Jump to content
Sign in to follow this  
luluhifi

Trojans win32 Sirefef!E2 & E1

Recommended Posts

:adios: Hello Pit >>I found a bunch of these Trojans>>>SiresefE2 on my win7 laptop.I would like to know if anyone in the Pit have a way of getting Rid of these nasty stuff without doing a clean install or a in place install :hammer:

Share this post


Link to post
Share on other sites

Hello luluhifi

 

I have moved your thread here as you may need some additional assistance in dealing with this infection.

 

I found a bunch of these Trojans>>>SiresefE2 on my win7 laptop

Lets see if we are able to get some system scans with the following tools:

 

  • Please perform the following scan

    • Please download DDS from here and save it to your desktop.
    • Disable any script blocking protection (How to Disable your Security Programs)
    • Right click on the DDS icon and select "Run as Administrator" to run the tool (may take up to 3 minutes to run).
    • When done, DDS.txt will open.
    • After a few moments, attach.txt will open in a second window.
    • Save both reports to your desktop.
    • Please post the contents of the DDS.txt and Attach.txt logs in your next reply.
  • aswMBR

    • Download aswMBR.exe to your desktop.
    • Double click the aswMBR.exe to run it.
    • When asked if you want to download Avast's virus definitions please select Yes.
    • Click the "Scan" button to start scan.
    Posted Image

     

    • On completion of the scan click save log, save it to your desktop and post in your next reply.
    Posted Image

     

    Please post both DDS logs and the aswMBR log in your next reply (you may have to make more than one post to fit all of the information in).

Share this post


Link to post
Share on other sites

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by TTArmstrong at 23:20:54 on 2012-07-19

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: H - No File

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - f:program filesutorrentbartbuTor.dll

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - f:program filesutorrentbartbuTor.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - f:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - f:program filesconduitengineConduitEngine.dll

BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - f:program filesspywareguarddlprotect.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - f:progra~1micros~2office14GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - f:program filesjavajre6binssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - f:program filesgooglegoogle toolbarGoogleToolbar_32.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - f:progra~1micros~2office14URLREDIR.DLL

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - f:program filesutorrentbartbuTor.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:program filesjavajre6binjp2ssv.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - f:program filesutorrentbartbuTor.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - f:program filesconduitengineConduitEngine.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - f:program filesgooglegoogle toolbarGoogleToolbar_32.dll

uRun: [sidebar] f:program fileswindows sidebarsidebar.exe /autoRun

uRun: [swg] "f:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe"

uRun: [Google Update] "f:usersttarmstrongappdatalocalgoogleupdateGoogleUpdate.exe" /c

mRun: [KEEBOX 150N Wireless Utility] f:program fileskeebox150n wireless utilityWlanMon.exe

mRun: [COMODO Internet Security] "f:program filescomodocomodo internet securitycfp.exe" -h

mRun: [PSUNMain] "f:program filespanda securitypanda cloud antivirusPSUNMain.exe" /Traybar

mRun: [ThreatFire] f:program filesthreatfireTFTray.exe

mRun: [sonneDVDCreator] f:program filesmagic burning studioDVDCreator.exe

mRun: [burnStudio] "f:program filesmagic burning studiombs.exe" Hide

StartupFolder: f:usersttarms~1appdataroamingmicros~1windowsstartm~1programsstartupspywar~1.lnk - f:program filesspywareguardsgmain.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: E&xport to Microsoft Excel - f:progra~1micros~2office14EXCEL.EXE/3000

IE: Se&nd to OneNote - f:progra~1micros~2office14ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - f:program filesmicrosoft officeoffice14ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - f:program filesmicrosoft officeoffice14ONBttnIELinkedNotes.dll

LSP: mswsock.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 68.105.28.16 68.105.29.17 68.105.29.16 68.105.28.17

TCP: Interfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10} : DhcpNameServer = 68.105.28.16 68.105.29.17 68.105.29.16 68.105.28.17

TCP: Interfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10}351657464697 : DhcpNameServer = 192.168.2.1

TCP: Interfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10}45451427D6374727F6E676731313 : DhcpNameServer = 192.168.0.1

TCP: Interfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10}6427F6E64796562743737323 : DhcpNameServer = 192.168.254.254

TCP: Interfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10}946434D2F40756E6 : DhcpNameServer = 192.168.1.21

TCP: Interfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10}A616D636166656 : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - f:program filescommon filesmicrosoft sharedoffice14MSOXMLMF.DLL

Notify: !SASWinLogon - f:program filessuperantispywareSASWINLO.DLL

AppInit_DLLs: f:windowssystem32guard32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%system32wpdshserviceobj.dll

SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - f:program filesspywareguardspywareguard.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - f:progra~1micros~2office14GROOVEEX.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - f:program filessuperantispywareSASSEH.DLL

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2012-07-18 07:18:31 2345984 ----a-w- f:windowssystem32win32k.sys

2012-07-18 05:55:25 43480 ----a-w- f:windowssystem32driversgtqjbadj.sys

2012-07-18 01:26:03 -------- d--h--w- F:VritualRoot

2012-07-18 00:46:04 56200 ----a-w- f:programdatamicrosoftmicrosoft antimalwaredefinition updates{2356b655-c2c0-4e58-bb14-9f65886a6888}offreg.dll

2012-07-18 00:44:06 713784 ----a-w- f:programdatamicrosoftmicrosoft antimalwaredefinition updates{13315781-abdc-4e56-a8c6-af633331e555}gapaengine.dll

2012-07-18 00:43:56 6891424 ----a-w- f:programdatamicrosoftmicrosoft antimalwaredefinition updates{2356b655-c2c0-4e58-bb14-9f65886a6888}mpengine.dll

2012-07-18 00:13:11 2422272 ----a-w- f:windowssystem32wucltux.dll

2012-07-18 00:12:59 88576 ----a-w- f:windowssystem32wudriver.dll

2012-07-18 00:12:50 33792 ----a-w- f:windowssystem32wuapp.exe

2012-07-18 00:12:50 171904 ----a-w- f:windowssystem32wuwebv.dll

2012-07-18 00:11:47 -------- d-----w- f:program filesMicrosoft Security Client

2012-07-17 23:11:39 7680 ----a-w- f:windows12225517.exe

2012-07-14 12:45:01 69392 ----a-w- f:windowssystem32driversTfSysMon.sys

2012-07-14 12:45:01 51984 ----a-w- f:windowssystem32driversTfFsMon.sys

2012-07-14 12:45:01 33552 ----a-w- f:windowssystem32driversTfNetMon.sys

2012-07-14 12:45:00 -------- d-----w- f:programdataPC Tools

2012-07-14 12:45:00 -------- d-----w- f:program filesThreatFire

2012-07-13 02:43:10 -------- d-----w- f:usersttarmstrongappdataroamingf-secure

2012-07-13 02:42:53 -------- d-----w- f:programdataF-Secure

2012-07-13 02:23:42 14664 ----a-w- f:windowsstinger.sys

2012-07-13 02:22:14 -------- d-----w- f:program filesstinger

2012-07-07 17:28:51 -------- d-----w- f:program filesNewAgeDesign

2012-06-30 20:17:57 6762896 ----a-w- f:programdatamicrosoftwindows defenderdefinition updates{cd6a007c-8d62-4856-a523-23b49072749b}mpengine.dll

2012-06-29 17:39:34 -------- d-----w- f:program files1ClickDownload

2012-06-23 22:19:32 -------- d-----w- F:My Recordings

2012-06-23 12:10:16 -------- d-----w- f:program filesHP

2012-06-23 12:09:59 -------- d-----w- f:usersttarmstrongappdatalocalHP

.

==================== Find3M ====================

.

2012-07-12 02:21:10 70344 ----a-w- f:windowssystem32FlashPlayerCPLApp.cpl

2012-07-12 02:21:10 426184 ----a-w- f:windowssystem32FlashPlayerApp.exe

2012-07-03 17:46:44 22344 ----a-w- f:windowssystem32driversmbam.sys

2012-06-06 05:05:52 1390080 ----a-w- f:windowssystem32msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- f:windowssystem32msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- f:windowssystem32cdosys.dll

2012-06-02 08:33:25 1800192 ----a-w- f:windowssystem32jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- f:windowssystem32wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- f:windowssystem32inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- f:windowssystem32ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- f:windowssystem32mshtml.tlb

2012-06-02 04:45:04 67440 ----a-w- f:windowssystem32driversksecdd.sys

2012-06-02 04:45:03 134000 ----a-w- f:windowssystem32driversksecpkg.sys

2012-06-02 04:40:59 369336 ----a-w- f:windowssystem32driverscng.sys

2012-06-02 04:40:39 225280 ----a-w- f:windowssystem32schannel.dll

2012-06-02 04:39:10 219136 ----a-w- f:windowssystem32ncrypt.dll

2012-05-01 04:44:12 164352 ----a-w- f:windowssystem32profsvc.dll

2012-04-28 03:17:07 183808 ----a-w- f:windowssystem32driversrdpwd.sys

2012-04-26 04:45:55 58880 ----a-w- f:windowssystem32rdpwsx.dll

2012-04-26 04:45:54 129536 ----a-w- f:windowssystem32rdpcorekmts.dll

2012-04-26 04:41:16 8192 ----a-w- f:windowssystem32rdrmemptylst.exe

2012-04-24 04:36:42 140288 ----a-w- f:windowssystem32cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- f:windowssystem32crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- f:windowssystem32cryptnet.dll

.

============= FINISH: 23:22:47.58 ===============

Share this post


Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

.

==== Disk Partitions =========================

.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

1ClickDownloader

4Videosoft MKV Video Converter

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

Audio Editor Master v5.4.1.238

BioAPI Framework

BitTorrent

CCleaner

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

CleanMem

CleanUp!

Comodo Dragon

COMODO Internet Security

Compatibility Pack for the 2007 Office system

Conduit Engine

ConvertXtoDVD 4.1.19.365

dBpowerAMP WMA V9.1 Codec

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell ControlVault Host Components Installer

Dell Driver Download Manager

Dell Security Device Driver Pack

Disk Cleaner (remove only)

Download Updater (AOL LLC)

DVD Audio Extractor 5.2.3

DVD Converter Ultimate 1.4.0.8

DVD Shrink 3.2

DVD Shrink Pro

DVDFab 8.1.6.0 (01/02/2012) Qt

Emsisoft Anti-Malware

ESET Online Scanner v3

EZ Label Xpress Lite

ffdshow [rev 2975] [2009-05-28]

FormatFactory 2.90

FREE Hi-Q Recorder 1.92

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

High-Definition Video Playback 10

HP Deskjet 1050 J410 series Basic Device Software

HP Deskjet 1050 J410 series Help

ImgBurn

Java Auto Updater

Java 6 Update 31

JPG to PDF Converter 1.0

KEEBOX 150N Wireless Utility

Magic Burning Studio 12.3.1.31

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Antimalware

Microsoft Office 2000 Premium

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Primary Interoperability Assemblies 2005

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 10 Menu TemplatePack Basic

Nero 10 Movie ThemePack Basic

Nero BackItUp 10

Nero BackItUp 10 Help (CHM)

Nero Burning ROM 10

Nero BurningROM 10 Help (CHM)

Nero BurnRights 10

Nero BurnRights 10 Help (CHM)

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero CoverDesigner 10

Nero CoverDesigner 10 Help (CHM)

Nero DiscCopy Gadget 10

Nero DiscCopyGadget 10 Help (CHM)

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero Dolby Files 10

Nero Express 10

Nero Express 10 Help (CHM)

Nero InfoTool 10

Nero InfoTool 10 Help (CHM)

Nero MediaHub 10

Nero MediaHub 10 Help (CHM)

Nero Multimedia Suite 10

Nero Recode 10

Nero Recode 10 Help (CHM)

Nero RescueAgent 10

Nero RescueAgent 10 Help (CHM)

Nero SoundTrax 10

Nero SoundTrax 10 Help (CHM)

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero Update

Nero Vision 10

Nero Vision 10 Help (CHM)

Nero WaveEditor 10

Nero WaveEditor 10 Help (CHM)

NirSoft Wireless Network Watcher

NoDupe 32-bit (v1.16.7.2)

NVIDIA Drivers

NVIDIA nView Desktop Manager

Octoshape add-in for Adobe Flash Player

Pale Moon (3.6.32)

Panda Cloud Antivirus

PeerGuardian 2.0

PowerDVD DX

Real Alternative 1.8.4 Lite

Real Hide IP

RedMon - Redirection Port Monitor

Secunia PSI (2.0.0.4003)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Service Center Setup

Skype™ 5.5

SLOW-PCfighter

Smart Defrag 2

Speed Video Splitter 4.3.39

SpywareBlaster 4.6

SpywareGuard v2.2

Streaming Video Recorder V2.2.5

SUPERAntiSpyware

Tenda Wireless LAN Card

ThreatFire

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553092)

UPEK TouchChip Fingerprint Reader

uTorrentBar Toolbar

VGA USB Camera

VirtualDJ PRO Full

VLC media player 2.0.1

Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)

Windows Installer Clean Up

Windows Media Player Firefox Plugin

WinRAR archiver

Wisdom-soft Set up ScreenHunter 5.1 Pro

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-19 23:28:30

-----------------------------

23:28:30.396 OS Version: Windows 6.1.7601 Service Pack 1

23:28:30.396 Number of processors: 2 586 0x170A

23:28:30.396 ComputerName: TTARMSTRONG-PC UserName: TTArmstrong

23:28:30.937 Initialize success

23:29:07.000 AVAST engine defs: 12071902

23:29:39.288 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIAAStorageDevice-1

23:29:39.290 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 8

23:29:39.312 Disk 0 MBR read successfully

23:29:39.314 Disk 0 MBR scan

23:29:39.319 Disk 0 Windows 7 default MBR code

23:29:39.322 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 266 MB offset 63

23:29:39.376 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 60345 MB offset 546210

23:29:39.382 Disk 0 Partition - 00 0F Extended LBA 92012 MB offset 124134255

23:29:39.399 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 51348 MB offset 124134318

23:29:39.406 Disk 0 Partition - 00 05 Extended 40664 MB offset 229295745

23:29:39.423 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 40664 MB offset 229295808

23:29:39.431 Disk 0 scanning sectors +312576705

23:29:39.486 Disk 0 scanning F:Windowssystem32drivers

23:29:49.886 Service scanning

23:30:15.238 Modules scanning

23:30:23.883 Disk 0 trace - called modules:

23:30:23.908 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorV.sys halmacpi.dll

23:30:23.913 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0x8bba37c8]

23:30:23.918 3 CLASSPNP.SYS[8e5be59e] -> nt!IofCallDriver -> DeviceIdeIAAStorageDevice-1[0x8ad8d028]

23:30:24.504 AVAST engine scan F:Windows

23:30:26.241 AVAST engine scan F:Windowssystem32

23:32:09.375 File: F:WindowsassemblyGACDesktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]

23:32:47.940 AVAST engine scan F:Windowssystem32drivers

23:33:00.543 AVAST engine scan F:UsersTTArmstrong

23:35:30.945 AVAST engine scan F:ProgramData

23:36:25.003 Scan finished successfully

23:42:23.402 Disk 0 MBR has been saved successfully to "F:UsersTTArmstrongDesktopMBR.dat"

23:42:23.408 The log file has been saved successfully to "F:UsersTTArmstrongDesktopaswMBR log.txt"

Share this post


Link to post
Share on other sites

Hello luluhifi and :wp:

 

My name is JonTom

  • Malware Logs can sometimes take a lot of time to research and interpret.
  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  • PLEASE NOTE: If you do not reply after 3 days your thread will be closed.

