterexplorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowserdntcacheexplorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowsexplorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84explorer.exe [2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6explorer.exe [2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- F:UsersTTArmstrongAppDataLocaltempRarSFX0hexplorer.exe [2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878explorer.exe [2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691explorer.exe < MD5 for: SVCHOST.EXE > [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:Windowserdntcachesvchost.exe [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:WindowsSystem32svchost.exe [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356svchost.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- F:Program FilesMalwarebytes' Anti-MalwareChameleonsvchost.exe < MD5 for: USERINIT.EXE > [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:Windowserdntcacheuserinit.exe [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:WindowsSystem32userinit.exe [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116userinit.exe [2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7cuserinit.exe [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- F:UsersTTArmstrongAppDataLocaltempRarSFX0userinit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177winlogon.exe [2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2winlogon.exe [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:Windowserdntcachewinlogon.exe [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:WindowsSystem32winlogon.exe [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500winlogon.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- F:Program FilesMalwarebytes' Anti-MalwareChameleonwinlogon.exe [2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166winlogon.exe [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- F:UsersTTArmstrongAppDataLocaltempRarSFX0winlogon.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 105 bytes -> F:ProgramDataTEMP:5C321E34 < End of report >
  7. luluhifi

    Trojans win32 Sirefef!E2 & E1

    OTL logfile created on: 8/1/2012 8:47:10 AM - Run 3 OTL by OldTimer - Version 3.2.54.1 Folder = F:UsersTTArmstrongDesktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.63% Memory free 3.98 Gb Paging File | 2.43 Gb Available in Paging File | 61.12% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = F: | %SystemRoot% = F:Windows | %ProgramFiles% = F:Program Files Drive C: | 58.93 Gb Total Space | 6.95 Gb Free Space | 11.79% Space Free | Partition Type: NTFS Drive E: | 39.71 Gb Total Space | 30.29 Gb Free Space | 76.28% Space Free | Partition Type: NTFS Drive F: | 50.14 Gb Total Space | 9.10 Gb Free Space | 18.15% Space Free | Partition Type: NTFS Computer Name: TTARMSTRONG-PC | User Name: TTArmstrong | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/31 10:19:38 | 003,075,920 | ---- | M] (Emsisoft GmbH) -- F:Program FilesEmsisoft Anti-Malwarea2service.exe PRC - [2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe PRC - [2012/07/13 07:15:56 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe PRC - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe PRC - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe PRC - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIpsia.exe PRC - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIsua.exe PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- F:Program FilesSUPERAntiSpywareSASCore.exe PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- F:Windowsexplorer.exe PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFTray.exe PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFService.exe PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- F:WindowsSystem32taskhost.exe PRC - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe PRC - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe PRC - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- F:Program FilesNeroUpdateNASvc.exe PRC - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe PRC - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- F:Program FilesSpybot - Search & DestroyTeaTimer.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- F:Program FilesSpybot - Search & DestroySDWinSec.exe PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe ========== Modules (No Company Name) ========== MOD - [2012/07/10 00:09:00 | 000,438,296 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppgooglenaclpluginchrome.dll MOD - [2012/07/10 00:08:59 | 003,972,120 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll MOD - [2012/07/10 00:07:39 | 000,554,520 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libglesv2.dll MOD - [2012/07/10 00:07:37 | 000,117,784 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libegl.dll MOD - [2012/07/10 00:07:22 | 000,140,328 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avutil-51.dll MOD - [2012/07/10 00:07:21 | 000,262,184 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avformat-54.dll MOD - [2012/07/10 00:07:19 | 002,386,984 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avcodec-54.dll MOD - [2012/07/09 22:17:27 | 009,255,112 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57gcswf32.dll MOD - [2011/11/17 08:51:58 | 000,073,728 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANPDApi.dll MOD - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe MOD - [2010/07/05 18:41:40 | 000,299,008 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless Utilitywlanapp.dll MOD - [2010/06/29 17:42:42 | 000,040,960 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.dll MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- F:Program FilesMicrosoft OfficeOffice141033GrooveIntlResource.dll MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- F:Program FilesCommon Filesmicrosoft sharedOFFICE14CulturesOFFICE.ODF MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (tgsrvc_verizondm) SRV - File not found [Auto | Running] -- F:Program FilesSpybot -- (SBSDWSCService) SRV - [2012/07/31 10:19:38 | 003,075,920 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- F:Program FilesEmsisoft Anti-Malwarea2service.exe -- (a2AntiMalware) SRV - [2012/07/28 22:19:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:WindowsSystem32MacromedFlashFlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe -- (PSUAService) SRV - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe -- (NanoServiceMain) SRV - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe -- (cmdAgent) SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe -- (AdobeARMservice) SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIpsia.exe -- (Secunia PSI Agent) SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIsua.exe -- (Secunia Update Agent) SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- F:Program FilesSUPERAntiSpywareSASCore.exe -- (!SASCORE) SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe -- (NisSrv) SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc) SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- F:Program FilesThreatFireTFService.exe -- (ThreatFire) SRV - [2010/10/01 12:50:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32WatWatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe -- (Nonbrand_WUS-N) SRV - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe -- (Nonbrand_WUS-N_WPS) SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- F:Program FilesNeroUpdateNASvc.exe -- (NAUpdate) SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft OfficeOffice14GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe -- (Credential Vault Host Control Service) SRV - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe -- (Credential Vault Host Storage) SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:Program FilesWindows DefenderMpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempCFcatchme.sys -- (CFcatchme) DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempcatchme.sys -- (catchme) DRV - [2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversPSINKNC.sys -- (PSINKNC) DRV - [2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINProt.sys -- (PSINProt) DRV - [2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINProc.sys -- (PSINProc) DRV - [2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINAflt.sys -- (PSINAflt) DRV - [2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINFile.sys -- (PSINFile) DRV - [2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSStrm.sys -- (NNSSTRM) DRV - [2012/06/29 13:37:46 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- F:Program FilesEmsisoft Anti-Malwarea2accx86.sys -- (a2acc) DRV - [2012/06/27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNStlsc.sys -- (NNSTLSC) DRV - [2012/06/27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSProt.sys -- (NNSPROT) DRV - [2012/06/27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPrv.sys -- (NNSPRV) DRV - [2012/06/27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSSmtp.sys -- (NNSSMTP) DRV - [2012/06/27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPop3.sys -- (NNSPOP3) DRV - [2012/06/27 15:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- F:WindowsSystem32driversNNSPihsw.sys -- (NNSPIHSW) DRV - [2012/06/27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSIds.sys -- (NNSIDS) DRV - [2012/06/27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSpicc.sys -- (NNSPICC) DRV - [2012/06/27 15:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- F:WindowsSystem32driversNNSNAHSL.sys -- (NNSNAHSL) DRV - [2012/06/27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSHttp.sys -- (NNSHTTP) DRV - [2012/06/27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSAlpc.sys -- (NNSALPC) DRV - [2012/03/11 21:13:38 | 000,039,640 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driverscmdhlp.sys -- (cmdHlp) DRV - [2012/03/11 21:13:36 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- F:WindowsSystem32driverscmdGuard.sys -- (cmdGuard) DRV - [2012/02/03 19:27:48 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driversinspect.sys -- (inspect) DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywaresasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywareSASKUTIL.SYS -- (SASKUTIL) DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- F:Program FilesEmsisoft Anti-Malwarea2ddax86.sys -- (A2DDA) DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversNisDrvWFP.sys -- (NisDrv) DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversMpNWMon.sys -- (MpNWMon) DRV - [2011/03/10 18:04:57 | 000,046,280 | ---- | M] (Panda Security) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversPSKMAD.sys -- (PSKMAD) DRV - [2011/02/23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- F:WindowsSystem32driversSmartDefragDriver.sys -- (SmartDefragDriver) DRV - [2011/02/22 13:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfSysMon.sys -- (TfSysMon) DRV - [2011/02/22 13:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversTfNetMon.sys -- (TfNetMon) DRV - [2011/02/22 13:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfFsMon.sys -- (TfFsMon) DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversTsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverswinusb.sys -- (WinUsb) DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- F:WindowsSystem32driverspsi_mf.sys -- (PSI) DRV - [2010/07/29 01:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversivusb.sys -- (ivusb) DRV - [2010/06/21 14:28:02 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- F:WindowsSystem32driversanodlwf.sys -- (anodlwf) DRV - [2010/05/26 21:29:42 | 000,856,928 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversnetr28u.sys -- (netr28u) DRV - [2009/11/03 16:40:42 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverscvusbdrv.sys -- (cvusbdrv) DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversvwifimp.sys -- (vwifimp) DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Stopped] -- F:WindowsSystem32driversserial.sys -- (Serial) DRV - [2009/06/16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversnvlddmkm.sys -- (nvlddmkm) DRV - [2009/06/13 01:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverse1y6232.sys -- (e1yexpress) DRV - [2009/04/03 00:25:50 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- F:WindowsSystem32driversrimmptsk.sys -- (rimmptsk) DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- F:WindowsSystem32driversPBADRV.sys -- (PBADRV) DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverswdcsam.sys -- (WDC_SAM) DRV - [2007/06/14 16:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversPAC7302.SYS -- (PAC7302) DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:Program FilesPeerGuardian2pgfilter.sys -- (pgfilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com/ IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 32 3B 56 CC 32 DD CB 01 [binary data] IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS399 IE - HKCU..SearchScopes{7DA22919-2250-49B5-B6AF-6EDF78DB766E}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110939,17118,0,18,0 IE - HKCU..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157" FF - prefs.js..extensions.enabledItems: facadazzle@atlinkcom.com:1.0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: F:Windowssystem32MacromedFlashNPSWF32_11_3_300_268.dll () FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: F:Program FilesJavajre6binplugin2npjp2.dll (Sun Microsystems, Inc.) FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/SharePoint,version=14.0: F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@mozilla.zeniko.ch/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=6.0.11.2852: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=6.0.12.1662: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKLMSoftwareMozillaPlugins@videolan.org/vlc,version=2.0.1: F:Program FilesVideoLANVLCnpvlc.dll (VideoLAN) FF - HKLMSoftwareMozillaPluginsAdobe Reader: F:Program FilesAdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.) FF - HKCUSoftwareMozillaPlugins@mozilla.zeniko.ch/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsComponents: F:Program FilesPale Mooncomponents [2012/07/22 21:39:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsPlugins: F:Program FilesPale Moonplugins [2012/07/22 21:04:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensions{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: F:Program FilesPriceGong2.1.0FF [2012/02/15 13:45:42 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaExtensions [2012/07/29 20:58:45 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensions [2012/07/29 20:58:45 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfiles0extensions [2012/02/15 09:13:57 | 000,000,000 | ---D | M] (No name found) -- F:Program FilesMozilla Firefoxextensions [2011/07/07 09:43:57 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011/10/24 01:58:25 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2012/02/26 15:32:27 | 000,000,000 | ---D | M] (PageFont) -- F:USERSTTARMSTRONGAPPDATAROAMINGMOONCHILD PRODUCTIONSPALE MOONPROFILES7WJJ87FK.DEFAULTEXTENSIONSFACADAZZLE@ATLINKCOM.COM ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll CHR - plugin: Shockwave Flash (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataPepperFlash11.2.31.144pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = F:Windowssystem32MacromedFlashNPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Disabled) = F:Program FilesAdobeReader 10.0ReaderBrowsernppdf32.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnprpjplug.dll CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = F:Program FilesGoogleUpdate1.3.21.111npGoogleUpdate3.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = F:Program FilesJavajre6binplugin2npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll CHR - plugin: VLC Web Plugin (Enabled) = F:Program FilesVideoLANVLCnpvlc.dll CHR - Extension: YouTube = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0 CHR - Extension: Google Search = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0 CHR - Extension: Gmail = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0 O1 HOSTS File: ([2012/07/26 18:47:24 | 000,443,084 | R--- | M]) - F:WindowsSystem32driversetchosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15245 more lines... O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:Program FilesSpywareGuarddlprotect.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:Program FilesJavajre6binssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:Program FilesMicrosoft OfficeOffice14URLREDIR.DLL (Microsoft Corporation) O3 - HKLM..Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation) O3 - HKLM..Toolbar: (no name) - InprocServer32 - No CLSID value found. O4 - HKLM..Run: [COMODO Internet Security] F:Program FilesCOMODOCOMODO Internet Securitycfp.exe (COMODO) O4 - HKLM..Run: [KEEBOX 150N Wireless Utility] F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe () O4 - HKLM..Run: [PSUAMain] F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe (Panda Security, S.L.) O4 - HKLM..Run: [ThreatFire] F:Program FilesThreatFireTFTray.exe (PC Tools) O4 - HKCU..Run: [spybotSD TeaTimer] F:Program FilesSpybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSpywareGuard.lnk = F:Program FilesSpywareGuardsgmain.exe () O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLinkedConnections = 1 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - F:Program FilesMicrosoft OfficeOffice14EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10}: DhcpNameServer = 192.168.1.1 O18 - ProtocolHandlervnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation) O20 - AppInit_DLLs: (F:WindowsSystem32guard32.dll) - F:WindowsSystem32guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:Windowsexplorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (F:Windowssystem32userinit.exe) - F:WindowsSystem32userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:WindowsSystem32SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - WinlogonNotify!SASWinLogon: DllName - (F:Program FilesSUPERAntiSpywareSASWINLO.DLL) - F:Program FilesSUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:Program FilesSUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - F:Program FilesSpywareGuardspywareguard.dll () O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - F:autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM..comfile [open] -- "%1" %* O35 - HKLM..exefile [open] -- "%1" %* O37 - HKLM...com [@ = ComFile] -- "%1" %* O37 - HKLM...exe [@ = exefile] -- "%1" %* O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystemsWindows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/31 17:50:21 | 000,046,280 | ---- | C] (Panda Security) -- F:WindowsSystem32driversPSKMAD.sys [2012/07/30 06:11:06 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopSOUND EFFECTS2 [2012/07/30 06:08:44 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopKINGVIPER VDJ AUG [2012/07/29 20:58:44 | 000,000,000 | ---D | C] -- F:_OTL [2012/07/29 03:38:00 | 000,000,000 | ---D | C] -- F:ProgramDataKaspersky Lab [2012/07/28 22:19:24 | 009,821,896 | ---- | C] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerInstaller.exe [2012/07/26 18:41:04 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy [2012/07/26 18:40:41 | 000,000,000 | ---D | C] -- F:ProgramDataSpybot - Search & Destroy [2012/07/26 18:40:41 | 000,000,000 | ---D | C] -- F:Program FilesSpybot - Search & Destroy [2012/07/26 15:02:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe [2012/07/26 11:35:48 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys [2012/07/26 11:35:48 | 000,131,344 | ---- | C] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys [2012/07/26 11:09:33 | 000,000,000 | ---D | C] -- F:ProgramDataSophos [2012/07/26 11:09:24 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsSophos [2012/07/26 11:09:20 | 000,000,000 | ---D | C] -- F:Program FilesSophos [2012/07/26 08:29:29 | 000,000,000 | -HSD | C] -- F:$RECYCLE.BIN [2012/07/23 12:49:13 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPanda Cloud Antivirus [2012/07/22 20:02:33 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataLocaltemp [2012/07/22 19:49:13 | 000,518,144 | ---- | C] (SteelWerX) -- F:WindowsSWREG.exe [2012/07/22 19:49:13 | 000,406,528 | ---- | C] (SteelWerX) -- F:WindowsSWSC.exe [2012/07/22 19:49:13 | 000,060,416 | ---- | C] (NirSoft) -- F:WindowsNIRCMD.exe [2012/07/22 18:59:15 | 000,000,000 | ---D | C] -- F:Windowserdnt [2012/07/22 18:56:03 | 004,721,680 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe [2012/07/22 18:32:51 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopdvdmoviecover [2012/07/22 09:33:06 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopHIPHOP [2012/07/21 14:16:19 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoporignal dance [2012/07/21 13:20:04 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopwedding songs [2012/07/19 23:17:06 | 000,607,260 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr [2012/07/18 11:34:09 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoprockerz2 joe gibbs [2012/07/18 03:21:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32mshtml.tlb [2012/07/18 03:21:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieui.dll [2012/07/18 03:21:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieUnatt.exe [2012/07/18 03:21:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jsproxy.dll [2012/07/18 03:21:38 | 001,800,192 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jscript9.dll [2012/07/18 03:21:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32url.dll [2012/07/18 03:21:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32inetcpl.cpl [2012/07/18 03:18:31 | 002,345,984 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32win32k.sys [2012/07/17 21:26:03 | 000,000,000 | ---D | C] -- F:VritualRoot [2012/07/17 20:17:45 | 000,219,136 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ncrypt.dll [2012/07/17 20:17:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32msxml3r.dll [2012/07/17 20:17:41 | 000,805,376 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32cdosys.dll [2012/07/17 20:13:11 | 002,422,272 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wucltux.dll [2012/07/17 20:13:11 | 000,045,080 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups2.dll [2012/07/17 20:12:59 | 000,577,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapi.dll [2012/07/17 20:12:59 | 000,088,576 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wudriver.dll [2012/07/17 20:12:59 | 000,035,864 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups.dll [2012/07/17 20:12:50 | 000,171,904 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuwebv.dll [2012/07/17 20:12:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapp.exe [2012/07/17 20:11:47 | 000,000,000 | ---D | C] -- F:Program FilesMicrosoft Security Client [2012/07/14 08:45:02 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsThreatFire [2012/07/14 08:45:01 | 000,069,392 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfSysMon.sys [2012/07/14 08:45:01 | 000,051,984 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfFsMon.sys [2012/07/14 08:45:01 | 000,033,552 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfNetMon.sys [2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:Program FilesThreatFire [2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:ProgramDataPC Tools [2012/07/13 07:02:16 | 000,174,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys [2012/07/13 07:02:16 | 000,120,872 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys [2012/07/13 07:02:16 | 000,114,216 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys [2012/07/13 07:02:15 | 000,148,520 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys [2012/07/13 07:02:15 | 000,103,464 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys [2012/07/12 22:43:10 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingf-secure [2012/07/12 22:42:53 | 000,000,000 | ---D | C] -- F:ProgramDataF-Secure [2012/07/12 22:23:42 | 000,014,664 | ---- | C] (McAfee, Inc.) -- F:Windowsstinger.sys [2012/07/12 22:22:14 | 000,000,000 | ---D | C] -- F:Program Filesstinger [2012/07/12 11:18:32 | 000,206,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys [2012/07/11 19:25:56 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopWEDDIN SONG JULY 15 [2012/07/11 05:43:36 | 000,000,000 | ---D | C] -- F:Program FilesReal [2012/07/10 20:45:16 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopnew riddim & cover april 30 [2012/07/07 16:16:44 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopsamplesforkingcd [2012/07/07 13:28:51 | 000,000,000 | ---D | C] -- F:Program FilesNewAgeDesign [2010/10/23 05:00:39 | 000,047,360 | ---- | C] (VSO Software) -- F:UsersTTArmstrongAppDataRoamingpcouffin.sys ========== Files - Modified Within 30 Days ========== [2012/08/01 08:47:15 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/01 08:47:15 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/01 08:42:27 | 000,000,830 | ---- | M] () -- F:WindowstasksAdobe Flash Player Updater.job [2012/08/01 08:42:26 | 000,000,932 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001UA.job [2012/08/01 08:42:26 | 000,000,896 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineUA.job [2012/08/01 08:42:15 | 000,067,584 | --S- | M] () -- F:Windowsbootstat.dat [2012/07/31 21:00:59 | 000,626,486 | ---- | M] () -- F:WindowsSystem32perfh009.dat [2012/07/31 21:00:59 | 000,107,730 | ---- | M] () -- F:WindowsSystem32perfc009.dat [2012/07/31 20:53:50 | 000,000,892 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineCore.job [2012/07/31 20:53:41 | 000,065,536 | ---- | M] () -- F:WindowsSystem32Ikeext.etl [2012/07/31 20:53:28 | 1601,097,728 | -HS- | M] () -- F:hiberfil.sys [2012/07/31 08:58:45 | 000,003,232 | ---- | M] () -- F:UsersTTArmstrongDesktopmed.jpg [2012/07/31 08:14:02 | 000,001,057 | ---- | M] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml [2012/07/30 20:47:34 | 018,282,540 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj009.wav [2012/07/30 20:45:51 | 029,122,604 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj008.wav [2012/07/30 20:43:05 | 036,538,412 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj007.wav [2012/07/30 20:39:38 | 045,281,324 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj006.wav [2012/07/30 20:35:22 | 036,782,124 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj005.wav [2012/07/30 20:31:53 | 035,053,612 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj004.wav [2012/07/30 20:28:34 | 027,793,452 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj003.wav [2012/07/30 20:25:57 | 052,572,204 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj002.wav [2012/07/30 20:20:59 | 035,688,492 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj001.wav [2012/07/30 20:17:37 | 047,814,700 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj000.wav [2012/07/30 19:31:56 | 038,260,780 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj005.wav [2012/07/30 19:28:19 | 022,362,156 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj004.wav [2012/07/30 19:26:12 | 035,506,220 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj003.wav [2012/07/30 19:22:51 | 053,954,604 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj002.wav [2012/07/30 19:17:45 | 031,518,764 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj001.wav [2012/07/30 19:14:46 | 062,074,924 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj000.wav [2012/07/30 19:00:48 | 000,067,072 | ---- | M] () -- F:UsersTTArmstrongDesktopFuture Pluto Mixtape.jwl [2012/07/30 18:48:06 | 000,099,328 | ---- | M] () -- F:UsersTTArmstrongDesktopDJ SMALL RNB 12 SUPER JAY 124.jwl [2012/07/30 18:35:24 | 000,042,496 | ---- | M] () -- F:UsersTTArmstrongDesktopDJ Black Reggae Mix best of 2011 Mixtape.jwl [2012/07/30 18:24:56 | 000,091,648 | ---- | M] () -- F:UsersTTArmstrongDesktopdj scream dj smallz.jwl [2012/07/30 17:08:01 | 000,000,880 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001Core.job [2012/07/30 15:34:21 | 000,045,070 | ---- | M] () -- F:UsersTTArmstrongDesktop215276_10150168504124133_4115803_n.jpg [2012/07/30 06:41:02 | 004,339,756 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj008.wav [2012/07/30 06:40:37 | 024,279,084 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj007.wav [2012/07/30 06:38:20 | 024,641,580 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj006.wav [2012/07/30 06:36:00 | 030,982,188 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj005.wav [2012/07/30 06:33:04 | 042,895,404 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj004.wav [2012/07/30 06:29:01 | 033,499,180 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj003.wav [2012/07/30 06:25:51 | 025,878,572 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj002.wav [2012/07/30 06:23:24 | 025,231,404 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj001.wav [2012/07/30 06:21:01 | 034,054,188 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj000.wav [2012/07/30 06:03:32 | 000,006,656 | ---- | M] () -- F:UsersTTArmstrongDesktopsoca.jwl [2012/07/30 04:24:19 | 000,165,376 | ---- | M] () -- F:UsersTTArmstrongDesktopThe Tall Man.jwl [2012/07/30 04:21:25 | 000,107,335 | ---- | M] () -- F:UsersTTArmstrongDesktop56056892538297718450.jpg [2012/07/30 04:21:15 | 001,498,112 | ---- | M] () -- F:UsersTTArmstrongDesktopCole Younger & The Black Train.jwl [2012/07/30 04:17:30 | 000,165,376 | ---- | M] () -- F:UsersTTArmstrongDesktopHeadhunters.jwl [2012/07/30 04:13:20 | 000,122,880 | ---- | M] () -- F:UsersTTArmstrongDesktopAirborne.jwl [2012/07/30 04:10:34 | 000,129,024 | ---- | M] () -- F:UsersTTArmstrongDesktopSiones 2 Unfinished Business.jwl [2012/07/30 04:07:27 | 000,040,448 | ---- | M] () -- F:UsersTTArmstrongDesktopCellular.jwl [2012/07/30 04:02:38 | 000,052,224 | ---- | M] () -- F:UsersTTArmstrongDesktopLizzie.jwl [2012/07/29 04:17:53 | 000,105,601 | ---- | M] () -- F:UsersTTArmstrongDesktop523955_3764822717353_643435299_n.jpg [2012/07/28 22:19:26 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerApp.exe [2012/07/28 22:19:26 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerCPLApp.cpl [2012/07/28 22:19:24 | 009,821,896 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerInstaller.exe [2012/07/26 18:47:24 | 000,443,084 | R--- | M] () -- F:WindowsSystem32driversetchosts [2012/07/26 18:44:57 | 000,443,084 | R--- | M] () -- F:WindowsSystem32driversetchosts.20120726-184724.backup [2012/07/26 18:41:05 | 000,001,251 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk [2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe [2012/07/26 11:35:48 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys [2012/07/26 11:35:48 | 000,131,344 | ---- | M] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys [2012/07/26 11:09:24 | 000,003,221 | ---- | M] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk [2012/07/26 08:23:41 | 000,000,027 | ---- | M] () -- F:WindowsSystem32driversetchosts.20120726-184457.backup [2012/07/26 08:04:12 | 004,721,680 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe [2012/07/23 12:51:42 | 000,462,152 | ---- | M] () -- F:WindowsSystem32FNTCACHE.DAT [2012/07/23 12:50:26 | 000,000,000 | ---- | M] () -- F:ProgramData0x0304A000.sfl [2012/07/22 21:39:21 | 000,000,758 | ---- | M] () -- F:UsersPublicDesktopPale Moon.lnk [2012/07/22 21:05:36 | 000,001,952 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchPale Moon.lnk [2012/07/19 23:16:58 | 000,607,260 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr [2012/07/18 04:31:41 | 051,150,892 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav [2012/07/18 04:26:51 | 022,272,044 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav [2012/07/18 04:24:45 | 028,700,716 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav [2012/07/18 04:22:02 | 027,181,100 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav [2012/07/18 04:19:28 | 035,190,828 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav [2012/07/18 04:16:09 | 040,550,444 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav [2012/07/18 04:12:19 | 031,346,732 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav [2012/07/18 04:09:21 | 045,740,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav [2012/07/18 04:05:02 | 052,380,232 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav [2012/07/18 04:00:01 | 020,090,924 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav [2012/07/18 03:58:07 | 029,100,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav [2012/07/18 03:18:29 | 000,002,141 | ---- | M] () -- F:Windowsepplauncher.mif [2012/07/16 17:27:15 | 000,052,001 | ---- | M] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg [2012/07/14 08:45:02 | 000,000,939 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk [2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys [2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys [2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys [2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys [2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys [2012/07/12 23:01:43 | 000,281,862 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalcensus.cache [2012/07/12 23:01:22 | 000,158,340 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalars.cache [2012/07/12 22:53:41 | 000,000,036 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache [2012/07/12 22:23:42 | 000,014,664 | ---- | M] (McAfee, Inc.) -- F:Windowsstinger.sys [2012/07/12 22:23:03 | 000,000,045 | RH-- | M] () -- F:UsersTTArmstrongDesktopstinger.opt [2012/07/12 22:06:02 | 000,001,078 | ---- | M] () -- F:UsersPublicDesktopMalwarebytes Anti-Malware.lnk [2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys [2012/07/08 18:36:53 | 002,616,633 | ---- | M] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3 [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- F:WindowsSystem32driversmbam.sys [2012/07/02 16:51:55 | 000,041,909 | ---- | M] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg ========== Files Created - No Company Name ========== [2012/07/31 08:59:11 | 000,003,232 | ---- | C] () -- F:UsersTTArmstrongDesktopmed.jpg [2012/07/30 20:45:51 | 018,282,540 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj009.wav [2012/07/30 20:43:05 | 029,122,604 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj008.wav [2012/07/30 20:39:38 | 036,538,412 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj007.wav [2012/07/30 20:35:22 | 045,281,324 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj006.wav [2012/07/30 20:31:53 | 036,782,124 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj005.wav [2012/07/30 20:28:34 | 035,053,612 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj004.wav [2012/07/30 20:25:57 | 027,793,452 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj003.wav [2012/07/30 20:20:59 | 052,572,204 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj002.wav [2012/07/30 20:17:37 | 035,688,492 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj001.wav [2012/07/30 20:13:05 | 047,814,700 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj000.wav [2012/07/30 19:28:19 | 038,260,780 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj005.wav [2012/07/30 19:26:12 | 022,362,156 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj004.wav [2012/07/30 19:22:51 | 035,506,220 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj003.wav [2012/07/30 19:17:45 | 053,954,604 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj002.wav [2012/07/30 19:14:46 | 031,518,764 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj001.wav [2012/07/30 19:08:54 | 062,074,924 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj000.wav [2012/07/30 19:00:48 | 000,067,072 | ---- | C] () -- F:UsersTTArmstrongDesktopFuture Pluto Mixtape.jwl [2012/07/30 18:48:06 | 000,099,328 | ---- | C] () -- F:UsersTTArmstrongDesktopDJ SMALL RNB 12 SUPER JAY 124.jwl [2012/07/30 18:35:24 | 000,042,496 | ---- | C] () -- F:UsersTTArmstrongDesktopDJ Black Reggae Mix best of 2011 Mixtape.jwl [2012/07/30 18:24:56 | 000,091,648 | ---- | C] () -- F:UsersTTArmstrongDesktopdj scream dj smallz.jwl [2012/07/30 15:34:26 | 000,045,070 | ---- | C] () -- F:UsersTTArmstrongDesktop215276_10150168504124133_4115803_n.jpg [2012/07/30 06:40:37 | 004,339,756 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj008.wav [2012/07/30 06:38:20 | 024,279,084 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj007.wav [2012/07/30 06:36:00 | 024,641,580 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj006.wav [2012/07/30 06:33:04 | 030,982,188 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj005.wav [2012/07/30 06:29:01 | 042,895,404 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj004.wav [2012/07/30 06:25:51 | 033,499,180 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj003.wav [2012/07/30 06:23:24 | 025,878,572 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj002.wav [2012/07/30 06:21:01 | 025,231,404 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj001.wav [2012/07/30 06:17:48 | 034,054,188 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj000.wav [2012/07/30 06:03:32 | 000,006,656 | ---- | C] () -- F:UsersTTArmstrongDesktopsoca.jwl [2012/07/30 04:24:19 | 000,165,376 | ---- | C] () -- F:UsersTTArmstrongDesktopThe Tall Man.jwl [2012/07/30 04:21:27 | 000,107,335 | ---- | C] () -- F:UsersTTArmstrongDesktop56056892538297718450.jpg [2012/07/30 04:21:14 | 001,498,112 | ---- | C] () -- F:UsersTTArmstrongDesktopCole Younger & The Black Train.jwl [2012/07/30 04:17:29 | 000,165,376 | ---- | C] () -- F:UsersTTArmstrongDesktopHeadhunters.jwl [2012/07/30 04:13:20 | 000,122,880 | ---- | C] () -- F:UsersTTArmstrongDesktopAirborne.jwl [2012/07/30 04:10:34 | 000,129,024 | ---- | C] () -- F:UsersTTArmstrongDesktopSiones 2 Unfinished Business.jwl [2012/07/30 04:07:27 | 000,040,448 | ---- | C] () -- F:UsersTTArmstrongDesktopCellular.jwl [2012/07/30 04:02:38 | 000,052,224 | ---- | C] () -- F:UsersTTArmstrongDesktopLizzie.jwl [2012/07/29 04:18:00 | 000,105,601 | ---- | C] () -- F:UsersTTArmstrongDesktop523955_3764822717353_643435299_n.jpg [2012/07/26 18:41:05 | 000,001,251 | ---- | C] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk [2012/07/26 11:09:24 | 000,003,221 | ---- | C] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk [2012/07/23 12:50:26 | 000,000,000 | ---- | C] () -- F:ProgramData0x0304A000.sfl [2012/07/22 21:05:37 | 000,000,770 | ---- | C] () -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPale Moon.lnk [2012/07/22 21:05:37 | 000,000,758 | ---- | C] () -- F:UsersPublicDesktopPale Moon.lnk [2012/07/22 19:49:13 | 000,256,000 | ---- | C] () -- F:WindowsPEV.exe [2012/07/22 19:49:13 | 000,208,896 | ---- | C] () -- F:WindowsMBR.exe [2012/07/22 19:49:13 | 000,098,816 | ---- | C] () -- F:Windowssed.exe [2012/07/22 19:49:13 | 000,080,412 | ---- | C] () -- F:Windowsgrep.exe [2012/07/22 19:49:13 | 000,068,096 | ---- | C] () -- F:Windowszip.exe [2012/07/18 04:26:51 | 051,150,892 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav [2012/07/18 04:24:45 | 022,272,044 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav [2012/07/18 04:22:02 | 028,700,716 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav [2012/07/18 04:19:28 | 027,181,100 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav [2012/07/18 04:16:09 | 035,190,828 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav [2012/07/18 04:12:19 | 040,550,444 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav [2012/07/18 04:09:21 | 031,346,732 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav [2012/07/18 04:05:02 | 045,740,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav [2012/07/17 20:12:11 | 000,002,141 | ---- | C] () -- F:Windowsepplauncher.mif [2012/07/16 17:27:26 | 000,052,001 | ---- | C] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg [2012/07/14 08:45:02 | 000,000,939 | ---- | C] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk [2012/07/13 09:18:58 | 052,380,232 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav [2012/07/13 09:11:36 | 020,090,924 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav [2012/07/13 08:44:28 | 029,100,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav [2012/07/12 23:01:43 | 000,281,862 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalcensus.cache [2012/07/12 23:01:22 | 000,158,340 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalars.cache [2012/07/12 22:53:41 | 000,000,036 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache [2012/07/12 22:22:19 | 000,000,045 | RH-- | C] () -- F:UsersTTArmstrongDesktopstinger.opt [2012/07/08 18:32:23 | 002,616,633 | ---- | C] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3 [2012/07/08 06:41:30 | 005,213,752 | ---- | C] () -- F:UsersTTArmstrongDesktopShana Wilson Press In Your Presence.mp3 [2012/07/08 06:39:47 | 004,589,338 | ---- | C] () -- F:UsersTTArmstrongDesktopGo Get It.mp3 [2012/07/07 17:36:45 | 000,213,141 | R--- | C] () -- F:UsersTTArmstrongDesktop00-sanchez-best_of_sanchez_(dj_rondon)-bootleg-cd-2006-spliff.jpg [2012/07/02 16:51:55 | 000,041,909 | ---- | C] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg [2012/03/26 11:55:00 | 000,147,456 | ---- | C] () -- F:WindowsSystem32DiagFunc.dll [2012/03/26 11:55:00 | 000,000,451 | ---- | C] () -- F:WindowsSystem32DiagFunc.ini [2012/03/07 19:24:25 | 000,116,224 | ---- | C] () -- F:WindowsSystem32redmonnt.dll [2012/03/07 19:24:25 | 000,045,056 | ---- | C] () -- F:WindowsSystem32unredmon.exe [2012/02/16 06:21:03 | 000,032,768 | ---- | C] () -- F:WindowsSystem32driverssp_rsdrv2.sys [2011/11/17 08:53:51 | 000,003,284 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingANIWZCS{A21875C3-23CF-4FF2-ACA3-6B9A1DE459D5} [2011/11/17 08:50:28 | 000,012,800 | ---- | C] () -- F:WindowsSystem32driversanodlwf.sys [2011/11/17 08:50:27 | 000,014,051 | ---- | C] () -- F:WindowsSystem32RaCoInst.dat [2011/11/09 19:55:48 | 000,000,566 | ---- | C] () -- F:WindowsSystem32SP7302.INI [2011/07/27 08:53:38 | 000,000,000 | ---- | C] () -- F:UsersTTArmstrongAppDataLocal{DEB393EC-9D07-4AAF-B6DE-442513357526} [2011/03/24 22:02:01 | 000,029,008 | ---- | C] () -- F:WindowsSystem32SmartDefragBootTime.exe [2011/03/24 22:02:01 | 000,016,184 | ---- | C] () -- F:WindowsSystem32drivers
  8. luluhifi

    Trojans win32 Sirefef!E2 & E1

    F:QooboxQuarantineFWindowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U000000cb.@.vir Win32/Conedex.E trojan cleaned by deleting - quarantined Make sure that the option to "Remove Found Threats" is UN checked. i miss doin this before the scan sorry ESET
  9. luluhifi

    Trojans win32 Sirefef!E2 & E1

    The system is running much better now and only one thing seem funny to me is that in a idle state my CPU is bouncing between 50% -60% Eset in next post.
  10. luluhifi

    Trojans win32 Sirefef!E2 & E1

    Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.31.13 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 TTArmstrong :: TTARMSTRONG-PC [administrator] 7/31/2012 7:47:54 PM mbam-log-2012-07-31 (19-47-54).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206811 Time elapsed: 4 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  11. luluhifi

    Trojans win32 Sirefef!E2 & E1

    I run the ESET Scan yesturday before post #32 and this is what the log is>>i will run both scan again posted in #32 and post log F:Program FilesLoarisTrojan Remover 1.2ltr12.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined F:QooboxQuarantineFWindowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U00000004.@.vir Win32/Conedex.D trojan cleaned by deleting - quarantined F:QooboxQuarantineFWindowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U80000000.@.vir a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined F:QooboxQuarantineFWindowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U80000032.@.vir a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined F:QooboxQuarantineFWindowsSystem32services.exe.vir Win32/Sirefef.FC trojan deleted - quarantined F:_OTLMovedFiles07292012_205844F_ProgramDataMicrosoftWindowsDRMD27B.tmp a variant of Win32/Kryptik.AITT trojan cleaned by deleting - quarantined
  12. luluhifi

    Trojans win32 Sirefef!E2 & E1

    [2011/11/17 08:50:28 | 000,012,800 | ---- | C] () -- F:WindowsSystem32driversanodlwf.sys [2011/11/17 08:50:27 | 000,014,051 | ---- | C] () -- F:WindowsSystem32RaCoInst.dat [2011/11/09 19:55:48 | 000,000,566 | ---- | C] () -- F:WindowsSystem32SP7302.INI [2011/07/27 08:53:38 | 000,000,000 | ---- | C] () -- F:UsersTTArmstrongAppDataLocal{DEB393EC-9D07-4AAF-B6DE-442513357526} [2011/03/24 22:02:01 | 000,029,008 | ---- | C] () -- F:WindowsSystem32SmartDefragBootTime.exe [2011/03/24 22:02:01 | 000,016,184 | ---- | C] () -- F:WindowsSystem32driversSmartDefragDriver.sys [2011/01/30 05:30:55 | 000,084,480 | ---- | C] () -- F:WindowsSystem32ff_vfw.dll [2011/01/29 13:02:14 | 000,003,884 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingdvdae.config [2010/11/14 06:08:43 | 000,001,378 | ---- | C] () -- F:WindowsSystem32SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat [2010/10/23 20:04:09 | 000,130,048 | ---- | C] () -- F:WindowsSystem32SpoonUninstall.exe [2010/10/23 05:02:04 | 000,001,057 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml [2010/10/23 05:00:39 | 000,087,608 | ---- | C] () -- F:UsersTTArmstrongAppDataRoaminginst.exe [2010/10/23 05:00:39 | 000,007,887 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.cat [2010/10/23 05:00:39 | 000,001,144 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.inf [2010/10/16 13:33:30 | 000,308,624 | ---- | C] () -- F:WindowsSystem32brcmbsp.dll [2010/10/16 13:33:30 | 000,206,216 | ---- | C] () -- F:WindowsSystem32bipbsp.dll [2010/10/16 13:31:49 | 000,080,368 | ---- | C] () -- F:WindowsSystem32pbadrvdll.dll [2010/09/30 17:07:06 | 000,000,376 | ---- | C] () -- F:WindowsODBC.INI [2010/09/30 00:22:17 | 001,474,832 | ---- | C] () -- F:WindowsSystem32driverssfi.dat [2010/09/30 00:19:12 | 001,724,416 | ---- | C] () -- F:WindowsSystem32nvwdmcpl.dll [2010/09/30 00:19:12 | 001,657,376 | ---- | C] () -- F:WindowsSystem32nwiz.exe [2010/09/30 00:19:12 | 001,507,328 | ---- | C] () -- F:WindowsSystem32nView.dll [2010/09/30 00:19:12 | 001,101,824 | ---- | C] () -- F:WindowsSystem32nvwimg.dll [2010/09/30 00:19:12 | 000,466,944 | ---- | C] () -- F:WindowsSystem32nvShell.dll [2010/09/30 00:19:12 | 000,449,056 | ---- | C] () -- F:WindowsSystem32nvAppBar.exe [2010/09/30 00:19:12 | 000,267,296 | ---- | C] () -- F:WindowsSystem32nvTaskbar.exe ========== LOP Check ========== [2011/08/13 15:53:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingApowersoft [2010/10/23 09:09:08 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBackTalk [2012/07/22 18:25:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBitTorrent [2010/10/23 20:17:56 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingdBpoweramp [2010/10/02 11:17:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDisk Cleaner [2012/02/01 23:36:24 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDVDFab [2012/07/12 22:43:10 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingf-secure [2011/05/22 13:07:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingFDRLab [2011/08/24 17:01:40 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingImgBurn [2011/10/06 23:15:21 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingIObit [2011/04/20 16:26:24 | 000,000,000 | RHSD | M] -- F:UsersTTArmstrongAppDataRoamingJava [2010/10/17 21:57:31 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingMoonchild Productions [2012/04/04 22:53:16 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingPanda Security [2011/10/30 07:10:05 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingSystemRequirementsLab [2011/06/03 07:03:42 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingUpdater [2012/07/28 09:25:40 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingVso [2012/06/23 07:47:39 | 000,032,606 | ---- | M] () -- F:WindowsTasksSCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %systemroot%*. /rp /s > < MD5 for: EXPLORER.EXE > [2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fcexplorer.exe [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430explorer.exe [2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373explorer.exe [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1explorer.exe [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cefexplorer.exe [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87caexplorer.exe [2011/05/15 02:53:30 | 007,012,752 | ---- | M] () MD5=497144C537E73165F7A39C24CC29510C -- F:UsersTTArmstrongAppDataRoamingUpdaterexplorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowserdntcacheexplorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowsexplorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84explorer.exe [2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6explorer.exe [2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878explorer.exe [2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691explorer.exe < MD5 for: SVCHOST.EXE > [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:Windowserdntcachesvchost.exe [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:WindowsSystem32svchost.exe [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356svchost.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- F:Program FilesMalwarebytes' Anti-MalwareChameleonsvchost.exe < MD5 for: USERINIT.EXE > [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:Windowserdntcacheuserinit.exe [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:WindowsSystem32userinit.exe [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116userinit.exe [2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7cuserinit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177winlogon.exe [2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2winlogon.exe [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:Windowserdntcachewinlogon.exe [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:WindowsSystem32winlogon.exe [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500winlogon.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- F:Program FilesMalwarebytes' Anti-MalwareChameleonwinlogon.exe [2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166winlogon.exe < End of report > YEA this is the part
  13. luluhifi

    Trojans win32 Sirefef!E2 & E1

    OTL logfile created on: 7/30/2012 9:57:44 PM - Run 2 OTL by OldTimer - Version 3.2.54.1 Folder = F:UsersTTArmstrongDesktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.66% Memory free 3.98 Gb Paging File | 2.34 Gb Available in Paging File | 58.92% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = F: | %SystemRoot% = F:Windows | %ProgramFiles% = F:Program Files Drive C: | 58.93 Gb Total Space | 6.95 Gb Free Space | 11.79% Space Free | Partition Type: NTFS Drive E: | 39.71 Gb Total Space | 29.45 Gb Free Space | 74.16% Space Free | Partition Type: NTFS Drive F: | 50.14 Gb Total Space | 8.77 Gb Free Space | 17.49% Space Free | Partition Type: NTFS Computer Name: TTARMSTRONG-PC | User Name: TTArmstrong | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe PRC - [2012/07/13 07:15:56 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe PRC - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe PRC - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe PRC - [2012/06/29 13:38:24 | 003,069,752 | ---- | M] (Emsisoft GmbH) -- F:Program FilesEmsisoft Anti-Malwarea2service.exe PRC - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe PRC - [2012/03/11 21:13:02 | 006,749,512 | ---- | M] (COMODO) -- F:Program FilesCOMODOCOMODO Internet Securitycfp.exe PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIpsia.exe PRC - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIsua.exe PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- F:Program FilesSUPERAntiSpywareSASCore.exe PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- F:Windowsexplorer.exe PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFTray.exe PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFService.exe PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- F:WindowsSystem32taskhost.exe PRC - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe PRC - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe PRC - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- F:Program FilesNeroUpdateNASvc.exe PRC - [2010/03/24 12:16:02 | 029,373,736 | ---- | M] (Nero AG) -- F:Program FilesNeroNero 10Nero ExpressNeroExpress.exe PRC - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe PRC - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- F:Program FilesSpybot - Search & DestroyTeaTimer.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- F:Program FilesSpybot - Search & DestroySDWinSec.exe PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe ========== Modules (No Company Name) ========== MOD - [2012/07/10 00:09:00 | 000,438,296 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppgooglenaclpluginchrome.dll MOD - [2012/07/10 00:08:59 | 003,972,120 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll MOD - [2012/07/10 00:07:39 | 000,554,520 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libglesv2.dll MOD - [2012/07/10 00:07:37 | 000,117,784 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libegl.dll MOD - [2012/07/10 00:07:22 | 000,140,328 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avutil-51.dll MOD - [2012/07/10 00:07:21 | 000,262,184 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avformat-54.dll MOD - [2012/07/10 00:07:19 | 002,386,984 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avcodec-54.dll MOD - [2011/11/17 08:51:58 | 000,073,728 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANPDApi.dll MOD - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe MOD - [2010/07/05 18:41:40 | 000,299,008 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless Utilitywlanapp.dll MOD - [2010/06/29 17:42:42 | 000,040,960 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.dll MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- F:Program FilesWinRARRarExt.dll MOD - [2010/03/04 13:22:14 | 000,374,056 | ---- | M] () -- F:Program FilesNeroNero 10Nero ExpressAudioPluginMgrlame_enc.dll MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- F:Program FilesMicrosoft OfficeOffice141033GrooveIntlResource.dll MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- F:Program FilesCommon Filesmicrosoft sharedOFFICE14CulturesOFFICE.ODF MOD - [2009/12/11 13:44:02 | 000,045,864 | R--- | M] () -- F:Program FilesNeroNero 10Nero ExpressBCGPOleAcc.dll MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (tgsrvc_verizondm) SRV - File not found [Auto | Running] -- F:Program FilesSpybot -- (SBSDWSCService) SRV - [2012/07/28 22:19:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:WindowsSystem32MacromedFlashFlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe -- (PSUAService) SRV - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe -- (NanoServiceMain) SRV - [2012/06/29 13:38:24 | 003,069,752 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- F:Program FilesEmsisoft Anti-Malwarea2service.exe -- (a2AntiMalware) SRV - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe -- (cmdAgent) SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe -- (AdobeARMservice) SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIpsia.exe -- (Secunia PSI Agent) SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIsua.exe -- (Secunia Update Agent) SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- F:Program FilesSUPERAntiSpywareSASCore.exe -- (!SASCORE) SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe -- (NisSrv) SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc) SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- F:Program FilesThreatFireTFService.exe -- (ThreatFire) SRV - [2010/10/01 12:50:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32WatWatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe -- (Nonbrand_WUS-N) SRV - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe -- (Nonbrand_WUS-N_WPS) SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- F:Program FilesNeroUpdateNASvc.exe -- (NAUpdate) SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft OfficeOffice14GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe -- (Credential Vault Host Control Service) SRV - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe -- (Credential Vault Host Storage) SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:Program FilesWindows DefenderMpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempCFcatchme.sys -- (CFcatchme) DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempcatchme.sys -- (catchme) DRV - [2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversPSINKNC.sys -- (PSINKNC) DRV - [2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINProt.sys -- (PSINProt) DRV - [2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINProc.sys -- (PSINProc) DRV - [2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINAflt.sys -- (PSINAflt) DRV - [2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINFile.sys -- (PSINFile) DRV - [2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSStrm.sys -- (NNSSTRM) DRV - [2012/06/29 13:37:46 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- F:Program FilesEmsisoft Anti-Malwarea2accx86.sys -- (a2acc) DRV - [2012/06/27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNStlsc.sys -- (NNSTLSC) DRV - [2012/06/27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSProt.sys -- (NNSPROT) DRV - [2012/06/27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPrv.sys -- (NNSPRV) DRV - [2012/06/27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSSmtp.sys -- (NNSSMTP) DRV - [2012/06/27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPop3.sys -- (NNSPOP3) DRV - [2012/06/27 15:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- F:WindowsSystem32driversNNSPihsw.sys -- (NNSPIHSW) DRV - [2012/06/27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSIds.sys -- (NNSIDS) DRV - [2012/06/27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSpicc.sys -- (NNSPICC) DRV - [2012/06/27 15:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- F:WindowsSystem32driversNNSNAHSL.sys -- (NNSNAHSL) DRV - [2012/06/27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSHttp.sys -- (NNSHTTP) DRV - [2012/06/27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSAlpc.sys -- (NNSALPC) DRV - [2012/03/11 21:13:38 | 000,039,640 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driverscmdhlp.sys -- (cmdHlp) DRV - [2012/03/11 21:13:36 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- F:WindowsSystem32driverscmdGuard.sys -- (cmdGuard) DRV - [2012/02/03 19:27:48 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driversinspect.sys -- (inspect) DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywaresasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywareSASKUTIL.SYS -- (SASKUTIL) DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- F:Program FilesEmsisoft Anti-Malwarea2ddax86.sys -- (A2DDA) DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversNisDrvWFP.sys -- (NisDrv) DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversMpNWMon.sys -- (MpNWMon) DRV - [2011/03/10 18:04:57 | 000,046,280 | ---- | M] (Panda Security) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversPSKMAD.sys -- (PSKMAD) DRV - [2011/02/23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- F:WindowsSystem32driversSmartDefragDriver.sys -- (SmartDefragDriver) DRV - [2011/02/22 13:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfSysMon.sys -- (TfSysMon) DRV - [2011/02/22 13:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversTfNetMon.sys -- (TfNetMon) DRV - [2011/02/22 13:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfFsMon.sys -- (TfFsMon) DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversTsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverswinusb.sys -- (WinUsb) DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- F:WindowsSystem32driverspsi_mf.sys -- (PSI) DRV - [2010/07/29 01:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversivusb.sys -- (ivusb) DRV - [2010/06/21 14:28:02 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- F:WindowsSystem32driversanodlwf.sys -- (anodlwf) DRV - [2010/05/26 21:29:42 | 000,856,928 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversnetr28u.sys -- (netr28u) DRV - [2009/11/03 16:40:42 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverscvusbdrv.sys -- (cvusbdrv) DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversvwifimp.sys -- (vwifimp) DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Stopped] -- F:WindowsSystem32driversserial.sys -- (Serial) DRV - [2009/06/16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversnvlddmkm.sys -- (nvlddmkm) DRV - [2009/06/13 01:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverse1y6232.sys -- (e1yexpress) DRV - [2009/04/03 00:25:50 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- F:WindowsSystem32driversrimmptsk.sys -- (rimmptsk) DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- F:WindowsSystem32driversPBADRV.sys -- (PBADRV) DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverswdcsam.sys -- (WDC_SAM) DRV - [2007/06/14 16:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversPAC7302.SYS -- (PAC7302) DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:Program FilesPeerGuardian2pgfilter.sys -- (pgfilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com/ IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 32 3B 56 CC 32 DD CB 01 [binary data] IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS399 IE - HKCU..SearchScopes{7DA22919-2250-49B5-B6AF-6EDF78DB766E}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110939,17118,0,18,0 IE - HKCU..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157" FF - prefs.js..extensions.enabledItems: facadazzle@atlinkcom.com:1.0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: F:Windowssystem32MacromedFlashNPSWF32_11_3_300_268.dll () FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: F:Program FilesJavajre6binplugin2npjp2.dll (Sun Microsystems, Inc.) FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/SharePoint,version=14.0: F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@mozilla.zeniko.ch/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=6.0.11.2852: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=6.0.12.1662: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKLMSoftwareMozillaPlugins@videolan.org/vlc,version=2.0.1: F:Program FilesVideoLANVLCnpvlc.dll (VideoLAN) FF - HKLMSoftwareMozillaPluginsAdobe Reader: F:Program FilesAdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.) FF - HKCUSoftwareMozillaPlugins@mozilla.zeniko.ch/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsComponents: F:Program FilesPale Mooncomponents [2012/07/22 21:39:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsPlugins: F:Program FilesPale Moonplugins [2012/07/22 21:04:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensions{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: F:Program FilesPriceGong2.1.0FF [2012/02/15 13:45:42 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaExtensions [2012/07/29 20:58:45 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensions [2012/07/29 20:58:45 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfiles0extensions [2012/02/15 09:13:57 | 000,000,000 | ---D | M] (No name found) -- F:Program FilesMozilla Firefoxextensions [2011/07/07 09:43:57 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011/10/24 01:58:25 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2012/02/26 15:32:27 | 000,000,000 | ---D | M] (PageFont) -- F:USERSTTARMSTRONGAPPDATAROAMINGMOONCHILD PRODUCTIONSPALE MOONPROFILES7WJJ87FK.DEFAULTEXTENSIONSFACADAZZLE@ATLINKCOM.COM ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll CHR - plugin: Shockwave Flash (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataPepperFlash11.2.31.144pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = F:Windowssystem32MacromedFlashNPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Disabled) = F:Program FilesAdobeReader 10.0ReaderBrowsernppdf32.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnprpjplug.dll CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = F:Program FilesGoogleUpdate1.3.21.111npGoogleUpdate3.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = F:Program FilesJavajre6binplugin2npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll CHR - plugin: VLC Web Plugin (Enabled) = F:Program FilesVideoLANVLCnpvlc.dll CHR - Extension: YouTube = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0 CHR - Extension: Google Search = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0 CHR - Extension: Gmail = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0 O1 HOSTS File: ([2012/07/26 18:47:24 | 000,443,084 | R--- | M]) - F:WindowsSystem32driversetchosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15245 more lines... O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:Program FilesSpywareGuarddlprotect.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:Program FilesJavajre6binssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:Program FilesMicrosoft OfficeOffice14URLREDIR.DLL (Microsoft Corporation) O3 - HKLM..Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation) O3 - HKLM..Toolbar: (no name) - InprocServer32 - No CLSID value found. O4 - HKLM..Run: [burnStudio] F:Program FilesMagic Burning Studiombs.exe (MagicVideoSoftware Inc.) O4 - HKLM..Run: [COMODO Internet Security] F:Program FilesCOMODOCOMODO Internet Securitycfp.exe (COMODO) O4 - HKLM..Run: [KEEBOX 150N Wireless Utility] F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe () O4 - HKLM..Run: [PSUAMain] F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe (Panda Security, S.L.) O4 - HKLM..Run: [sonneDVDCreator] F:Program FilesMagic Burning StudioDVDCreator.exe (MagicVideoSoftware Inc.) O4 - HKLM..Run: [ThreatFire] F:Program FilesThreatFireTFTray.exe (PC Tools) O4 - HKCU..Run: [spybotSD TeaTimer] F:Program FilesSpybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSpywareGuard.lnk = F:Program FilesSpywareGuardsgmain.exe () O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLinkedConnections = 1 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - F:Program FilesMicrosoft OfficeOffice14EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.254.254 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10}: DhcpNameServer = 192.168.254.254 O18 - ProtocolHandlervnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation) O20 - AppInit_DLLs: (F:WindowsSystem32guard32.dll) - F:WindowsSystem32guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:Windowsexplorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (F:Windowssystem32userinit.exe) - F:WindowsSystem32userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:WindowsSystem32SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - WinlogonNotify!SASWinLogon: DllName - (F:Program FilesSUPERAntiSpywareSASWINLO.DLL) - F:Program FilesSUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:Program FilesSUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - F:Program FilesSpywareGuardspywareguard.dll () O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - F:autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM..comfile [open] -- "%1" %* O35 - HKLM..exefile [open] -- "%1" %* O37 - HKLM...com [@ = ComFile] -- "%1" %* O37 - HKLM...exe [@ = exefile] -- "%1" %* O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystemsWindows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/30 06:11:06 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopSOUND EFFECTS2 [2012/07/30 06:08:44 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopKINGVIPER VDJ AUG [2012/07/29 21:00:35 | 000,046,280 | ---- | C] (Panda Security) -- F:WindowsSystem32driversPSKMAD.sys [2012/07/29 20:58:44 | 000,000,000 | ---D | C] -- F:_OTL [2012/07/29 03:38:00 | 000,000,000 | ---D | C] -- F:ProgramDataKaspersky Lab [2012/07/28 22:19:24 | 009,821,896 | ---- | C] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerInstaller.exe [2012/07/26 18:41:04 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy [2012/07/26 18:40:41 | 000,000,000 | ---D | C] -- F:ProgramDataSpybot - Search & Destroy [2012/07/26 18:40:41 | 000,000,000 | ---D | C] -- F:Program FilesSpybot - Search & Destroy [2012/07/26 15:02:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe [2012/07/26 11:35:48 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys [2012/07/26 11:35:48 | 000,131,344 | ---- | C] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys [2012/07/26 11:09:33 | 000,000,000 | ---D | C] -- F:ProgramDataSophos [2012/07/26 11:09:24 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsSophos [2012/07/26 11:09:20 | 000,000,000 | ---D | C] -- F:Program FilesSophos [2012/07/26 08:29:29 | 000,000,000 | -HSD | C] -- F:$RECYCLE.BIN [2012/07/23 12:49:13 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPanda Cloud Antivirus [2012/07/22 20:02:33 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataLocaltemp [2012/07/22 19:49:13 | 000,518,144 | ---- | C] (SteelWerX) -- F:WindowsSWREG.exe [2012/07/22 19:49:13 | 000,406,528 | ---- | C] (SteelWerX) -- F:WindowsSWSC.exe [2012/07/22 19:49:13 | 000,060,416 | ---- | C] (NirSoft) -- F:WindowsNIRCMD.exe [2012/07/22 18:59:15 | 000,000,000 | ---D | C] -- F:Windowserdnt [2012/07/22 18:56:03 | 004,721,680 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe [2012/07/22 18:32:51 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopdvdmoviecover [2012/07/22 09:33:06 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopHIPHOP [2012/07/21 14:16:19 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoporignal dance [2012/07/21 13:20:04 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopwedding songs [2012/07/19 23:17:06 | 000,607,260 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr [2012/07/18 11:34:09 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoprockerz2 joe gibbs [2012/07/18 03:21:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32mshtml.tlb [2012/07/18 03:21:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieui.dll [2012/07/18 03:21:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieUnatt.exe [2012/07/18 03:21:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jsproxy.dll [2012/07/18 03:21:38 | 001,800,192 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jscript9.dll [2012/07/18 03:21:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32url.dll [2012/07/18 03:21:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32inetcpl.cpl [2012/07/18 03:18:31 | 002,345,984 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32win32k.sys [2012/07/17 21:26:03 | 000,000,000 | ---D | C] -- F:VritualRoot [2012/07/17 20:17:45 | 000,219,136 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ncrypt.dll [2012/07/17 20:17:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32msxml3r.dll [2012/07/17 20:17:41 | 000,805,376 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32cdosys.dll [2012/07/17 20:13:11 | 002,422,272 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wucltux.dll [2012/07/17 20:13:11 | 000,045,080 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups2.dll [2012/07/17 20:12:59 | 000,577,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapi.dll [2012/07/17 20:12:59 | 000,088,576 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wudriver.dll [2012/07/17 20:12:59 | 000,035,864 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups.dll [2012/07/17 20:12:50 | 000,171,904 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuwebv.dll [2012/07/17 20:12:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapp.exe [2012/07/17 20:11:47 | 000,000,000 | ---D | C] -- F:Program FilesMicrosoft Security Client [2012/07/14 08:45:02 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsThreatFire [2012/07/14 08:45:01 | 000,069,392 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfSysMon.sys [2012/07/14 08:45:01 | 000,051,984 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfFsMon.sys [2012/07/14 08:45:01 | 000,033,552 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfNetMon.sys [2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:Program FilesThreatFire [2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:ProgramDataPC Tools [2012/07/13 07:02:16 | 000,174,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys [2012/07/13 07:02:16 | 000,120,872 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys [2012/07/13 07:02:16 | 000,114,216 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys [2012/07/13 07:02:15 | 000,148,520 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys [2012/07/13 07:02:15 | 000,103,464 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys [2012/07/12 22:43:10 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingf-secure [2012/07/12 22:42:53 | 000,000,000 | ---D | C] -- F:ProgramDataF-Secure [2012/07/12 22:23:42 | 000,014,664 | ---- | C] (McAfee, Inc.) -- F:Windowsstinger.sys [2012/07/12 22:22:14 | 000,000,000 | ---D | C] -- F:Program Filesstinger [2012/07/12 11:18:32 | 000,206,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys [2012/07/11 19:25:56 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopWEDDIN SONG JULY 15 [2012/07/11 05:43:36 | 000,000,000 | ---D | C] -- F:Program FilesReal [2012/07/10 20:45:16 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopnew riddim & cover april 30 [2012/07/07 16:16:44 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopsamplesforkingcd [2012/07/07 13:28:51 | 000,000,000 | ---D | C] -- F:Program FilesNewAgeDesign [2012/07/01 20:12:45 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopwowWORSHIP [2012/07/01 17:25:05 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopWOW GOSPEL MUSIC [2010/10/23 05:00:39 | 000,047,360 | ---- | C] (VSO Software) -- F:UsersTTArmstrongAppDataRoamingpcouffin.sys ========== Files - Modified Within 30 Days ========== [2012/07/30 21:40:02 | 000,000,896 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineUA.job [2012/07/30 21:17:01 | 000,000,830 | ---- | M] () -- F:WindowstasksAdobe Flash Player Updater.job [2012/07/30 21:08:00 | 000,000,932 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001UA.job [2012/07/30 20:47:34 | 018,282,540 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj009.wav [2012/07/30 20:45:51 | 029,122,604 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj008.wav [2012/07/30 20:43:05 | 036,538,412 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj007.wav [2012/07/30 20:39:38 | 045,281,324 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj006.wav [2012/07/30 20:35:22 | 036,782,124 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj005.wav [2012/07/30 20:31:53 | 035,053,612 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj004.wav [2012/07/30 20:28:34 | 027,793,452 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj003.wav [2012/07/30 20:25:57 | 052,572,204 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj002.wav [2012/07/30 20:20:59 | 035,688,492 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj001.wav [2012/07/30 20:17:37 | 047,814,700 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj000.wav [2012/07/30 19:31:56 | 038,260,780 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj005.wav [2012/07/30 19:28:19 | 022,362,156 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj004.wav [2012/07/30 19:26:12 | 035,506,220 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj003.wav [2012/07/30 19:22:51 | 053,954,604 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj002.wav [2012/07/30 19:17:45 | 031,518,764 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj001.wav [2012/07/30 19:14:46 | 062,074,924 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj000.wav [2012/07/30 19:00:48 | 000,067,072 | ---- | M] () -- F:UsersTTArmstrongDesktopFuture Pluto Mixtape.jwl [2012/07/30 18:48:06 | 000,099,328 | ---- | M] () -- F:UsersTTArmstrongDesktopDJ SMALL RNB 12 SUPER JAY 124.jwl [2012/07/30 18:35:24 | 000,042,496 | ---- | M] () -- F:UsersTTArmstrongDesktopDJ Black Reggae Mix best of 2011 Mixtape.jwl [2012/07/30 18:24:56 | 000,091,648 | ---- | M] () -- F:UsersTTArmstrongDesktopdj scream dj smallz.jwl [2012/07/30 17:08:01 | 000,000,880 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001Core.job [2012/07/30 16:38:38 | 000,067,584 | --S- | M] () -- F:Windowsbootstat.dat [2012/07/30 15:34:21 | 000,045,070 | ---- | M] () -- F:UsersTTArmstrongDesktop215276_10150168504124133_4115803_n.jpg [2012/07/30 15:24:27 | 000,000,892 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineCore.job [2012/07/30 07:04:46 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/30 07:04:46 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/30 07:04:24 | 000,626,486 | ---- | M] () -- F:WindowsSystem32perfh009.dat [2012/07/30 07:04:24 | 000,107,730 | ---- | M] () -- F:WindowsSystem32perfc009.dat [2012/07/30 06:57:12 | 000,065,536 | ---- | M] () -- F:WindowsSystem32Ikeext.etl [2012/07/30 06:56:58 | 1601,097,728 | -HS- | M] () -- F:hiberfil.sys [2012/07/30 06:41:02 | 004,339,756 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj008.wav [2012/07/30 06:40:37 | 024,279,084 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj007.wav [2012/07/30 06:38:20 | 024,641,580 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj006.wav [2012/07/30 06:36:00 | 030,982,188 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj005.wav [2012/07/30 06:33:04 | 042,895,404 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj004.wav [2012/07/30 06:29:01 | 033,499,180 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj003.wav [2012/07/30 06:25:51 | 025,878,572 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj002.wav [2012/07/30 06:23:24 | 025,231,404 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj001.wav [2012/07/30 06:21:01 | 034,054,188 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj000.wav [2012/07/30 04:24:19 | 000,165,376 | ---- | M] () -- F:UsersTTArmstrongDesktopThe Tall Man.jwl [2012/07/30 04:21:25 | 000,107,335 | ---- | M] () -- F:UsersTTArmstrongDesktop56056892538297718450.jpg [2012/07/30 04:21:15 | 001,498,112 | ---- | M] () -- F:UsersTTArmstrongDesktopCole Younger & The Black Train.jwl [2012/07/30 04:17:30 | 000,165,376 | ---- | M] () -- F:UsersTTArmstrongDesktopHeadhunters.jwl [2012/07/30 04:13:20 | 000,122,880 | ---- | M] () -- F:UsersTTArmstrongDesktopAirborne.jwl [2012/07/30 04:10:34 | 000,129,024 | ---- | M] () -- F:UsersTTArmstrongDesktopSiones 2 Unfinished Business.jwl [2012/07/30 04:07:27 | 000,040,448 | ---- | M] () -- F:UsersTTArmstrongDesktopCellular.jwl [2012/07/30 04:02:38 | 000,052,224 | ---- | M] () -- F:UsersTTArmstrongDesktopLizzie.jwl [2012/07/29 04:17:53 | 000,105,601 | ---- | M] () -- F:UsersTTArmstrongDesktop523955_3764822717353_643435299_n.jpg [2012/07/28 22:19:26 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerApp.exe [2012/07/28 22:19:26 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerCPLApp.cpl [2012/07/28 22:19:24 | 009,821,896 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerInstaller.exe [2012/07/28 10:01:16 | 000,001,057 | ---- | M] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml [2012/07/26 18:47:24 | 000,443,084 | R--- | M] () -- F:WindowsSystem32driversetchosts [2012/07/26 18:44:57 | 000,443,084 | R--- | M] () -- F:WindowsSystem32driversetchosts.20120726-184724.backup [2012/07/26 18:41:05 | 000,001,251 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk [2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe [2012/07/26 11:35:48 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys [2012/07/26 11:35:48 | 000,131,344 | ---- | M] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys [2012/07/26 11:09:24 | 000,003,221 | ---- | M] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk [2012/07/26 08:23:41 | 000,000,027 | ---- | M] () -- F:WindowsSystem32driversetchosts.20120726-184457.backup [2012/07/26 08:04:12 | 004,721,680 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe [2012/07/23 12:51:42 | 000,462,152 | ---- | M] () -- F:WindowsSystem32FNTCACHE.DAT [2012/07/23 12:50:26 | 000,000,000 | ---- | M] () -- F:ProgramData0x0304A000.sfl [2012/07/22 21:39:21 | 000,000,758 | ---- | M] () -- F:UsersPublicDesktopPale Moon.lnk [2012/07/22 21:05:36 | 000,001,952 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchPale Moon.lnk [2012/07/19 23:16:58 | 000,607,260 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr [2012/07/18 04:31:41 | 051,150,892 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav [2012/07/18 04:26:51 | 022,272,044 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav [2012/07/18 04:24:45 | 028,700,716 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav [2012/07/18 04:22:02 | 027,181,100 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav [2012/07/18 04:19:28 | 035,190,828 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav [2012/07/18 04:16:09 | 040,550,444 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav [2012/07/18 04:12:19 | 031,346,732 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav [2012/07/18 04:09:21 | 045,740,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav [2012/07/18 04:05:02 | 052,380,232 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav [2012/07/18 04:00:01 | 020,090,924 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav [2012/07/18 03:58:07 | 029,100,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav [2012/07/18 03:18:29 | 000,002,141 | ---- | M] () -- F:Windowsepplauncher.mif [2012/07/16 17:27:15 | 000,052,001 | ---- | M] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg [2012/07/14 08:45:02 | 000,000,939 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk [2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys [2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys [2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys [2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys [2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys [2012/07/12 23:01:43 | 000,281,862 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalcensus.cache [2012/07/12 23:01:22 | 000,158,340 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalars.cache [2012/07/12 22:53:41 | 000,000,036 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache [2012/07/12 22:23:42 | 000,014,664 | ---- | M] (McAfee, Inc.) -- F:Windowsstinger.sys [2012/07/12 22:23:03 | 000,000,045 | RH-- | M] () -- F:UsersTTArmstrongDesktopstinger.opt [2012/07/12 22:06:02 | 000,001,078 | ---- | M] () -- F:UsersPublicDesktopMalwarebytes Anti-Malware.lnk [2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys [2012/07/08 18:36:53 | 002,616,633 | ---- | M] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3 [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- F:WindowsSystem32driversmbam.sys [2012/07/02 16:51:55 | 000,041,909 | ---- | M] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg [2012/07/01 15:35:20 | 004,589,338 | ---- | M] () -- F:UsersTTArmstrongDesktopGo Get It.mp3 ========== Files Created - No Company Name ========== [2012/07/30 20:45:51 | 018,282,540 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj009.wav [2012/07/30 20:43:05 | 029,122,604 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj008.wav [2012/07/30 20:39:38 | 036,538,412 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj007.wav [2012/07/30 20:35:22 | 045,281,324 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj006.wav [2012/07/30 20:31:53 | 036,782,124 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj005.wav [2012/07/30 20:28:34 | 035,053,612 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj004.wav [2012/07/30 20:25:57 | 027,793,452 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj003.wav [2012/07/30 20:20:59 | 052,572,204 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj002.wav [2012/07/30 20:17:37 | 035,688,492 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj001.wav [2012/07/30 20:13:05 | 047,814,700 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj000.wav [2012/07/30 19:28:19 | 038,260,780 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj005.wav [2012/07/30 19:26:12 | 022,362,156 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj004.wav [2012/07/30 19:22:51 | 035,506,220 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj003.wav [2012/07/30 19:17:45 | 053,954,604 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj002.wav [2012/07/30 19:14:46 | 031,518,764 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj001.wav [2012/07/30 19:08:54 | 062,074,924 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj000.wav [2012/07/30 19:00:48 | 000,067,072 | ---- | C] () -- F:UsersTTArmstrongDesktopFuture Pluto Mixtape.jwl [2012/07/30 18:48:06 | 000,099,328 | ---- | C] () -- F:UsersTTArmstrongDesktopDJ SMALL RNB 12 SUPER JAY 124.jwl [2012/07/30 18:35:24 | 000,042,496 | ---- | C] () -- F:UsersTTArmstrongDesktopDJ Black Reggae Mix best of 2011 Mixtape.jwl [2012/07/30 18:24:56 | 000,091,648 | ---- | C] () -- F:UsersTTArmstrongDesktopdj scream dj smallz.jwl [2012/07/30 15:34:26 | 000,045,070 | ---- | C] () -- F:UsersTTArmstrongDesktop215276_10150168504124133_4115803_n.jpg [2012/07/30 06:40:37 | 004,339,756 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj008.wav [2012/07/30 06:38:20 | 024,279,084 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj007.wav [2012/07/30 06:36:00 | 024,641,580 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj006.wav [2012/07/30 06:33:04 | 030,982,188 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj005.wav [2012/07/30 06:29:01 | 042,895,404 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj004.wav [2012/07/30 06:25:51 | 033,499,180 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj003.wav [2012/07/30 06:23:24 | 025,878,572 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj002.wav [2012/07/30 06:21:01 | 025,231,404 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj001.wav [2012/07/30 06:17:48 | 034,054,188 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj000.wav [2012/07/30 04:24:19 | 000,165,376 | ---- | C] () -- F:UsersTTArmstrongDesktopThe Tall Man.jwl [2012/07/30 04:21:27 | 000,107,335 | ---- | C] () -- F:UsersTTArmstrongDesktop56056892538297718450.jpg [2012/07/30 04:21:14 | 001,498,112 | ---- | C] () -- F:UsersTTArmstrongDesktopCole Younger & The Black Train.jwl [2012/07/30 04:17:29 | 000,165,376 | ---- | C] () -- F:UsersTTArmstrongDesktopHeadhunters.jwl [2012/07/30 04:13:20 | 000,122,880 | ---- | C] () -- F:UsersTTArmstrongDesktopAirborne.jwl [2012/07/30 04:10:34 | 000,129,024 | ---- | C] () -- F:UsersTTArmstrongDesktopSiones 2 Unfinished Business.jwl [2012/07/30 04:07:27 | 000,040,448 | ---- | C] () -- F:UsersTTArmstrongDesktopCellular.jwl [2012/07/30 04:02:38 | 000,052,224 | ---- | C] () -- F:UsersTTArmstrongDesktopLizzie.jwl [2012/07/29 04:18:00 | 000,105,601 | ---- | C] () -- F:UsersTTArmstrongDesktop523955_3764822717353_643435299_n.jpg [2012/07/26 18:41:05 | 000,001,251 | ---- | C] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk [2012/07/26 11:09:24 | 000,003,221 | ---- | C] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk [2012/07/23 12:50:26 | 000,000,000 | ---- | C] () -- F:ProgramData0x0304A000.sfl [2012/07/22 21:05:37 | 000,000,770 | ---- | C] () -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPale Moon.lnk [2012/07/22 21:05:37 | 000,000,758 | ---- | C] () -- F:UsersPublicDesktopPale Moon.lnk [2012/07/22 19:49:13 | 000,256,000 | ---- | C] () -- F:WindowsPEV.exe [2012/07/22 19:49:13 | 000,208,896 | ---- | C] () -- F:WindowsMBR.exe [2012/07/22 19:49:13 | 000,098,816 | ---- | C] () -- F:Windowssed.exe [2012/07/22 19:49:13 | 000,080,412 | ---- | C] () -- F:Windowsgrep.exe [2012/07/22 19:49:13 | 000,068,096 | ---- | C] () -- F:Windowszip.exe [2012/07/18 04:26:51 | 051,150,892 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav [2012/07/18 04:24:45 | 022,272,044 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav [2012/07/18 04:22:02 | 028,700,716 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav [2012/07/18 04:19:28 | 027,181,100 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav [2012/07/18 04:16:09 | 035,190,828 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav [2012/07/18 04:12:19 | 040,550,444 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav [2012/07/18 04:09:21 | 031,346,732 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav [2012/07/18 04:05:02 | 045,740,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav [2012/07/17 20:12:11 | 000,002,141 | ---- | C] () -- F:Windowsepplauncher.mif [2012/07/16 17:27:26 | 000,052,001 | ---- | C] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg [2012/07/14 08:45:02 | 000,000,939 | ---- | C] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk [2012/07/13 09:18:58 | 052,380,232 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav [2012/07/13 09:11:36 | 020,090,924 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav [2012/07/13 08:44:28 | 029,100,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav [2012/07/12 23:01:43 | 000,281,862 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalcensus.cache [2012/07/12 23:01:22 | 000,158,340 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalars.cache [2012/07/12 22:53:41 | 000,000,036 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache [2012/07/12 22:22:19 | 000,000,045 | RH-- | C] () -- F:UsersTTArmstrongDesktopstinger.opt [2012/07/08 18:32:23 | 002,616,633 | ---- | C] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3 [2012/07/08 06:41:30 | 005,213,752 | ---- | C] () -- F:UsersTTArmstrongDesktopShana Wilson Press In Your Presence.mp3 [2012/07/08 06:39:47 | 004,589,338 | ---- | C] () -- F:UsersTTArmstrongDesktopGo Get It.mp3 [2012/07/07 17:36:45 | 000,213,141 | R--- | C] () -- F:UsersTTArmstrongDesktop00-sanchez-best_of_sanchez_(dj_rondon)-bootleg-cd-2006-spliff.jpg [2012/07/02 16:51:55 | 000,041,909 | ---- | C] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg [2012/03/26 11:55:00 | 000,147,456 | ---- | C] () -- F:WindowsSystem32DiagFunc.dll [2012/03/26 11:55:00 | 000,000,451 | ---- | C] () -- F:WindowsSystem32DiagFunc.ini [2012/03/07 19:24:25 | 000,116,224 | ---- | C] () -- F:WindowsSystem32redmonnt.dll [2012/03/07 19:24:25 | 000,045,056 | ---- | C] () -- F:WindowsSystem32unredmon.exe [2012/02/16 06:21:03 | 000,032,768 | ---- | C] () -- F:WindowsSystem32driverssp_rsdrv2.sys [2011/11/17 08:53:51 | 000,003,284 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingANIWZCS{A21875C3-23CF-4FF2-ACA3-
  14. luluhifi