I would like to know if anyone in the Pit have a way of getting Rid of these nasty stuff without doing a clean install or a in place install

There is a serious rootkit infection on this machine so I cannot give you any guarantees. It would be wise to back up all of your important data before we begin since if the infection cannot be cleaned a reformat and reinstallation of the operating system will be the best course of action.

 

 

The infection on this machine has password stealing capabilities. If you use this machine for any kind of financial transactions please go to an uninfected system and change all of your passwords as soon as you can.

  • P2P Programs:

    • P2P programs are a major source of Malware infections.
    • From your log I see you have BitTorrent. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
    • The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
    • If you wish to keep the program(s), please do not use them until your computer is cleaned.
    • Information regarding the risk of using these programs can be found from here and here.
    • It is strongly recommend that you uninstall any P2P programs you have on your system.
    • To do this, Click on the "Windows Orb" (bottom left hand corner of your screen), then on "Conrol Panel" and then on the "Programs and Features" tab.
    • A list of currently installed programs will be displayed.
    • Find the "BitTorrent" program, click on it once and then click on the "Uninstall" button.
    • If you are prompted to re-boot your computer to complete the uninstall please do so.

       

       

      PLEASE NOTE:

    • Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.
  • Please un-install the following programs

    • Click on "Start" then on "Control Panel" and then on the "Programs and Features" tab.
    • Find the "1ClickDownloader" program, click on it once and then click on the "uninstall" button.
    • If you are prompted to re-boot your computer to complete the uninstall please do so.
    • Repeat for Conduit Engine and uTorrentBar Toolbar.
  • Combofix

    • Download ComboFix from one of the following locations:

       

      Link 1

      Link 2

    • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
    • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here.
    • Right click on ComboFix.exe and select "Run as Administrator" to run the program. Follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Posted Image

     

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    Posted Image

     

    • Click on Yes, to continue scanning for malware.
    • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
    • Should there be issues with internet afterward:

       

      In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

       

      In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

    Please post the Combofix log in your next reply.

Share this post


Link to post
Share on other sites

ComboFix 12-07-21.01 - TTArmstrong 07/22/2012 19:52:23.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2036.1031 [GMT -4:00]

Running from: f:usersTTArmstrongDesktopComboFix.exe

AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

f:usersTTArmstrongAppDataRoamingTTArmstronglog.dat

f:windows12225517.exe

f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}@

f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}L00000004.@

f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}L1afb2d56

f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}L201d3dde

f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U00000004.@

f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U00000008.@

f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U000000cb.@

f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U80000000.@

f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U80000032.@

.

f:windowssystem32services.exe . . . is infected!!

.

Infected copy of f:windowssystem32services.exe was found and disinfected

Restored copy from - f:windowswinsxsx86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967bservices.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))

.

.

2012-07-23 00:02 . 2012-07-23 00:19 -------- d-----w- f:usersTTArmstrongAppDataLocaltemp

2012-07-23 00:02 . 2012-07-23 00:02 -------- d-----w- f:usersDefaultAppDataLocaltemp

2012-07-21 14:41 . 2012-07-21 14:41 114176 ----a-w- f:programdataMicrosoftWindowsDRMD6B1.tmp

2012-07-21 14:41 . 2012-07-21 14:41 114176 ----a-w- f:programdataMicrosoftWindowsDRMD27B.tmp

2012-07-18 07:18 . 2012-06-12 02:40 2345984 ----a-w- f:windowssystem32win32k.sys

2012-07-18 05:55 . 2012-07-18 05:55 43480 ----a-w- f:windowssystem32driversgtqjbadj.sys

2012-07-18 01:26 . 2012-07-18 01:26 -------- d-----w- F:VritualRoot

2012-07-18 00:46 . 2012-07-18 05:57 56200 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{2356B655-C2C0-4E58-BB14-9F65886A6888}offreg.dll

2012-07-18 00:44 . 2012-07-18 00:43 713784 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{13315781-ABDC-4E56-A8C6-AF633331E555}gapaengine.dll

2012-07-18 00:43 . 2012-06-29 05:44 6891424 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{2356B655-C2C0-4E58-BB14-9F65886A6888}mpengine.dll

2012-07-18 00:13 . 2012-06-02 22:19 53784 ----a-w- f:windowssystem32wuauclt.exe

2012-07-18 00:13 . 2012-06-02 22:19 45080 ----a-w- f:windowssystem32wups2.dll

2012-07-18 00:13 . 2012-06-02 22:19 1933848 ----a-w- f:windowssystem32wuaueng.dll

2012-07-18 00:13 . 2012-06-02 22:12 2422272 ----a-w- f:windowssystem32wucltux.dll

2012-07-18 00:12 . 2012-06-02 22:19 35864 ----a-w- f:windowssystem32wups.dll

2012-07-18 00:12 . 2012-06-02 22:19 577048 ----a-w- f:windowssystem32wuapi.dll

2012-07-18 00:12 . 2012-06-02 22:12 88576 ----a-w- f:windowssystem32wudriver.dll

2012-07-18 00:12 . 2012-06-02 19:19 171904 ----a-w- f:windowssystem32wuwebv.dll

2012-07-18 00:12 . 2012-06-02 19:12 33792 ----a-w- f:windowssystem32wuapp.exe

2012-07-18 00:11 . 2012-07-18 07:17 -------- d-----w- f:program filesMicrosoft Security Client

2012-07-14 12:45 . 2011-02-22 17:57 69392 ----a-w- f:windowssystem32driversTfSysMon.sys

2012-07-14 12:45 . 2011-02-22 17:57 33552 ----a-w- f:windowssystem32driversTfNetMon.sys

2012-07-14 12:45 . 2011-02-22 17:57 51984 ----a-w- f:windowssystem32driversTfFsMon.sys

2012-07-14 12:45 . 2012-07-21 13:49 -------- d-----w- f:program filesThreatFire

2012-07-14 12:45 . 2012-07-14 12:45 -------- d-----w- f:programdataPC Tools

2012-07-13 02:43 . 2012-07-13 02:43 -------- d-----w- f:usersTTArmstrongAppDataRoamingf-secure

2012-07-13 02:42 . 2012-07-13 02:42 -------- d-----w- f:programdataF-Secure

2012-07-13 02:23 . 2012-07-13 02:23 14664 ----a-w- f:windowsstinger.sys

2012-07-13 02:22 . 2012-07-13 02:30 -------- d-----w- f:program filesstinger

2012-07-11 09:43 . 2012-07-11 09:43 -------- d-----w- f:program filesReal

2012-07-07 17:28 . 2012-07-07 17:28 -------- d-----w- f:program filesNewAgeDesign

2012-06-30 20:17 . 2012-05-31 03:41 6762896 ----a-w- f:programdataMicrosoftWindows DefenderDefinition Updates{CD6A007C-8D62-4856-A523-23B49072749B}mpengine.dll

2012-06-29 17:39 . 2012-07-22 22:25 -------- d-----w- f:program files1ClickDownload

2012-06-23 22:19 . 2012-06-24 02:13 -------- d-----w- F:My Recordings

2012-06-23 12:10 . 2012-06-23 12:12 -------- d-----w- f:programdataHP

2012-06-23 12:10 . 2012-06-23 12:10 -------- d-----w- f:program filesHP

2012-06-23 12:09 . 2012-06-23 12:09 -------- d-----w- f:usersTTArmstrongAppDataLocalHP

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 02:21 . 2012-04-04 21:17 426184 ----a-w- f:windowssystem32FlashPlayerApp.exe

2012-07-12 02:21 . 2011-05-17 13:21 70344 ----a-w- f:windowssystem32FlashPlayerCPLApp.cpl

2012-07-03 17:46 . 2010-09-30 04:56 22344 ----a-w- f:windowssystem32driversmbam.sys

2012-05-01 04:44 . 2012-06-18 03:23 164352 ----a-w- f:windowssystem32profsvc.dll

2012-04-28 03:17 . 2012-06-18 03:28 183808 ----a-w- f:windowssystem32driversrdpwd.sys

2012-04-26 04:45 . 2012-06-18 03:23 58880 ----a-w- f:windowssystem32rdpwsx.dll

2012-04-26 04:45 . 2012-06-18 03:23 129536 ----a-w- f:windowssystem32rdpcorekmts.dll

2012-04-26 04:41 . 2012-06-18 03:23 8192 ----a-w- f:windowssystem32rdrmemptylst.exe

2012-04-24 04:36 . 2012-06-18 03:23 140288 ----a-w- f:windowssystem32cryptsvc.dll

2012-04-24 04:36 . 2012-06-18 03:23 1158656 ----a-w- f:windowssystem32crypt32.dll

2012-04-24 04:36 . 2012-06-18 03:23 103936 ----a-w- f:windowssystem32cryptnet.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Sidebar"="f:program filesWindows Sidebarsidebar.exe" [2010-11-20 1174016]

"swg"="f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2010-09-30 39408]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"KEEBOX 150N Wireless Utility"="f:program filesKEEBOX150N Wireless UtilityWlanMon.exe" [2010-07-06 835584]

"COMODO Internet Security"="f:program filesCOMODOCOMODO Internet Securitycfp.exe" [2012-03-12 6749512]

"PSUNMain"="f:program filesPanda SecurityPanda Cloud AntivirusPSUNMain.exe" [2011-04-28 439616]

"ThreatFire"="f:program filesThreatFireTFTray.exe" [2011-02-22 378128]

"SonneDVDCreator"="f:program filesMagic Burning StudioDVDCreator.exe" [2010-03-09 16537088]

"BurnStudio"="f:program filesMagic Burning Studiombs.exe" [2010-02-09 4619264]

.

f:usersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

SpywareGuard.lnk - f:program filesSpywareGuardsgmain.exe [2003-8-29 360448]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:program filesSUPERAntiSpywareSASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- f:program filesSUPERAntiSpywareSASWINLO.DLL

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]

"AppInit_DLLs"=f:windowsSystem32guard32.dll

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

@="Service"

.

[HKLM~startupfolderF:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]

path=f:programdataMicrosoftWindowsStart MenuProgramsStartupSecunia PSI Tray.lnk

backup=f:windowspssSecunia PSI Tray.lnk.Commonstartup

backupExtension=.Commonstartup

.

[HKLM~startupfolderF:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk]

path=f:programdataMicrosoftWindowsStart MenuProgramsStartupVirtual Router Manager.lnk

backup=f:windowspssVirtual Router Manager.lnk.Commonstartup

backupExtension=.Commonstartup

.

[HKLM~startupfolderF:^Users^TTArmstrong^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LvbicEQ.exe]

backupExtension=.Startup

HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}

HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM]

2012-01-03 07:37 843712 ----a-w- f:program filesCommon FilesAdobeARM1.0AdobeARM.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]

2012-04-04 05:53 35736 ----a-w- f:program filesAdobeReader 10.0Readerreader_sl.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBurnStudio]

2010-02-09 18:42 4619264 ----a-w- f:program filesMagic Burning Studiombs.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGoogle Update]

2010-09-30 04:50 136176 ----atw- f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes' Anti-Malware (reboot)]

2012-07-03 17:46 973488 ----a-w- f:program filesMalwarebytes' Anti-Malwarembam.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBAgent]

2010-03-26 14:52 1234216 ----a-w- f:program filesNeroNero 10Nero BackItUpNBAgent.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNVHotkey]

2009-06-16 14:27 92704 ----a-w- f:windowsSystem32nvhotkey.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]

2009-06-11 02:59 1657376 ----a-w- f:windowsSystem32nwiz.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPAC7302_Monitor]

2006-11-03 16:01 319488 ----a-w- f:windowsPixartPac7302Monitor.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPDVDDXSrv]

2009-04-02 22:33 128232 ------w- f:program filesCyberLinkPowerDVD DXPDVDDXSrv.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPeerGuardian]

2007-06-02 20:59 1457152 ----a-w- f:program filesPeerGuardian2pg2.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSonneDVDCreator]

2010-03-09 22:16 16537088 ----a-w- f:program filesMagic Burning StudioDVDCreator.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]

2012-01-18 19:02 254696 ----a-w- f:program filesCommon FilesJavaJava Updatejusched.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]

2010-09-30 14:10 39408 ----a-w- f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUpdater]

2011-06-21 14:26 26112 ----a-w- f:usersTTArmstrongAppDataRoamingUpdaterupdateloader.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWZCSLDR2]

2010-06-21 18:28 122880 ----a-w- f:program filesKEEBOX150N Wireless UtilityWZCSLDR2.exe

.