    Trojans win32 Sirefef!E2 & E1

    Here you go All processes killed ========== OTL ========== File HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensions{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: F:Program FilesPriceGong2.1.0FF not found. F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.comskin folder moved successfully. F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.comlocaleen-US folder moved successfully. F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.comlocale folder moved successfully. F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.comdefaultspreferences folder moved successfully. F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.comdefaults folder moved successfully. F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.comchromecontent folder moved successfully. F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.comchrome folder moved successfully. F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.com folder moved successfully. F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfiles0extensionsOneClickDownload@OneClickDownload.com folder moved successfully. Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{02478D38-C3F9-4efb-9B51-7695ECA05670} not found. Registry key HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftInternet ExplorerRestrictions deleted successfully. Registry key HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet ExplorerControl Panel deleted successfully. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Registry error reading value HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{E2883E8F-472F-4FB0-9522-AC9BF37916A7}DownloadInformationINF . Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{E2883E8F-472F-4FB0-9522-AC9BF37916A7} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2883E8F-472F-4FB0-9522-AC9BF37916A7} not found. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{E2883E8F-472F-4FB0-9522-AC9BF37916A7} not found. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2883E8F-472F-4FB0-9522-AC9BF37916A7} not found. ADS F:WindowsSystem32driversgtqjbadj.sys:changelist deleted successfully. ADS F:UsersTTArmstrongDesktoporignal dance:Mac_Metadata deleted successfully. ADS F:ProgramDataTEMP:5C321E34 deleted successfully. ========== FILES ========== F:WindowsSystem32driversgtqjbadj.sys moved successfully. F:ProgramDataMicrosoftWindowsDRMD27B.tmp moved successfully. F:Windows12225517.dat moved successfully. FileFolder F:Program FilesPriceGong not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: TTArmstrong ->Temp folder emptied: 16384 bytes ->Temporary Internet Files folder emptied: 65938 bytes ->Java cache emptied: 653092238 bytes ->Google Chrome cache emptied: 73215879 bytes ->Flash cache emptied: 1242012 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%System32 .tmp files removed: 0 bytes %systemroot%System32drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 17310853 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 710.00 mb [EMPTYFLASH] User: Administrator User: All Users User: Default User: Default User User: Public User: TTArmstrong ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.54.1 log created on 07292012_205844 FilesFolders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...
  15. luluhifi

    Trojans win32 Sirefef!E2 & E1

    yet this one was a real nasty one that i could not get rid of>>>Is there any other progam that i can put with and work with the other ones i have to protect me from this again ??I will run the scan when I get back to system in trouble..Thanks alot
  16. luluhifi

    Trojans win32 Sirefef!E2 & E1

    https://www.virustotal.com/file/6aab9ce51d0aad73f64e2159e32f541cf4b95b5a05f0a50655eb70e91a5cf1ba/analysis/1343527972/
  17. luluhifi

    Trojans win32 Sirefef!E2 & E1

    16:24:42.0798 4192 VSS (209a3b1901b83aeb8527ed211cce9e4c) F:Windowssystem32vssvc.exe 16:24:42.0814 4192 VSS - ok 16:24:42.0845 4192 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) F:Windowssystem32DRIVERSvwifibus.sys 16:24:42.0845 4192 vwifibus - ok 16:24:42.0860 4192 vwififlt (7090d3436eeb4e7da3373090a23448f7) F:Windowssystem32DRIVERSvwififlt.sys 16:24:42.0876 4192 vwififlt - ok 16:24:42.0907 4192 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) F:Windowssystem32DRIVERSvwifimp.sys 16:24:42.0907 4192 vwifimp - ok 16:24:42.0954 4192 W32Time (55187fd710e27d5095d10a472c8baf1c) F:Windowssystem32w32time.dll 16:24:42.0985 4192 W32Time - ok 16:24:43.0001 4192 WacomPen (de3721e89c653aa281428c8a69745d90) F:Windowssystem32DRIVERSwacompen.sys 16:24:43.0001 4192 WacomPen - ok 16:24:43.0032 4192 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) F:Windowssystem32DRIVERSwanarp.sys 16:24:43.0032 4192 WANARP - ok 16:24:43.0048 4192 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) F:Windowssystem32DRIVERSwanarp.sys 16:24:43.0048 4192 Wanarpv6 - ok 16:24:43.0141 4192 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) F:Windowssystem32WatWatAdminSvc.exe 16:24:43.0172 4192 WatAdminSvc - ok 16:24:43.0266 4192 wbengine (691e3285e53dca558e1a84667f13e15a) F:Windowssystem32wbengine.exe 16:24:43.0282 4192 wbengine - ok 16:24:43.0313 4192 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) F:WindowsSystem32wbiosrvc.dll 16:24:43.0328 4192 WbioSrvc - ok 16:24:43.0375 4192 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) F:WindowsSystem32wcncsvc.dll 16:24:43.0391 4192 wcncsvc - ok 16:24:43.0406 4192 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) F:WindowsSystem32WcsPlugInService.dll 16:24:43.0406 4192 WcsPlugInService - ok 16:24:43.0453 4192 Wd (1112a9badacb47b7c0bb0392e3158dff) F:Windowssystem32DRIVERSwd.sys 16:24:43.0453 4192 Wd - ok 16:24:43.0484 4192 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) F:Windowssystem32DRIVERSwdcsam.sys 16:24:43.0484 4192 WDC_SAM - ok 16:24:43.0531 4192 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) F:Windowssystem32driversWdf01000.sys 16:24:43.0531 4192 Wdf01000 - ok 16:24:43.0547 4192 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) F:Windowssystem32wdi.dll 16:24:43.0547 4192 WdiServiceHost - ok 16:24:43.0562 4192 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) F:Windowssystem32wdi.dll 16:24:43.0562 4192 WdiSystemHost - ok 16:24:43.0609 4192 WebClient (a9d880f97530d5b8fee278923349929d) F:WindowsSystem32webclnt.dll 16:24:43.0625 4192 WebClient - ok 16:24:43.0640 4192 Wecsvc (760f0afe937a77cff27153206534f275) F:Windowssystem32wecsvc.dll 16:24:43.0656 4192 Wecsvc - ok 16:24:43.0672 4192 wercplsupport (ac804569bb2364fb6017370258a4091b) F:WindowsSystem32wercplsupport.dll 16:24:43.0672 4192 wercplsupport - ok 16:24:43.0687 4192 WerSvc (08e420d873e4fd85241ee2421b02c4a4) F:WindowsSystem32WerSvc.dll 16:24:43.0703 4192 WerSvc - ok 16:24:43.0718 4192 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) F:Windowssystem32DRIVERSwfplwf.sys 16:24:43.0718 4192 WfpLwf - ok 16:24:43.0734 4192 WIMMount (5cf95b35e59e2a38023836fff31be64c) F:Windowssystem32driverswimmount.sys 16:24:43.0734 4192 WIMMount - ok 16:24:43.0843 4192 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) F:Program FilesWindows Defendermpsvc.dll 16:24:43.0843 4192 WinDefend - ok 16:24:43.0859 4192 WinHttpAutoProxySvc - ok 16:24:43.0921 4192 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) F:Windowssystem32wbemWMIsvc.dll 16:24:43.0921 4192 Winmgmt - ok 16:24:43.0999 4192 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) F:Windowssystem32WsmSvc.dll 16:24:44.0030 4192 WinRM - ok 16:24:44.0093 4192 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) F:Windowssystem32DRIVERSWinUsb.sys 16:24:44.0093 4192 WinUsb - ok 16:24:44.0155 4192 Wlansvc (16935c98ff639d185086a3529b1f2067) F:WindowsSystem32wlansvc.dll 16:24:44.0171 4192 Wlansvc - ok 16:24:44.0186 4192 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) F:Windowssystem32driverswmiacpi.sys 16:24:44.0186 4192 WmiAcpi - ok 16:24:44.0218 4192 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) F:Windowssystem32wbemWmiApSrv.exe 16:24:44.0218 4192 wmiApSrv - ok 16:24:44.0342 4192 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) F:Program FilesWindows Media Playerwmpnetwk.exe 16:24:44.0358 4192 WMPNetworkSvc - ok 16:24:44.0358 4192 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) F:WindowsSystem32wpcsvc.dll 16:24:44.0374 4192 WPCSvc - ok 16:24:44.0405 4192 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) F:Windowssystem32wpdbusenum.dll 16:24:44.0405 4192 WPDBusEnum - ok 16:24:44.0436 4192 ws2ifsl (6db3276587b853bf886b69528fdb048c) F:Windowssystem32driversws2ifsl.sys 16:24:44.0436 4192 ws2ifsl - ok 16:24:44.0467 4192 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) F:Windowssystem32wscsvc.dll 16:24:44.0467 4192 wscsvc - ok 16:24:44.0483 4192 WSearch - ok 16:24:44.0608 4192 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) F:Windowssystem32wuaueng.dll 16:24:44.0639 4192 wuauserv - ok 16:24:44.0764 4192 WudfPf (e714a1c0354636837e20ccbf00888ee7) F:Windowssystem32driversWudfPf.sys 16:24:44.0764 4192 WudfPf - ok 16:24:44.0810 4192 WUDFRd (1023ee888c9b47178c5293ed5336ab69) F:Windowssystem32DRIVERSWUDFRd.sys 16:24:44.0810 4192 WUDFRd - ok 16:24:44.0857 4192 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) F:WindowsSystem32WUDFSvc.dll 16:24:44.0857 4192 wudfsvc - ok 16:24:44.0873 4192 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) F:WindowsSystem32wwansvc.dll 16:24:44.0888 4192 WwanSvc - ok 16:24:44.0951 4192 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) DeviceHarddisk0DR0 16:24:45.0263 4192 DeviceHarddisk0DR0 - ok 16:24:45.0263 4192 Boot (0x1200) (614c198eb7962e63f03cfa397ea98a50) DeviceHarddisk0DR0Partition0 16:24:45.0263 4192 DeviceHarddisk0DR0Partition0 - ok 16:24:45.0278 4192 Boot (0x1200) (fb9bd8f2626b0027723cae9e8adbe71c) DeviceHarddisk0DR0Partition1 16:24:45.0278 4192 DeviceHarddisk0DR0Partition1 - ok 16:24:45.0294 4192 Boot (0x1200) (c86343aa68ad897dc5f518d97b9d52f3) DeviceHarddisk0DR0Partition2 16:24:45.0294 4192 DeviceHarddisk0DR0Partition2 - ok 16:24:45.0294 4192 ============================================================ 16:24:45.0294 4192 Scan finished 16:24:45.0294 4192 ============================================================ 16:24:45.0310 2532 Detected object count: 0 16:24:45.0310 2532 Actual detected object count: 0 16:33:20.0198 4992 Deinitialize success Hats off to you with the help JonTom
  18. luluhifi

    Trojans win32 Sirefef!E2 & E1

    ========== LOP Check ========== [2011/08/13 15:53:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingApowersoft [2010/10/23 09:09:08 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBackTalk [2012/07/22 18:25:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBitTorrent [2010/10/23 20:17:56 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingdBpoweramp [2010/10/02 11:17:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDisk Cleaner [2012/02/01 23:36:24 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDVDFab [2012/07/12 22:43:10 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingf-secure [2011/05/22 13:07:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingFDRLab [2011/08/24 17:01:40 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingImgBurn [2011/10/06 23:15:21 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingIObit [2011/04/20 16:26:24 | 000,000,000 | RHSD | M] -- F:UsersTTArmstrongAppDataRoamingJava [2010/10/17 21:57:31 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingMoonchild Productions [2012/04/04 22:53:16 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingPanda Security [2011/10/30 07:10:05 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingSystemRequirementsLab [2011/06/03 07:03:42 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingUpdater [2012/07/23 21:45:56 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingVso [2012/06/23 07:47:39 | 000,032,606 | ---- | M] () -- F:WindowsTasksSCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %systemroot%*. /rp /s > < MD5 for: EXPLORER.EXE > [2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fcexplorer.exe [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430explorer.exe [2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373explorer.exe [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1explorer.exe [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cefexplorer.exe [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87caexplorer.exe [2011/05/15 02:53:30 | 007,012,752 | ---- | M] () MD5=497144C537E73165F7A39C24CC29510C -- F:UsersTTArmstrongAppDataRoamingUpdaterexplorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowserdntcacheexplorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowsexplorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84explorer.exe [2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6explorer.exe [2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878explorer.exe [2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691explorer.exe < MD5 for: SVCHOST.EXE > [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:Windowserdntcachesvchost.exe [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:WindowsSystem32svchost.exe [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356svchost.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- F:Program FilesMalwarebytes' Anti-MalwareChameleonsvchost.exe < MD5 for: USERINIT.EXE > [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:Windowserdntcacheuserinit.exe [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:WindowsSystem32userinit.exe [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116userinit.exe [2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7cuserinit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177winlogon.exe [2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2winlogon.exe [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:Windowserdntcachewinlogon.exe [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:WindowsSystem32winlogon.exe [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500winlogon.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- F:Program FilesMalwarebytes' Anti-MalwareChameleonwinlogon.exe [2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166winlogon.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 298 bytes -> F:WindowsSystem32driversgtqjbadj.sys:changelist @Alternate Data Stream - 20 bytes -> F:UsersTTArmstrongDesktoporignal dance:Mac_Metadata @Alternate Data Stream - 105 bytes -> F:ProgramDataTEMP:5C321E34 < End of report >
  19. luluhifi