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]

"swg"="f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]

"PDVDDXSrv"="f:program filesCyberLinkPowerDVD DXPDVDDXSrv.exe"

"SunJavaUpdateSched"="f:program filesCommon FilesJavaJava Updatejusched.exe"

"Adobe ARM"="f:program filesCommon FilesAdobeARM1.0AdobeARM.exe"

"BurnStudio"="f:program filesMagic Burning Studiombs.exe" Hide

"BCSSync"="f:program filesMicrosoft OfficeOffice14BCSSync.exe" /DelayServices

"NvCplDaemon"=RUNDLL32.EXE f:windowssystem32NvCpl.dll,NvStartup

.

R1 xeohoein;xeohoein;f:windowssystem32driversxeohoein.sys [x]

R2 gupdate;Google Update Service (gupdate);f:program filesGoogleUpdateGoogleUpdate.exe [x]

R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm); [x]

R3 a2acc;a2acc;f:program filesEMSISOFT ANTI-MALWAREa2accx86.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;f:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [x]

R3 cvusbdrv;Dell ControlVault;f:windowssystem32Driverscvusbdrv.sys [x]

R3 gupdatem;Google Update Service (gupdatem);f:program filesGoogleUpdateGoogleUpdate.exe [x]

R3 ivusb;Initio Driver for USB Default Controller;f:windowssystem32DRIVERSivusb.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;f:program filesMicrosoft OfficeOffice14GROOVE.EXE [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;f:windowssystem32DRIVERSMpNWMon.sys [x]

R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;f:windowssystem32DRIVERSnetr28u.sys [x]

R3 NisDrv;Microsoft Network Inspection System;f:windowssystem32DRIVERSNisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;f:program filesMicrosoft Security ClientAntimalwareNisSrv.exe [x]

R3 osppsvc;Office Software Protection Platform;f:program filesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [x]

R3 pcouffin;VSO Software pcouffin;f:windowssystem32Driverspcouffin.sys [x]

R3 TsUsbFlt;TsUsbFlt;f:windowssystem32driverstsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;f:windowssystem32WatWatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;f:windowssystem32DRIVERSwdcsam.sys [x]

S0 SmartDefragDriver;SmartDefragDriver;f:windowsSystem32DriversSmartDefragDriver.sys [x]

S0 TfFsMon;TfFsMon;f:windowssystem32driversTfFsMon.sys [x]

S0 TfSysMon;TfSysMon;f:windowssystem32driversTfSysMon.sys [x]

S1 A2DDA;A2 Direct Disk Access Support Driver;f:program filesEmsisoft Anti-Malwarea2ddax86.sys [x]

S1 anodlwf;ANOD Network Security Filter driver;f:windowssystem32DRIVERSanodlwf.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;f:windowssystem32DRIVERScmdguard.sys [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;f:windowssystem32DRIVERScmdhlp.sys [x]

S1 PSINKNC;PSINKNC;f:windowssystem32DRIVERSpsinknc.sys [x]

S1 SASDIFSV;SASDIFSV;f:program filesSUPERAntiSpywareSASDIFSV.SYS [x]

S1 SASKUTIL;SASKUTIL;f:program filesSUPERAntiSpywareSASKUTIL.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;f:windowssystem32DRIVERSvwififlt.sys [x]

S2 !SASCORE;SAS Core Service;f:program filesSUPERAntiSpywareSASCORE.EXE [x]

S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;f:program filesEmsisoft Anti-Malwarea2service.exe [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;f:program filesCommon FilesAdobeARM1.0armsvc.exe [x]

S2 Credential Vault Host Control Service;Credential Vault Host Control Service;f:program filesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe [x]

S2 Credential Vault Host Storage;Credential Vault Host Storage;f:program filesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe [x]

S2 NanoServiceMain;Panda Cloud Antivirus Service;f:program filesPanda SecurityPanda Cloud AntivirusPSANHost.exe [x]

S2 NAUpdate;Nero Update;f:program filesNeroUpdateNASvc.exe [x]

S2 Nonbrand_WUS-N;Nonbrand_WUS-N Service;f:program filesKEEBOX150N Wireless UtilityANIWZCSdS.exe [x]

S2 Nonbrand_WUS-N_WPS;Nonbrand_WUS-N_WPS Service;f:program filesKEEBOX150N Wireless UtilityANIWConnService.exe [x]

S2 PSINAflt;PSINAflt;f:windowssystem32DRIVERSPSINAflt.sys [x]

S2 PSINFile;PSINFile;f:windowssystem32DRIVERSPSINFile.sys [x]

S2 PSINProc;PSINProc;f:windowssystem32DRIVERSPSINProc.sys [x]

S2 PSINProt;PSINProt;f:windowssystem32DRIVERSPSINProt.sys [x]

S2 Secunia PSI Agent;Secunia PSI Agent;f:program filesSecuniaPSIPSIA.exe [x]

S2 Secunia Update Agent;Secunia Update Agent;f:program filesSecuniaPSIsua.exe [x]

S2 ThreatFire;ThreatFire;f:program filesThreatFireTFService.exe service [x]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;f:windowssystem32DRIVERSe1y6232.sys [x]

S3 PSI;PSI;f:windowssystem32DRIVERSpsi_mf.sys [x]

S3 TfNetMon;TfNetMon;f:windowssystem32driversTfNetMon.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;f:windowssystem32DRIVERSvwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-23 f:windowsTasksAdobe Flash Player Updater.job

- f:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-04-04 02:21]

.

2012-07-23 f:windowsTasksGoogleUpdateTaskMachineCore.job

- f:program filesGoogleUpdateGoogleUpdate.exe [2010-09-30 14:10]

.

2012-07-22 f:windowsTasksGoogleUpdateTaskMachineUA.job

- f:program filesGoogleUpdateGoogleUpdate.exe [2010-09-30 14:10]

.

2012-07-22 f:windowsTasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001Core.job

- f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe [2010-09-30 04:50]

.

2012-07-23 f:windowsTasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001UA.job

- f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe [2010-09-30 04:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - f:progra~1MICROS~2Office14EXCEL.EXE/3000

IE: Se&nd to OneNote - f:progra~1MICROS~2Office14ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.254.254

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

MSConfigStartUp-MSC - f:program filesMicrosoft Security Clientmsseces.exe

MSConfigStartUp-Nero Serial KeyGen - (no file)

.

.

.

[HKEY_LOCAL_MACHINEsystemControlSet003servicesThreatFire]

"AlternateImagePath"=""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINEsystemControlSet003ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINEsystemControlSet003ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(904)

f:program filesThreatFireTFWAH.dll

.

- - - - - - - > 'lsass.exe'(688)

f:windowssystem32guard32.dll

f:program filesThreatFireTFWAH.dll

.

- - - - - - - > 'Explorer.exe'(4044)

f:windowssystem32guard32.dll

f:program filesThreatFireTfWah.dll

f:progra~1MICROS~2Office14GROOVEEX.DLL

f:windowsSystem32gameux.dll

f:windowssystem32MsftEdit.dll

f:windowssystem32authui.dll

f:windowssystem32msutb.dll

f:windowssystem32prnfldr.dll

f:windowssystem32dxp.dll

f:windowsSystem32netshell.dll

f:windowssystem32PortableDeviceTypes.dll

f:windowsSystem32QUtil.dll

f:windowsSystem32srchadmin.dll

f:windowssystem32wwanapi.dll

f:windowsSystem32QAgent.dll

f:windowssystem32imapi2.dll

.

------------------------ Other Running Processes ------------------------

.

f:windowssystem32nvvsvc.exe

f:windowssystem32WUDFHost.exe

f:windowssystem32nvvsvc.exe

f:program filesThreatFireTFService.exe

f:windowssystem32taskhost.exe

f:windowssystem32conhost.exe

f:program filesSpywareGuardsgbhp.exe

.

**************************************************************************

.

Completion time: 2012-07-22 20:26:41 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-23 00:26

.

Pre-Run: 11,211,698,176 bytes free

Post-Run: 10,949,455,872 bytes free

.

- - End Of File - - 059893AB569B0923BCD10F60BF72D018

Share this post


Link to post
Share on other sites

Hello luluhifi

 

Thank you for the log.

 

Before we continue I would like to take a closer look at a small number of files:

  • Please scan the following files

  • Please go to VirusTotal
  • On the page you'll find a "Choose File" button.
  • Click on the Choose File button.
  • In the File Upload window which opens, copy and paste this into the File Name box.
f:\programdata\Microsoft\Windows\DRM\D6B1.tmp

 

 

  • Next, click the Open button.
  • Then click the "Send File" button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File has already been analyzed: click Reanalyze file now.
  • Once scanned, copy and paste the link to the results page in your next reply.
  • Repeat for the following files:
f:\users\TTArmstrong\AppData\Roaming\Updater\updateloader.exe

 

F:\Users\TTArmstrong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LvbicEQ.exe

Please post the links to the results pages in your next reply.

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

Hello luluhifi

 

Thank you for the scan data.

 

This one say >>>LvbicEQ.exe file not found

Thats okay.

 

We need to use Combofix again but this time, we will be running it in a slightly different way.

  • Please work through the following steps

  • Hold down the Windows key (has the Windows symbol on it) and press the "R" key. A Run box will open. Type in Notepad and press Enter then click on "OK").
  • NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.
  • Copy and Paste the text in the codebox below (including the link) into the open Notepad window:

     

    http://forums.pcpitstop.com/index.php?/topic/199426-trojans-win32-sirefefe2-e1/
    
    Collect::
    f:\windows\system32\drivers\gtqjbadj.sys
    f:\programdata\Microsoft\Windows\DRM\D6B1.tmp
    
    Driver::
    xeohoein
    
    File::
    f:\windows\system32\drivers\xeohoein.sys
    f:\programdata\Microsoft\Windows\DRM\D27B.tmp
    
    Folder::
    f:\program files\1ClickDownload
    
    Reglock::
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    
    
  • Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
  • Close any open browsers.
  • Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Refering to the picture below, drag CFScript.txt into ComboFix.exe

     

    Posted Image

  • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • Once the log is produced, re-engage your resident anti virus.
  • Note: When ComboFix finishes running, the ComboFix log will open along with a message box - do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
Please post the Combofix log in your next reply.

 

Share this post


Link to post
Share on other sites

I did acouple of times and i didnt see anything like log comes up atall after Combofix>>> :hammer: maybe im doing something wrong

Share this post


Link to post
Share on other sites

Hello luluhifi

 

Please check your C drive for the log. If present it will be called C:\ComboFix.txt

 

If no log has been saved just let me know.

Share this post


Link to post
Share on other sites

I update ComboFix and this is what i got

 

 

 

 

ComboFix 12-07-27.01 - TTArmstrong 07/26/2012 8:10.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2036.1001 [GMT -4:00]

Running from: f:usersTTArmstrongDesktopComboFix.exe

Command switches used :: f:usersTTArmstrongDesktopCFScript.txt

AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}

FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

FILE ::

"f:programdataMicrosoftWindowsDRMD27B.tmp"

"f:windowssystem32driversxeohoein.sys"

.

file zipped: f:programdataMicrosoftWindowsDRMD6B1.tmp

file zipped: f:windowssystem32driversgtqjbadj.sys

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

f:program files1ClickDownload

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------Service_xeohoein

.

.

((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))

.

.

2012-07-26 12:20 . 2012-07-26 12:20 -------- d-----w- f:windowssystem32configsystemprofileAppDataLocaltemp

2012-07-26 12:20 . 2012-07-26 12:20 -------- d-----w- f:usersDefaultAppDataLocaltemp

2012-07-26 12:20 . 2012-07-26 12:20 -------- d-----w- f:usersAdministratorAppDataLocaltemp

2012-07-23 16:52 . 2011-03-10 22:04 46280 ----a-w- f:windowssystem32driversPSKMAD.sys

2012-07-23 10:00 . 2012-06-29 08:44 6891424 ----a-w- f:programdataMicrosoftWindows DefenderDefinition Updates{7E85B3AA-67D7-43B3-9B57-2104D0602929}mpengine.dll

2012-07-23 00:02 . 2012-07-26 12:24 -------- d-----w- f:usersTTArmstrongAppDataLocaltemp

2012-07-21 14:41 . 2012-07-21 14:41 114176 ----a-w- f:programdataMicrosoftWindowsDRMD27B.tmp

2012-07-18 07:18 . 2012-06-12 02:40 2345984 ----a-w- f:windowssystem32win32k.sys

2012-07-18 05:55 . 2012-07-26 12:09 43480 ----a-w- f:windowssystem32driversgtqjbadj.sys

2012-07-18 01:26 . 2012-07-18 01:26 -------- d-----w- F:VritualRoot

2012-07-18 00:46 . 2012-07-18 05:57 56200 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{2356B655-C2C0-4E58-BB14-9F65886A6888}offreg.dll

2012-07-18 00:44 . 2012-07-18 00:43 713784 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{13315781-ABDC-4E56-A8C6-AF633331E555}gapaengine.dll

2012-07-18 00:43 . 2012-06-29 05:44 6891424 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{2356B655-C2C0-4E58-BB14-9F65886A6888}mpengine.dll

2012-07-18 00:13 . 2012-06-02 22:19 53784 ----a-w- f:windowssystem32wuauclt.exe

2012-07-18 00:13 . 2012-06-02 22:19 45080 ----a-w- f:windowssystem32wups2.dll

2012-07-18 00:13 . 2012-06-02 22:19 1933848 ----a-w- f:windowssystem32wuaueng.dll

2012-07-18 00:13 . 2012-06-02 22:12 2422272 ----a-w- f:windowssystem32wucltux.dll

2012-07-18 00:12 . 2012-06-02 22:19 35864 ----a-w- f:windowssystem32wups.dll

2012-07-18 00:12 . 2012-06-02 22:19 577048 ----a-w- f:windowssystem32wuapi.dll

2012-07-18 00:12 . 2012-06-02 22:12 88576 ----a-w- f:windowssystem32wudriver.dll

2012-07-18 00:12 . 2012-06-02 19:19 171904 ----a-w- f:windowssystem32wuwebv.dll

2012-07-18 00:12 . 2012-06-02 19:12 33792 ----a-w- f:windowssystem32wuapp.exe

2012-07-18 00:11 . 2012-07-18 07:17 -------- d-----w- f:program filesMicrosoft Security Client

2012-07-14 12:45 . 2011-02-22 17:57 69392 ----a-w- f:windowssystem32driversTfSysMon.sys

2012-07-14 12:45 . 2011-02-22 17:57 33552 ----a-w- f:windowssystem32driversTfNetMon.sys

2012-07-14 12:45 . 2011-02-22 17:57 51984 ----a-w- f:windowssystem32driversTfFsMon.sys

2012-07-14 12:45 . 2012-07-21 13:49 -------- d-----w- f:program filesThreatFire

2012-07-14 12:45 . 2012-07-14 12:45 -------- d-----w- f:programdataPC Tools

2012-07-13 11:02 . 2012-07-13 11:02 174632 ----a-w- f:windowssystem32driversPSINKNC.sys

2012-07-13 11:02 . 2012-07-13 11:02 120872 ----a-w- f:windowssystem32driversPSINProt.sys

2012-07-13 11:02 . 2012-07-13 11:02 114216 ----a-w- f:windowssystem32driversPSINProc.sys

2012-07-13 11:02 . 2012-07-13 11:02 148520 ----a-w- f:windowssystem32driversPSINAflt.sys

2012-07-13 11:02 . 2012-07-13 11:02 103464 ----a-w- f:windowssystem32driversPSINFile.sys

2012-07-13 02:43 . 2012-07-13 02:43 -------- d-----w- f:usersTTArmstrongAppDataRoamingf-secure

2012-07-13 02:42 . 2012-07-13 02:42 -------- d-----w- f:programdataF-Secure

2012-07-13 02:23 . 2012-07-13 02:23 14664 ----a-w- f:windowsstinger.sys

2012-07-13 02:22 . 2012-07-13 02:30 -------- d-----w- f:program filesstinger

2012-07-12 15:18 . 2012-07-12 15:18 206632 ----a-w- f:windowssystem32driversNNSStrm.sys

2012-07-11 09:43 . 2012-07-11 09:43 -------- d-----w- f:program filesReal

2012-07-07 17:28 . 2012-07-07 17:28 -------- d-----w- f:program filesNewAgeDesign

2012-06-27 19:51 . 2012-06-27 19:51 92840 ----a-w- f:windowssystem32driversNNStlsc.sys

2012-06-27 19:51 . 2012-06-27 19:51 286376 ----a-w- f:windowssystem32driversNNSProt.sys

2012-06-27 19:51 . 2012-06-27 19:51 153000 ----a-w- f:windowssystem32driversNNSPrv.sys

2012-06-27 19:51 . 2012-06-27 19:51 106536 ----a-w- f:windowssystem32driversNNSSmtp.sys

2012-06-27 19:51 . 2012-06-27 19:51 60968 ----a-w- f:windowssystem32driversNNSPihsw.sys

2012-06-27 19:51 . 2012-06-27 19:51 104104 ----a-w- f:windowssystem32driversNNSPop3.sys

2012-06-27 19:51 . 2012-06-27 19:51 93992 ----a-w- f:windowssystem32driversNNSpicc.sys

2012-06-27 19:51 . 2012-06-27 19:51 28712 ----a-w- f:windowssystem32driversNNSNAHSL.sys

2012-06-27 19:51 . 2012-06-27 19:51 122664 ----a-w- f:windowssystem32driversNNSIds.sys

2012-06-27 19:51 . 2012-06-27 19:51 82472 ----a-w- f:windowssystem32driversNNSAlpc.sys

2012-06-27 19:51 . 2012-06-27 19:51 120744 ----a-w- f:windowssystem32driversNNSHttp.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 02:21 . 2012-04-04 21:17 426184 ----a-w- f:windowssystem32FlashPlayerApp.exe

2012-07-12 02:21 . 2011-05-17 13:21 70344 ----a-w- f:windowssystem32FlashPlayerCPLApp.cpl

2012-07-03 17:46 . 2010-09-30 04:56 22344 ----a-w- f:windowssystem32driversmbam.sys

2012-05-01 04:44 . 2012-06-18 03:23 164352 ----a-w- f:windowssystem32profsvc.dll

2012-04-28 03:17 . 2012-06-18 03:28 183808 ----a-w- f:windowssystem32driversrdpwd.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Sidebar"="f:program filesWindows Sidebarsidebar.exe" [2010-11-20 1174016]

"swg"="f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2010-09-30 39408]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"KEEBOX 150N Wireless Utility"="f:program filesKEEBOX150N Wireless UtilityWlanMon.exe" [2010-07-06 835584]

"COMODO Internet Security"="f:program filesCOMODOCOMODO Internet Securitycfp.exe" [2012-03-12 6749512]

"ThreatFire"="f:program filesThreatFireTFTray.exe" [2011-02-22 378128]

"SonneDVDCreator"="f:program filesMagic Burning StudioDVDCreator.exe" [2010-03-09 16537088]

"BurnStudio"="f:program filesMagic Burning Studiombs.exe" [2010-02-09 4619264]

"PSUAMain"="f:program filesPanda SecurityPanda Cloud AntivirusPSUAMain.exe" [2012-07-13 37152]

.

f:usersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

SpywareGuard.lnk - f:program filesSpywareGuardsgmain.exe [2003-8-29 360448]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:program filesSUPERAntiSpywareSASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- f:program filesSUPERAntiSpywareSASWINLO.DLL

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]

"AppInit_DLLs"=f:windowsSystem32guard32.dll

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

@="Service"

.

[HKLM~startupfolderF:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]

path=f:programdataMicrosoftWindowsStart MenuProgramsStartupSecunia PSI Tray.lnk

backup=f:windowspssSecunia PSI Tray.lnk.Commonstartup

backupExtension=.Commonstartup

.

[HKLM~startupfolderF:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk]

path=f:programdataMicrosoftWindowsStart MenuProgramsStartupVirtual Router Manager.lnk

backup=f:windowspssVirtual Router Manager.lnk.Commonstartup

backupExtension=.Commonstartup

.

[HKLM~startupfolderF:^Users^TTArmstrong^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LvbicEQ.exe]

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM]

2012-01-03 07:37 843712 ----a-w- f:program filesCommon FilesAdobeARM1.0AdobeARM.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]

2012-04-04 05:53 35736 ----a-w- f:program filesAdobeReader 10.0Readerreader_sl.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBurnStudio]

2010-02-09 18:42 4619264 ----a-w- f:program filesMagic Burning Studiombs.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGoogle Update]

2010-09-30 04:50 136176 ----atw- f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes' Anti-Malware (reboot)]

2012-07-03 17:46 973488 ----a-w- f:program filesMalwarebytes' Anti-Malwarembam.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBAgent]

2010-03-26 14:52 1234216 ----a-w- f:program filesNeroNero 10Nero BackItUpNBAgent.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNVHotkey]

2009-06-16 14:27 92704 ----a-w- f:windowsSystem32nvhotkey.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]

2009-06-11 02:59 1657376 ----a-w- f:windowsSystem32nwiz.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPAC7302_Monitor]

2006-11-03 16:01 319488 ----a-w- f:windowsPixartPac7302Monitor.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPDVDDXSrv]

2009-04-02 22:33 128232 ------w- f:program filesCyberLinkPowerDVD DXPDVDDXSrv.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPeerGuardian]

2007-06-02 20:59 1457152 ----a-w- f:program filesPeerGuardian2pg2.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSonneDVDCreator]

2010-03-09 22:16 16537088 ----a-w- f:program filesMagic Burning StudioDVDCreator.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]

2012-01-18 19:02 254696 ----a-w- f:program filesCommon FilesJavaJava Updatejusched.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]

2010-09-30 14:10 39408 ----a-w- f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUpdater]

2011-06-21 14:26 26112 ----a-w- f:usersTTArmstrongAppDataRoamingUpdaterupdateloader.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWZCSLDR2]

2010-06-21 18:28 122880 ----a-w- f:program filesKEEBOX150N Wireless UtilityWZCSLDR2.exe

.

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]

"swg"="f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]

"PDVDDXSrv"="f:program filesCyberLinkPowerDVD DXPDVDDXSrv.exe"

"SunJavaUpdateSched"="f:program filesCommon FilesJavaJava Updatejusched.exe"

"Adobe ARM"="f:program filesCommon FilesAdobeARM1.0AdobeARM.exe"

"BurnStudio"="f:program filesMagic Burning Studiombs.exe" Hide

"BCSSync"="f:program filesMicrosoft OfficeOffice14BCSSync.exe" /DelayServices

"NvCplDaemon"=RUNDLL32.EXE f:windowssystem32NvCpl.dll,NvStartup

.

R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;f:windowssystem32DRIVERSNNSNAHSL.sys [x]

R2 gupdate;Google Update Service (gupdate);f:program filesGoogleUpdateGoogleUpdate.exe [x]

R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm); [x]

R3 a2acc;a2acc;f:program filesEMSISOFT ANTI-MALWAREa2accx86.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;f:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [x]

R3 CFcatchme;CFcatchme;f:usersTTARMS~1AppDataLocalTempCFcatchme.sys [x]

R3 cvusbdrv;Dell ControlVault;f:windowssystem32Driverscvusbdrv.sys [x]

R3 gupdatem;Google Update Service (gupdatem);f:program filesGoogleUpdateGoogleUpdate.exe [x]

R3 ivusb;Initio Driver for USB Default Controller;f:windowssystem32DRIVERSivusb.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;f:program filesMicrosoft OfficeOffice14GROOVE.EXE [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;f:windowssystem32DRIVERSMpNWMon.sys [x]

R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;f:windowssystem32DRIVERSnetr28u.sys [x]

R3 NisDrv;Microsoft Network Inspection System;f:windowssystem32DRIVERSNisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;f:program filesMicrosoft Security ClientAntimalwareNisSrv.exe [x]

R3 osppsvc;Office Software Protection Platform;f:program filesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [x]

R3 pcouffin;VSO Software pcouffin;f:windowssystem32Driverspcouffin.sys [x]

R3 PSI;PSI;f:windowssystem32DRIVERSpsi_mf.sys [x]

R3 TsUsbFlt;TsUsbFlt;f:windowssystem32driverstsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;f:windowssystem32WatWatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;f:windowssystem32DRIVERSwdcsam.sys [x]

R4 NNSPIHSW;NNSPIHSW;f:windowssystem32DRIVERSNNSPihsw.sys [x]

S0 SmartDefragDriver;SmartDefragDriver;f:windowsSystem32DriversSmartDefragDriver.sys [x]

S0 TfFsMon;TfFsMon;f:windowssystem32driversTfFsMon.sys [x]

S0 TfSysMon;TfSysMon;f:windowssystem32driversTfSysMon.sys [x]

S1 A2DDA;A2 Direct Disk Access Support Driver;f:program filesEmsisoft Anti-Malwarea2ddax86.sys [x]

S1 anodlwf;ANOD Network Security Filter driver;f:windowssystem32DRIVERSanodlwf.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;f:windowssystem32DRIVERScmdguard.sys [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;f:windowssystem32DRIVERScmdhlp.sys [x]

S1 NNSALPC;NNSALPC;f:windowssystem32DRIVERSNNSAlpc.sys [x]

S1 NNSHTTP;NNSHTTP;f:windowssystem32DRIVERSNNSHttp.sys [x]

S1 NNSIDS;NNSIDS;f:windowssystem32DRIVERSNNSIds.sys [x]

S1 NNSPICC;NNSPICC;f:windowssystem32DRIVERSNNSPicc.sys [x]

S1 NNSPOP3;NNSPOP3;f:windowssystem32DRIVERSNNSPop3.sys [x]

S1 NNSPROT;NNSPROT;f:windowssystem32DRIVERSNNSProt.sys [x]

S1 NNSPRV;NNSPRV;f:windowssystem32DRIVERSNNSPrv.sys [x]

S1 NNSSMTP;NNSSMTP;f:windowssystem32DRIVERSNNSSmtp.sys [x]

S1 NNSSTRM;NNSSTRM;f:windowssystem32DRIVERSNNSStrm.sys [x]

S1 NNSTLSC;NNSTLSC;f:windowssystem32DRIVERSNNSTlsc.sys [x]

S1 PSINKNC;PSINKNC;f:windowssystem32DRIVERSpsinknc.sys [x]

S1 SASDIFSV;SASDIFSV;f:program filesSUPERAntiSpywareSASDIFSV.SYS [x]

S1 SASKUTIL;SASKUTIL;f:program filesSUPERAntiSpywareSASKUTIL.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;f:windowssystem32DRIVERSvwififlt.sys [x]

S2 !SASCORE;SAS Core Service;f:program filesSUPERAntiSpywareSASCORE.EXE [x]

S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;f:program filesEmsisoft Anti-Malwarea2service.exe [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;f:program filesCommon FilesAdobeARM1.0armsvc.exe [x]

S2 Credential Vault Host Control Service;Credential Vault Host Control Service;f:program filesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe [x]

S2 Credential Vault Host Storage;Credential Vault Host Storage;f:program filesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe [x]

S2 NanoServiceMain;Panda Cloud Antivirus Service;f:program filesPanda SecurityPanda Cloud AntivirusPSANHost.exe [x]

S2 NAUpdate;Nero Update;f:program filesNeroUpdateNASvc.exe [x]

S2 Nonbrand_WUS-N;Nonbrand_WUS-N Service;f:program filesKEEBOX150N Wireless UtilityANIWZCSdS.exe [x]

S2 Nonbrand_WUS-N_WPS;Nonbrand_WUS-N_WPS Service;f:program filesKEEBOX150N Wireless UtilityANIWConnService.exe [x]

S2 PSINAflt;PSINAflt;f:windowssystem32DRIVERSPSINAflt.sys [x]

S2 PSINFile;PSINFile;f:windowssystem32DRIVERSPSINFile.sys [x]

S2 PSINProc;PSINProc;f:windowssystem32DRIVERSPSINProc.sys [x]

S2 PSINProt;PSINProt;f:windowssystem32DRIVERSPSINProt.sys [x]

S2 PSUAService;Panda Product Service;f:program filesPanda SecurityPanda Cloud AntivirusPSUAService.exe [x]

S2 Secunia PSI Agent;Secunia PSI Agent;f:program filesSecuniaPSIPSIA.exe [x]

S2 Secunia Update Agent;Secunia Update Agent;f:program filesSecuniaPSIsua.exe [x]

S2 ThreatFire;ThreatFire;f:program filesThreatFireTFService.exe service [x]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;f:windowssystem32DRIVERSe1y6232.sys [x]

S3 PSKMAD;PSKMAD;f:windowssystem32DRIVERSPSKMAD.sys [x]

S3 TfNetMon;TfNetMon;f:windowssystem32driversTfNetMon.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;f:windowssystem32DRIVERSvwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-26 f:windowsTasksAdobe Flash Player Updater.job

- f:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-04-04 02:21]

.