    Trojans win32 Sirefef!E2 & E1

    16:23:03.0231 4288 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 16:23:04.0042 4288 ============================================================ 16:23:04.0042 4288 Current date / time: 2012/07/26 16:23:04.0042 16:23:04.0042 4288 SystemInfo: 16:23:04.0042 4288 16:23:04.0042 4288 OS Version: 6.1.7601 ServicePack: 1.0 16:23:04.0042 4288 Product type: Workstation 16:23:04.0042 4288 ComputerName: TTARMSTRONG-PC 16:23:04.0042 4288 UserName: TTArmstrong 16:23:04.0042 4288 Windows directory: F:Windows 16:23:04.0042 4288 System windows directory: F:Windows 16:23:04.0042 4288 Processor architecture: Intel x86 16:23:04.0042 4288 Number of processors: 2 16:23:04.0042 4288 Page size: 0x1000 16:23:04.0042 4288 Boot type: Normal boot 16:23:04.0042 4288 ============================================================ 16:23:05.0524 4288 Drive DeviceHarddisk0DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 16:23:05.0524 4288 ============================================================ 16:23:05.0524 4288 DeviceHarddisk0DR0: 16:23:05.0524 4288 MBR partitions: 16:23:05.0524 4288 DeviceHarddisk0DR0Partition0: MBR, Type 0x7, StartLBA 0x855A2, BlocksNum 0x75DCDCD 16:23:05.0555 4288 DeviceHarddisk0DR0Partition1: MBR, Type 0x7, StartLBA 0x76623AE, BlocksNum 0x644A2D3 16:23:05.0571 4288 DeviceHarddisk0DR0Partition2: MBR, Type 0x7, StartLBA 0xDAAC6C0, BlocksNum 0x4F6C401 16:23:05.0571 4288 ============================================================ 16:23:05.0602 4288 C: <-> DeviceHarddisk0DR0Partition0 16:23:05.0618 4288 E: <-> DeviceHarddisk0DR0Partition2 16:23:05.0633 4288 F: <-> DeviceHarddisk0DR0Partition1 16:23:05.0633 4288 ============================================================ 16:23:05.0633 4288 Initialize success 16:23:05.0633 4288 ============================================================ 16:24:23.0985 4192 ============================================================ 16:24:23.0985 4192 Scan started 16:24:23.0985 4192 Mode: Manual; TDLFS; 16:24:23.0985 4192 ============================================================ 16:24:24.0734 4192 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) F:Program FilesSUPERAntiSpywareSASCORE.EXE 16:24:24.0734 4192 !SASCORE - ok 16:24:24.0890 4192 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) F:Windowssystem32drivers1394ohci.sys 16:24:24.0890 4192 1394ohci - ok 16:24:24.0952 4192 a2acc (a8a4e18857cdfd8d9ab81e2c9eaf89b5) F:PROGRAM FILESEMSISOFT ANTI-MALWAREa2accx86.sys 16:24:24.0952 4192 a2acc - ok 16:24:25.0124 4192 a2AntiMalware (8b75ba256bcada2b73ffa5bd77aa9e6c) F:Program FilesEmsisoft Anti-Malwarea2service.exe 16:24:25.0140 4192 a2AntiMalware - ok 16:24:25.0171 4192 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) F:Program FilesEmsisoft Anti-Malwarea2ddax86.sys 16:24:25.0171 4192 A2DDA - ok 16:24:25.0264 4192 ACPI (cea80c80bed809aa0da6febc04733349) F:Windowssystem32driversACPI.sys 16:24:25.0264 4192 ACPI - ok 16:24:25.0296 4192 AcpiPmi (1efbc664abff416d1d07db115dcb264f) F:Windowssystem32driversacpipmi.sys 16:24:25.0296 4192 AcpiPmi - ok 16:24:25.0374 4192 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) F:Program FilesCommon FilesAdobeARM1.0armsvc.exe 16:24:25.0374 4192 AdobeARMservice - ok 16:24:25.0436 4192 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) F:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe 16:24:25.0452 4192 AdobeFlashPlayerUpdateSvc - ok 16:24:25.0483 4192 adp94xx (21e785ebd7dc90a06391141aac7892fb) F:Windowssystem32DRIVERSadp94xx.sys 16:24:25.0498 4192 adp94xx - ok 16:24:25.0514 4192 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) F:Windowssystem32DRIVERSadpahci.sys 16:24:25.0530 4192 adpahci - ok 16:24:25.0545 4192 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) F:Windowssystem32DRIVERSadpu320.sys 16:24:25.0545 4192 adpu320 - ok 16:24:25.0576 4192 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) F:WindowsSystem32aelupsvc.dll 16:24:25.0576 4192 AeLookupSvc - ok 16:24:25.0623 4192 AFD (9ebbba55060f786f0fcaa3893bfa2806) F:Windowssystem32driversafd.sys 16:24:25.0623 4192 AFD - ok 16:24:25.0670 4192 agp440 (507812c3054c21cef746b6ee3d04dd6e) F:Windowssystem32driversagp440.sys 16:24:25.0670 4192 agp440 - ok 16:24:25.0686 4192 aic78xx (8b30250d573a8f6b4bd23195160d8707) F:Windowssystem32DRIVERSdjsvs.sys 16:24:25.0686 4192 aic78xx - ok 16:24:25.0717 4192 ALG (18a54e132947cd98fea9accc57f98f13) F:WindowsSystem32alg.exe 16:24:25.0717 4192 ALG - ok 16:24:25.0732 4192 aliide (0d40bcf52ea90fc7df2aeab6503dea44) F:Windowssystem32driversaliide.sys 16:24:25.0732 4192 aliide - ok 16:24:25.0779 4192 amdagp (3c6600a0696e90a463771c7422e23ab5) F:Windowssystem32driversamdagp.sys 16:24:25.0779 4192 amdagp - ok 16:24:25.0795 4192 amdide (cd5914170297126b6266860198d1d4f0) F:Windowssystem32driversamdide.sys 16:24:25.0795 4192 amdide - ok 16:24:25.0810 4192 AmdK8 (00dda200d71bac534bf56a9db5dfd666) F:Windowssystem32DRIVERSamdk8.sys 16:24:25.0810 4192 AmdK8 - ok 16:24:25.0826 4192 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) F:Windowssystem32DRIVERSamdppm.sys 16:24:25.0826 4192 AmdPPM - ok 16:24:25.0857 4192 amdsata (d320bf87125326f996d4904fe24300fc) F:Windowssystem32driversamdsata.sys 16:24:25.0857 4192 amdsata - ok 16:24:25.0888 4192 amdsbs (ea43af0c423ff267355f74e7a53bdaba) F:Windowssystem32DRIVERSamdsbs.sys 16:24:25.0888 4192 amdsbs - ok 16:24:25.0904 4192 amdxata (46387fb17b086d16dea267d5be23a2f2) F:Windowssystem32driversamdxata.sys 16:24:25.0904 4192 amdxata - ok 16:24:25.0951 4192 anodlwf (48e008cf2edcf8fc91a9d3507865a51d) F:Windowssystem32DRIVERSanodlwf.sys 16:24:25.0951 4192 anodlwf - ok 16:24:25.0982 4192 AppID (aea177f783e20150ace5383ee368da19) F:Windowssystem32driversappid.sys 16:24:25.0982 4192 AppID - ok 16:24:25.0998 4192 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) F:WindowsSystem32appidsvc.dll 16:24:25.0998 4192 AppIDSvc - ok 16:24:26.0044 4192 Appinfo (fb1959012294d6ad43e5304df65e3c26) F:WindowsSystem32appinfo.dll 16:24:26.0044 4192 Appinfo - ok 16:24:26.0091 4192 arc (2932004f49677bd84dbc72edb754ffb3) F:Windowssystem32DRIVERSarc.sys 16:24:26.0091 4192 arc - ok 16:24:26.0107 4192 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) F:Windowssystem32DRIVERSarcsas.sys 16:24:26.0107 4192 arcsas - ok 16:24:26.0122 4192 AsyncMac (add2ade1c2b285ab8378d2daaf991481) F:Windowssystem32DRIVERSasyncmac.sys 16:24:26.0122 4192 AsyncMac - ok 16:24:26.0138 4192 atapi (338c86357871c167a96ab976519bf59e) F:Windowssystem32driversatapi.sys 16:24:26.0138 4192 atapi - ok 16:24:26.0185 4192 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) F:WindowsSystem32Audiosrv.dll 16:24:26.0185 4192 AudioEndpointBuilder - ok 16:24:26.0200 4192 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) F:WindowsSystem32Audiosrv.dll 16:24:26.0200 4192 Audiosrv - ok 16:24:26.0247 4192 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) F:WindowsSystem32AxInstSV.dll 16:24:26.0247 4192 AxInstSV - ok 16:24:26.0278 4192 b06bdrv (1a231abec60fd316ec54c66715543cec) F:Windowssystem32DRIVERSbxvbdx.sys 16:24:26.0294 4192 b06bdrv - ok 16:24:26.0325 4192 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) F:Windowssystem32DRIVERSb57nd60x.sys 16:24:26.0325 4192 b57nd60x - ok 16:24:26.0434 4192 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) F:Windowssystem32DRIVERSbcmwl6.sys 16:24:26.0450 4192 BCM43XX - ok 16:24:26.0466 4192 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) F:WindowsSystem32bdesvc.dll 16:24:26.0466 4192 BDESVC - ok 16:24:26.0512 4192 Beep (505506526a9d467307b3c393dedaf858) F:Windowssystem32driversBeep.sys 16:24:26.0512 4192 Beep - ok 16:24:26.0590 4192 BFE (1e2bac209d184bb851e1a187d8a29136) F:WindowsSystem32bfe.dll 16:24:26.0590 4192 BFE - ok 16:24:26.0637 4192 blbdrive (2287078ed48fcfc477b05b20cf38f36f) F:Windowssystem32DRIVERSblbdrive.sys 16:24:26.0637 4192 blbdrive - ok 16:24:26.0668 4192 bowser (8f2da3028d5fcbd1a060a3de64cd6506) F:Windowssystem32DRIVERSbowser.sys 16:24:26.0668 4192 bowser - ok 16:24:26.0684 4192 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) F:Windowssystem32DRIVERSBrFiltLo.sys 16:24:26.0684 4192 BrFiltLo - ok 16:24:26.0700 4192 BrFiltUp (56801ad62213a41f6497f96dee83755a) F:Windowssystem32DRIVERSBrFiltUp.sys 16:24:26.0700 4192 BrFiltUp - ok 16:24:26.0715 4192 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) F:Windowssystem32DRIVERSbridge.sys 16:24:26.0715 4192 BridgeMP - ok 16:24:26.0793 4192 Browser (6e11f33d14d020f58d5e02e4d67dfa19) F:WindowsSystem32browser.dll 16:24:26.0793 4192 Browser - ok 16:24:26.0824 4192 Brserid (845b8ce732e67f3b4133164868c666ea) F:Windowssystem32DRIVERSBrSerId.sys 16:24:26.0824 4192 Brserid - ok 16:24:26.0856 4192 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) F:WindowsSystem32DriversBrSerWdm.sys 16:24:26.0856 4192 BrSerWdm - ok 16:24:26.0871 4192 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) F:WindowsSystem32DriversBrUsbMdm.sys 16:24:26.0871 4192 BrUsbMdm - ok 16:24:26.0887 4192 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) F:Windowssystem32DRIVERSBrUsbSer.sys 16:24:26.0887 4192 BrUsbSer - ok 16:24:26.0902 4192 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) F:Windowssystem32DRIVERSbthmodem.sys 16:24:26.0902 4192 BTHMODEM - ok 16:24:26.0918 4192 bthserv (1df19c96eef6c29d1c3e1a8678e07190) F:Windowssystem32bthserv.dll 16:24:26.0918 4192 bthserv - ok 16:24:26.0980 4192 catchme - ok 16:24:27.0012 4192 cdfs (77ea11b065e0a8ab902d78145ca51e10) F:Windowssystem32DRIVERScdfs.sys 16:24:27.0012 4192 cdfs - ok 16:24:27.0043 4192 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) F:Windowssystem32DRIVERScdrom.sys 16:24:27.0058 4192 cdrom - ok 16:24:27.0074 4192 CertPropSvc (319c6b309773d063541d01df8ac6f55f) F:WindowsSystem32certprop.dll 16:24:27.0074 4192 CertPropSvc - ok 16:24:27.0121 4192 CFcatchme - ok 16:24:27.0152 4192 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) F:Windowssystem32DRIVERScirclass.sys 16:24:27.0152 4192 circlass - ok 16:24:27.0199 4192 CLFS (635181e0e9bbf16871bf5380d71db02d) F:Windowssystem32CLFS.sys 16:24:27.0214 4192 CLFS - ok 16:24:27.0246 4192 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) F:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe 16:24:27.0261 4192 clr_optimization_v2.0.50727_32 - ok 16:24:27.0308 4192 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) F:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe 16:24:27.0308 4192 clr_optimization_v4.0.30319_32 - ok 16:24:27.0324 4192 CmBatt (dea805815e587dad1dd2c502220b5616) F:Windowssystem32DRIVERSCmBatt.sys 16:24:27.0324 4192 CmBatt - ok 16:24:27.0480 4192 cmdAgent (907324001ae25ac5959c91eaa34cabae) F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe 16:24:27.0495 4192 cmdAgent - ok 16:24:27.0620 4192 cmdGuard (ed042da80d9d6a087e83df395ceefd65) F:Windowssystem32DRIVERScmdguard.sys 16:24:27.0620 4192 cmdGuard - ok 16:24:27.0651 4192 cmdHlp (ed6b6a222cb9adf6751e02ad478a89fb) F:Windowssystem32DRIVERScmdhlp.sys 16:24:27.0651 4192 cmdHlp - ok 16:24:27.0698 4192 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) F:Windowssystem32driverscmdide.sys 16:24:27.0698 4192 cmdide - ok 16:24:27.0745 4192 CNG (247b4ce2dab1160cd422d532d5241e1f) F:Windowssystem32Driverscng.sys 16:24:27.0760 4192 CNG - ok 16:24:27.0760 4192 Compbatt (a6023d3823c37043986713f118a89bee) F:Windowssystem32DRIVERScompbatt.sys 16:24:27.0760 4192 Compbatt - ok 16:24:27.0792 4192 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) F:Windowssystem32driversCompositeBus.sys 16:24:27.0792 4192 CompositeBus - ok 16:24:27.0792 4192 COMSysApp - ok 16:24:27.0807 4192 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) F:Windowssystem32DRIVERScrcdisk.sys 16:24:27.0807 4192 crcdisk - ok 16:24:27.0916 4192 Credential Vault Host Control Service (4163c86ea091f9621017b899ad66a8be) F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe 16:24:27.0948 4192 Credential Vault Host Control Service - ok 16:24:27.0963 4192 Credential Vault Host Storage (ad6ba00e4f4e847151a3b4a0a2945c7c) F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe 16:24:27.0963 4192 Credential Vault Host Storage - ok 16:24:27.0994 4192 CryptSvc (06e771aa596b8761107ab57e99f128d7) F:Windowssystem32cryptsvc.dll 16:24:27.0994 4192 CryptSvc - ok 16:24:28.0010 4192 cvusbdrv (d1697063e2cdb6575aa46d668ffee825) F:Windowssystem32Driverscvusbdrv.sys 16:24:28.0010 4192 cvusbdrv - ok 16:24:28.0057 4192 DcomLaunch (7660f01d3b38aca1747e397d21d790af) F:Windowssystem32rpcss.dll 16:24:28.0072 4192 DcomLaunch - ok 16:24:28.0104 4192 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) F:WindowsSystem32defragsvc.dll 16:24:28.0119 4192 defragsvc - ok 16:24:28.0150 4192 DfsC (f024449c97ec1e464aaffda18593db88) F:Windowssystem32Driversdfsc.sys 16:24:28.0150 4192 DfsC - ok 16:24:28.0197 4192 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) F:Windowssystem32dhcpcore.dll 16:24:28.0213 4192 Dhcp - ok 16:24:28.0244 4192 discache (1a050b0274bfb3890703d490f330c0da) F:Windowssystem32driversdiscache.sys 16:24:28.0244 4192 discache - ok 16:24:28.0260 4192 Disk (565003f326f99802e68ca78f2a68e9ff) F:Windowssystem32DRIVERSdisk.sys 16:24:28.0260 4192 Disk - ok 16:24:28.0291 4192 Dnscache (33ef4861f19a0736b11314aad9ae28d0) F:WindowsSystem32dnsrslvr.dll 16:24:28.0291 4192 Dnscache - ok 16:24:28.0338 4192 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) F:WindowsSystem32dot3svc.dll 16:24:28.0353 4192 dot3svc - ok 16:24:28.0384 4192 DPS (8ec04ca86f1d68da9e11952eb85973d6) F:Windowssystem32dps.dll 16:24:28.0384 4192 DPS - ok 16:24:28.0416 4192 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) F:Windowssystem32driversdrmkaud.sys 16:24:28.0416 4192 drmkaud - ok 16:24:28.0478 4192 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) F:WindowsSystem32driversdxgkrnl.sys 16:24:28.0494 4192 DXGKrnl - ok 16:24:28.0540 4192 e1yexpress (44a91d98d6719b49bcd649a863225b5c) F:Windowssystem32DRIVERSe1y6232.sys 16:24:28.0556 4192 e1yexpress - ok 16:24:28.0572 4192 EapHost (8600142fa91c1b96367d3300ad0f3f3a) F:WindowsSystem32eapsvc.dll 16:24:28.0572 4192 EapHost - ok 16:24:28.0728 4192 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) F:Windowssystem32DRIVERSevbdx.sys 16:24:28.0774 4192 ebdrv - ok 16:24:28.0868 4192 EFS (81951f51e318aecc2d68559e47485cc4) F:WindowsSystem32lsass.exe 16:24:28.0868 4192 EFS - ok 16:24:28.0915 4192 ehRecvr (a8c362018efc87beb013ee28f29c0863) F:WindowsehomeehRecvr.exe 16:24:28.0930 4192 ehRecvr - ok 16:24:28.0946 4192 ehSched (d389bff34f80caede417bf9d1507996a) F:Windowsehomeehsched.exe 16:24:28.0946 4192 ehSched - ok 16:24:28.0993 4192 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) F:Windowssystem32DRIVERSelxstor.sys 16:24:29.0008 4192 elxstor - ok 16:24:29.0040 4192 ErrDev (8fc3208352dd3912c94367a206ab3f11) F:Windowssystem32driverserrdev.sys 16:24:29.0040 4192 ErrDev - ok 16:24:29.0133 4192 EventSystem (f6916efc29d9953d5d0df06882ae8e16) F:Windowssystem32es.dll 16:24:29.0133 4192 EventSystem - ok 16:24:29.0149 4192 exfat (2dc9108d74081149cc8b651d3a26207f) F:Windowssystem32driversexfat.sys 16:24:29.0164 4192 exfat - ok 16:24:29.0180 4192 fastfat (7e0ab74553476622fb6ae36f73d97d35) F:Windowssystem32driversfastfat.sys 16:24:29.0180 4192 fastfat - ok 16:24:29.0242 4192 Fax (967ea5b213e9984cbe270205df37755b) F:Windowssystem32fxssvc.exe 16:24:29.0242 4192 Fax - ok 16:24:29.0258 4192 fdc (e817a017f82df2a1f8cfdbda29388b29) F:Windowssystem32DRIVERSfdc.sys 16:24:29.0274 4192 fdc - ok 16:24:29.0274 4192 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) F:Windowssystem32fdPHost.dll 16:24:29.0274 4192 fdPHost - ok 16:24:29.0289 4192 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) F:Windowssystem32fdrespub.dll 16:24:29.0289 4192 FDResPub - ok 16:24:29.0289 4192 FileInfo (6cf00369c97f3cf563be99be983d13d8) F:Windowssystem32driversfileinfo.sys 16:24:29.0289 4192 FileInfo - ok 16:24:29.0305 4192 Filetrace (42c51dc94c91da21cb9196eb64c45db9) F:Windowssystem32driversfiletrace.sys 16:24:29.0305 4192 Filetrace - ok 16:24:29.0320 4192 flpydisk (87907aa70cb3c56600f1c2fb8841579b) F:Windowssystem32DRIVERSflpydisk.sys 16:24:29.0320 4192 flpydisk - ok 16:24:29.0352 4192 FltMgr (7520ec808e0c35e0ee6f841294316653) F:Windowssystem32driversfltmgr.sys 16:24:29.0352 4192 FltMgr - ok 16:24:29.0398 4192 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) F:Windowssystem32FntCache.dll 16:24:29.0414 4192 FontCache - ok 16:24:29.0461 4192 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) F:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe 16:24:29.0461 4192 FontCache3.0.0.0 - ok 16:24:29.0476 4192 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) F:Windowssystem32driversFsDepends.sys 16:24:29.0476 4192 FsDepends - ok 16:24:29.0539 4192 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) F:Windowssystem32driversFs_Rec.sys 16:24:29.0539 4192 Fs_Rec - ok 16:24:29.0570 4192 fvevol (8a73e79089b282100b9393b644cb853b) F:Windowssystem32DRIVERSfvevol.sys 16:24:29.0586 4192 fvevol - ok 16:24:29.0601 4192 gagp30kx (65ee0c7a58b65e74ae05637418153938) F:Windowssystem32DRIVERSgagp30kx.sys 16:24:29.0601 4192 gagp30kx - ok 16:24:29.0648 4192 gpsvc (e897eaf5ed6ba41e081060c9b447a673) F:WindowsSystem32gpsvc.dll 16:24:29.0664 4192 gpsvc - ok 16:24:29.0773 4192 gupdate (f02a533f517eb38333cb12a9e8963773) F:Program FilesGoogleUpdateGoogleUpdate.exe 16:24:29.0773 4192 gupdate - ok 16:24:29.0788 4192 gupdatem (f02a533f517eb38333cb12a9e8963773) F:Program FilesGoogleUpdateGoogleUpdate.exe 16:24:29.0788 4192 gupdatem - ok 16:24:29.0804 4192 gusvc (cc839e8d766cc31a7710c9f38cf3e375) F:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe 16:24:29.0804 4192 gusvc - ok 16:24:29.0820 4192 hcw85cir (c44e3c2bab6837db337ddee7544736db) F:Windowssystem32drivershcw85cir.sys 16:24:29.0820 4192 hcw85cir - ok 16:24:29.0866 4192 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) F:Windowssystem32driversHdAudio.sys 16:24:29.0866 4192 HdAudAddService - ok 16:24:29.0882 4192 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) F:Windowssystem32driversHDAudBus.sys 16:24:29.0882 4192 HDAudBus - ok 16:24:29.0898 4192 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) F:Windowssystem32DRIVERSHidBatt.sys 16:24:29.0913 4192 HidBatt - ok 16:24:29.0929 4192 HidBth (89448f40e6df260c206a193a4683ba78) F:Windowssystem32DRIVERShidbth.sys 16:24:29.0929 4192 HidBth - ok 16:24:29.0944 4192 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) F:Windowssystem32DRIVERShidir.sys 16:24:29.0944 4192 HidIr - ok 16:24:29.0976 4192 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) F:WindowsSystem32hidserv.dll 16:24:29.0976 4192 hidserv - ok 16:24:30.0007 4192 HidUsb (10c19f8290891af023eaec0832e1eb4d) F:Windowssystem32DRIVERShidusb.sys 16:24:30.0007 4192 HidUsb - ok 16:24:30.0054 4192 hkmsvc (196b4e3f4cccc24af836ce58facbb699) F:Windowssystem32kmsvc.dll 16:24:30.0054 4192 hkmsvc - ok 16:24:30.0100 4192 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) F:Windowssystem32ListSvc.dll 16:24:30.0100 4192 HomeGroupListener - ok 16:24:30.0147 4192 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) F:Windowssystem32provsvc.dll 16:24:30.0147 4192 HomeGroupProvider - ok 16:24:30.0163 4192 HpSAMD (295fdc419039090eb8b49ffdbb374549) F:Windowssystem32driversHpSAMD.sys 16:24:30.0163 4192 HpSAMD - ok 16:24:30.0210 4192 HTTP (871917b07a141bff43d76d8844d48106) F:Windowssystem32driversHTTP.sys 16:24:30.0225 4192 HTTP - ok 16:24:30.0272 4192 hwpolicy (0c4e035c7f105f1299258c90886c64c5) F:Windowssystem32drivershwpolicy.sys 16:24:30.0272 4192 hwpolicy - ok 16:24:30.0303 4192 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) F:Windowssystem32driversi8042prt.sys 16:24:30.0303 4192 i8042prt - ok 16:24:30.0350 4192 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) F:Windowssystem32driversiaStorV.sys 16:24:30.0350 4192 iaStorV - ok 16:24:30.0490 4192 idsvc (c521d7eb6497bb1af6afa89e322fb43c) F:WindowsMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe 16:24:30.0506 4192 idsvc - ok 16:24:30.0584 4192 iirsp (4173ff5708f3236cf25195fecd742915) F:Windowssystem32DRIVERSiirsp.sys 16:24:30.0584 4192 iirsp - ok 16:24:30.0646 4192 IKEEXT (f95622f161474511b8d80d6b093aa610) F:WindowsSystem32ikeext.dll 16:24:30.0662 4192 IKEEXT - ok 16:24:30.0709 4192 inspect (2ee3db2c1760171c6f72f2f1792a47b5) F:Windowssystem32DRIVERSinspect.sys 16:24:30.0709 4192 inspect - ok 16:24:30.0709 4192 intelide (a0f12f2c9ba6c72f3987ce780e77c130) F:Windowssystem32driversintelide.sys 16:24:30.0724 4192 intelide - ok 16:24:30.0740 4192 intelppm (3b514d27bfc4accb4037bc6685f766e0) F:Windowssystem32DRIVERSintelppm.sys 16:24:30.0740 4192 intelppm - ok 16:24:30.0756 4192 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) F:Windowssystem32ipbusenum.dll 16:24:30.0756 4192 IPBusEnum - ok 16:24:30.0771 4192 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) F:Windowssystem32DRIVERSipfltdrv.sys 16:24:30.0771 4192 IpFilterDriver - ok 16:24:30.0849 4192 iphlpsvc (4d65a07b795d6674312f879d09aa7663) F:WindowsSystem32iphlpsvc.dll 16:24:30.0849 4192 iphlpsvc - ok 16:24:30.0880 4192 IPMIDRV (4bd7134618c1d2a27466a099062547bf) F:Windowssystem32driversIPMIDrv.sys 16:24:30.0880 4192 IPMIDRV - ok 16:24:30.0927 4192 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) F:Windowssystem32driversipnat.sys 16:24:30.0927 4192 IPNAT - ok 16:24:30.0958 4192 IRENUM (42996cff20a3084a56017b7902307e9f) F:Windowssystem32driversirenum.sys 16:24:30.0958 4192 IRENUM - ok 16:24:30.0958 4192 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) F:Windowssystem32driversisapnp.sys 16:24:30.0974 4192 isapnp - ok 16:24:31.0005 4192 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) F:Windowssystem32driversmsiscsi.sys 16:24:31.0021 4192 iScsiPrt - ok 16:24:31.0068 4192 ivusb (994ebb45c4b438e1f6ea0b958ae9b9a3) F:Windowssystem32DRIVERSivusb.sys 16:24:31.0068 4192 ivusb - ok 16:24:31.0114 4192 kbdclass (adef52ca1aeae82b50df86b56413107e) F:Windowssystem32driverskbdclass.sys 16:24:31.0114 4192 kbdclass - ok 16:24:31.0146 4192 kbdhid (9e3ced91863e6ee98c24794d05e27a71) F:Windowssystem32driverskbdhid.sys 16:24:31.0146 4192 kbdhid - ok 16:24:31.0177 4192 KeyIso (81951f51e318aecc2d68559e47485cc4) F:Windowssystem32lsass.exe 16:24:31.0177 4192 KeyIso - ok 16:24:31.0224 4192 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) F:Windowssystem32Driversksecdd.sys 16:24:31.0224 4192 KSecDD - ok 16:24:31.0255 4192 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) F:Windowssystem32Driversksecpkg.sys 16:24:31.0255 4192 KSecPkg - ok 16:24:31.0286 4192 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) F:Windowssystem32msdtckrm.dll 16:24:31.0302 4192 KtmRm - ok 16:24:31.0364 4192 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) F:WindowsSystem32srvsvc.dll 16:24:31.0364 4192 LanmanServer - ok 16:24:31.0395 4192 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) F:WindowsSystem32wkssvc.dll 16:24:31.0395 4192 LanmanWorkstation - ok 16:24:31.0411 4192 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) F:Windowssystem32DRIVERSlltdio.sys 16:24:31.0426 4192 lltdio - ok 16:24:31.0442 4192 lltdsvc (5700673e13a2117fa3b9020c852c01e2) F:WindowsSystem32lltdsvc.dll 16:24:31.0458 4192 lltdsvc - ok 16:24:31.0473 4192 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) F:WindowsSystem32lmhsvc.dll 16:24:31.0473 4192 lmhosts - ok 16:24:31.0504 4192 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) F:Windowssystem32DRIVERSlsi_fc.sys 16:24:31.0504 4192 LSI_FC - ok 16:24:31.0520 4192 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) F:Windowssystem32DRIVERSlsi_sas.sys 16:24:31.0520 4192 LSI_SAS - ok 16:24:31.0536 4192 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) F:Windowssystem32DRIVERSlsi_sas2.sys 16:24:31.0536 4192 LSI_SAS2 - ok 16:24:31.0551 4192 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) F:Windowssystem32DRIVERSlsi_scsi.sys 16:24:31.0551 4192 LSI_SCSI - ok 16:24:31.0582 4192 luafv (6703e366cc18d3b6e534f5cf7df39cee) F:Windowssystem32driversluafv.sys 16:24:31.0598 4192 luafv - ok 16:24:31.0629 4192 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) F:Windowssystem32Mcx2Svc.dll 16:24:31.0629 4192 Mcx2Svc - ok 16:24:31.0645 4192 megasas (0fff5b045293002ab38eb1fd1fc2fb74) F:Windowssystem32DRIVERSmegasas.sys 16:24:31.0645 4192 megasas - ok 16:24:31.0676 4192 MegaSR (dcbab2920c75f390caf1d29f675d03d6) F:Windowssystem32DRIVERSMegaSR.sys 16:24:31.0676 4192 MegaSR - ok 16:24:31.0770 4192 Microsoft SharePoint Workspace Audit Service - ok 16:24:31.0801 4192 MMCSS (146b6f43a673379a3c670e86d89be5ea) F:Windowssystem32mmcss.dll 16:24:31.0801 4192 MMCSS - ok 16:24:31.0816 4192 Modem (f001861e5700ee84e2d4e52c712f4964) F:Windowssystem32driversmodem.sys 16:24:31.0816 4192 Modem - ok 16:24:31.0863 4192 monitor (79d10964de86b292320e9dfe02282a23) F:Windowssystem32DRIVERSmonitor.sys 16:24:31.0863 4192 monitor - ok 16:24:31.0894 4192 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) F:Windowssystem32DRIVERSmouclass.sys 16:24:31.0894 4192 mouclass - ok 16:24:31.0910 4192 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) F:Windowssystem32DRIVERSmouhid.sys 16:24:31.0910 4192 mouhid - ok 16:24:31.0926 4192 mountmgr (fc8771f45ecccfd89684e38842539b9b) F:Windowssystem32driversmountmgr.sys 16:24:31.0941 4192 mountmgr - ok 16:24:32.0004 4192 MpFilter (fee0baded54222e9f1dae9541212aab1) F:Windowssystem32DRIVERSMpFilter.sys 16:24:32.0004 4192 MpFilter - ok 16:24:32.0035 4192 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) F:Windowssystem32driversmpio.sys 16:24:32.0050 4192 mpio - ok 16:24:32.0050 4192 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) F:Windowssystem32DRIVERSMpNWMon.sys 16:24:32.0050 4192 MpNWMon - ok 16:24:32.0082 4192 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) F:Windowssystem32driversmpsdrv.sys 16:24:32.0082 4192 mpsdrv - ok 16:24:32.0160 4192 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) F:Windowssystem32mpssvc.dll 16:24:32.0160 4192 MpsSvc - ok 16:24:32.0206 4192 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) F:Windowssystem32driversmrxdav.sys 16:24:32.0206 4192 MRxDAV - ok 16:24:32.0269 4192 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) F:Windowssystem32DRIVERSmrxsmb.sys 16:24:32.0269 4192 mrxsmb - ok 16:24:32.0316 4192 mrxsmb10 (6d17a4791aca19328c685d256349fefc) F:Windowssystem32DRIVERSmrxsmb10.sys 16:24:32.0316 4192 mrxsmb10 - ok 16:24:32.0362 4192 mrxsmb20 (b81f204d146000be76651a50670a5e9e) F:Windowssystem32DRIVERSmrxsmb20.sys 16:24:32.0378 4192 mrxsmb20 - ok 16:24:32.0378 4192 msahci (012c5f4e9349e711e11e0f19a8589f0a) F:Windowssystem32driversmsahci.sys 16:24:32.0378 4192 msahci - ok 16:24:32.0394 4192 msdsm (55055f8ad8be27a64c831322a780a228) F:Windowssystem32driversmsdsm.sys 16:24:32.0394 4192 msdsm - ok 16:24:32.0425 4192 MSDTC (e1bce74a3bd9902b72599c0192a07e27) F:WindowsSystem32msdtc.exe 16:24:32.0425 4192 MSDTC - ok 16:24:32.0456 4192 Msfs (daefb28e3af5a76abcc2c3078c07327f) F:Windowssystem32driversMsfs.sys 16:24:32.0456 4192 Msfs - ok 16:24:32.0456 4192 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) F:WindowsSystem32driversmshidkmdf.sys 16:24:32.0472 4192 mshidkmdf - ok 16:24:32.0503 4192 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) F:Windowssystem32driversmsisadrv.sys 16:24:32.0503 4192 msisadrv - ok 16:24:32.0518 4192 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) F:Windowssystem32iscsiexe.dll 16:24:32.0518 4192 MSiSCSI - ok 16:24:32.0534 4192 msiserver - ok 16:24:32.0550 4192 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) F:Windowssystem32driversMSKSSRV.sys 16:24:32.0565 4192 MSKSSRV - ok 16:24:32.0690 4192 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) F:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe 16:24:32.0690 4192 MsMpSvc - ok 16:24:32.0706 4192 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) F:Windowssystem32driversMSPCLOCK.sys 16:24:32.0706 4192 MSPCLOCK - ok 16:24:32.0706 4192 MSPQM (f456e973590d663b1073e9c463b40932) F:Windowssystem32driversMSPQM.sys 16:24:32.0706 4192 MSPQM - ok 16:24:32.0737 4192 MsRPC (0e008fc4819d238c51d7c93e7b41e560) F:Windowssystem32driversMsRPC.sys 16:24:32.0737 4192 MsRPC - ok 16:24:32.0752 4192 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) F:Windowssystem32driversmssmbios.sys 16:24:32.0752 4192 mssmbios - ok 16:24:32.0784 4192 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) F:Windowssystem32driversMSTEE.sys 16:24:32.0784 4192 MSTEE - ok 16:24:32.0799 4192 MTConfig (33599130f44e1f34631cea241de8ac84) F:Windowssystem32DRIVERSMTConfig.sys 16:24:32.0799 4192 MTConfig - ok 16:24:32.0815 4192 Mup (159fad02f64e6381758c990f753bcc80) F:Windowssystem32Driversmup.sys 16:24:32.0815 4192 Mup - ok 16:24:32.0924 4192 NanoServiceMain (07b2740cf3294b98380b9e1bf8ab05b8) F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe 16:24:32.0940 4192 NanoServiceMain - ok 16:24:32.0971 4192 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) F:Windowssystem32qagentRT.dll 16:24:32.0986 4192 napagent - ok 16:24:33.0018 4192 NativeWifiP (26384429fcd85d83746f63e798ab1480) F:Windowssystem32DRIVERSnwifi.sys 16:24:33.0018 4192 NativeWifiP - ok 16:24:33.0111 4192 NAUpdate (e4534bccdd1ea7a7a256bb9d6688a5fc) F:Program FilesNeroUpdateNASvc.exe 16:24:33.0111 4192 NAUpdate - ok 16:24:33.0174 4192 NDIS (e7c54812a2aaf43316eb6930c1ffa108) F:Windowssystem32driversndis.sys 16:24:33.0189 4192 NDIS - ok 16:24:33.0205 4192 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) F:Windowssystem32DRIVERSndiscap.sys 16:24:33.0205 4192 NdisCap - ok 16:24:33.0220 4192 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) F:Windowssystem32DRIVERSndistapi.sys 16:24:33.0220 4192 NdisTapi - ok 16:24:33.0252 4192 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) F:Windowssystem32DRIVERSndisuio.sys 16:24:33.0252 4192 Ndisuio - ok 16:24:33.0298 4192 NdisWan (38fbe267e7e6983311179230facb1017) F:Windowssystem32DRIVERSndiswan.sys 16:24:33.0298 4192 NdisWan - ok 16:24:33.0423 4192 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) F:Windowssystem32driversNDProxy.sys 16:24:33.0423 4192 NDProxy - ok 16:24:33.0470 4192 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) F:Windowssystem32DRIVERSnetbios.sys 16:24:33.0470 4192 NetBIOS - ok 16:24:33.0501 4192 NetBT (280122ddcf04b378edd1ad54d71c1e54) F:Windowssystem32DRIVERSnetbt.sys 16:24:33.0501 4192 NetBT - ok 16:24:33.0532 4192 Netlogon (81951f51e318aecc2d68559e47485cc4) F:Windowssystem32lsass.exe 16:24:33.0548 4192 Netlogon - ok 16:24:33.0579 4192 Netman (7cccfca7510684768da22092d1fa4db2) F:WindowsSystem32netman.dll 16:24:33.0595 4192 Netman - ok 16:24:33.0610 4192 netprofm (8c338238c16777a802d6a9211eb2ba50) F:WindowsSystem32netprofm.dll 16:24:33.0626 4192 netprofm - ok 16:24:33.0688 4192 netr28u (efd7c94281882cbba8ec1b967e9f73d8) F:Windowssystem32DRIVERSnetr28u.sys 16:24:33.0688 4192 netr28u - ok 16:24:33.0766 4192 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) F:WindowsMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe 16:24:33.0766 4192 NetTcpPortSharing - ok 16:24:33.0782 4192 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) F:Windowssystem32DRIVERSnfrd960.sys 16:24:33.0782 4192 nfrd960 - ok 16:24:33.0829 4192 NisDrv (7b01c6172cfd0b10116175e09200d4b4) F:Windowssystem32DRIVERSNisDrvWFP.sys 16:24:33.0829 4192 NisDrv - ok 16:24:33.0907 4192 NisSrv (a5cb074f34bbd89948e34a630d459c0c) F:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe 16:24:33.0907 4192 NisSrv - ok 16:24:33.0954 4192 NlaSvc (912084381d30d8b89ec4e293053f4710) F:WindowsSystem32nlasvc.dll 16:24:33.0969 4192 NlaSvc - ok 16:24:34.0016 4192 NNSALPC (cfee15a88280d369672da0e378bbc702) F:Windowssystem32DRIVERSNNSAlpc.sys 16:24:34.0016 4192 NNSALPC - ok 16:24:34.0063 4192 NNSHTTP (2708799adc223c4412341f0c68d032e3) F:Windowssystem32DRIVERSNNSHttp.sys 16:24:34.0063 4192 NNSHTTP - ok 16:24:34.0110 4192 NNSIDS (533f19056b98d9cce466b64186905bc1) F:Windowssystem32DRIVERSNNSIds.sys 16:24:34.0110 4192 NNSIDS - ok 16:24:34.0141 4192 NNSNAHSL (bf5295ec6f9e4737f891f58fea879b31) F:Windowssystem32DRIVERSNNSNAHSL.sys 16:24:34.0141 4192 NNSNAHSL - ok 16:24:34.0203 4192 NNSPICC (1f054c5ca627fcd3983538d74574016b) F:Windowssystem32DRIVERSNNSPicc.sys 16:24:34.0219 4192 NNSPICC - ok 16:24:34.0266 4192 NNSPIHSW (a15b00ecd15dacfb9dd33f0ce26ee60d) F:Windowssystem32DRIVERSNNSPihsw.sys 16:24:34.0266 4192 NNSPIHSW - ok 16:24:34.0281 4192 NNSPOP3 (5f8c023775b8f4a0a8ffc93dd0a27285) F:Windowssystem32DRIVERSNNSPop3.sys 16:24:34.0281 4192 NNSPOP3 - ok 16:24:34.0328 4192 NNSPROT (ca541ce4a1fc034eec8cfd6c155b9d30) F:Windowssystem32DRIVERSNNSProt.sys 16:24:34.0344 4192 NNSPROT - ok 16:24:34.0359 4192 NNSPRV (938e8ccc7ac5922f2e3dbdf3e7a3035c) F:Windowssystem32DRIVERSNNSPrv.sys 16:24:34.0359 4192 NNSPRV - ok 16:24:34.0390 4192 NNSSMTP (2458e950f0a0dd9ad08385209b5e1702) F:Windowssystem32DRIVERSNNSSmtp.sys 16:24:34.0390 4192 NNSSMTP - ok 16:24:34.0406 4192 NNSSTRM (75d990651236a570c4c80ed56bfb4009) F:Windowssystem32DRIVERSNNSStrm.sys 16:24:34.0406 4192 NNSSTRM - ok 16:24:34.0437 4192 NNSTLSC (9d526b79e7d438056ed7d382ab94019a) F:Windowssystem32DRIVERSNNSTlsc.sys 16:24:34.0437 4192 NNSTLSC - ok 16:24:34.0500 4192 Nonbrand_WUS-N (f195fbc375342bd25c936982245a8fb0) F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe 16:24:34.0500 4192 Nonbrand_WUS-N - ok 16:24:34.0531 4192 Nonbrand_WUS-N_WPS (c062a2b158ed9c643d24f8e33a607c9f) F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe 16:24:34.0531 4192 Nonbrand_WUS-N_WPS - ok 16:24:34.0546 4192 Npfs (1db262a9f8c087e8153d89bef3d2235f) F:Windowssystem32driversNpfs.sys 16:24:34.0546 4192 Npfs - ok 16:24:34.0562 4192 nsi (ba387e955e890c8a88306d9b8d06bf17) F:Windowssystem32nsisvc.dll 16:24:34.0562 4192 nsi - ok 16:24:34.0578 4192 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) F:Windowssystem32driversnsiproxy.sys 16:24:34.0578 4192 nsiproxy - ok 16:24:34.0671 4192 Ntfs (81189c3d7763838e55c397759d49007a) F:Windowssystem32driversNtfs.sys 16:24:34.0671 4192 Ntfs - ok 16:24:34.0718 4192 Null (f9756a98d69098dca8945d62858a812c) F:Windowssystem32driversNull.sys 16:24:34.0718 4192 Null - ok 16:24:35.0155 4192 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) F:Windowssystem32DRIVERSnvlddmkm.sys 16:24:35.0264 4192 nvlddmkm - ok 16:24:35.0373 4192 nvraid (b3e25ee28883877076e0e1ff877d02e0) F:Windowssystem32driversnvraid.sys 16:24:35.0373 4192 nvraid - ok 16:24:35.0389 4192 nvstor (4380e59a170d88c4f1022eff6719a8a4) F:Windowssystem32driversnvstor.sys 16:24:35.0404 4192 nvstor - ok 16:24:35.0436 4192 nvsvc (ded8f2c0070478f13c37f7bd849b83fa) F:Windowssystem32nvvsvc.exe 16:24:35.0436 4192 nvsvc - ok 16:24:35.0467 4192 nv_agp (5a0983915f02bae73267cc2a041f717d) F:Windowssystem32driversnv_agp.sys 16:24:35.0467 4192 nv_agp - ok 16:24:35.0514 4192 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) F:Windowssystem32driversohci1394.sys 16:24:35.0514 4192 ohci1394 - ok 16:24:35.0576 4192 ose (9d10f99a6712e28f8acd5641e3a7ea6b) F:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE 16:24:35.0576 4192 ose - ok 16:24:35.0826 4192 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) F:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE 16:24:35.0872 4192 osppsvc - ok 16:24:35.0966 4192 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) F:Windowssystem32pnrpsvc.dll 16:24:35.0966 4192 p2pimsvc - ok 16:24:35.0997 4192 p2psvc (59c3ddd501e39e006dac31bf55150d91) F:Windowssystem32p2psvc.dll 16:24:36.0044 4192 p2psvc - ok 16:24:36.0106 4192 PAC7302 (aff9a1986555e4592de8092f9a5fa2d2) F:Windowssystem32DRIVERSPAC7302.SYS 16:24:36.0122 4192 PAC7302 - ok 16:24:36.0169 4192 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) F:Windowssystem32DRIVERSparport.sys 16:24:36.0169 4192 Parport - ok 16:24:36.0200 4192 partmgr (3f34a1b4c5f6475f320c275e63afce9b) F:Windowssystem32driverspartmgr.sys 16:24:36.0200 4192 partmgr - ok 16:24:36.0247 4192 Parvdm (eb0a59f29c19b86479d36b35983daadc) F:Windowssystem32DRIVERSparvdm.sys 16:24:36.0247 4192 Parvdm - ok 16:24:36.0278 4192 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) F:Windowssystem32DRIVERSPBADRV.sys 16:24:36.0278 4192 PBADRV - ok 16:24:36.0330 4192 PcaSvc (358ab7956d3160000726574083dfc8a6) F:WindowsSystem32pcasvc.dll 16:24:36.0343 4192 PcaSvc - ok 16:24:36.0379 4192 pci (673e55c3498eb970088e812ea820aa8f) F:Windowssystem32driverspci.sys 16:24:36.0381 4192 pci - ok 16:24:36.0399 4192 pciide (afe86f419014db4e5593f69ffe26ce0a) F:Windowssystem32driverspciide.sys 16:24:36.0400 4192 pciide - ok 16:24:36.0422 4192 pcmcia (f396431b31693e71e8a80687ef523506) F:Windowssystem32DRIVERSpcmcia.sys 16:24:36.0424 4192 pcmcia - ok 16:24:36.0459 4192 pcouffin (5b6c11de7e839c05248ced8825470fef) F:Windowssystem32Driverspcouffin.sys 16:24:36.0460 4192 pcouffin - ok 16:24:36.0506 4192 pcw (250f6b43d2b613172035c6747aeeb19f) F:Windowssystem32driverspcw.sys 16:24:36.0507 4192 pcw - ok 16:24:36.0572 4192 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) F:Windowssystem32driverspeauth.sys 16:24:36.0588 4192 PEAUTH - ok 16:24:36.0640 4192 pgfilter (2cf226173b467ab48f89d77e89936951) F:Program FilesPeerGuardian2pgfilter.sys 16:24:36.0641 4192 pgfilter - ok 16:24:36.0743 4192 pla (414bba67a3ded1d28437eb66aeb8a720) F:Windowssystem32pla.dll 16:24:36.0771 4192 pla - ok 16:24:36.0856 4192 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) F:Windowssystem32umpnpmgr.dll 16:24:36.0861 4192 PlugPlay - ok 16:24:36.0876 4192 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) F:Windowssystem32pnrpauto.dll 16:24:36.0879 4192 PNRPAutoReg - ok 16:24:36.0905 4192 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) F:Windowssystem32pnrpsvc.dll 16:24:36.0908 4192 PNRPsvc - ok 16:24:36.0973 4192 PolicyAgent (53946b69ba0836bd95b03759530c81ec) F:WindowsSystem32ipsecsvc.dll 16:24:36.0988 4192 PolicyAgent - ok 16:24:37.0030 4192 Power (f87d30e72e03d579a5199ccb3831d6ea) F:Windowssystem32umpo.dll 16:24:37.0034 4192 Power - ok 16:24:37.0065 4192 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) F:Windowssystem32DRIVERSraspptp.sys 16:24:37.0067 4192 PptpMiniport - ok 16:24:37.0085 4192 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) F:Windowssystem32DRIVERSprocessr.sys 16:24:37.0086 4192 Processor - ok 16:24:37.0119 4192 ProfSvc (cadefac453040e370a1bdff3973be00d) F:Windowssystem32profsvc.dll 16:24:37.0123 4192 ProfSvc - ok 16:24:37.0158 4192 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) F:Windowssystem32lsass.exe 16:24:37.0160 4192 ProtectedStorage - ok 16:24:37.0181 4192 Psched (6270ccae2a86de6d146529fe55b3246a) F:Windowssystem32DRIVERSpacer.sys 16:24:37.0182 4192 Psched - ok 16:24:37.0228 4192 PSI (d24dfd16a1e2a76034df5aa18125c35d) F:Windowssystem32DRIVERSpsi_mf.sys 16:24:37.0229 4192 PSI - ok 16:24:37.0276 4192 PSINAflt (389d8cc1f8d7c5ec736bded9d1a98c4c) F:Windowssystem32DRIVERSPSINAflt.sys 16:24:37.0278 4192 PSINAflt - ok 16:24:37.0322 4192 PSINFile (04e2992c67ab310409531be99e66dd1f) F:Windowssystem32DRIVERSPSINFile.sys 16:24:37.0322 4192 PSINFile - ok 16:24:37.0322 4192 PSINKNC (5292037b8839d9de8ace23eba1268a34) F:Windowssystem32DRIVERSpsinknc.sys 16:24:37.0338 4192 PSINKNC - ok 16:24:37.0354 4192 PSINProc (b10d97ff830f677a1295f3b9e5e6f8fb) F:Windowssystem32DRIVERSPSINProc.sys 16:24:37.0354 4192 PSINProc - ok 16:24:37.0369 4192 PSINProt (49dd888c415611da5654ce895b9f37d9) F:Windowssystem32DRIVERSPSINProt.sys 16:24:37.0385 4192 PSINProt - ok 16:24:37.0432 4192 PSKMAD (476769481841007583875023f7ecc4ca) F:Windowssystem32DRIVERSPSKMAD.sys 16:24:37.0432 4192 PSKMAD - ok 16:24:37.0525 4192 PSUAService (98a9d3236c6301503571de79b86e8538) F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe 16:24:37.0525 4192 PSUAService - ok 16:24:37.0603 4192 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) F:Windowssystem32DRIVERSql2300.sys 16:24:37.0634 4192 ql2300 - ok 16:24:37.0728 4192 ql40xx (b4dd51dd25182244b86737dc51af2270) F:Windowssystem32DRIVERSql40xx.sys 16:24:37.0728 4192 ql40xx - ok 16:24:37.0744 4192 QWAVE (31ac809e7707eb580b2bdb760390765a) F:Windowssystem32qwave.dll 16:24:37.0759 4192 QWAVE - ok 16:24:37.0775 4192 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) F:Windowssystem32driversqwavedrv.sys 16:24:37.0775 4192 QWAVEdrv - ok 16:24:37.0790 4192 RasAcd (30a81b53c766d0133bb86d234e5556ab) F:Windowssystem32DRIVERSrasacd.sys 16:24:37.0790 4192 RasAcd - ok 16:24:37.0822 4192 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) F:Windowssystem32DRIVERSAgileVpn.sys 16:24:37.0837 4192 RasAgileVpn - ok 16:24:37.0853 4192 RasAuto (a60f1839849c0c00739787fd5ec03f13) F:WindowsSystem32rasauto.dll 16:24:37.0853 4192 RasAuto - ok 16:24:37.0868 4192 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) F:Windowssystem32DRIVERSrasl2tp.sys 16:24:37.0884 4192 Rasl2tp - ok 16:24:37.0915 4192 RasMan (cb9e04dc05eacf5b9a36ca276d475006) F:WindowsSystem32rasmans.dll 16:24:37.0931 4192 RasMan - ok 16:24:37.0946 4192 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) F:Windowssystem32DRIVERSraspppoe.sys 16:24:37.0946 4192 RasPppoe - ok 16:24:37.0962 4192 RasSstp (44101f495a83ea6401d886e7fd70096b) F:Windowssystem32DRIVERSrassstp.sys 16:24:37.0962 4192 RasSstp - ok 16:24:38.0009 4192 rdbss (d528bc58a489409ba40334ebf96a311b) F:Windowssystem32DRIVERSrdbss.sys 16:24:38.0024 4192 rdbss - ok 16:24:38.0040 4192 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) F:Windowssystem32DRIVERSrdpbus.sys 16:24:38.0040 4192 rdpbus - ok 16:24:38.0071 4192 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) F:Windowssystem32DRIVERSRDPCDD.sys 16:24:38.0071 4192 RDPCDD - ok 16:24:38.0102 4192 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) F:Windowssystem32driversrdpencdd.sys 16:24:38.0102 4192 RDPENCDD - ok 16:24:38.0118 4192 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) F:Windowssystem32driversrdprefmp.sys 16:24:38.0118 4192 RDPREFMP - ok 16:24:38.0149 4192 RDPWD (f031683e6d1fea157abb2ff260b51e61) F:Windowssystem32driversRDPWD.sys 16:24:38.0149 4192 RDPWD - ok 16:24:38.0212 4192 rdyboost (518395321dc96fe2c9f0e96ac743b656) F:Windowssystem32driversrdyboost.sys 16:24:38.0212 4192 rdyboost - ok 16:24:38.0243 4192 RemoteAccess (7b5e1419717fac363a31cc302895217a) F:WindowsSystem32mprdim.dll 16:24:38.0243 4192 RemoteAccess - ok 16:24:38.0258 4192 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) F:Windowssystem32regsvc.dll 16:24:38.0258 4192 RemoteRegistry - ok 16:24:38.0305 4192 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) F:Windowssystem32DRIVERSrimmptsk.sys 16:24:38.0305 4192 rimmptsk - ok 16:24:38.0336 4192 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) F:WindowsSystem32RpcEpMap.dll 16:24:38.0336 4192 RpcEptMapper - ok 16:24:38.0368 4192 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) F:Windowssystem32locator.exe 16:24:38.0368 4192 RpcLocator - ok 16:24:38.0414 4192 RpcSs (7660f01d3b38aca1747e397d21d790af) F:Windowssystem32rpcss.dll 16:24:38.0414 4192 RpcSs - ok 16:24:38.0446 4192 rspndr (032b0d36ad92b582d869879f5af5b928) F:Windowssystem32DRIVERSrspndr.sys 16:24:38.0446 4192 rspndr - ok 16:24:38.0492 4192 SamSs (81951f51e318aecc2d68559e47485cc4) F:Windowssystem32lsass.exe 16:24:38.0492 4192 SamSs - ok 16:24:38.0586 4192 SASDIFSV (39763504067962108505bff25f024345) F:Program FilesSUPERAntiSpywareSASDIFSV.SYS 16:24:38.0586 4192 SASDIFSV - ok 16:24:38.0602 4192 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) F:Program FilesSUPERAntiSpywareSASKUTIL.SYS 16:24:38.0602 4192 SASKUTIL - ok 16:24:38.0633 4192 sbp2port (05d860da1040f111503ac416ccef2bca) F:Windowssystem32driverssbp2port.sys 16:24:38.0633 4192 sbp2port - ok 16:24:38.0664 4192 SCardSvr (8fc518ffe9519c2631d37515a68009c4) F:WindowsSystem32SCardSvr.dll 16:24:38.0680 4192 SCardSvr - ok 16:24:38.0695 4192 scfilter (0693b5ec673e34dc147e195779a4dcf6) F:Windowssystem32DRIVERSscfilter.sys 16:24:38.0695 4192 scfilter - ok 16:24:38.0758 4192 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) F:Windowssystem32schedsvc.dll 16:24:38.0773 4192 Schedule - ok 16:24:38.0804 4192 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) F:WindowsSystem32certprop.dll 16:24:38.0804 4192 SCPolicySvc - ok 16:24:38.0851 4192 sdbus (0328be1c7f1cba23848179f8762e391c) F:Windowssystem32driverssdbus.sys 16:24:38.0851 4192 sdbus - ok 16:24:38.0898 4192 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) F:WindowsSystem32SDRSVC.dll 16:24:38.0898 4192 SDRSVC - ok 16:24:38.0914 4192 secdrv (90a3935d05b494a5a39d37e71f09a677) F:Windowssystem32driverssecdrv.sys 16:24:38.0914 4192 secdrv - ok 16:24:38.0929 4192 seclogon (a59b3a4442c52060cc7a85293aa3546f) F:Windowssystem32seclogon.dll 16:24:38.0929 4192 seclogon - ok 16:24:39.0023 4192 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) F:Program FilesSecuniaPSIPSIA.exe 16:24:39.0038 4192 Secunia PSI Agent - ok 16:24:39.0070 4192 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) F:Program FilesSecuniaPSIsua.exe 16:24:39.0070 4192 Secunia Update Agent - ok 16:24:39.0148 4192 SENS (dcb7fcdcc97f87360f75d77425b81737) F:Windowssystem32sens.dll 16:24:39.0163 4192 SENS - ok 16:24:39.0179 4192 SensrSvc (50087fe1ee447009c9cc2997b90de53f) F:Windowssystem32sensrsvc.dll 16:24:39.0179 4192 SensrSvc - ok 16:24:39.0210 4192 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) F:Windowssystem32DRIVERSserenum.sys 16:24:39.0210 4192 Serenum - ok 16:24:39.0241 4192 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) F:Windowssystem32DRIVERSserial.sys 16:24:39.0241 4192 Serial - ok 16:24:39.0272 4192 sermouse (79bffb520327ff916a582dfea17aa813) F:Windowssystem32DRIVERSsermouse.sys 16:24:39.0272 4192 sermouse - ok 16:24:39.0319 4192 SessionEnv (4ae380f39a0032eab7dd953030b26d28) F:Windowssystem32sessenv.dll 16:24:39.0319 4192 SessionEnv - ok 16:24:39.0382 4192 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) F:Windowssystem32DRIVERSsffdisk.sys 16:24:39.0382 4192 sffdisk - ok 16:24:39.0397 4192 sffp_mmc (932a68ee27833cfd57c1639d375f2731) F:Windowssystem32driverssffp_mmc.sys 16:24:39.0397 4192 sffp_mmc - ok 16:24:39.0428 4192 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) F:Windowssystem32DRIVERSsffp_sd.sys 16:24:39.0444 4192 sffp_sd - ok 16:24:39.0460 4192 sfloppy (db96666cc8312ebc45032f30b007a547) F:Windowssystem32DRIVERSsfloppy.sys 16:24:39.0460 4192 sfloppy - ok 16:24:39.0522 4192 SharedAccess (d1a079a0de2ea524513b6930c24527a2) F:WindowsSystem32ipnathlp.dll 16:24:39.0538 4192 SharedAccess - ok 16:24:39.0600 4192 ShellHWDetection (414da952a35bf5d50192e28263b40577) F:WindowsSystem32shsvcs.dll 16:24:39.0616 4192 ShellHWDetection - ok 16:24:39.0662 4192 sisagp (2565cac0dc9fe0371bdce60832582b2e) F:Windowssystem32driverssisagp.sys 16:24:39.0662 4192 sisagp - ok 16:24:39.0678 4192 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) F:Windowssystem32DRIVERSSiSRaid2.sys 16:24:39.0678 4192 SiSRaid2 - ok 16:24:39.0709 4192 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) F:Windowssystem32DRIVERSsisraid4.sys 16:24:39.0709 4192 SiSRaid4 - ok 16:24:39.0756 4192 SmartDefragDriver (4aa2772a355226e9ac96d01ba431d253) F:Windowssystem32DriversSmartDefragDriver.sys 16:24:39.0756 4192 SmartDefragDriver - ok 16:24:39.0772 4192 Smb (3e21c083b8a01cb70ba1f09303010fce) F:Windowssystem32DRIVERSsmb.sys 16:24:39.0772 4192 Smb - ok 16:24:39.0803 4192 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) F:WindowsSystem32snmptrap.exe 16:24:39.0803 4192 SNMPTRAP - ok 16:24:39.0818 4192 spldr (95cf1ae7527fb70f7816563cbc09d942) F:Windowssystem32driversspldr.sys 16:24:39.0818 4192 spldr - ok 16:24:39.0865 4192 Spooler (866a43013535dc8587c258e43579c764) F:WindowsSystem32spoolsv.exe 16:24:39.0865 4192 Spooler - ok 16:24:40.0037 4192 sppsvc (cf87a1de791347e75b98885214ced2b8) F:Windowssystem32sppsvc.exe 16:24:40.0052 4192 sppsvc - ok 16:24:40.0146 4192 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) F:Windowssystem32sppuinotify.dll 16:24:40.0146 4192 sppuinotify - ok 16:24:40.0240 4192 srv (e4c2764065d66ea1d2d3ebc28fe99c46) F:Windowssystem32DRIVERSsrv.sys 16:24:40.0240 4192 srv - ok 16:24:40.0318 4192 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) F:Windowssystem32DRIVERSsrv2.sys 16:24:40.0318 4192 srv2 - ok 16:24:40.0364 4192 srvnet (be6bd660caa6f291ae06a718a4fa8abc) F:Windowssystem32DRIVERSsrvnet.sys 16:24:40.0364 4192 srvnet - ok 16:24:40.0396 4192 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) F:WindowsSystem32ssdpsrv.dll 16:24:40.0396 4192 SSDPSRV - ok 16:24:40.0411 4192 SstpSvc (d318f23be45d5e3a107469eb64815b50) F:Windowssystem32sstpsvc.dll 16:24:40.0427 4192 SstpSvc - ok 16:24:40.0442 4192 stexstor (db32d325c192b801df274bfd12a7e72b) F:Windowssystem32DRIVERSstexstor.sys 16:24:40.0442 4192 stexstor - ok 16:24:40.0489 4192 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) F:WindowsSystem32wiaservc.dll 16:24:40.0505 4192 StiSvc - ok 16:24:40.0536 4192 swenum (e58c78a848add9610a4db6d214af5224) F:Windowssystem32driversswenum.sys 16:24:40.0536 4192 swenum - ok 16:24:40.0567 4192 swprv (a28bd92df340e57b024ba433165d34d7) F:WindowsSystem32swprv.dll 16:24:40.0583 4192 swprv - ok 16:24:40.0661 4192 SysMain (36650d618ca34c9d357dfd3d89b2c56f) F:Windowssystem32sysmain.dll 16:24:40.0676 4192 SysMain - ok 16:24:40.0723 4192 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) F:WindowsSystem32TabSvc.dll 16:24:40.0723 4192 TabletInputService - ok 16:24:40.0770 4192 TapiSrv (613bf4820361543956909043a265c6ac) F:WindowsSystem32tapisrv.dll 16:24:40.0770 4192 TapiSrv - ok 16:24:40.0786 4192 TBS (b799d9fdb26111737f58288d8dc172d9) F:WindowsSystem32tbssvc.dll 16:24:40.0786 4192 TBS - ok 16:24:40.0895 4192 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) F:Windowssystem32driverstcpip.sys 16:24:40.0910 4192 Tcpip - ok 16:24:41.0035 4192 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) F:Windowssystem32DRIVERStcpip.sys 16:24:41.0035 4192 TCPIP6 - ok 16:24:41.0098 4192 tcpipreg (cca24162e055c3714ce5a88b100c64ed) F:Windowssystem32driverstcpipreg.sys 16:24:41.0098 4192 tcpipreg - ok 16:24:41.0144 4192 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) F:Windowssystem32driverstdpipe.sys 16:24:41.0144 4192 TDPIPE - ok 16:24:41.0176 4192 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) F:Windowssystem32driverstdtcp.sys 16:24:41.0176 4192 TDTCP - ok 16:24:41.0222 4192 tdx (b459575348c20e8121d6039da063c704) F:Windowssystem32DRIVERStdx.sys 16:24:41.0222 4192 tdx - ok 16:24:41.0254 4192 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) F:Windowssystem32driverstermdd.sys 16:24:41.0269 4192 TermDD - ok 16:24:41.0316 4192 TermService (382c804c92811be57829d8e550a900e2) F:WindowsSystem32termsrv.dll 16:24:41.0332 4192 TermService - ok 16:24:41.0363 4192 TfFsMon (a56ec942ecabfb7849bfa76060f929fb) F:Windowssystem32driversTfFsMon.sys 16:24:41.0363 4192 TfFsMon - ok 16:24:41.0410 4192 TfNetMon (917ef522563f6047685486efa486fb3c) F:Windowssystem32driversTfNetMon.sys 16:24:41.0410 4192 TfNetMon - ok 16:24:41.0456 4192 TfSysMon (57edbb5fe7ff09bb21121d13bb950ba5) F:Windowssystem32driversTfSysMon.sys 16:24:41.0456 4192 TfSysMon - ok 16:24:41.0472 4192 Themes (42fb6afd6b79d9fe07381609172e7ca4) F:Windowssystem32themeservice.dll 16:24:41.0472 4192 Themes - ok 16:24:41.0503 4192 THREADORDER (146b6f43a673379a3c670e86d89be5ea) F:Windowssystem32mmcss.dll 16:24:41.0503 4192 THREADORDER - ok 16:24:41.0534 4192 ThreatFire - ok 16:24:41.0550 4192 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) F:WindowsSystem32trkwks.dll 16:24:41.0566 4192 TrkWks - ok 16:24:41.0597 4192 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) F:WindowsservicingTrustedInstaller.exe 16:24:41.0612 4192 TrustedInstaller - ok 16:24:41.0644 4192 tssecsrv (254bb140eee3c59d6114c1a86b636877) F:Windowssystem32DRIVERStssecsrv.sys 16:24:41.0644 4192 tssecsrv - ok 16:24:41.0659 4192 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) F:Windowssystem32driverstsusbflt.sys 16:24:41.0659 4192 TsUsbFlt - ok 16:24:41.0706 4192 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) F:Windowssystem32DRIVERStunnel.sys 16:24:41.0706 4192 tunnel - ok 16:24:41.0737 4192 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) F:Windowssystem32DRIVERSuagp35.sys 16:24:41.0737 4192 uagp35 - ok 16:24:41.0784 4192 udfs (ee43346c7e4b5e63e54f927babbb32ff) F:Windowssystem32DRIVERSudfs.sys 16:24:41.0784 4192 udfs - ok 16:24:41.0815 4192 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) F:Windowssystem32UI0Detect.exe 16:24:41.0815 4192 UI0Detect - ok 16:24:41.0862 4192 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) F:Windowssystem32driversuliagpkx.sys 16:24:41.0862 4192 uliagpkx - ok 16:24:41.0909 4192 umbus (d295bed4b898f0fd999fcfa9b32b071b) F:Windowssystem32driversumbus.sys 16:24:41.0909 4192 umbus - ok 16:24:41.0924 4192 UmPass (7550ad0c6998ba1cb4843e920ee0feac) F:Windowssystem32DRIVERSumpass.sys 16:24:41.0924 4192 UmPass - ok 16:24:41.0956 4192 upnphost (833fbb672460efce8011d262175fad33) F:WindowsSystem32upnphost.dll 16:24:41.0956 4192 upnphost - ok 16:24:42.0002 4192 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) F:Windowssystem32driversusbaudio.sys 16:24:42.0002 4192 usbaudio - ok 16:24:42.0049 4192 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) F:Windowssystem32DRIVERSusbccgp.sys 16:24:42.0049 4192 usbccgp - ok 16:24:42.0080 4192 usbcir (04ec7cec62ec3b6d9354eee93327fc82) F:Windowssystem32driversusbcir.sys 16:24:42.0080 4192 usbcir - ok 16:24:42.0096 4192 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) F:Windowssystem32DRIVERSusbehci.sys 16:24:42.0096 4192 usbehci - ok 16:24:42.0143 4192 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) F:Windowssystem32DRIVERSusbhub.sys 16:24:42.0143 4192 usbhub - ok 16:24:42.0158 4192 usbohci (a6fb7957ea7afb1165991e54ce934b74) F:Windowssystem32DRIVERSusbohci.sys 16:24:42.0158 4192 usbohci - ok 16:24:42.0205 4192 usbprint (797d862fe0875e75c7cc4c1ad7b30252) F:Windowssystem32DRIVERSusbprint.sys 16:24:42.0205 4192 usbprint - ok 16:24:42.0236 4192 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) F:Windowssystem32DRIVERSusbscan.sys 16:24:42.0252 4192 usbscan - ok 16:24:42.0283 4192 USBSTOR (f991ab9cc6b908db552166768176896a) F:Windowssystem32DRIVERSUSBSTOR.SYS 16:24:42.0283 4192 USBSTOR - ok 16:24:42.0314 4192 usbuhci (68df884cf41cdada664beb01daf67e3d) F:Windowssystem32DRIVERSusbuhci.sys 16:24:42.0314 4192 usbuhci - ok 16:24:42.0330 4192 UxSms (081e6e1c91aec36758902a9f727cd23c) F:WindowsSystem32uxsms.dll 16:24:42.0330 4192 UxSms - ok 16:24:42.0361 4192 VaultSvc (81951f51e318aecc2d68559e47485cc4) F:Windowssystem32lsass.exe 16:24:42.0361 4192 VaultSvc - ok 16:24:42.0377 4192 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) F:Windowssystem32driversvdrvroot.sys 16:24:42.0377 4192 vdrvroot - ok 16:24:42.0455 4192 vds (c3cd30495687c2a2f66a65ca6fd89be9) F:WindowsSystem32vds.exe 16:24:42.0470 4192 vds - ok 16:24:42.0486 4192 vga (17c408214ea61696cec9c66e388b14f3) F:Windowssystem32DRIVERSvgapnp.sys 16:24:42.0486 4192 vga - ok 16:24:42.0502 4192 VgaSave (8e38096ad5c8570a6f1570a61e251561) F:WindowsSystem32driversvga.sys 16:24:42.0502 4192 VgaSave - ok 16:24:42.0533 4192 vhdmp (5461686cca2fda57b024547733ab42e3) F:Windowssystem32driversvhdmp.sys 16:24:42.0533 4192 vhdmp - ok 16:24:42.0564 4192 viaagp (c829317a37b4bea8f39735d4b076e923) F:Windowssystem32driversviaagp.sys 16:24:42.0564 4192 viaagp - ok 16:24:42.0595 4192 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) F:Windowssystem32DRIVERSviac7.sys 16:24:42.0595 4192 ViaC7 - ok 16:24:42.0611 4192 viaide (e43574f6a56a0ee11809b48c09e4fd3c) F:Windowssystem32driversviaide.sys 16:24:42.0611 4192 viaide - ok 16:24:42.0611 4192 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) F:Windowssystem32driversvolmgr.sys 16:24:42.0626 4192 volmgr - ok 16:24:42.0642 4192 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) F:Windowssystem32driversvolmgrx.sys 16:24:42.0658 4192 volmgrx - ok 16:24:42.0689 4192 volsnap (f497f67932c6fa693d7de2780631cfe7) F:Windowssystem32driversvolsnap.sys 16:24:42.0689 4192 volsnap - ok 16:24:42.0720 4192 vsmraid (9dfa0cc2f8855a04816729651175b631) F:Windowssystem32DRIVERSvsmraid.sys 16:24:42.0720 4192 vsmraid - ok 16:24:42.0798 4192 VSS (209a3b1901b83aeb8527ed211cce9e4c) F:Windowssystem32vssvc.exe 16:24:42.0814 4192 VSS - ok 16:24:42.0845 4192 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) F:Windowssystem32DRIVERSvwifibus.sys 16:24:42.0845 4192 vwifibus - ok 16:24:42.0860 4192 vwififlt (7090d3436eeb4e7da3373090a23448f7) F:Windowssystem32DRIVERSvwififlt.sys 16:24:42.0876 4192 vwififlt - ok 16:24:42.0907 4192 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) F:Windowssystem32DRIVERSvwifimp.sys 16:24:42.0907 4192 vwifimp - ok 16:24:42.0954 4192 W32Time (55187fd710e27d5095d10a472c8baf1c) F:Windowssystem32w32time.dll 16:24:42.0985 4192 W32Time - ok 16:24:43.0001 4192 WacomPen (de3721e89c653aa281428c8a69745d90) F:Windowssystem32DRIVERSwacompen.sys 16:24:43.0001 4192 WacomPen - ok 16:24:43.0032 4192 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) F:Windowssystem32DRIVERSwanarp.sys 16:24:43.0032 4192 WANARP - ok 16:24:43.0048 4192 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) F:Windowssystem32DRIVERSwanarp.sys 16:24:43.0048 4192 Wanarpv6 - ok 16:24:43.0141 4192 WatAdminSvc (353a04c
  20. luluhifi