2012-07-26 f:windowsTasksGoogleUpdateTaskMachineCore.job

- f:program filesGoogleUpdateGoogleUpdate.exe [2010-09-30 14:10]

.

2012-07-25 f:windowsTasksGoogleUpdateTaskMachineUA.job

- f:program filesGoogleUpdateGoogleUpdate.exe [2010-09-30 14:10]

.

2012-07-22 f:windowsTasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001Core.job

- f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe [2010-09-30 04:50]

.

2012-07-26 f:windowsTasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001UA.job

- f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe [2010-09-30 04:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - f:progra~1MICROS~2Office14EXCEL.EXE/3000

IE: Se&nd to OneNote - f:progra~1MICROS~2Office14ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.254.254

.

.

[HKEY_LOCAL_MACHINEsystemControlSet003servicesThreatFire]

"AlternateImagePath"=""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINEsystemControlSet003ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1564)

f:program filesThreatFireTFWAH.dll

.

- - - - - - - > 'lsass.exe'(1360)

f:windowssystem32guard32.dll

f:program filesThreatFireTFWAH.dll

.

- - - - - - - > 'Explorer.exe'(1580)

f:windowssystem32guard32.dll

f:program filesThreatFireTfWah.dll

f:progra~1MICROS~2Office14GROOVEEX.DLL

f:progra~1COMMON~1MICROS~1OFFICE14Culturesoffice.odf

f:windowssystem32MsftEdit.dll

f:windowssystem32authui.dll

f:windowssystem32BatMeter.dll

f:windowssystem32prnfldr.dll

f:windowssystem32dxp.dll

f:windowsSystem32netshell.dll

f:windowssystem32dhcpcsvc.DLL

f:windowsSystem32srchadmin.dll

f:windowssystem32dhcpcsvc6.DLL

f:windowssystem32imapi2.dll

f:windowssystem32wwanapi.dll

f:windowsSystem32provsvc.dll

.

------------------------ Other Running Processes ------------------------

.

f:windowssystem32nvvsvc.exe

f:windowssystem32WUDFHost.exe

f:windowssystem32nvvsvc.exe

f:program filesThreatFireTFService.exe

f:windowssystem32taskhost.exe

f:windowssystem32conhost.exe

f:?f:windowssystem32wbemWMIADAP.EXE

f:program filesSpywareGuardsgbhp.exe

.

**************************************************************************

.

Completion time: 2012-07-26 08:30:54 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-26 12:30

ComboFix2.txt 2012-07-23 00:26

.

Pre-Run: 10,893,877,248 bytes free

Post-Run: 10,502,070,272 bytes free

.

- - End Of File - - E2A9FE3C888559099D94DFFAD916E0A3

Upload was successful

Share this post


Link to post
Share on other sites

Hello luluhifi

 

Thank you for the log.

 

It looks as though some of the malicious files have re-spawned (this infection can sometimes be a real pain to remove).

 

In order to get a better picture of what is going on we will need to run some extra scans.

 

Please do the following:

  • Download and run OTL by Oldtimer

    • Please download OTL by Oldtimer by clicking here and save the file (called OTL.exe) to your desktop.
    • Close all open windows on your computer then Right click on the OTL.exe icon and select "Run as Administrator" to run the program.
    • Check the boxes beside "LOP Check" and "Purity Check".
    • Under Custom Scan paste this in:

    %systemroot%\*. /rp /s

    /md5start

    explorer.exe

    winlogon.exe

    Userinit.exe

    svchost.exe

    /md5stop

    • Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.
    • Please Copy and Paste the contents of the OTL.Txt log in your next reply.
  • aswMBR

    • Please re-scan your machine with aswMBR as you did before and post the log in your next reply.
    The next scan may give you the option to remove anything that has been detected. At this point, we only need to see the log. Please do not instruct the scanner to remove anything at this time.
  • TDSS Killer

    • Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and Right click on TDSSKiller.exe and select "Run as Administrator" to run the application.
    • When the window opens, click on Change Parameters.
    • Under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”.
    • Click on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Skip.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
    Please post the OTL logs, the aswMBR log and the TDSSKiller log in your next reply.

     

    You may have to make more than one post to fit all of the required information in.

Share this post


Link to post
Share on other sites

Ok Here is the OTL

 

 

 

OTL logfile created on: 7/26/2012 3:26:09 PM - Run 1

OTL by OldTimer - Version 3.2.54.1 Folder = F:UsersTTArmstrongDesktop

Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.99 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.26% Memory free

3.98 Gb Paging File | 2.61 Gb Available in Paging File | 65.70% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = F: | %SystemRoot% = F:Windows | %ProgramFiles% = F:Program Files

Drive C: | 58.93 Gb Total Space | 3.53 Gb Free Space | 5.98% Space Free | Partition Type: NTFS

Drive E: | 39.71 Gb Total Space | 23.76 Gb Free Space | 59.83% Space Free | Partition Type: NTFS

Drive F: | 50.14 Gb Total Space | 9.29 Gb Free Space | 18.53% Space Free | Partition Type: NTFS

Drive K: | 14.90 Gb Total Space | 1.12 Gb Free Space | 7.54% Space Free | Partition Type: FAT32

 

Computer Name: TTARMSTRONG-PC | User Name: TTArmstrong | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe

PRC - [2012/07/13 07:15:56 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe

PRC - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe

PRC - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe

PRC - [2012/06/29 13:38:24 | 003,069,752 | ---- | M] (Emsisoft GmbH) -- F:Program FilesEmsisoft Anti-Malwarea2service.exe

PRC - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe

PRC - [2012/03/11 21:13:02 | 006,749,512 | ---- | M] (COMODO) -- F:Program FilesCOMODOCOMODO Internet Securitycfp.exe

PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe

PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIpsia.exe

PRC - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIsua.exe

PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- F:Program FilesSUPERAntiSpywareSASCore.exe

PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- F:Windowsexplorer.exe

PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFTray.exe

PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFService.exe

PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- F:WindowsSystem32taskhost.exe

PRC - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe

PRC - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe

PRC - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe

PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- F:Program FilesNeroUpdateNASvc.exe

PRC - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe

PRC - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe

PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe

PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/07/10 00:09:00 | 000,438,296 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppgooglenaclpluginchrome.dll

MOD - [2012/07/10 00:08:59 | 003,972,120 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll

MOD - [2012/07/10 00:07:39 | 000,554,520 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libglesv2.dll

MOD - [2012/07/10 00:07:37 | 000,117,784 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libegl.dll

MOD - [2012/07/10 00:07:22 | 000,140,328 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avutil-51.dll

MOD - [2012/07/10 00:07:21 | 000,262,184 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avformat-54.dll

MOD - [2012/07/10 00:07:19 | 002,386,984 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avcodec-54.dll

MOD - [2011/11/17 08:51:58 | 000,073,728 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANPDApi.dll

MOD - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe

MOD - [2010/07/05 18:41:40 | 000,299,008 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless Utilitywlanapp.dll

MOD - [2010/06/29 17:42:42 | 000,040,960 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.dll

MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- F:Program FilesWinRARRarExt.dll

MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- F:Program FilesMicrosoft OfficeOffice141033GrooveIntlResource.dll

MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- F:Program FilesCommon Filesmicrosoft sharedOFFICE14CulturesOFFICE.ODF

MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe

MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- -- (tgsrvc_verizondm)

SRV - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe -- (PSUAService)

SRV - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe -- (NanoServiceMain)

SRV - [2012/07/11 22:21:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:WindowsSystem32MacromedFlashFlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/06/29 13:38:24 | 003,069,752 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- F:Program FilesEmsisoft Anti-Malwarea2service.exe -- (a2AntiMalware)

SRV - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe -- (cmdAgent)

SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe -- (AdobeARMservice)

SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIpsia.exe -- (Secunia PSI Agent)

SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIsua.exe -- (Secunia Update Agent)

SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- F:Program FilesSUPERAntiSpywareSASCore.exe -- (!SASCORE)

SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe -- (NisSrv)

SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc)

SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- F:Program FilesThreatFireTFService.exe -- (ThreatFire)

SRV - [2010/10/01 12:50:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32WatWatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe -- (Nonbrand_WUS-N)

SRV - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe -- (Nonbrand_WUS-N_WPS)

SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- F:Program FilesNeroUpdateNASvc.exe -- (NAUpdate)

SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft OfficeOffice14GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe -- (Credential Vault Host Control Service)

SRV - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe -- (Credential Vault Host Storage)

SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:Program FilesWindows DefenderMpSvc.dll -- (WinDefend)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempCFcatchme.sys -- (CFcatchme)

DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempcatchme.sys -- (catchme)

DRV - [2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversPSINKNC.sys -- (PSINKNC)

DRV - [2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINProt.sys -- (PSINProt)

DRV - [2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINProc.sys -- (PSINProc)

DRV - [2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINAflt.sys -- (PSINAflt)

DRV - [2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINFile.sys -- (PSINFile)

DRV - [2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSStrm.sys -- (NNSSTRM)

DRV - [2012/06/29 13:37:46 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- F:Program FilesEmsisoft Anti-Malwarea2accx86.sys -- (a2acc)

DRV - [2012/06/27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNStlsc.sys -- (NNSTLSC)

DRV - [2012/06/27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSProt.sys -- (NNSPROT)

DRV - [2012/06/27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPrv.sys -- (NNSPRV)

DRV - [2012/06/27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSSmtp.sys -- (NNSSMTP)

DRV - [2012/06/27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPop3.sys -- (NNSPOP3)

DRV - [2012/06/27 15:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- F:WindowsSystem32driversNNSPihsw.sys -- (NNSPIHSW)

DRV - [2012/06/27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSIds.sys -- (NNSIDS)

DRV - [2012/06/27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSpicc.sys -- (NNSPICC)

DRV - [2012/06/27 15:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- F:WindowsSystem32driversNNSNAHSL.sys -- (NNSNAHSL)

DRV - [2012/06/27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSHttp.sys -- (NNSHTTP)

DRV - [2012/06/27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSAlpc.sys -- (NNSALPC)

DRV - [2012/03/11 21:13:38 | 000,039,640 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driverscmdhlp.sys -- (cmdHlp)

DRV - [2012/03/11 21:13:36 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- F:WindowsSystem32driverscmdGuard.sys -- (cmdGuard)

DRV - [2012/02/03 19:27:48 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driversinspect.sys -- (inspect)

DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywaresasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywareSASKUTIL.SYS -- (SASKUTIL)

DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- F:Program FilesEmsisoft Anti-Malwarea2ddax86.sys -- (A2DDA)

DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversNisDrvWFP.sys -- (NisDrv)

DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversMpNWMon.sys -- (MpNWMon)

DRV - [2011/03/10 18:04:57 | 000,046,280 | ---- | M] (Panda Security) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversPSKMAD.sys -- (PSKMAD)

DRV - [2011/02/23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- F:WindowsSystem32driversSmartDefragDriver.sys -- (SmartDefragDriver)

DRV - [2011/02/22 13:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfSysMon.sys -- (TfSysMon)

DRV - [2011/02/22 13:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversTfNetMon.sys -- (TfNetMon)

DRV - [2011/02/22 13:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfFsMon.sys -- (TfFsMon)

DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversTsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverswinusb.sys -- (WinUsb)

DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- F:WindowsSystem32driverspsi_mf.sys -- (PSI)

DRV - [2010/07/29 01:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversivusb.sys -- (ivusb)

DRV - [2010/06/21 14:28:02 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- F:WindowsSystem32driversanodlwf.sys -- (anodlwf)

DRV - [2010/05/26 21:29:42 | 000,856,928 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversnetr28u.sys -- (netr28u)

DRV - [2009/11/03 16:40:42 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverscvusbdrv.sys -- (cvusbdrv)

DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversvwifimp.sys -- (vwifimp)

DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Stopped] -- F:WindowsSystem32driversserial.sys -- (Serial)

DRV - [2009/06/16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversnvlddmkm.sys -- (nvlddmkm)

DRV - [2009/06/13 01:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverse1y6232.sys -- (e1yexpress)

DRV - [2009/04/03 00:25:50 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- F:WindowsSystem32driversrimmptsk.sys -- (rimmptsk)

DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- F:WindowsSystem32driversPBADRV.sys -- (PBADRV)

DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverswdcsam.sys -- (WDC_SAM)

DRV - [2007/06/14 16:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversPAC7302.SYS -- (PAC7302)

DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:Program FilesPeerGuardian2pgfilter.sys -- (pgfilter)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com/

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 32 3B 56 CC 32 DD CB 01 [binary data]

IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS399

IE - HKCU..SearchScopes{7DA22919-2250-49B5-B6AF-6EDF78DB766E}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110939,17118,0,18,0

IE - HKCU..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"