    Trojans win32 Sirefef!E2 & E1

    aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-26 15:39:12 ----------------------------- 15:39:12.760 OS Version: Windows 6.1.7601 Service Pack 1 15:39:12.760 Number of processors: 2 586 0x170A 15:39:12.760 ComputerName: TTARMSTRONG-PC UserName: TTArmstrong 15:39:13.852 Initialize success 15:47:07.175 AVAST engine defs: 12072601 15:47:17.611 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIAAStorageDevice-1 15:47:17.611 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 8 15:47:17.627 Disk 0 MBR read successfully 15:47:17.627 Disk 0 MBR scan 15:47:17.642 Disk 0 Windows 7 default MBR code 15:47:17.642 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 266 MB offset 63 15:47:17.658 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 60345 MB offset 546210 15:47:17.673 Disk 0 Partition - 00 0F Extended LBA 92012 MB offset 124134255 15:47:17.689 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 51348 MB offset 124134318 15:47:17.689 Disk 0 Partition - 00 05 Extended 40664 MB offset 229295745 15:47:17.705 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 40664 MB offset 229295808 15:47:17.720 Disk 0 scanning sectors +312576705 15:47:17.783 Disk 0 scanning F:Windowssystem32drivers 15:47:28.609 Service scanning 15:47:53.163 Modules scanning 15:47:58.670 Disk 0 trace - called modules: 15:47:58.717 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorV.sys halmacpi.dll 15:47:58.717 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0x8bba8810] 15:47:58.733 3 CLASSPNP.SYS[8e5bd59e] -> nt!IofCallDriver -> DeviceIdeIAAStorageDevice-1[0x8ad95028] 15:47:59.357 AVAST engine scan F:Windows 15:48:01.182 AVAST engine scan F:Windowssystem32 15:50:20.818 AVAST engine scan F:Windowssystem32drivers 15:50:33.766 AVAST engine scan F:UsersTTArmstrong 15:53:21.123 AVAST engine scan F:ProgramData 15:53:43.415 File: F:ProgramDataMicrosoftWindowsDRMD27B.tmp **INFECTED** Win32:Crypt-NKI [Trj] 15:54:11.542 Scan finished successfully 16:16:33.498 Disk 0 MBR has been saved successfully to "F:UsersTTArmstrongDesktopMBR.dat" 16:16:33.498 The log file has been saved successfully to "F:UsersTTArmstrongDesktopaswMBR july.txt"
  21. luluhifi

    Trojans win32 Sirefef!E2 & E1

    Ok Here is the OTL OTL logfile created on: 7/26/2012 3:26:09 PM - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = F:UsersTTArmstrongDesktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.26% Memory free 3.98 Gb Paging File | 2.61 Gb Available in Paging File | 65.70% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = F: | %SystemRoot% = F:Windows | %ProgramFiles% = F:Program Files Drive C: | 58.93 Gb Total Space | 3.53 Gb Free Space | 5.98% Space Free | Partition Type: NTFS Drive E: | 39.71 Gb Total Space | 23.76 Gb Free Space | 59.83% Space Free | Partition Type: NTFS Drive F: | 50.14 Gb Total Space | 9.29 Gb Free Space | 18.53% Space Free | Partition Type: NTFS Drive K: | 14.90 Gb Total Space | 1.12 Gb Free Space | 7.54% Space Free | Partition Type: FAT32 Computer Name: TTARMSTRONG-PC | User Name: TTArmstrong | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe PRC - [2012/07/13 07:15:56 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe PRC - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe PRC - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe PRC - [2012/06/29 13:38:24 | 003,069,752 | ---- | M] (Emsisoft GmbH) -- F:Program FilesEmsisoft Anti-Malwarea2service.exe PRC - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe PRC - [2012/03/11 21:13:02 | 006,749,512 | ---- | M] (COMODO) -- F:Program FilesCOMODOCOMODO Internet Securitycfp.exe PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIpsia.exe PRC - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIsua.exe PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- F:Program FilesSUPERAntiSpywareSASCore.exe PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- F:Windowsexplorer.exe PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFTray.exe PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFService.exe PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- F:WindowsSystem32taskhost.exe PRC - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe PRC - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe PRC - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- F:Program FilesNeroUpdateNASvc.exe PRC - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe PRC - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe ========== Modules (No Company Name) ========== MOD - [2012/07/10 00:09:00 | 000,438,296 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppgooglenaclpluginchrome.dll MOD - [2012/07/10 00:08:59 | 003,972,120 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll MOD - [2012/07/10 00:07:39 | 000,554,520 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libglesv2.dll MOD - [2012/07/10 00:07:37 | 000,117,784 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libegl.dll MOD - [2012/07/10 00:07:22 | 000,140,328 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avutil-51.dll MOD - [2012/07/10 00:07:21 | 000,262,184 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avformat-54.dll MOD - [2012/07/10 00:07:19 | 002,386,984 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avcodec-54.dll MOD - [2011/11/17 08:51:58 | 000,073,728 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANPDApi.dll MOD - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe MOD - [2010/07/05 18:41:40 | 000,299,008 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless Utilitywlanapp.dll MOD - [2010/06/29 17:42:42 | 000,040,960 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.dll MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- F:Program FilesWinRARRarExt.dll MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- F:Program FilesMicrosoft OfficeOffice141033GrooveIntlResource.dll MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- F:Program FilesCommon Filesmicrosoft sharedOFFICE14CulturesOFFICE.ODF MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (tgsrvc_verizondm) SRV - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe -- (PSUAService) SRV - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe -- (NanoServiceMain) SRV - [2012/07/11 22:21:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:WindowsSystem32MacromedFlashFlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/06/29 13:38:24 | 003,069,752 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- F:Program FilesEmsisoft Anti-Malwarea2service.exe -- (a2AntiMalware) SRV - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe -- (cmdAgent) SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe -- (AdobeARMservice) SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIpsia.exe -- (Secunia PSI Agent) SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIsua.exe -- (Secunia Update Agent) SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- F:Program FilesSUPERAntiSpywareSASCore.exe -- (!SASCORE) SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe -- (NisSrv) SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc) SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- F:Program FilesThreatFireTFService.exe -- (ThreatFire) SRV - [2010/10/01 12:50:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32WatWatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe -- (Nonbrand_WUS-N) SRV - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe -- (Nonbrand_WUS-N_WPS) SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- F:Program FilesNeroUpdateNASvc.exe -- (NAUpdate) SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft OfficeOffice14GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe -- (Credential Vault Host Control Service) SRV - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe -- (Credential Vault Host Storage) SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:Program FilesWindows DefenderMpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempCFcatchme.sys -- (CFcatchme) DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempcatchme.sys -- (catchme) DRV - [2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversPSINKNC.sys -- (PSINKNC) DRV - [2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINProt.sys -- (PSINProt) DRV - [2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINProc.sys -- (PSINProc) DRV - [2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINAflt.sys -- (PSINAflt) DRV - [2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINFile.sys -- (PSINFile) DRV - [2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSStrm.sys -- (NNSSTRM) DRV - [2012/06/29 13:37:46 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- F:Program FilesEmsisoft Anti-Malwarea2accx86.sys -- (a2acc) DRV - [2012/06/27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNStlsc.sys -- (NNSTLSC) DRV - [2012/06/27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSProt.sys -- (NNSPROT) DRV - [2012/06/27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPrv.sys -- (NNSPRV) DRV - [2012/06/27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSSmtp.sys -- (NNSSMTP) DRV - [2012/06/27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPop3.sys -- (NNSPOP3) DRV - [2012/06/27 15:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- F:WindowsSystem32driversNNSPihsw.sys -- (NNSPIHSW) DRV - [2012/06/27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSIds.sys -- (NNSIDS) DRV - [2012/06/27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSpicc.sys -- (NNSPICC) DRV - [2012/06/27 15:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- F:WindowsSystem32driversNNSNAHSL.sys -- (NNSNAHSL) DRV - [2012/06/27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSHttp.sys -- (NNSHTTP) DRV - [2012/06/27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSAlpc.sys -- (NNSALPC) DRV - [2012/03/11 21:13:38 | 000,039,640 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driverscmdhlp.sys -- (cmdHlp) DRV - [2012/03/11 21:13:36 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- F:WindowsSystem32driverscmdGuard.sys -- (cmdGuard) DRV - [2012/02/03 19:27:48 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driversinspect.sys -- (inspect) DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywaresasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywareSASKUTIL.SYS -- (SASKUTIL) DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- F:Program FilesEmsisoft Anti-Malwarea2ddax86.sys -- (A2DDA) DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversNisDrvWFP.sys -- (NisDrv) DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversMpNWMon.sys -- (MpNWMon) DRV - [2011/03/10 18:04:57 | 000,046,280 | ---- | M] (Panda Security) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversPSKMAD.sys -- (PSKMAD) DRV - [2011/02/23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- F:WindowsSystem32driversSmartDefragDriver.sys -- (SmartDefragDriver) DRV - [2011/02/22 13:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfSysMon.sys -- (TfSysMon) DRV - [2011/02/22 13:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversTfNetMon.sys -- (TfNetMon) DRV - [2011/02/22 13:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfFsMon.sys -- (TfFsMon) DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversTsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverswinusb.sys -- (WinUsb) DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- F:WindowsSystem32driverspsi_mf.sys -- (PSI) DRV - [2010/07/29 01:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversivusb.sys -- (ivusb) DRV - [2010/06/21 14:28:02 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- F:WindowsSystem32driversanodlwf.sys -- (anodlwf) DRV - [2010/05/26 21:29:42 | 000,856,928 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversnetr28u.sys -- (netr28u) DRV - [2009/11/03 16:40:42 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverscvusbdrv.sys -- (cvusbdrv) DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversvwifimp.sys -- (vwifimp) DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Stopped] -- F:WindowsSystem32driversserial.sys -- (Serial) DRV - [2009/06/16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversnvlddmkm.sys -- (nvlddmkm) DRV - [2009/06/13 01:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverse1y6232.sys -- (e1yexpress) DRV - [2009/04/03 00:25:50 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- F:WindowsSystem32driversrimmptsk.sys -- (rimmptsk) DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- F:WindowsSystem32driversPBADRV.sys -- (PBADRV) DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverswdcsam.sys -- (WDC_SAM) DRV - [2007/06/14 16:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversPAC7302.SYS -- (PAC7302) DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:Program FilesPeerGuardian2pgfilter.sys -- (pgfilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com/ IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 32 3B 56 CC 32 DD CB 01 [binary data] IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS399 IE - HKCU..SearchScopes{7DA22919-2250-49B5-B6AF-6EDF78DB766E}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110939,17118,0,18,0 IE - HKCU..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157" FF - prefs.js..extensions.enabledItems: facadazzle@atlinkcom.com:1.0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: F:Windowssystem32MacromedFlashNPSWF32_11_3_300_265.dll () FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: F:Program FilesJavajre6binplugin2npjp2.dll (Sun Microsystems, Inc.) FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/SharePoint,version=14.0: F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@mozilla.zeniko.ch/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=6.0.11.2852: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=6.0.12.1662: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKLMSoftwareMozillaPlugins@videolan.org/vlc,version=2.0.1: F:Program FilesVideoLANVLCnpvlc.dll (VideoLAN) FF - HKLMSoftwareMozillaPluginsAdobe Reader: F:Program FilesAdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.) FF - HKCUSoftwareMozillaPlugins@mozilla.zeniko.ch/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsComponents: F:Program FilesPale Mooncomponents [2012/07/22 21:39:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsPlugins: F:Program FilesPale Moonplugins [2012/07/22 21:04:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensions{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: F:Program FilesPriceGong2.1.0FF [2012/02/15 13:45:42 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaExtensions [2012/06/29 13:40:23 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensions [2012/06/29 13:40:23 | 000,000,000 | ---D | M] (OneClickDownloader) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.com [2012/07/22 17:10:21 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfiles0extensions [2012/07/22 17:10:21 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfiles0extensionsOneClickDownload@OneClickDownload.com [2012/02/15 09:13:57 | 000,000,000 | ---D | M] (No name found) -- F:Program FilesMozilla Firefoxextensions [2011/07/07 09:43:57 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011/10/24 01:58:25 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2012/02/26 15:32:27 | 000,000,000 | ---D | M] (PageFont) -- F:USERSTTARMSTRONGAPPDATAROAMINGMOONCHILD PRODUCTIONSPALE MOONPROFILES7WJJ87FK.DEFAULTEXTENSIONSFACADAZZLE@ATLINKCOM.COM ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll CHR - plugin: Shockwave Flash (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataPepperFlash11.2.31.144pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = F:Windowssystem32MacromedFlashNPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Disabled) = F:Program FilesAdobeReader 10.0ReaderBrowsernppdf32.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnprpjplug.dll CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = F:Program FilesGoogleUpdate1.3.21.111npGoogleUpdate3.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = F:Program FilesJavajre6binplugin2npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll CHR - plugin: VLC Web Plugin (Enabled) = F:Program FilesVideoLANVLCnpvlc.dll CHR - Extension: YouTube = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0 CHR - Extension: Google Search = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0 CHR - Extension: Gmail = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0 O1 HOSTS File: ([2012/07/26 08:23:41 | 000,000,027 | ---- | M]) - F:WindowsSystem32driversetchosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:Program FilesSpywareGuarddlprotect.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:Program FilesJavajre6binssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:Program FilesMicrosoft OfficeOffice14URLREDIR.DLL (Microsoft Corporation) O3 - HKLM..Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation) O4 - HKLM..Run: [burnStudio] F:Program FilesMagic Burning Studiombs.exe (MagicVideoSoftware Inc.) O4 - HKLM..Run: [COMODO Internet Security] F:Program FilesCOMODOCOMODO Internet Securitycfp.exe (COMODO) O4 - HKLM..Run: [KEEBOX 150N Wireless Utility] F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe () O4 - HKLM..Run: [PSUAMain] F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe (Panda Security, S.L.) O4 - HKLM..Run: [sonneDVDCreator] F:Program FilesMagic Burning StudioDVDCreator.exe (MagicVideoSoftware Inc.) O4 - HKLM..Run: [ThreatFire] F:Program FilesThreatFireTFTray.exe (PC Tools) O4 - Startup: F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSpywareGuard.lnk = F:Program FilesSpywareGuardsgmain.exe () O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLinkedConnections = 1 O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - F:Program FilesMicrosoft OfficeOffice14EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.254.254 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10}: DhcpNameServer = 192.168.254.254 O18 - ProtocolHandlervnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation) O20 - AppInit_DLLs: (F:WindowsSystem32guard32.dll) - F:WindowsSystem32guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:Windowsexplorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (F:Windowssystem32userinit.exe) - F:WindowsSystem32userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:WindowsSystem32SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - WinlogonNotify!SASWinLogon: DllName - (F:Program FilesSUPERAntiSpywareSASWINLO.DLL) - F:Program FilesSUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:Program FilesSUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - F:Program FilesSpywareGuardspywareguard.dll () O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - F:autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM..comfile [open] -- "%1" %* O35 - HKLM..exefile [open] -- "%1" %* O37 - HKLM...com [@ = ComFile] -- "%1" %* O37 - HKLM...exe [@ = exefile] -- "%1" %* O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystemsWindows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/26 15:19:55 | 004,731,392 | ---- | C] (AVAST Software) -- F:UsersTTArmstrongDesktopaswMBR.exe [2012/07/26 15:02:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe [2012/07/26 11:35:48 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys [2012/07/26 11:35:48 | 000,131,344 | ---- | C] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys [2012/07/26 11:09:33 | 000,000,000 | ---D | C] -- F:ProgramDataSophos [2012/07/26 11:09:24 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsSophos [2012/07/26 11:09:20 | 000,000,000 | ---D | C] -- F:Program FilesSophos [2012/07/26 08:29:29 | 000,000,000 | -HSD | C] -- F:$RECYCLE.BIN [2012/07/23 12:52:00 | 000,046,280 | ---- | C] (Panda Security) -- F:WindowsSystem32driversPSKMAD.sys [2012/07/23 12:49:13 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPanda Cloud Antivirus [2012/07/22 20:02:33 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataLocaltemp [2012/07/22 19:49:13 | 000,518,144 | ---- | C] (SteelWerX) -- F:WindowsSWREG.exe [2012/07/22 19:49:13 | 000,406,528 | ---- | C] (SteelWerX) -- F:WindowsSWSC.exe [2012/07/22 19:49:13 | 000,060,416 | ---- | C] (NirSoft) -- F:WindowsNIRCMD.exe [2012/07/22 18:59:15 | 000,000,000 | ---D | C] -- F:Windowserdnt [2012/07/22 18:56:03 | 004,721,680 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe [2012/07/22 18:32:51 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopdvdmoviecover [2012/07/22 09:33:06 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopHIPHOP [2012/07/21 14:16:19 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoporignal dance [2012/07/21 13:20:04 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopwedding songs [2012/07/19 23:17:06 | 000,607,260 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr [2012/07/18 11:34:09 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoprockerz2 joe gibbs [2012/07/18 03:21:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32mshtml.tlb [2012/07/18 03:21:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieui.dll [2012/07/18 03:21:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieUnatt.exe [2012/07/18 03:21:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jsproxy.dll [2012/07/18 03:21:38 | 001,800,192 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jscript9.dll [2012/07/18 03:21:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32url.dll [2012/07/18 03:21:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32inetcpl.cpl [2012/07/18 03:18:31 | 002,345,984 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32win32k.sys [2012/07/17 21:26:03 | 000,000,000 | ---D | C] -- F:VritualRoot [2012/07/17 20:17:45 | 000,219,136 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ncrypt.dll [2012/07/17 20:17:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32msxml3r.dll [2012/07/17 20:17:41 | 000,805,376 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32cdosys.dll [2012/07/17 20:13:11 | 002,422,272 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wucltux.dll [2012/07/17 20:13:11 | 000,045,080 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups2.dll [2012/07/17 20:12:59 | 000,577,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapi.dll [2012/07/17 20:12:59 | 000,088,576 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wudriver.dll [2012/07/17 20:12:59 | 000,035,864 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups.dll [2012/07/17 20:12:50 | 000,171,904 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuwebv.dll [2012/07/17 20:12:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapp.exe [2012/07/17 20:11:47 | 000,000,000 | ---D | C] -- F:Program FilesMicrosoft Security Client [2012/07/14 08:45:02 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsThreatFire [2012/07/14 08:45:01 | 000,069,392 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfSysMon.sys [2012/07/14 08:45:01 | 000,051,984 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfFsMon.sys [2012/07/14 08:45:01 | 000,033,552 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfNetMon.sys [2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:Program FilesThreatFire [2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:ProgramDataPC Tools [2012/07/13 07:02:16 | 000,174,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys [2012/07/13 07:02:16 | 000,120,872 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys [2012/07/13 07:02:16 | 000,114,216 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys [2012/07/13 07:02:15 | 000,148,520 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys [2012/07/13 07:02:15 | 000,103,464 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys [2012/07/12 22:43:10 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingf-secure [2012/07/12 22:42:53 | 000,000,000 | ---D | C] -- F:ProgramDataF-Secure [2012/07/12 22:23:42 | 000,014,664 | ---- | C] (McAfee, Inc.) -- F:Windowsstinger.sys [2012/07/12 22:22:14 | 000,000,000 | ---D | C] -- F:Program Filesstinger [2012/07/12 11:18:32 | 000,206,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys [2012/07/11 19:25:56 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopWEDDIN SONG JULY 15 [2012/07/11 05:43:36 | 000,000,000 | ---D | C] -- F:Program FilesReal [2012/07/10 20:45:16 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopnew riddim & cover april 30 [2012/07/07 16:16:44 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopsamplesforkingcd [2012/07/07 13:28:51 | 000,000,000 | ---D | C] -- F:Program FilesNewAgeDesign [2012/07/01 20:12:45 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopwowWORSHIP [2012/07/01 17:25:05 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopWOW GOSPEL MUSIC [2012/06/30 16:18:31 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopSIZZLA VS KHAGO CLASH [2012/06/27 15:51:07 | 000,092,840 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNStlsc.sys [2012/06/27 15:51:06 | 000,286,376 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSProt.sys [2012/06/27 15:51:06 | 000,153,000 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPrv.sys [2012/06/27 15:51:06 | 000,106,536 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSSmtp.sys [2012/06/27 15:51:05 | 000,104,104 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPop3.sys [2012/06/27 15:51:05 | 000,060,968 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPihsw.sys [2012/06/27 15:51:04 | 000,122,664 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSIds.sys [2012/06/27 15:51:04 | 000,093,992 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSpicc.sys [2012/06/27 15:51:04 | 000,028,712 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSNAHSL.sys [2012/06/27 15:51:03 | 000,120,744 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSHttp.sys [2012/06/27 15:51:03 | 000,082,472 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSAlpc.sys [2010/10/23 05:00:39 | 000,047,360 | ---- | C] (VSO Software) -- F:UsersTTArmstrongAppDataRoamingpcouffin.sys ========== Files - Modified Within 30 Days ========== [2012/07/26 15:23:04 | 004,731,392 | ---- | M] (AVAST Software) -- F:UsersTTArmstrongDesktopaswMBR.exe [2012/07/26 15:17:01 | 000,000,830 | ---- | M] () -- F:WindowstasksAdobe Flash Player Updater.job [2012/07/26 15:08:01 | 000,000,932 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001UA.job [2012/07/26 15:03:43 | 002,117,108 | ---- | M] () -- F:UsersTTArmstrongDesktoptdsskiller.zip [2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe [2012/07/26 14:40:01 | 000,000,896 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineUA.job [2012/07/26 14:40:01 | 000,000,892 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineCore.job [2012/07/26 14:30:29 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/26 14:30:29 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/26 14:29:34 | 000,626,486 | ---- | M] () -- F:WindowsSystem32perfh009.dat [2012/07/26 14:29:34 | 000,107,730 | ---- | M] () -- F:WindowsSystem32perfc009.dat [2012/07/26 14:23:03 | 000,065,536 | ---- | M] () -- F:WindowsSystem32Ikeext.etl [2012/07/26 14:22:56 | 000,067,584 | --S- | M] () -- F:Windowsbootstat.dat [2012/07/26 14:22:53 | 1601,097,728 | -HS- | M] () -- F:hiberfil.sys [2012/07/26 11:35:48 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys [2012/07/26 11:35:48 | 000,131,344 | ---- | M] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys [2012/07/26 11:09:24 | 000,003,221 | ---- | M] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk [2012/07/26 08:23:41 | 000,000,027 | ---- | M] () -- F:WindowsSystem32driversetchosts [2012/07/26 08:09:37 | 000,043,480 | ---- | M] () -- F:WindowsSystem32driversgtqjbadj.sys [2012/07/26 08:04:12 | 004,721,680 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe [2012/07/23 21:45:55 | 000,001,057 | ---- | M] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml [2012/07/23 12:51:42 | 000,462,152 | ---- | M] () -- F:WindowsSystem32FNTCACHE.DAT [2012/07/23 12:50:26 | 000,000,000 | ---- | M] () -- F:ProgramData0x0304A000.sfl [2012/07/22 21:39:21 | 000,000,758 | ---- | M] () -- F:UsersPublicDesktopPale Moon.lnk [2012/07/22 21:05:36 | 000,001,952 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchPale Moon.lnk [2012/07/22 17:08:01 | 000,000,880 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001Core.job [2012/07/21 10:54:16 | 001,729,604 | ---- | M] () -- F:UsersTTArmstrongDesktopTim McGraw - Its Your Love - Instrumental _ Karaoke.mp3 [2012/07/19 23:42:23 | 000,000,512 | ---- | M] () -- F:UsersTTArmstrongDesktopMBR.dat [2012/07/19 23:16:58 | 000,607,260 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr [2012/07/19 19:24:18 | 076,128,300 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj005.wav [2012/07/19 19:17:06 | 031,125,548 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj004.wav [2012/07/19 19:14:10 | 046,991,404 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj003.wav [2012/07/19 19:09:44 | 032,616,492 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj002.wav [2012/07/19 19:06:39 | 012,724,268 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj001.wav [2012/07/19 19:05:27 | 024,307,756 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj000.wav [2012/07/18 04:31:41 | 051,150,892 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav [2012/07/18 04:26:51 | 022,272,044 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav [2012/07/18 04:24:45 | 028,700,716 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav [2012/07/18 04:22:02 | 027,181,100 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav [2012/07/18 04:19:28 | 035,190,828 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav [2012/07/18 04:16:09 | 040,550,444 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav [2012/07/18 04:12:19 | 031,346,732 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav [2012/07/18 04:09:21 | 045,740,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav [2012/07/18 04:05:02 | 052,380,232 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav [2012/07/18 04:00:01 | 020,090,924 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav [2012/07/18 03:58:07 | 029,100,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav [2012/07/18 03:18:29 | 000,002,141 | ---- | M] () -- F:Windowsepplauncher.mif [2012/07/17 19:11:39 | 000,000,090 | ---- | M] () -- F:Windows12225517.dat [2012/07/16 21:58:09 | 000,146,216 | ---- | M] () -- F:UsersTTArmstrongDesktop33271375750985781045.jpg [2012/07/16 17:27:15 | 000,052,001 | ---- | M] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg [2012/07/14 08:45:02 | 000,000,939 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk [2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys [2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys [2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys [2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys [2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys [2012/07/12 23:01:43 | 000,281,862 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalcensus.cache [2012/07/12 23:01:22 | 000,158,340 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalars.cache [2012/07/12 22:53:41 | 000,000,036 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache [2012/07/12 22:23:42 | 000,014,664 | ---- | M] (McAfee, Inc.) -- F:Windowsstinger.sys [2012/07/12 22:23:03 | 000,000,045 | RH-- | M] () -- F:UsersTTArmstrongDesktopstinger.opt [2012/07/12 22:06:02 | 000,001,078 | ---- | M] () -- F:UsersPublicDesktopMalwarebytes Anti-Malware.lnk [2012/07/12 14:36:12 | 000,002,445 | ---- | M] () -- F:UsersTTArmstrongDesktopGoogle Chrome.lnk [2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys [2012/07/11 22:21:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerApp.exe [2012/07/11 22:21:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerCPLApp.cpl [2012/07/08 18:36:53 | 002,616,633 | ---- | M] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3 [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- F:WindowsSystem32driversmbam.sys [2012/07/02 16:51:55 | 000,041,909 | ---- | M] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg [2012/07/01 15:35:20 | 004,589,338 | ---- | M] () -- F:UsersTTArmstrongDesktopGo Get It.mp3 [2012/06/30 16:14:35 | 000,057,212 | ---- | M] () -- F:UsersTTArmstrongDesktop306571_392582317467151_742435903_n.jpg [2012/06/27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNStlsc.sys [2012/06/27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSProt.sys [2012/06/27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPrv.sys [2012/06/27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSSmtp.sys [2012/06/27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPop3.sys [2012/06/27 15:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPihsw.sys [2012/06/27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSIds.sys [2012/06/27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSpicc.sys [2012/06/27 15:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSNAHSL.sys [2012/06/27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSHttp.sys [2012/06/27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSAlpc.sys ========== Files Created - No Company Name ========== [2012/07/26 15:03:04 | 002,117,108 | ---- | C] () -- F:UsersTTArmstrongDesktoptdsskiller.zip [2012/07/26 11:09:24 | 000,003,221 | ---- | C] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk [2012/07/23 12:50:26 | 000,000,000 | ---- | C] () -- F:ProgramData0x0304A000.sfl [2012/07/22 21:05:37 | 000,000,770 | ---- | C] () -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPale Moon.lnk [2012/07/22 21:05:37 | 000,000,758 | ---- | C] () -- F:UsersPublicDesktopPale Moon.lnk [2012/07/22 19:49:13 | 000,256,000 | ---- | C] () -- F:WindowsPEV.exe [2012/07/22 19:49:13 | 000,208,896 | ---- | C] () -- F:WindowsMBR.exe [2012/07/22 19:49:13 | 000,098,816 | ---- | C] () -- F:Windowssed.exe [2012/07/22 19:49:13 | 000,080,412 | ---- | C] () -- F:Windowsgrep.exe [2012/07/22 19:49:13 | 000,068,096 | ---- | C] () -- F:Windowszip.exe [2012/07/21 10:53:02 | 001,729,604 | ---- | C] () -- F:UsersTTArmstrongDesktopTim McGraw - Its Your Love - Instrumental _ Karaoke.mp3 [2012/07/19 23:42:23 | 000,000,512 | ---- | C] () -- F:UsersTTArmstrongDesktopMBR.dat [2012/07/19 19:17:06 | 076,128,300 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj005.wav [2012/07/19 19:14:10 | 031,125,548 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj004.wav [2012/07/19 19:09:44 | 046,991,404 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj003.wav [2012/07/19 19:06:39 | 032,616,492 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj002.wav [2012/07/19 19:05:27 | 012,724,268 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj001.wav [2012/07/19 19:03:09 | 024,307,756 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj000.wav [2012/07/18 04:26:51 | 051,150,892 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav [2012/07/18 04:24:45 | 022,272,044 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav [2012/07/18 04:22:02 | 028,700,716 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav [2012/07/18 04:19:28 | 027,181,100 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav [2012/07/18 04:16:09 | 035,190,828 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav [2012/07/18 04:12:19 | 040,550,444 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav [2012/07/18 04:09:21 | 031,346,732 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav [2012/07/18 04:05:02 | 045,740,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav [2012/07/18 01:55:25 | 000,043,480 | ---- | C] () -- F:WindowsSystem32driversgtqjbadj.sys [2012/07/17 20:12:11 | 000,002,141 | ---- | C] () -- F:Windowsepplauncher.mif [2012/07/17 19:11:39 | 000,000,090 | ---- | C] () -- F:Windows12225517.dat [2012/07/16 21:58:14 | 000,146,216 | ---- | C] () -- F:UsersTTArmstrongDesktop33271375750985781045.jpg [2012/07/16 17:27:26 | 000,052,001 | ---- | C] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg [2012/07/14 08:45:02 | 000,000,939 | ---- | C] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk [2012/07/13 09:18:58 | 052,380,232 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav [2012/07/13 09:11:36 | 020,090,924 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav [2012/07/13 08:44:28 | 029,100,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav [2012/07/12 23:01:43 | 000,281,862 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalcensus.cache [2012/07/12 23:01:22 | 000,158,340 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalars.cache [2012/07/12 22:53:41 | 000,000,036 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache [2012/07/12 22:22:19 | 000,000,045 | RH-- | C] () -- F:UsersTTArmstrongDesktopstinger.opt [2012/07/08 18:32:23 | 002,616,633 | ---- | C] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3 [2012/07/08 06:41:30 | 005,213,752 | ---- | C] () -- F:UsersTTArmstrongDesktopShana Wilson Press In Your Presence.mp3 [2012/07/08 06:39:47 | 004,589,338 | ---- | C] () -- F:UsersTTArmstrongDesktopGo Get It.mp3 [2012/07/07 17:36:45 | 000,213,141 | R--- | C] () -- F:UsersTTArmstrongDesktop00-sanchez-best_of_sanchez_(dj_rondon)-bootleg-cd-2006-spliff.jpg [2012/07/02 16:51:55 | 000,041,909 | ---- | C] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg [2012/06/30 19:31:03 | 000,100,352 | ---- | C] () -- F:UsersTTArmstrongDocumentsVYBZ KARTEL COLORING BOOK JUNE 2K11.jwl [2012/06/30 19:31:03 | 000,057,856 | ---- | C] () -- F:UsersTTArmstrongDocumentsZIGGY MARLEY WILD AND FREE.jwl [2012/06/30 19:31:02 | 000,074,752 | ---- | C] () -- F:UsersTTArmstrongDocumentsTyrone Taylor Sings Members Only.jwl [2012/06/30 19:31:02 | 000,045,568 | ---- | C] () -- F:UsersTTArmstrongDocumentsTrust.jwl [2012/06/30 19:31:02 | 000,038,400 | ---- | C] () -- F:UsersTTArmstrongDocumentsUNREPORTED GUNS VOTES AND MONEY.jwl [2012/06/30 19:31:01 | 000,127,488 | ---- | C] () -- F:UsersTTArmstrongDocumentsSTONE LOVE SWAGG TUESDAY VOL 5 PART 1 JUNE 2K11.jwl [2012/06/30 19:31:01 | 000,118,272 | ---- | C] () -- F:UsersTTArmstrongDocumentsSTONE LOVE SWAGG TUESDAY VOL 5 PART 2 JUNE 2K11.jwl [2012/06/30 19:31:01 | 000,105,984 | ---- | C] () -- F:UsersTTArmstrongDocumentsSnoop Dogg Dubstep.jwl [2012/06/30 19:31:01 | 000,061,952 | ---- | C] () -- F:UsersTTArmstrongDocumentsScientist The People s Choice.jwl [2012/06/30 19:31:01 | 000,044,544 | ---- | C] () -- F:UsersTTArmstrongDocumentsPat Kelly Wish It Would Rain.jwl [2012/06/30 19:31:01 | 000,018,944 | ---- | C] () -- F:UsersTTArmstrongDocumentsSMALL ISLAND.jwl [2012/06/30 19:31:00 | 000,208,384 | ---- | C] () -- F:UsersTTArmstrongDocumentsJohnny Osbourne Dancing Time.jwl [2012/06/30 19:31:00 | 000,143,360 | ---- | C] () -- F:UsersTTArmstrongDocumentsFrankie Paul SHOWCASE.jwl [2012/06/30 19:31:00 | 000,112,640 | ---- | C] () -- F:UsersTTArmstrongDocumentsDelroy Wilson SHOWCASE.jwl [2012/06/30 19:31:00 | 000,073,728 | ---- | C] () -- F:UsersTTArmstrongDocumentsDJ KENNY CULTURAL LOVERS ROCK 2011 JUNE 2K11.jwl [2012/06/30 19:31:00 | 000,068,608 | ---- | C] () -- F:UsersTTArmstrongDocumentsDJ BLAZER VYBZ KARTEL DA WORLD BOSS JUNE 2K11.jwl [2012/06/30 19:30:59 | 000,339,968 | ---- | C] () -- F:UsersTTArmstrongDocumentsCarib Vybz Di Teacha XXXclusive 2011.jwl [2012/06/30 19:30:59 | 000,050,176 | ---- | C] () -- F:UsersTTArmstrongDocumentsBLACK UHURU DUBBIN IT LIVE.jwl [2012/06/30 16:14:30 | 000,057,212 | ---- | C] () -- F:UsersTTArmstrongDesktop306571_392582317467151_742435903_n.jpg [2012/06/29 15:32:49 | 000,002,441 | ---- | C] () -- F:ProgramDataMicrosoftWindowsStart MenuProgramsAdobe Reader X.lnk [2012/03/26 11:55:00 | 000,147,456 | ---- | C] () -- F:WindowsSystem32DiagFunc.dll [2012/03/26 11:55:00 | 000,000,451 | ---- | C] () -- F:WindowsSystem32DiagFunc.ini [2012/03/07 19:24:25 | 000,116,224 | ---- | C] () -- F:WindowsSystem32redmonnt.dll [2012/03/07 19:24:25 | 000,045,056 | ---- | C] () -- F:WindowsSystem32unredmon.exe [2012/02/16 06:21:03 | 000,032,768 | ---- | C] () -- F:WindowsSystem32driverssp_rsdrv2.sys [2011/11/17 08:53:51 | 000,003,284 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingANIWZCS{A21875C3-23CF-4FF2-ACA3-6B9A1DE459D5} [2011/11/17 08:50:28 | 000,012,800 | ---- | C] () -- F:WindowsSystem32driversanodlwf.sys [2011/11/17 08:50:27 | 000,014,051 | ---- | C] () -- F:WindowsSystem32RaCoInst.dat [2011/11/09 19:55:48 | 000,000,566 | ---- | C] () -- F:WindowsSystem32SP7302.INI [2011/07/27 08:53:38 | 000,000,000 | ---- | C] () -- F:UsersTTArmstrongAppDataLocal{DEB393EC-9D07-4AAF-B6DE-442513357526} [2011/03/24 22:02:01 | 000,029,008 | ---- | C] () -- F:WindowsSystem32SmartDefragBootTime.exe [2011/03/24 22:02:01 | 000,016,184 | ---- | C] () -- F:WindowsSystem32driversSmartDefragDriver.sys [2011/01/30 05:30:55 | 000,084,480 | ---- | C] () -- F:WindowsSystem32ff_vfw.dll [2011/01/29 13:02:14 | 000,003,884 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingdvdae.config [2010/11/14 06:08:43 | 000,001,378 | ---- | C] () -- F:WindowsSystem32SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat [2010/10/23 20:04:09 | 000,130,048 | ---- | C] () -- F:WindowsSystem32SpoonUninstall.exe [2010/10/23 05:02:04 | 000,001,057 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml [2010/10/23 05:00:39 | 000,087,608 | ---- | C] () -- F:UsersTTArmstrongAppDataRoaminginst.exe [2010/10/23 05:00:39 | 000,007,887 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.cat [2010/10/23 05:00:39 | 000,001,144 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.inf [2010/10/16 13:33:30 | 000,308,624 | ---- | C] () -- F:WindowsSystem32brcmbsp.dll [2010/10/16 13:33:30 | 000,206,216 | ---- | C] () -- F:WindowsSystem32bipbsp.dll [2010/10/16 13:31:49 | 000,080,368 | ---- | C] () -- F:WindowsSystem32pbadrvdll.dll [2010/09/30 17:07:06 | 000,000,376 | ---- | C] () -- F:WindowsODBC.INI [2010/09/30 00:22:17 | 001,474,832 | ---- | C] () -- F:WindowsSystem32driverssfi.dat [2010/09/30 00:19:12 | 001,724,416 | ---- | C] () -- F:WindowsSystem32nvwdmcpl.dll [2010/09/30 00:19:12 | 001,657,376 | ---- | C] () -- F:WindowsSystem32nwiz.exe [2010/09/30 00:19:12 | 001,507,328 | ---- | C] () -- F:WindowsSystem32nView.dll [2010/09/30 00:19:12 | 001,101,824 | ---- | C] () -- F:WindowsSystem32nvwimg.dll [2010/09/30 00:19:12 | 000,466,944 | ---- | C] () -- F:WindowsSystem32nvShell.dll [2010/09/30 00:19:12 | 000,449,056 | ---- | C] () -- F:WindowsSystem32nvAppBar.exe [2010/09/30 00:19:12 | 000,267,296 | ---- | C] () -- F:WindowsSystem32nvTaskbar.exe ========== LOP Check ========== [2011/08/13 15:53:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingApowersoft [2010/10/23 09:09:08 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBackTalk [2012/07/22 18:25:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBitTorrent [2010/10/23 20:17:56 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingdBpoweramp [2010/10/02 11:17:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDisk Cleaner [2012/02/01 23:36:24 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDVDFab [2012/07/12 22:43:10 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingf-secure [2011/05/22 13:07:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingFDRLab [2011/08/24 17:01:40 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingImgBurn [2011/10/06 23:15:21 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingIObit [2011/04/20 16:26:24 | 000,000,000 | RHSD | M] -- F:UsersTTArmstrongAppDataRoamingJava [2010/10/17 21:57:31 | 000,000,
  22. luluhifi