FF - prefs.js..extensions.enabledItems: facadazzle@atlinkcom.com:1.0

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: F:Windowssystem32MacromedFlashNPSWF32_11_3_300_265.dll ()

FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: F:Program FilesJavajre6binplugin2npjp2.dll (Sun Microsystems, Inc.)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/SharePoint,version=14.0: F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@mozilla.zeniko.ch/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found

FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=6.0.11.2852: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=6.0.12.1662: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPlugins@videolan.org/vlc,version=2.0.1: F:Program FilesVideoLANVLCnpvlc.dll (VideoLAN)

FF - HKLMSoftwareMozillaPluginsAdobe Reader: F:Program FilesAdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

FF - HKCUSoftwareMozillaPlugins@mozilla.zeniko.ch/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found

FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsComponents: F:Program FilesPale Mooncomponents [2012/07/22 21:39:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsPlugins: F:Program FilesPale Moonplugins [2012/07/22 21:04:49 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensions{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: F:Program FilesPriceGong2.1.0FF

 

[2012/02/15 13:45:42 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaExtensions

[2012/06/29 13:40:23 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensions

[2012/06/29 13:40:23 | 000,000,000 | ---D | M] (OneClickDownloader) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.com

[2012/07/22 17:10:21 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfiles0extensions

[2012/07/22 17:10:21 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfiles0extensionsOneClickDownload@OneClickDownload.com

[2012/02/15 09:13:57 | 000,000,000 | ---D | M] (No name found) -- F:Program FilesMozilla Firefoxextensions

[2011/07/07 09:43:57 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011/10/24 01:58:25 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2012/02/26 15:32:27 | 000,000,000 | ---D | M] (PageFont) -- F:USERSTTARMSTRONGAPPDATAROAMINGMOONCHILD PRODUCTIONSPALE MOONPROFILES7WJJ87FK.DEFAULTEXTENSIONSFACADAZZLE@ATLINKCOM.COM

 

========== Chrome ==========

 

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataPepperFlash11.2.31.144pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = F:Windowssystem32MacromedFlashNPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Disabled) = F:Program FilesAdobeReader 10.0ReaderBrowsernppdf32.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnprpjplug.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = F:Program FilesGoogleUpdate1.3.21.111npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = F:Program FilesJavajre6binplugin2npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll

CHR - plugin: VLC Web Plugin (Enabled) = F:Program FilesVideoLANVLCnpvlc.dll

CHR - Extension: YouTube = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0

CHR - Extension: Google Search = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0

CHR - Extension: Gmail = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0

 

O1 HOSTS File: ([2012/07/26 08:23:41 | 000,000,027 | ---- | M]) - F:WindowsSystem32driversetchosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:Program FilesSpywareGuarddlprotect.dll ()

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:Program FilesJavajre6binssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:Program FilesMicrosoft OfficeOffice14URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM..Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation)

O4 - HKLM..Run: [burnStudio] F:Program FilesMagic Burning Studiombs.exe (MagicVideoSoftware Inc.)

O4 - HKLM..Run: [COMODO Internet Security] F:Program FilesCOMODOCOMODO Internet Securitycfp.exe (COMODO)

O4 - HKLM..Run: [KEEBOX 150N Wireless Utility] F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe ()

O4 - HKLM..Run: [PSUAMain] F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe (Panda Security, S.L.)

O4 - HKLM..Run: [sonneDVDCreator] F:Program FilesMagic Burning StudioDVDCreator.exe (MagicVideoSoftware Inc.)

O4 - HKLM..Run: [ThreatFire] F:Program FilesThreatFireTFTray.exe (PC Tools)

O4 - Startup: F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSpywareGuard.lnk = F:Program FilesSpywareGuardsgmain.exe ()

O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLinkedConnections = 1

O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - F:Program FilesMicrosoft OfficeOffice14EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.254.254

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10}: DhcpNameServer = 192.168.254.254

O18 - ProtocolHandlervnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation)

O20 - AppInit_DLLs: (F:WindowsSystem32guard32.dll) - F:WindowsSystem32guard32.dll (COMODO)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:Windowsexplorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (F:Windowssystem32userinit.exe) - F:WindowsSystem32userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:WindowsSystem32SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - WinlogonNotify!SASWinLogon: DllName - (F:Program FilesSUPERAntiSpywareSASWINLO.DLL) - F:Program FilesSUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:Program FilesSUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - F:Program FilesSpywareGuardspywareguard.dll ()

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - F:autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37 - HKLM...com [@ = ComFile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystemsWindows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/07/26 15:19:55 | 004,731,392 | ---- | C] (AVAST Software) -- F:UsersTTArmstrongDesktopaswMBR.exe

[2012/07/26 15:02:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe

[2012/07/26 11:35:48 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys

[2012/07/26 11:35:48 | 000,131,344 | ---- | C] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys

[2012/07/26 11:09:33 | 000,000,000 | ---D | C] -- F:ProgramDataSophos

[2012/07/26 11:09:24 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsSophos

[2012/07/26 11:09:20 | 000,000,000 | ---D | C] -- F:Program FilesSophos

[2012/07/26 08:29:29 | 000,000,000 | -HSD | C] -- F:$RECYCLE.BIN

[2012/07/23 12:52:00 | 000,046,280 | ---- | C] (Panda Security) -- F:WindowsSystem32driversPSKMAD.sys

[2012/07/23 12:49:13 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPanda Cloud Antivirus

[2012/07/22 20:02:33 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataLocaltemp

[2012/07/22 19:49:13 | 000,518,144 | ---- | C] (SteelWerX) -- F:WindowsSWREG.exe

[2012/07/22 19:49:13 | 000,406,528 | ---- | C] (SteelWerX) -- F:WindowsSWSC.exe

[2012/07/22 19:49:13 | 000,060,416 | ---- | C] (NirSoft) -- F:WindowsNIRCMD.exe

[2012/07/22 18:59:15 | 000,000,000 | ---D | C] -- F:Windowserdnt

[2012/07/22 18:56:03 | 004,721,680 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe

[2012/07/22 18:32:51 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopdvdmoviecover

[2012/07/22 09:33:06 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopHIPHOP

[2012/07/21 14:16:19 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoporignal dance

[2012/07/21 13:20:04 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopwedding songs

[2012/07/19 23:17:06 | 000,607,260 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr

[2012/07/18 11:34:09 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoprockerz2 joe gibbs

[2012/07/18 03:21:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32mshtml.tlb

[2012/07/18 03:21:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieui.dll

[2012/07/18 03:21:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieUnatt.exe

[2012/07/18 03:21:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jsproxy.dll

[2012/07/18 03:21:38 | 001,800,192 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jscript9.dll

[2012/07/18 03:21:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32url.dll

[2012/07/18 03:21:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32inetcpl.cpl

[2012/07/18 03:18:31 | 002,345,984 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32win32k.sys

[2012/07/17 21:26:03 | 000,000,000 | ---D | C] -- F:VritualRoot

[2012/07/17 20:17:45 | 000,219,136 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ncrypt.dll

[2012/07/17 20:17:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32msxml3r.dll

[2012/07/17 20:17:41 | 000,805,376 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32cdosys.dll

[2012/07/17 20:13:11 | 002,422,272 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wucltux.dll

[2012/07/17 20:13:11 | 000,045,080 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups2.dll

[2012/07/17 20:12:59 | 000,577,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapi.dll

[2012/07/17 20:12:59 | 000,088,576 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wudriver.dll

[2012/07/17 20:12:59 | 000,035,864 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups.dll

[2012/07/17 20:12:50 | 000,171,904 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuwebv.dll

[2012/07/17 20:12:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapp.exe

[2012/07/17 20:11:47 | 000,000,000 | ---D | C] -- F:Program FilesMicrosoft Security Client

[2012/07/14 08:45:02 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsThreatFire

[2012/07/14 08:45:01 | 000,069,392 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfSysMon.sys

[2012/07/14 08:45:01 | 000,051,984 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfFsMon.sys

[2012/07/14 08:45:01 | 000,033,552 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfNetMon.sys

[2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:Program FilesThreatFire

[2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:ProgramDataPC Tools

[2012/07/13 07:02:16 | 000,174,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys

[2012/07/13 07:02:16 | 000,120,872 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys

[2012/07/13 07:02:16 | 000,114,216 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys

[2012/07/13 07:02:15 | 000,148,520 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys

[2012/07/13 07:02:15 | 000,103,464 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys

[2012/07/12 22:43:10 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingf-secure

[2012/07/12 22:42:53 | 000,000,000 | ---D | C] -- F:ProgramDataF-Secure

[2012/07/12 22:23:42 | 000,014,664 | ---- | C] (McAfee, Inc.) -- F:Windowsstinger.sys

[2012/07/12 22:22:14 | 000,000,000 | ---D | C] -- F:Program Filesstinger

[2012/07/12 11:18:32 | 000,206,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys

[2012/07/11 19:25:56 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopWEDDIN SONG JULY 15

[2012/07/11 05:43:36 | 000,000,000 | ---D | C] -- F:Program FilesReal

[2012/07/10 20:45:16 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopnew riddim & cover april 30

[2012/07/07 16:16:44 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopsamplesforkingcd

[2012/07/07 13:28:51 | 000,000,000 | ---D | C] -- F:Program FilesNewAgeDesign

[2012/07/01 20:12:45 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopwowWORSHIP

[2012/07/01 17:25:05 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopWOW GOSPEL MUSIC

[2012/06/30 16:18:31 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopSIZZLA VS KHAGO CLASH

[2012/06/27 15:51:07 | 000,092,840 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNStlsc.sys

[2012/06/27 15:51:06 | 000,286,376 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSProt.sys

[2012/06/27 15:51:06 | 000,153,000 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPrv.sys

[2012/06/27 15:51:06 | 000,106,536 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSSmtp.sys

[2012/06/27 15:51:05 | 000,104,104 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPop3.sys

[2012/06/27 15:51:05 | 000,060,968 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPihsw.sys

[2012/06/27 15:51:04 | 000,122,664 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSIds.sys

[2012/06/27 15:51:04 | 000,093,992 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSpicc.sys

[2012/06/27 15:51:04 | 000,028,712 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSNAHSL.sys

[2012/06/27 15:51:03 | 000,120,744 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSHttp.sys

[2012/06/27 15:51:03 | 000,082,472 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSAlpc.sys

[2010/10/23 05:00:39 | 000,047,360 | ---- | C] (VSO Software) -- F:UsersTTArmstrongAppDataRoamingpcouffin.sys

 

========== Files - Modified Within 30 Days ==========

 

[2012/07/26 15:23:04 | 004,731,392 | ---- | M] (AVAST Software) -- F:UsersTTArmstrongDesktopaswMBR.exe

[2012/07/26 15:17:01 | 000,000,830 | ---- | M] () -- F:WindowstasksAdobe Flash Player Updater.job

[2012/07/26 15:08:01 | 000,000,932 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001UA.job

[2012/07/26 15:03:43 | 002,117,108 | ---- | M] () -- F:UsersTTArmstrongDesktoptdsskiller.zip

[2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe

[2012/07/26 14:40:01 | 000,000,896 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineUA.job

[2012/07/26 14:40:01 | 000,000,892 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineCore.job

[2012/07/26 14:30:29 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/26 14:30:29 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/26 14:29:34 | 000,626,486 | ---- | M] () -- F:WindowsSystem32perfh009.dat

[2012/07/26 14:29:34 | 000,107,730 | ---- | M] () -- F:WindowsSystem32perfc009.dat

[2012/07/26 14:23:03 | 000,065,536 | ---- | M] () -- F:WindowsSystem32Ikeext.etl

[2012/07/26 14:22:56 | 000,067,584 | --S- | M] () -- F:Windowsbootstat.dat

[2012/07/26 14:22:53 | 1601,097,728 | -HS- | M] () -- F:hiberfil.sys

[2012/07/26 11:35:48 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys

[2012/07/26 11:35:48 | 000,131,344 | ---- | M] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys

[2012/07/26 11:09:24 | 000,003,221 | ---- | M] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk

[2012/07/26 08:23:41 | 000,000,027 | ---- | M] () -- F:WindowsSystem32driversetchosts

[2012/07/26 08:09:37 | 000,043,480 | ---- | M] () -- F:WindowsSystem32driversgtqjbadj.sys

[2012/07/26 08:04:12 | 004,721,680 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe

[2012/07/23 21:45:55 | 000,001,057 | ---- | M] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml

[2012/07/23 12:51:42 | 000,462,152 | ---- | M] () -- F:WindowsSystem32FNTCACHE.DAT

[2012/07/23 12:50:26 | 000,000,000 | ---- | M] () -- F:ProgramData0x0304A000.sfl

[2012/07/22 21:39:21 | 000,000,758 | ---- | M] () -- F:UsersPublicDesktopPale Moon.lnk

[2012/07/22 21:05:36 | 000,001,952 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchPale Moon.lnk

[2012/07/22 17:08:01 | 000,000,880 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001Core.job

[2012/07/21 10:54:16 | 001,729,604 | ---- | M] () -- F:UsersTTArmstrongDesktopTim McGraw - Its Your Love - Instrumental _ Karaoke.mp3

[2012/07/19 23:42:23 | 000,000,512 | ---- | M] () -- F:UsersTTArmstrongDesktopMBR.dat

[2012/07/19 23:16:58 | 000,607,260 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr

[2012/07/19 19:24:18 | 076,128,300 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj005.wav

[2012/07/19 19:17:06 | 031,125,548 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj004.wav

[2012/07/19 19:14:10 | 046,991,404 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj003.wav

[2012/07/19 19:09:44 | 032,616,492 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj002.wav

[2012/07/19 19:06:39 | 012,724,268 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj001.wav

[2012/07/19 19:05:27 | 024,307,756 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj000.wav

[2012/07/18 04:31:41 | 051,150,892 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav

[2012/07/18 04:26:51 | 022,272,044 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav

[2012/07/18 04:24:45 | 028,700,716 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav

[2012/07/18 04:22:02 | 027,181,100 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav

[2012/07/18 04:19:28 | 035,190,828 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav

[2012/07/18 04:16:09 | 040,550,444 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav

[2012/07/18 04:12:19 | 031,346,732 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav

[2012/07/18 04:09:21 | 045,740,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav

[2012/07/18 04:05:02 | 052,380,232 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav

[2012/07/18 04:00:01 | 020,090,924 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav

[2012/07/18 03:58:07 | 029,100,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav

[2012/07/18 03:18:29 | 000,002,141 | ---- | M] () -- F:Windowsepplauncher.mif

[2012/07/17 19:11:39 | 000,000,090 | ---- | M] () -- F:Windows12225517.dat

[2012/07/16 21:58:09 | 000,146,216 | ---- | M] () -- F:UsersTTArmstrongDesktop33271375750985781045.jpg

[2012/07/16 17:27:15 | 000,052,001 | ---- | M] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg

[2012/07/14 08:45:02 | 000,000,939 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk

[2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys

[2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys

[2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys

[2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys

[2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys

[2012/07/12 23:01:43 | 000,281,862 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalcensus.cache

[2012/07/12 23:01:22 | 000,158,340 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalars.cache

[2012/07/12 22:53:41 | 000,000,036 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache

[2012/07/12 22:23:42 | 000,014,664 | ---- | M] (McAfee, Inc.) -- F:Windowsstinger.sys

[2012/07/12 22:23:03 | 000,000,045 | RH-- | M] () -- F:UsersTTArmstrongDesktopstinger.opt

[2012/07/12 22:06:02 | 000,001,078 | ---- | M] () -- F:UsersPublicDesktopMalwarebytes Anti-Malware.lnk

[2012/07/12 14:36:12 | 000,002,445 | ---- | M] () -- F:UsersTTArmstrongDesktopGoogle Chrome.lnk

[2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys

[2012/07/11 22:21:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerApp.exe

[2012/07/11 22:21:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerCPLApp.cpl

[2012/07/08 18:36:53 | 002,616,633 | ---- | M] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3

[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- F:WindowsSystem32driversmbam.sys

[2012/07/02 16:51:55 | 000,041,909 | ---- | M] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg

[2012/07/01 15:35:20 | 004,589,338 | ---- | M] () -- F:UsersTTArmstrongDesktopGo Get It.mp3

[2012/06/30 16:14:35 | 000,057,212 | ---- | M] () -- F:UsersTTArmstrongDesktop306571_392582317467151_742435903_n.jpg

[2012/06/27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNStlsc.sys

[2012/06/27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSProt.sys

[2012/06/27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPrv.sys

[2012/06/27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSSmtp.sys

[2012/06/27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPop3.sys

[2012/06/27 15:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPihsw.sys

[2012/06/27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSIds.sys

[2012/06/27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSpicc.sys

[2012/06/27 15:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSNAHSL.sys

[2012/06/27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSHttp.sys

[2012/06/27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSAlpc.sys

 

========== Files Created - No Company Name ==========

 

[2012/07/26 15:03:04 | 002,117,108 | ---- | C] () -- F:UsersTTArmstrongDesktoptdsskiller.zip

[2012/07/26 11:09:24 | 000,003,221 | ---- | C] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk

[2012/07/23 12:50:26 | 000,000,000 | ---- | C] () -- F:ProgramData0x0304A000.sfl

[2012/07/22 21:05:37 | 000,000,770 | ---- | C] () -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPale Moon.lnk

[2012/07/22 21:05:37 | 000,000,758 | ---- | C] () -- F:UsersPublicDesktopPale Moon.lnk

[2012/07/22 19:49:13 | 000,256,000 | ---- | C] () -- F:WindowsPEV.exe

[2012/07/22 19:49:13 | 000,208,896 | ---- | C] () -- F:WindowsMBR.exe

[2012/07/22 19:49:13 | 000,098,816 | ---- | C] () -- F:Windowssed.exe

[2012/07/22 19:49:13 | 000,080,412 | ---- | C] () -- F:Windowsgrep.exe

[2012/07/22 19:49:13 | 000,068,096 | ---- | C] () -- F:Windowszip.exe

[2012/07/21 10:53:02 | 001,729,604 | ---- | C] () -- F:UsersTTArmstrongDesktopTim McGraw - Its Your Love - Instrumental _ Karaoke.mp3

[2012/07/19 23:42:23 | 000,000,512 | ---- | C] () -- F:UsersTTArmstrongDesktopMBR.dat

[2012/07/19 19:17:06 | 076,128,300 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj005.wav

[2012/07/19 19:14:10 | 031,125,548 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj004.wav

[2012/07/19 19:09:44 | 046,991,404 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj003.wav

[2012/07/19 19:06:39 | 032,616,492 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj002.wav

[2012/07/19 19:05:27 | 012,724,268 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj001.wav

[2012/07/19 19:03:09 | 024,307,756 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj000.wav

[2012/07/18 04:26:51 | 051,150,892 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav

[2012/07/18 04:24:45 | 022,272,044 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav

[2012/07/18 04:22:02 | 028,700,716 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav

[2012/07/18 04:19:28 | 027,181,100 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav

[2012/07/18 04:16:09 | 035,190,828 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav

[2012/07/18 04:12:19 | 040,550,444 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav

[2012/07/18 04:09:21 | 031,346,732 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav

[2012/07/18 04:05:02 | 045,740,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav

[2012/07/18 01:55:25 | 000,043,480 | ---- | C] () -- F:WindowsSystem32driversgtqjbadj.sys

[2012/07/17 20:12:11 | 000,002,141 | ---- | C] () -- F:Windowsepplauncher.mif

[2012/07/17 19:11:39 | 000,000,090 | ---- | C] () -- F:Windows12225517.dat

[2012/07/16 21:58:14 | 000,146,216 | ---- | C] () -- F:UsersTTArmstrongDesktop33271375750985781045.jpg

[2012/07/16 17:27:26 | 000,052,001 | ---- | C] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg

[2012/07/14 08:45:02 | 000,000,939 | ---- | C] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk

[2012/07/13 09:18:58 | 052,380,232 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav

[2012/07/13 09:11:36 | 020,090,924 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav

[2012/07/13 08:44:28 | 029,100,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav

[2012/07/12 23:01:43 | 000,281,862 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalcensus.cache

[2012/07/12 23:01:22 | 000,158,340 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalars.cache

[2012/07/12 22:53:41 | 000,000,036 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache

[2012/07/12 22:22:19 | 000,000,045 | RH-- | C] () -- F:UsersTTArmstrongDesktopstinger.opt

[2012/07/08 18:32:23 | 002,616,633 | ---- | C] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3

[2012/07/08 06:41:30 | 005,213,752 | ---- | C] () -- F:UsersTTArmstrongDesktopShana Wilson Press In Your Presence.mp3

[2012/07/08 06:39:47 | 004,589,338 | ---- | C] () -- F:UsersTTArmstrongDesktopGo Get It.mp3

[2012/07/07 17:36:45 | 000,213,141 | R--- | C] () -- F:UsersTTArmstrongDesktop00-sanchez-best_of_sanchez_(dj_rondon)-bootleg-cd-2006-spliff.jpg

[2012/07/02 16:51:55 | 000,041,909 | ---- | C] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg

[2012/06/30 19:31:03 | 000,100,352 | ---- | C] () -- F:UsersTTArmstrongDocumentsVYBZ KARTEL COLORING BOOK JUNE 2K11.jwl

[2012/06/30 19:31:03 | 000,057,856 | ---- | C] () -- F:UsersTTArmstrongDocumentsZIGGY MARLEY WILD AND FREE.jwl

[2012/06/30 19:31:02 | 000,074,752 | ---- | C] () -- F:UsersTTArmstrongDocumentsTyrone Taylor Sings Members Only.jwl

[2012/06/30 19:31:02 | 000,045,568 | ---- | C] () -- F:UsersTTArmstrongDocumentsTrust.jwl

[2012/06/30 19:31:02 | 000,038,400 | ---- | C] () -- F:UsersTTArmstrongDocumentsUNREPORTED GUNS VOTES AND MONEY.jwl

[2012/06/30 19:31:01 | 000,127,488 | ---- | C] () -- F:UsersTTArmstrongDocumentsSTONE LOVE SWAGG TUESDAY VOL 5 PART 1 JUNE 2K11.jwl

[2012/06/30 19:31:01 | 000,118,272 | ---- | C] () -- F:UsersTTArmstrongDocumentsSTONE LOVE SWAGG TUESDAY VOL 5 PART 2 JUNE 2K11.jwl

[2012/06/30 19:31:01 | 000,105,984 | ---- | C] () -- F:UsersTTArmstrongDocumentsSnoop Dogg Dubstep.jwl

[2012/06/30 19:31:01 | 000,061,952 | ---- | C] () -- F:UsersTTArmstrongDocumentsScientist The People s Choice.jwl

[2012/06/30 19:31:01 | 000,044,544 | ---- | C] () -- F:UsersTTArmstrongDocumentsPat Kelly Wish It Would Rain.jwl

[2012/06/30 19:31:01 | 000,018,944 | ---- | C] () -- F:UsersTTArmstrongDocumentsSMALL ISLAND.jwl

[2012/06/30 19:31:00 | 000,208,384 | ---- | C] () -- F:UsersTTArmstrongDocumentsJohnny Osbourne Dancing Time.jwl

[2012/06/30 19:31:00 | 000,143,360 | ---- | C] () -- F:UsersTTArmstrongDocumentsFrankie Paul SHOWCASE.jwl

[2012/06/30 19:31:00 | 000,112,640 | ---- | C] () -- F:UsersTTArmstrongDocumentsDelroy Wilson SHOWCASE.jwl

[2012/06/30 19:31:00 | 000,073,728 | ---- | C] () -- F:UsersTTArmstrongDocumentsDJ KENNY CULTURAL LOVERS ROCK 2011 JUNE 2K11.jwl

[2012/06/30 19:31:00 | 000,068,608 | ---- | C] () -- F:UsersTTArmstrongDocumentsDJ BLAZER VYBZ KARTEL DA WORLD BOSS JUNE 2K11.jwl

[2012/06/30 19:30:59 | 000,339,968 | ---- | C] () -- F:UsersTTArmstrongDocumentsCarib Vybz Di Teacha XXXclusive 2011.jwl

[2012/06/30 19:30:59 | 000,050,176 | ---- | C] () -- F:UsersTTArmstrongDocumentsBLACK UHURU DUBBIN IT LIVE.jwl

[2012/06/30 16:14:30 | 000,057,212 | ---- | C] () -- F:UsersTTArmstrongDesktop306571_392582317467151_742435903_n.jpg

[2012/06/29 15:32:49 | 000,002,441 | ---- | C] () -- F:ProgramDataMicrosoftWindowsStart MenuProgramsAdobe Reader X.lnk

[2012/03/26 11:55:00 | 000,147,456 | ---- | C] () -- F:WindowsSystem32DiagFunc.dll

[2012/03/26 11:55:00 | 000,000,451 | ---- | C] () -- F:WindowsSystem32DiagFunc.ini

[2012/03/07 19:24:25 | 000,116,224 | ---- | C] () -- F:WindowsSystem32redmonnt.dll

[2012/03/07 19:24:25 | 000,045,056 | ---- | C] () -- F:WindowsSystem32unredmon.exe

[2012/02/16 06:21:03 | 000,032,768 | ---- | C] () -- F:WindowsSystem32driverssp_rsdrv2.sys

[2011/11/17 08:53:51 | 000,003,284 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingANIWZCS{A21875C3-23CF-4FF2-ACA3-6B9A1DE459D5}

[2011/11/17 08:50:28 | 000,012,800 | ---- | C] () -- F:WindowsSystem32driversanodlwf.sys

[2011/11/17 08:50:27 | 000,014,051 | ---- | C] () -- F:WindowsSystem32RaCoInst.dat

[2011/11/09 19:55:48 | 000,000,566 | ---- | C] () -- F:WindowsSystem32SP7302.INI

[2011/07/27 08:53:38 | 000,000,000 | ---- | C] () -- F:UsersTTArmstrongAppDataLocal{DEB393EC-9D07-4AAF-B6DE-442513357526}

[2011/03/24 22:02:01 | 000,029,008 | ---- | C] () -- F:WindowsSystem32SmartDefragBootTime.exe

[2011/03/24 22:02:01 | 000,016,184 | ---- | C] () -- F:WindowsSystem32driversSmartDefragDriver.sys

[2011/01/30 05:30:55 | 000,084,480 | ---- | C] () -- F:WindowsSystem32ff_vfw.dll

[2011/01/29 13:02:14 | 000,003,884 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingdvdae.config

[2010/11/14 06:08:43 | 000,001,378 | ---- | C] () -- F:WindowsSystem32SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat

[2010/10/23 20:04:09 | 000,130,048 | ---- | C] () -- F:WindowsSystem32SpoonUninstall.exe

[2010/10/23 05:02:04 | 000,001,057 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml

[2010/10/23 05:00:39 | 000,087,608 | ---- | C] () -- F:UsersTTArmstrongAppDataRoaminginst.exe

[2010/10/23 05:00:39 | 000,007,887 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.cat

[2010/10/23 05:00:39 | 000,001,144 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.inf

[2010/10/16 13:33:30 | 000,308,624 | ---- | C] () -- F:WindowsSystem32brcmbsp.dll

[2010/10/16 13:33:30 | 000,206,216 | ---- | C] () -- F:WindowsSystem32bipbsp.dll

[2010/10/16 13:31:49 | 000,080,368 | ---- | C] () -- F:WindowsSystem32pbadrvdll.dll

[2010/09/30 17:07:06 | 000,000,376 | ---- | C] () -- F:WindowsODBC.INI

[2010/09/30 00:22:17 | 001,474,832 | ---- | C] () -- F:WindowsSystem32driverssfi.dat

[2010/09/30 00:19:12 | 001,724,416 | ---- | C] () -- F:WindowsSystem32nvwdmcpl.dll