    Trojans win32 Sirefef!E2 & E1

    I update ComboFix and this is what i got ComboFix 12-07-27.01 - TTArmstrong 07/26/2012 8:10.2.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2036.1001 [GMT -4:00] Running from: f:usersTTArmstrongDesktopComboFix.exe Command switches used :: f:usersTTArmstrongDesktopCFScript.txt AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C} FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . FILE :: "f:programdataMicrosoftWindowsDRMD27B.tmp" "f:windowssystem32driversxeohoein.sys" . file zipped: f:programdataMicrosoftWindowsDRMD6B1.tmp file zipped: f:windowssystem32driversgtqjbadj.sys . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . f:program files1ClickDownload . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------Service_xeohoein . . ((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 ))))))))))))))))))))))))))))))) . . 2012-07-26 12:20 . 2012-07-26 12:20 -------- d-----w- f:windowssystem32configsystemprofileAppDataLocaltemp 2012-07-26 12:20 . 2012-07-26 12:20 -------- d-----w- f:usersDefaultAppDataLocaltemp 2012-07-26 12:20 . 2012-07-26 12:20 -------- d-----w- f:usersAdministratorAppDataLocaltemp 2012-07-23 16:52 . 2011-03-10 22:04 46280 ----a-w- f:windowssystem32driversPSKMAD.sys 2012-07-23 10:00 . 2012-06-29 08:44 6891424 ----a-w- f:programdataMicrosoftWindows DefenderDefinition Updates{7E85B3AA-67D7-43B3-9B57-2104D0602929}mpengine.dll 2012-07-23 00:02 . 2012-07-26 12:24 -------- d-----w- f:usersTTArmstrongAppDataLocaltemp 2012-07-21 14:41 . 2012-07-21 14:41 114176 ----a-w- f:programdataMicrosoftWindowsDRMD27B.tmp 2012-07-18 07:18 . 2012-06-12 02:40 2345984 ----a-w- f:windowssystem32win32k.sys 2012-07-18 05:55 . 2012-07-26 12:09 43480 ----a-w- f:windowssystem32driversgtqjbadj.sys 2012-07-18 01:26 . 2012-07-18 01:26 -------- d-----w- F:VritualRoot 2012-07-18 00:46 . 2012-07-18 05:57 56200 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{2356B655-C2C0-4E58-BB14-9F65886A6888}offreg.dll 2012-07-18 00:44 . 2012-07-18 00:43 713784 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{13315781-ABDC-4E56-A8C6-AF633331E555}gapaengine.dll 2012-07-18 00:43 . 2012-06-29 05:44 6891424 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{2356B655-C2C0-4E58-BB14-9F65886A6888}mpengine.dll 2012-07-18 00:13 . 2012-06-02 22:19 53784 ----a-w- f:windowssystem32wuauclt.exe 2012-07-18 00:13 . 2012-06-02 22:19 45080 ----a-w- f:windowssystem32wups2.dll 2012-07-18 00:13 . 2012-06-02 22:19 1933848 ----a-w- f:windowssystem32wuaueng.dll 2012-07-18 00:13 . 2012-06-02 22:12 2422272 ----a-w- f:windowssystem32wucltux.dll 2012-07-18 00:12 . 2012-06-02 22:19 35864 ----a-w- f:windowssystem32wups.dll 2012-07-18 00:12 . 2012-06-02 22:19 577048 ----a-w- f:windowssystem32wuapi.dll 2012-07-18 00:12 . 2012-06-02 22:12 88576 ----a-w- f:windowssystem32wudriver.dll 2012-07-18 00:12 . 2012-06-02 19:19 171904 ----a-w- f:windowssystem32wuwebv.dll 2012-07-18 00:12 . 2012-06-02 19:12 33792 ----a-w- f:windowssystem32wuapp.exe 2012-07-18 00:11 . 2012-07-18 07:17 -------- d-----w- f:program filesMicrosoft Security Client 2012-07-14 12:45 . 2011-02-22 17:57 69392 ----a-w- f:windowssystem32driversTfSysMon.sys 2012-07-14 12:45 . 2011-02-22 17:57 33552 ----a-w- f:windowssystem32driversTfNetMon.sys 2012-07-14 12:45 . 2011-02-22 17:57 51984 ----a-w- f:windowssystem32driversTfFsMon.sys 2012-07-14 12:45 . 2012-07-21 13:49 -------- d-----w- f:program filesThreatFire 2012-07-14 12:45 . 2012-07-14 12:45 -------- d-----w- f:programdataPC Tools 2012-07-13 11:02 . 2012-07-13 11:02 174632 ----a-w- f:windowssystem32driversPSINKNC.sys 2012-07-13 11:02 . 2012-07-13 11:02 120872 ----a-w- f:windowssystem32driversPSINProt.sys 2012-07-13 11:02 . 2012-07-13 11:02 114216 ----a-w- f:windowssystem32driversPSINProc.sys 2012-07-13 11:02 . 2012-07-13 11:02 148520 ----a-w- f:windowssystem32driversPSINAflt.sys 2012-07-13 11:02 . 2012-07-13 11:02 103464 ----a-w- f:windowssystem32driversPSINFile.sys 2012-07-13 02:43 . 2012-07-13 02:43 -------- d-----w- f:usersTTArmstrongAppDataRoamingf-secure 2012-07-13 02:42 . 2012-07-13 02:42 -------- d-----w- f:programdataF-Secure 2012-07-13 02:23 . 2012-07-13 02:23 14664 ----a-w- f:windowsstinger.sys 2012-07-13 02:22 . 2012-07-13 02:30 -------- d-----w- f:program filesstinger 2012-07-12 15:18 . 2012-07-12 15:18 206632 ----a-w- f:windowssystem32driversNNSStrm.sys 2012-07-11 09:43 . 2012-07-11 09:43 -------- d-----w- f:program filesReal 2012-07-07 17:28 . 2012-07-07 17:28 -------- d-----w- f:program filesNewAgeDesign 2012-06-27 19:51 . 2012-06-27 19:51 92840 ----a-w- f:windowssystem32driversNNStlsc.sys 2012-06-27 19:51 . 2012-06-27 19:51 286376 ----a-w- f:windowssystem32driversNNSProt.sys 2012-06-27 19:51 . 2012-06-27 19:51 153000 ----a-w- f:windowssystem32driversNNSPrv.sys 2012-06-27 19:51 . 2012-06-27 19:51 106536 ----a-w- f:windowssystem32driversNNSSmtp.sys 2012-06-27 19:51 . 2012-06-27 19:51 60968 ----a-w- f:windowssystem32driversNNSPihsw.sys 2012-06-27 19:51 . 2012-06-27 19:51 104104 ----a-w- f:windowssystem32driversNNSPop3.sys 2012-06-27 19:51 . 2012-06-27 19:51 93992 ----a-w- f:windowssystem32driversNNSpicc.sys 2012-06-27 19:51 . 2012-06-27 19:51 28712 ----a-w- f:windowssystem32driversNNSNAHSL.sys 2012-06-27 19:51 . 2012-06-27 19:51 122664 ----a-w- f:windowssystem32driversNNSIds.sys 2012-06-27 19:51 . 2012-06-27 19:51 82472 ----a-w- f:windowssystem32driversNNSAlpc.sys 2012-06-27 19:51 . 2012-06-27 19:51 120744 ----a-w- f:windowssystem32driversNNSHttp.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 02:21 . 2012-04-04 21:17 426184 ----a-w- f:windowssystem32FlashPlayerApp.exe 2012-07-12 02:21 . 2011-05-17 13:21 70344 ----a-w- f:windowssystem32FlashPlayerCPLApp.cpl 2012-07-03 17:46 . 2010-09-30 04:56 22344 ----a-w- f:windowssystem32driversmbam.sys 2012-05-01 04:44 . 2012-06-18 03:23 164352 ----a-w- f:windowssystem32profsvc.dll 2012-04-28 03:17 . 2012-06-18 03:28 183808 ----a-w- f:windowssystem32driversrdpwd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Sidebar"="f:program filesWindows Sidebarsidebar.exe" [2010-11-20 1174016] "swg"="f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2010-09-30 39408] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "KEEBOX 150N Wireless Utility"="f:program filesKEEBOX150N Wireless UtilityWlanMon.exe" [2010-07-06 835584] "COMODO Internet Security"="f:program filesCOMODOCOMODO Internet Securitycfp.exe" [2012-03-12 6749512] "ThreatFire"="f:program filesThreatFireTFTray.exe" [2011-02-22 378128] "SonneDVDCreator"="f:program filesMagic Burning StudioDVDCreator.exe" [2010-03-09 16537088] "BurnStudio"="f:program filesMagic Burning Studiombs.exe" [2010-02-09 4619264] "PSUAMain"="f:program filesPanda SecurityPanda Cloud AntivirusPSUAMain.exe" [2012-07-13 37152] . f:usersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup SpywareGuard.lnk - f:program filesSpywareGuardsgmain.exe [2003-8-29 360448] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:program filesSUPERAntiSpywareSASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- f:program filesSUPERAntiSpywareSASWINLO.DLL . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows] "AppInit_DLLs"=f:windowsSystem32guard32.dll . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc] @="Service" . [HKLM~startupfolderF:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk] path=f:programdataMicrosoftWindowsStart MenuProgramsStartupSecunia PSI Tray.lnk backup=f:windowspssSecunia PSI Tray.lnk.Commonstartup backupExtension=.Commonstartup . [HKLM~startupfolderF:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk] path=f:programdataMicrosoftWindowsStart MenuProgramsStartupVirtual Router Manager.lnk backup=f:windowspssVirtual Router Manager.lnk.Commonstartup backupExtension=.Commonstartup . [HKLM~startupfolderF:^Users^TTArmstrong^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LvbicEQ.exe] backupExtension=.Startup . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM] 2012-01-03 07:37 843712 ----a-w- f:program filesCommon FilesAdobeARM1.0AdobeARM.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher] 2012-04-04 05:53 35736 ----a-w- f:program filesAdobeReader 10.0Readerreader_sl.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBurnStudio] 2010-02-09 18:42 4619264 ----a-w- f:program filesMagic Burning Studiombs.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGoogle Update] 2010-09-30 04:50 136176 ----atw- f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes' Anti-Malware (reboot)] 2012-07-03 17:46 973488 ----a-w- f:program filesMalwarebytes' Anti-Malwarembam.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBAgent] 2010-03-26 14:52 1234216 ----a-w- f:program filesNeroNero 10Nero BackItUpNBAgent.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNVHotkey] 2009-06-16 14:27 92704 ----a-w- f:windowsSystem32nvhotkey.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz] 2009-06-11 02:59 1657376 ----a-w- f:windowsSystem32nwiz.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPAC7302_Monitor] 2006-11-03 16:01 319488 ----a-w- f:windowsPixartPac7302Monitor.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPDVDDXSrv] 2009-04-02 22:33 128232 ------w- f:program filesCyberLinkPowerDVD DXPDVDDXSrv.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPeerGuardian] 2007-06-02 20:59 1457152 ----a-w- f:program filesPeerGuardian2pg2.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSonneDVDCreator] 2010-03-09 22:16 16537088 ----a-w- f:program filesMagic Burning StudioDVDCreator.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched] 2012-01-18 19:02 254696 ----a-w- f:program filesCommon FilesJavaJava Updatejusched.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg] 2010-09-30 14:10 39408 ----a-w- f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUpdater] 2011-06-21 14:26 26112 ----a-w- f:usersTTArmstrongAppDataRoamingUpdaterupdateloader.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWZCSLDR2] 2010-06-21 18:28 122880 ----a-w- f:program filesKEEBOX150N Wireless UtilityWZCSLDR2.exe . [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-] "swg"="f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-] "PDVDDXSrv"="f:program filesCyberLinkPowerDVD DXPDVDDXSrv.exe" "SunJavaUpdateSched"="f:program filesCommon FilesJavaJava Updatejusched.exe" "Adobe ARM"="f:program filesCommon FilesAdobeARM1.0AdobeARM.exe" "BurnStudio"="f:program filesMagic Burning Studiombs.exe" Hide "BCSSync"="f:program filesMicrosoft OfficeOffice14BCSSync.exe" /DelayServices "NvCplDaemon"=RUNDLL32.EXE f:windowssystem32NvCpl.dll,NvStartup . R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;f:windowssystem32DRIVERSNNSNAHSL.sys [x] R2 gupdate;Google Update Service (gupdate);f:program filesGoogleUpdateGoogleUpdate.exe [x] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm); [x] R3 a2acc;a2acc;f:program filesEMSISOFT ANTI-MALWAREa2accx86.sys [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;f:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [x] R3 CFcatchme;CFcatchme;f:usersTTARMS~1AppDataLocalTempCFcatchme.sys [x] R3 cvusbdrv;Dell ControlVault;f:windowssystem32Driverscvusbdrv.sys [x] R3 gupdatem;Google Update Service (gupdatem);f:program filesGoogleUpdateGoogleUpdate.exe [x] R3 ivusb;Initio Driver for USB Default Controller;f:windowssystem32DRIVERSivusb.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;f:program filesMicrosoft OfficeOffice14GROOVE.EXE [x] R3 MpNWMon;Microsoft Malware Protection Network Driver;f:windowssystem32DRIVERSMpNWMon.sys [x] R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;f:windowssystem32DRIVERSnetr28u.sys [x] R3 NisDrv;Microsoft Network Inspection System;f:windowssystem32DRIVERSNisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;f:program filesMicrosoft Security ClientAntimalwareNisSrv.exe [x] R3 osppsvc;Office Software Protection Platform;f:program filesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [x] R3 pcouffin;VSO Software pcouffin;f:windowssystem32Driverspcouffin.sys [x] R3 PSI;PSI;f:windowssystem32DRIVERSpsi_mf.sys [x] R3 TsUsbFlt;TsUsbFlt;f:windowssystem32driverstsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;f:windowssystem32WatWatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;f:windowssystem32DRIVERSwdcsam.sys [x] R4 NNSPIHSW;NNSPIHSW;f:windowssystem32DRIVERSNNSPihsw.sys [x] S0 SmartDefragDriver;SmartDefragDriver;f:windowsSystem32DriversSmartDefragDriver.sys [x] S0 TfFsMon;TfFsMon;f:windowssystem32driversTfFsMon.sys [x] S0 TfSysMon;TfSysMon;f:windowssystem32driversTfSysMon.sys [x] S1 A2DDA;A2 Direct Disk Access Support Driver;f:program filesEmsisoft Anti-Malwarea2ddax86.sys [x] S1 anodlwf;ANOD Network Security Filter driver;f:windowssystem32DRIVERSanodlwf.sys [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;f:windowssystem32DRIVERScmdguard.sys [x] S1 cmdHlp;COMODO Internet Security Helper Driver;f:windowssystem32DRIVERScmdhlp.sys [x] S1 NNSALPC;NNSALPC;f:windowssystem32DRIVERSNNSAlpc.sys [x] S1 NNSHTTP;NNSHTTP;f:windowssystem32DRIVERSNNSHttp.sys [x] S1 NNSIDS;NNSIDS;f:windowssystem32DRIVERSNNSIds.sys [x] S1 NNSPICC;NNSPICC;f:windowssystem32DRIVERSNNSPicc.sys [x] S1 NNSPOP3;NNSPOP3;f:windowssystem32DRIVERSNNSPop3.sys [x] S1 NNSPROT;NNSPROT;f:windowssystem32DRIVERSNNSProt.sys [x] S1 NNSPRV;NNSPRV;f:windowssystem32DRIVERSNNSPrv.sys [x] S1 NNSSMTP;NNSSMTP;f:windowssystem32DRIVERSNNSSmtp.sys [x] S1 NNSSTRM;NNSSTRM;f:windowssystem32DRIVERSNNSStrm.sys [x] S1 NNSTLSC;NNSTLSC;f:windowssystem32DRIVERSNNSTlsc.sys [x] S1 PSINKNC;PSINKNC;f:windowssystem32DRIVERSpsinknc.sys [x] S1 SASDIFSV;SASDIFSV;f:program filesSUPERAntiSpywareSASDIFSV.SYS [x] S1 SASKUTIL;SASKUTIL;f:program filesSUPERAntiSpywareSASKUTIL.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;f:windowssystem32DRIVERSvwififlt.sys [x] S2 !SASCORE;SAS Core Service;f:program filesSUPERAntiSpywareSASCORE.EXE [x] S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;f:program filesEmsisoft Anti-Malwarea2service.exe [x] S2 AdobeARMservice;Adobe Acrobat Update Service;f:program filesCommon FilesAdobeARM1.0armsvc.exe [x] S2 Credential Vault Host Control Service;Credential Vault Host Control Service;f:program filesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe [x] S2 Credential Vault Host Storage;Credential Vault Host Storage;f:program filesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe [x] S2 NanoServiceMain;Panda Cloud Antivirus Service;f:program filesPanda SecurityPanda Cloud AntivirusPSANHost.exe [x] S2 NAUpdate;Nero Update;f:program filesNeroUpdateNASvc.exe [x] S2 Nonbrand_WUS-N;Nonbrand_WUS-N Service;f:program filesKEEBOX150N Wireless UtilityANIWZCSdS.exe [x] S2 Nonbrand_WUS-N_WPS;Nonbrand_WUS-N_WPS Service;f:program filesKEEBOX150N Wireless UtilityANIWConnService.exe [x] S2 PSINAflt;PSINAflt;f:windowssystem32DRIVERSPSINAflt.sys [x] S2 PSINFile;PSINFile;f:windowssystem32DRIVERSPSINFile.sys [x] S2 PSINProc;PSINProc;f:windowssystem32DRIVERSPSINProc.sys [x] S2 PSINProt;PSINProt;f:windowssystem32DRIVERSPSINProt.sys [x] S2 PSUAService;Panda Product Service;f:program filesPanda SecurityPanda Cloud AntivirusPSUAService.exe [x] S2 Secunia PSI Agent;Secunia PSI Agent;f:program filesSecuniaPSIPSIA.exe [x] S2 Secunia Update Agent;Secunia Update Agent;f:program filesSecuniaPSIsua.exe [x] S2 ThreatFire;ThreatFire;f:program filesThreatFireTFService.exe service [x] S3 e1yexpress;Intel® Gigabit Network Connections Driver;f:windowssystem32DRIVERSe1y6232.sys [x] S3 PSKMAD;PSKMAD;f:windowssystem32DRIVERSPSKMAD.sys [x] S3 TfNetMon;TfNetMon;f:windowssystem32driversTfNetMon.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;f:windowssystem32DRIVERSvwifimp.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-07-26 f:windowsTasksAdobe Flash Player Updater.job - f:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-04-04 02:21] . 2012-07-26 f:windowsTasksGoogleUpdateTaskMachineCore.job - f:program filesGoogleUpdateGoogleUpdate.exe [2010-09-30 14:10] . 2012-07-25 f:windowsTasksGoogleUpdateTaskMachineUA.job - f:program filesGoogleUpdateGoogleUpdate.exe [2010-09-30 14:10] . 2012-07-22 f:windowsTasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001Core.job - f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe [2010-09-30 04:50] . 2012-07-26 f:windowsTasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001UA.job - f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe [2010-09-30 04:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - f:progra~1MICROS~2Office14EXCEL.EXE/3000 IE: Se&nd to OneNote - f:progra~1MICROS~2Office14ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.254.254 . . [HKEY_LOCAL_MACHINEsystemControlSet003servicesThreatFire] "AlternateImagePath"="" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINEsystemControlSet003ControlPCWSecurity] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1564) f:program filesThreatFireTFWAH.dll . - - - - - - - > 'lsass.exe'(1360) f:windowssystem32guard32.dll f:program filesThreatFireTFWAH.dll . - - - - - - - > 'Explorer.exe'(1580) f:windowssystem32guard32.dll f:program filesThreatFireTfWah.dll f:progra~1MICROS~2Office14GROOVEEX.DLL f:progra~1COMMON~1MICROS~1OFFICE14Culturesoffice.odf f:windowssystem32MsftEdit.dll f:windowssystem32authui.dll f:windowssystem32BatMeter.dll f:windowssystem32prnfldr.dll f:windowssystem32dxp.dll f:windowsSystem32netshell.dll f:windowssystem32dhcpcsvc.DLL f:windowsSystem32srchadmin.dll f:windowssystem32dhcpcsvc6.DLL f:windowssystem32imapi2.dll f:windowssystem32wwanapi.dll f:windowsSystem32provsvc.dll . ------------------------ Other Running Processes ------------------------ . f:windowssystem32nvvsvc.exe f:windowssystem32WUDFHost.exe f:windowssystem32nvvsvc.exe f:program filesThreatFireTFService.exe f:windowssystem32taskhost.exe f:windowssystem32conhost.exe f:?f:windowssystem32wbemWMIADAP.EXE f:program filesSpywareGuardsgbhp.exe . ************************************************************************** . Completion time: 2012-07-26 08:30:54 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-26 12:30 ComboFix2.txt 2012-07-23 00:26 . Pre-Run: 10,893,877,248 bytes free Post-Run: 10,502,070,272 bytes free . - - End Of File - - E2A9FE3C888559099D94DFFAD916E0A3 Upload was successful
  23. luluhifi

    Trojans win32 Sirefef!E2 & E1

    I did acouple of times and i didnt see anything like log comes up atall after Combofix>>> maybe im doing something wrong
  24. luluhifi

    Trojans win32 Sirefef!E2 & E1

    https://www.virustotal.com/file/e432d688852c27d2c3df460311f5170235908c08c54bec3ae33b238aba37fbe9/analysis/1343091368/ https://www.virustotal.com/file/3c61584d439739489a02314c2649847d6f19ac56e2319beae87f4bc77605eeee/analysis/1343091589/ F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupLvbicEQ.exe This one say >>>LvbicEQ.exe file not found
  25. luluhifi

    Trojans win32 Sirefef!E2 & E1

    ComboFix 12-07-21.01 - TTArmstrong 07/22/2012 19:52:23.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2036.1031 [GMT -4:00] Running from: f:usersTTArmstrongDesktopComboFix.exe AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . f:usersTTArmstrongAppDataRoamingTTArmstronglog.dat f:windows12225517.exe f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}@ f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}L00000004.@ f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}L1afb2d56 f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}L201d3dde f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U00000004.@ f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U00000008.@ f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U000000cb.@ f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U80000000.@ f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U80000032.@ . f:windowssystem32services.exe . . . is infected!! . Infected copy of f:windowssystem32services.exe was found and disinfected Restored copy from - f:windowswinsxsx86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967bservices.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 ))))))))))))))))))))))))))))))) . . 2012-07-23 00:02 . 2012-07-23 00:19 -------- d-----w- f:usersTTArmstrongAppDataLocaltemp 2012-07-23 00:02 . 2012-07-23 00:02 -------- d-----w- f:usersDefaultAppDataLocaltemp 2012-07-21 14:41 . 2012-07-21 14:41 114176 ----a-w- f:programdataMicrosoftWindowsDRMD6B1.tmp 2012-07-21 14:41 . 2012-07-21 14:41 114176 ----a-w- f:programdataMicrosoftWindowsDRMD27B.tmp 2012-07-18 07:18 . 2012-06-12 02:40 2345984 ----a-w- f:windowssystem32win32k.sys 2012-07-18 05:55 . 2012-07-18 05:55 43480 ----a-w- f:windowssystem32driversgtqjbadj.sys 2012-07-18 01:26 . 2012-07-18 01:26 -------- d-----w- F:VritualRoot 2012-07-18 00:46 . 2012-07-18 05:57 56200 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{2356B655-C2C0-4E58-BB14-9F65886A6888}offreg.dll 2012-07-18 00:44 . 2012-07-18 00:43 713784 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{13315781-ABDC-4E56-A8C6-AF633331E555}gapaengine.dll 2012-07-18 00:43 . 2012-06-29 05:44 6891424 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{2356B655-C2C0-4E58-BB14-9F65886A6888}mpengine.dll 2012-07-18 00:13 . 2012-06-02 22:19 53784 ----a-w- f:windowssystem32wuauclt.exe 2012-07-18 00:13 . 2012-06-02 22:19 45080 ----a-w- f:windowssystem32wups2.dll 2012-07-18 00:13 . 2012-06-02 22:19 1933848 ----a-w- f:windowssystem32wuaueng.dll 2012-07-18 00:13 . 2012-06-02 22:12 2422272 ----a-w- f:windowssystem32wucltux.dll 2012-07-18 00:12 . 2012-06-02 22:19 35864 ----a-w- f:windowssystem32wups.dll 2012-07-18 00:12 . 2012-06-02 22:19 577048 ----a-w- f:windowssystem32wuapi.dll 2012-07-18 00:12 . 2012-06-02 22:12 88576 ----a-w- f:windowssystem32wudriver.dll 2012-07-18 00:12 . 2012-06-02 19:19 171904 ----a-w- f:windowssystem32wuwebv.dll 2012-07-18 00:12 . 2012-06-02 19:12 33792 ----a-w- f:windowssystem32wuapp.exe 2012-07-18 00:11 . 2012-07-18 07:17 -------- d-----w- f:program filesMicrosoft Security Client 2012-07-14 12:45 . 2011-02-22 17:57 69392 ----a-w- f:windowssystem32driversTfSysMon.sys 2012-07-14 12:45 . 2011-02-22 17:57 33552 ----a-w- f:windowssystem32driversTfNetMon.sys 2012-07-14 12:45 . 2011-02-22 17:57 51984 ----a-w- f:windowssystem32driversTfFsMon.sys 2012-07-14 12:45 . 2012-07-21 13:49 -------- d-----w- f:program filesThreatFire 2012-07-14 12:45 . 2012-07-14 12:45 -------- d-----w- f:programdataPC Tools 2012-07-13 02:43 . 2012-07-13 02:43 -------- d-----w- f:usersTTArmstrongAppDataRoamingf-secure 2012-07-13 02:42 . 2012-07-13 02:42 -------- d-----w- f:programdataF-Secure 2012-07-13 02:23 . 2012-07-13 02:23 14664 ----a-w- f:windowsstinger.sys 2012-07-13 02:22 . 2012-07-13 02:30 -------- d-----w- f:program filesstinger 2012-07-11 09:43 . 2012-07-11 09:43 -------- d-----w- f:program filesReal 2012-07-07 17:28 . 2012-07-07 17:28 -------- d-----w- f:program filesNewAgeDesign 2012-06-30 20:17 . 2012-05-31 03:41 6762896 ----a-w- f:programdataMicrosoftWindows DefenderDefinition Updates{CD6A007C-8D62-4856-A523-23B49072749B}mpengine.dll 2012-06-29 17:39 . 2012-07-22 22:25 -------- d-----w- f:program files1ClickDownload 2012-06-23 22:19 . 2012-06-24 02:13 -------- d-----w- F:My Recordings 2012-06-23 12:10 . 2012-06-23 12:12 -------- d-----w- f:programdataHP 2012-06-23 12:10 . 2012-06-23 12:10 -------- d-----w- f:program filesHP 2012-06-23 12:09 . 2012-06-23 12:09 -------- d-----w- f:usersTTArmstrongAppDataLocalHP . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 02:21 . 2012-04-04 21:17 426184 ----a-w- f:windowssystem32FlashPlayerApp.exe 2012-07-12 02:21 . 2011-05-17 13:21 70344 ----a-w- f:windowssystem32FlashPlayerCPLApp.cpl 2012-07-03 17:46 . 2010-09-30 04:56 22344 ----a-w- f:windowssystem32driversmbam.sys 2012-05-01 04:44 . 2012-06-18 03:23 164352 ----a-w- f:windowssystem32profsvc.dll 2012-04-28 03:17 . 2012-06-18 03:28 183808 ----a-w- f:windowssystem32driversrdpwd.sys 2012-04-26 04:45 . 2012-06-18 03:23 58880 ----a-w- f:windowssystem32rdpwsx.dll 2012-04-26 04:45 . 2012-06-18 03:23 129536 ----a-w- f:windowssystem32rdpcorekmts.dll 2012-04-26 04:41 . 2012-06-18 03:23 8192 ----a-w- f:windowssystem32rdrmemptylst.exe 2012-04-24 04:36 . 2012-06-18 03:23 140288 ----a-w- f:windowssystem32cryptsvc.dll 2012-04-24 04:36 . 2012-06-18 03:23 1158656 ----a-w- f:windowssystem32crypt32.dll 2012-04-24 04:36 . 2012-06-18 03:23 103936 ----a-w- f:windowssystem32cryptnet.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Sidebar"="f:program filesWindows Sidebarsidebar.exe" [2010-11-20 1174016] "swg"="f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2010-09-30 39408] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "KEEBOX 150N Wireless Utility"="f:program filesKEEBOX150N Wireless UtilityWlanMon.exe" [2010-07-06 835584] "COMODO Internet Security"="f:program filesCOMODOCOMODO Internet Securitycfp.exe" [2012-03-12 6749512] "PSUNMain"="f:program filesPanda SecurityPanda Cloud AntivirusPSUNMain.exe" [2011-04-28 439616] "ThreatFire"="f:program filesThreatFireTFTray.exe" [2011-02-22 378128] "SonneDVDCreator"="f:program filesMagic Burning StudioDVDCreator.exe" [2010-03-09 16537088] "BurnStudio"="f:program filesMagic Burning Studiombs.exe" [2010-02-09 4619264] . f:usersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup SpywareGuard.lnk - f:program filesSpywareGuardsgmain.exe [2003-8-29 360448] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:program filesSUPERAntiSpywareSASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- f:program filesSUPERAntiSpywareSASWINLO.DLL . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows] "AppInit_DLLs"=f:windowsSystem32guard32.dll . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc] @="Service" . [HKLM~startupfolderF:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk] path=f:programdataMicrosoftWindowsStart MenuProgramsStartupSecunia PSI Tray.lnk backup=f:windowspssSecunia PSI Tray.lnk.Commonstartup backupExtension=.Commonstartup . [HKLM~startupfolderF:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk] path=f:programdataMicrosoftWindowsStart MenuProgramsStartupVirtual Router Manager.lnk backup=f:windowspssVirtual Router Manager.lnk.Commonstartup backupExtension=.Commonstartup . [HKLM~startupfolderF:^Users^TTArmstrong^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LvbicEQ.exe] backupExtension=.Startup HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM] 2012-01-03 07:37 843712 ----a-w- f:program filesCommon FilesAdobeARM1.0AdobeARM.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher] 2012-04-04 05:53 35736 ----a-w- f:program filesAdobeReader 10.0Readerreader_sl.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBurnStudio] 2010-02-09 18:42 4619264 ----a-w- f:program filesMagic Burning Studiombs.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGoogle Update] 2010-09-30 04:50 136176 ----atw- f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes' Anti-Malware (reboot)] 2012-07-03 17:46 973488 ----a-w- f:program filesMalwarebytes' Anti-Malwarembam.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBAgent] 2010-03-26 14:52 1234216 ----a-w- f:program filesNeroNero 10Nero BackItUpNBAgent.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNVHotkey] 2009-06-16 14:27 92704 ----a-w- f:windowsSystem32nvhotkey.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz] 2009-06-11 02:59 1657376 ----a-w- f:windowsSystem32nwiz.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPAC7302_Monitor] 2006-11-03 16:01 319488 ----a-w- f:windowsPixartPac7302Monitor.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPDVDDXSrv] 2009-04-02 22:33 128232 ------w- f:program filesCyberLinkPowerDVD DXPDVDDXSrv.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPeerGuardian] 2007-06-02 20:59 1457152 ----a-w- f:program filesPeerGuardian2pg2.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSonneDVDCreator] 2010-03-09 22:16 16537088 ----a-w- f:program filesMagic Burning StudioDVDCreator.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched] 2012-01-18 19:02 254696 ----a-w- f:program filesCommon FilesJavaJava Updatejusched.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg] 2010-09-30 14:10 39408 ----a-w- f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUpdater] 2011-06-21 14:26 26112 ----a-w- f:usersTTArmstrongAppDataRoamingUpdaterupdateloader.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWZCSLDR2] 2010-06-21 18:28 122880 ----a-w- f:program filesKEEBOX150N Wireless UtilityWZCSLDR2.exe . [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-] "swg"="f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-] "PDVDDXSrv"="f:program filesCyberLinkPowerDVD DXPDVDDXSrv.exe" "SunJavaUpdateSched"="f:program filesCommon FilesJavaJava Updatejusched.exe" "Adobe ARM"="f:program filesCommon FilesAdobeARM1.0AdobeARM.exe" "BurnStudio"="f:program filesMagic Burning Studiombs.exe" Hide "BCSSync"="f:program filesMicrosoft OfficeOffice14BCSSync.exe" /DelayServices "NvCplDaemon"=RUNDLL32.EXE f:windowssystem32NvCpl.dll,NvStartup . R1 xeohoein;xeohoein;f:windowssystem32driversxeohoein.sys [x] R2 gupdate;Google Update Service (gupdate);f:program filesGoogleUpdateGoogleUpdate.exe [x] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm); [x] R3 a2acc;a2acc;f:program filesEMSISOFT ANTI-MALWAREa2accx86.sys [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;f:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [x] R3 cvusbdrv;Dell ControlVault;f:windowssystem32Driverscvusbdrv.sys [x] R3 gupdatem;Google Update Service (gupdatem);f:program filesGoogleUpdateGoogleUpdate.exe [x] R3 ivusb;Initio Driver for USB Default Controller;f:windowssystem32DRIVERSivusb.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;f:program filesMicrosoft OfficeOffice14GROOVE.EXE [x] R3 MpNWMon;Microsoft Malware Protection Network Driver;f:windowssystem32DRIVERSMpNWMon.sys [x] R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;f:windowssystem32DRIVERSnetr28u.sys [x] R3 NisDrv;Microsoft Network Inspection System;f:windowssystem32DRIVERSNisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;f:program filesMicrosoft Security ClientAntimalwareNisSrv.exe [x] R3 osppsvc;Office Software Protection Platform;f:program filesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [x] R3 pcouffin;VSO Software pcouffin;f:windowssystem32Driverspcouffin.sys [x] R3 TsUsbFlt;TsUsbFlt;f:windowssystem32driverstsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;f:windowssystem32WatWatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;f:windowssystem32DRIVERSwdcsam.sys [x] S0 SmartDefragDriver;SmartDefragDriver;f:windowsSystem32DriversSmartDefragDriver.sys [x] S0 TfFsMon;TfFsMon;f:windowssystem32driversTfFsMon.sys [x] S0 TfSysMon;TfSysMon;f:windowssystem32driversTfSysMon.sys [x] S1 A2DDA;A2 Direct Disk Access Support Driver;f:program filesEmsisoft Anti-Malwarea2ddax86.sys [x] S1 anodlwf;ANOD Network Security Filter driver;f:windowssystem32DRIVERSanodlwf.sys [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;f:windowssystem32DRIVERScmdguard.sys [x] S1 cmdHlp;COMODO Internet Security Helper Driver;f:windowssystem32DRIVERScmdhlp.sys [x] S1 PSINKNC;PSINKNC;f:windowssystem32DRIVERSpsinknc.sys [x] S1 SASDIFSV;SASDIFSV;f:program filesSUPERAntiSpywareSASDIFSV.SYS [x] S1 SASKUTIL;SASKUTIL;f:program filesSUPERAntiSpywareSASKUTIL.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;f:windowssystem32DRIVERSvwififlt.sys [x] S2 !SASCORE;SAS Core Service;f:program filesSUPERAntiSpywareSASCORE.EXE [x] S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;f:program filesEmsisoft Anti-Malwarea2service.exe [x] S2 AdobeARMservice;Adobe Acrobat Update Service;f:program filesCommon FilesAdobeARM1.0armsvc.exe [x] S2 Credential Vault Host Control Service;Credential Vault Host Control Service;f:program filesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe [x] S2 Credential Vault Host Storage;Credential Vault Host Storage;f:program filesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe [x] S2 NanoServiceMain;Panda Cloud Antivirus Service;f:program filesPanda SecurityPanda Cloud AntivirusPSANHost.exe [x] S2 NAUpdate;Nero Update;f:program filesNeroUpdateNASvc.exe [x] S2 Nonbrand_WUS-N;Nonbrand_WUS-N Service;f:program filesKEEBOX150N Wireless UtilityANIWZCSdS.exe [x] S2 Nonbrand_WUS-N_WPS;Nonbrand_WUS-N_WPS Service;f:program filesKEEBOX150N Wireless UtilityANIWConnService.exe [x] S2 PSINAflt;PSINAflt;f:windowssystem32DRIVERSPSINAflt.sys [x] S2 PSINFile;PSINFile;f:windowssystem32DRIVERSPSINFile.sys [x] S2 PSINProc;PSINProc;f:windowssystem32DRIVERSPSINProc.sys [x] S2 PSINProt;PSINProt;f:windowssystem32DRIVERSPSINProt.sys [x] S2 Secunia PSI Agent;Secunia PSI Agent;f:program filesSecuniaPSIPSIA.exe [x] S2 Secunia Update Agent;Secunia Update Agent;f:program filesSecuniaPSIsua.exe [x] S2 ThreatFire;ThreatFire;f:program filesThreatFireTFService.exe service [x] S3 e1yexpress;Intel® Gigabit Network Connections Driver;f:windowssystem32DRIVERSe1y6232.sys [x] S3 PSI;PSI;f:windowssystem32DRIVERSpsi_mf.sys [x] S3 TfNetMon;TfNetMon;f:windowssystem32driversTfNetMon.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;f:windowssystem32DRIVERSvwifimp.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-07-23 f:windowsTasksAdobe Flash Player Updater.job - f:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-04-04 02:21] . 2012-07-23 f:windowsTasksGoogleUpdateTaskMachineCore.job - f:program filesGoogleUpdateGoogleUpdate.exe [2010-09-30 14:10] . 2012-07-22 f:windowsTasksGoogleUpdateTaskMachineUA.job - f:program filesGoogleUpdateGoogleUpdate.exe [2010-09-30 14:10] . 2012-07-22 f:windowsTasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001Core.job - f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe [2010-09-30 04:50] . 2012-07-23 f:windowsTasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001UA.job - f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe [2010-09-30 04:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - f:progra~1MICROS~2Office14EXCEL.EXE/3000 IE: Se&nd to OneNote - f:progra~1MICROS~2Office14ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.254.254 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) MSConfigStartUp-MSC - f:program filesMicrosoft Security Clientmsseces.exe MSConfigStartUp-Nero Serial KeyGen - (no file) . . . [HKEY_LOCAL_MACHINEsystemControlSet003servicesThreatFire] "AlternateImagePath"="" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINEsystemControlSet003ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINEsystemControlSet003ControlPCWSecurity] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(904) f:program filesThreatFireTFWAH.dll . - - - - - - - > 'lsass.exe'(688) f:windowssystem32guard32.dll f:program filesThreatFireTFWAH.dll . - - - - - - - > 'Explorer.exe'(4044) f:windowssystem32guard32.dll f:program filesThreatFireTfWah.dll f:progra~1MICROS~2Office14GROOVEEX.DLL f:windowsSystem32gameux.dll f:windowssystem32MsftEdit.dll f:windowssystem32authui.dll f:windowssystem32msutb.dll f:windowssystem32prnfldr.dll f:windowssystem32dxp.dll f:windowsSystem32netshell.dll f:windowssystem32PortableDeviceTypes.dll f:windowsSystem32QUtil.dll f:windowsSystem32srchadmin.dll f:windowssystem32wwanapi.dll f:windowsSystem32QAgent.dll f:windowssystem32imapi2.dll . ------------------------ Other Running Processes ------------------------ . f:windowssystem32nvvsvc.exe f:windowssystem32WUDFHost.exe f:windowssystem32nvvsvc.exe f:program filesThreatFireTFService.exe f:windowssystem32taskhost.exe f:windowssystem32conhost.exe f:program filesSpywareGuardsgbhp.exe . ************************************************************************** . Completion time: 2012-07-22 20:26:41 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-23 00:26 . Pre-Run: 11,211,698,176 bytes free Post-Run: 10,949,455,872 bytes free . - - End Of File - - 059893AB569B0923BCD10F60BF72D018
×