[2010/09/30 00:19:12 | 001,657,376 | ---- | C] () -- F:WindowsSystem32nwiz.exe

[2010/09/30 00:19:12 | 001,507,328 | ---- | C] () -- F:WindowsSystem32nView.dll

[2010/09/30 00:19:12 | 001,101,824 | ---- | C] () -- F:WindowsSystem32nvwimg.dll

[2010/09/30 00:19:12 | 000,466,944 | ---- | C] () -- F:WindowsSystem32nvShell.dll

[2010/09/30 00:19:12 | 000,449,056 | ---- | C] () -- F:WindowsSystem32nvAppBar.exe

[2010/09/30 00:19:12 | 000,267,296 | ---- | C] () -- F:WindowsSystem32nvTaskbar.exe

 

========== LOP Check ==========

 

[2011/08/13 15:53:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingApowersoft

[2010/10/23 09:09:08 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBackTalk

[2012/07/22 18:25:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBitTorrent

[2010/10/23 20:17:56 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingdBpoweramp

[2010/10/02 11:17:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDisk Cleaner

[2012/02/01 23:36:24 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDVDFab

[2012/07/12 22:43:10 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingf-secure

[2011/05/22 13:07:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingFDRLab

[2011/08/24 17:01:40 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingImgBurn

[2011/10/06 23:15:21 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingIObit

[2011/04/20 16:26:24 | 000,000,000 | RHSD | M] -- F:UsersTTArmstrongAppDataRoamingJava

[2010/10/17 21:57:31 | 000,000,

Share this post


Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-26 15:39:12

-----------------------------

15:39:12.760 OS Version: Windows 6.1.7601 Service Pack 1

15:39:12.760 Number of processors: 2 586 0x170A

15:39:12.760 ComputerName: TTARMSTRONG-PC UserName: TTArmstrong

15:39:13.852 Initialize success

15:47:07.175 AVAST engine defs: 12072601

15:47:17.611 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIAAStorageDevice-1

15:47:17.611 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 8

15:47:17.627 Disk 0 MBR read successfully

15:47:17.627 Disk 0 MBR scan

15:47:17.642 Disk 0 Windows 7 default MBR code

15:47:17.642 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 266 MB offset 63

15:47:17.658 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 60345 MB offset 546210

15:47:17.673 Disk 0 Partition - 00 0F Extended LBA 92012 MB offset 124134255

15:47:17.689 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 51348 MB offset 124134318

15:47:17.689 Disk 0 Partition - 00 05 Extended 40664 MB offset 229295745

15:47:17.705 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 40664 MB offset 229295808

15:47:17.720 Disk 0 scanning sectors +312576705

15:47:17.783 Disk 0 scanning F:Windowssystem32drivers

15:47:28.609 Service scanning

15:47:53.163 Modules scanning

15:47:58.670 Disk 0 trace - called modules:

15:47:58.717 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorV.sys halmacpi.dll

15:47:58.717 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0x8bba8810]

15:47:58.733 3 CLASSPNP.SYS[8e5bd59e] -> nt!IofCallDriver -> DeviceIdeIAAStorageDevice-1[0x8ad95028]

15:47:59.357 AVAST engine scan F:Windows

15:48:01.182 AVAST engine scan F:Windowssystem32

15:50:20.818 AVAST engine scan F:Windowssystem32drivers

15:50:33.766 AVAST engine scan F:UsersTTArmstrong

15:53:21.123 AVAST engine scan F:ProgramData

15:53:43.415 File: F:ProgramDataMicrosoftWindowsDRMD27B.tmp **INFECTED** Win32:Crypt-NKI [Trj]

15:54:11.542 Scan finished successfully

16:16:33.498 Disk 0 MBR has been saved successfully to "F:UsersTTArmstrongDesktopMBR.dat"

16:16:33.498 The log file has been saved successfully to "F:UsersTTArmstrongDesktopaswMBR july.txt"

Share this post


Link to post
Share on other sites

16:23:03.0231 4288 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

16:23:04.0042 4288 ============================================================

16:23:04.0042 4288 Current date / time: 2012/07/26 16:23:04.0042

16:23:04.0042 4288 SystemInfo:

16:23:04.0042 4288

16:23:04.0042 4288 OS Version: 6.1.7601 ServicePack: 1.0

16:23:04.0042 4288 Product type: Workstation

16:23:04.0042 4288 ComputerName: TTARMSTRONG-PC

16:23:04.0042 4288 UserName: TTArmstrong

16:23:04.0042 4288 Windows directory: F:Windows

16:23:04.0042 4288 System windows directory: F:Windows

16:23:04.0042 4288 Processor architecture: Intel x86

16:23:04.0042 4288 Number of processors: 2

16:23:04.0042 4288 Page size: 0x1000

16:23:04.0042 4288 Boot type: Normal boot

16:23:04.0042 4288 ============================================================

16:23:05.0524 4288 Drive DeviceHarddisk0DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

16:23:05.0524 4288 ============================================================

16:23:05.0524 4288 DeviceHarddisk0DR0:

16:23:05.0524 4288 MBR partitions:

16:23:05.0524 4288 DeviceHarddisk0DR0Partition0: MBR, Type 0x7, StartLBA 0x855A2, BlocksNum 0x75DCDCD

16:23:05.0555 4288 DeviceHarddisk0DR0Partition1: MBR, Type 0x7, StartLBA 0x76623AE, BlocksNum 0x644A2D3

16:23:05.0571 4288 DeviceHarddisk0DR0Partition2: MBR, Type 0x7, StartLBA 0xDAAC6C0, BlocksNum 0x4F6C401

16:23:05.0571 4288 ============================================================

16:23:05.0602 4288 C: <-> DeviceHarddisk0DR0Partition0

16:23:05.0618 4288 E: <-> DeviceHarddisk0DR0Partition2

16:23:05.0633 4288 F: <-> DeviceHarddisk0DR0Partition1

16:23:05.0633 4288 ============================================================

16:23:05.0633 4288 Initialize success

16:23:05.0633 4288 ============================================================

16:24:23.0985 4192 ============================================================

16:24:23.0985 4192 Scan started

16:24:23.0985 4192 Mode: Manual; TDLFS;

16:24:23.0985 4192 ============================================================

16:24:24.0734 4192 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) F:Program FilesSUPERAntiSpywareSASCORE.EXE

16:24:24.0734 4192 !SASCORE - ok

16:24:24.0890 4192 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) F:Windowssystem32drivers1394ohci.sys

16:24:24.0890 4192 1394ohci - ok

16:24:24.0952 4192 a2acc (a8a4e18857cdfd8d9ab81e2c9eaf89b5) F:PROGRAM FILESEMSISOFT ANTI-MALWAREa2accx86.sys

16:24:24.0952 4192 a2acc - ok

16:24:25.0124 4192 a2AntiMalware (8b75ba256bcada2b73ffa5bd77aa9e6c) F:Program FilesEmsisoft Anti-Malwarea2service.exe

16:24:25.0140 4192 a2AntiMalware - ok

16:24:25.0171 4192 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) F:Program FilesEmsisoft Anti-Malwarea2ddax86.sys

16:24:25.0171 4192 A2DDA - ok

16:24:25.0264 4192 ACPI (cea80c80bed809aa0da6febc04733349) F:Windowssystem32driversACPI.sys

16:24:25.0264 4192 ACPI - ok

16:24:25.0296 4192 AcpiPmi (1efbc664abff416d1d07db115dcb264f) F:Windowssystem32driversacpipmi.sys

16:24:25.0296 4192 AcpiPmi - ok

16:24:25.0374 4192 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) F:Program FilesCommon FilesAdobeARM1.0armsvc.exe

16:24:25.0374 4192 AdobeARMservice - ok

16:24:25.0436 4192 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) F:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe

16:24:25.0452 4192 AdobeFlashPlayerUpdateSvc - ok

16:24:25.0483 4192 adp94xx (21e785ebd7dc90a06391141aac7892fb) F:Windowssystem32DRIVERSadp94xx.sys

16:24:25.0498 4192 adp94xx - ok

16:24:25.0514 4192 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) F:Windowssystem32DRIVERSadpahci.sys

16:24:25.0530 4192 adpahci - ok

16:24:25.0545 4192 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) F:Windowssystem32DRIVERSadpu320.sys

16:24:25.0545 4192 adpu320 - ok

16:24:25.0576 4192 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) F:WindowsSystem32aelupsvc.dll

16:24:25.0576 4192 AeLookupSvc - ok

16:24:25.0623 4192 AFD (9ebbba55060f786f0fcaa3893bfa2806) F:Windowssystem32driversafd.sys

16:24:25.0623 4192 AFD - ok

16:24:25.0670 4192 agp440 (507812c3054c21cef746b6ee3d04dd6e) F:Windowssystem32driversagp440.sys

16:24:25.0670 4192 agp440 - ok

16:24:25.0686 4192 aic78xx (8b30250d573a8f6b4bd23195160d8707) F:Windowssystem32DRIVERSdjsvs.sys

16:24:25.0686 4192 aic78xx - ok

16:24:25.0717 4192 ALG (18a54e132947cd98fea9accc57f98f13) F:WindowsSystem32alg.exe

16:24:25.0717 4192 ALG - ok

16:24:25.0732 4192 aliide (0d40bcf52ea90fc7df2aeab6503dea44) F:Windowssystem32driversaliide.sys

16:24:25.0732 4192 aliide - ok

16:24:25.0779 4192 amdagp (3c6600a0696e90a463771c7422e23ab5) F:Windowssystem32driversamdagp.sys

16:24:25.0779 4192 amdagp - ok

16:24:25.0795 4192 amdide (cd5914170297126b6266860198d1d4f0) F:Windowssystem32driversamdide.sys

16:24:25.0795 4192 amdide - ok

16:24:25.0810 4192 AmdK8 (00dda200d71bac534bf56a9db5dfd666) F:Windowssystem32DRIVERSamdk8.sys

16:24:25.0810 4192 AmdK8 - ok

16:24:25.0826 4192 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) F:Windowssystem32DRIVERSamdppm.sys

16:24:25.0826 4192 AmdPPM - ok

16:24:25.0857 4192 amdsata (d320bf87125326f996d4904fe24300fc) F:Windowssystem32driversamdsata.sys

16:24:25.0857 4192 amdsata - ok

16:24:25.0888 4192 amdsbs (ea43af0c423ff267355f74e7a53bdaba) F:Windowssystem32DRIVERSamdsbs.sys

16:24:25.0888 4192 amdsbs - ok

16:24:25.0904 4192 amdxata (46387fb17b086d16dea267d5be23a2f2) F:Windowssystem32driversamdxata.sys

16:24:25.0904 4192 amdxata - ok

16:24:25.0951 4192 anodlwf (48e008cf2edcf8fc91a9d3507865a51d) F:Windowssystem32DRIVERSanodlwf.sys

16:24:25.0951 4192 anodlwf - ok

16:24:25.0982 4192 AppID (aea177f783e20150ace5383ee368da19) F:Windowssystem32driversappid.sys

16:24:25.0982 4192 AppID - ok

16:24:25.0998 4192 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) F:WindowsSystem32appidsvc.dll

16:24:25.0998 4192 AppIDSvc - ok

16:24:26.0044 4192 Appinfo (fb1959012294d6ad43e5304df65e3c26) F:WindowsSystem32appinfo.dll

16:24:26.0044 4192 Appinfo - ok

16:24:26.0091 4192 arc (2932004f49677bd84dbc72edb754ffb3) F:Windowssystem32DRIVERSarc.sys

16:24:26.0091 4192 arc - ok

16:24:26.0107 4192 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) F:Windowssystem32DRIVERSarcsas.sys

16:24:26.0107 4192 arcsas - ok

16:24:26.0122 4192 AsyncMac (add2ade1c2b285ab8378d2daaf991481) F:Windowssystem32DRIVERSasyncmac.sys

16:24:26.0122 4192 AsyncMac - ok

16:24:26.0138 4192 atapi (338c86357871c167a96ab976519bf59e) F:Windowssystem32driversatapi.sys

16:24:26.0138 4192 atapi - ok

16:24:26.0185 4192 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) F:WindowsSystem32Audiosrv.dll

16:24:26.0185 4192 AudioEndpointBuilder - ok

16:24:26.0200 4192 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) F:WindowsSystem32Audiosrv.dll

16:24:26.0200 4192 Audiosrv - ok

16:24:26.0247 4192 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) F:WindowsSystem32AxInstSV.dll

16:24:26.0247 4192 AxInstSV - ok

16:24:26.0278 4192 b06bdrv (1a231abec60fd316ec54c66715543cec) F:Windowssystem32DRIVERSbxvbdx.sys

16:24:26.0294 4192 b06bdrv - ok

16:24:26.0325 4192 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) F:Windowssystem32DRIVERSb57nd60x.sys

16:24:26.0325 4192 b57nd60x - ok

16:24:26.0434 4192 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) F:Windowssystem32DRIVERSbcmwl6.sys

16:24:26.0450 4192 BCM43XX - ok

16:24:26.0466 4192 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) F:WindowsSystem32bdesvc.dll

16:24:26.0466 4192 BDESVC - ok

16:24:26.0512 4192 Beep (505506526a9d467307b3c393dedaf858) F:Windowssystem32driversBeep.sys

16:24:26.0512 4192 Beep - ok

16:24:26.0590 4192 BFE (1e2bac209d184bb851e1a187d8a29136) F:WindowsSystem32bfe.dll

16:24:26.0590 4192 BFE - ok

16:24:26.0637 4192 blbdrive (2287078ed48fcfc477b05b20cf38f36f) F:Windowssystem32DRIVERSblbdrive.sys

16:24:26.0637 4192 blbdrive - ok

16:24:26.0668 4192 bowser (8f2da3028d5fcbd1a060a3de64cd6506) F:Windowssystem32DRIVERSbowser.sys

16:24:26.0668 4192 bowser - ok

16:24:26.0684 4192 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) F:Windowssystem32DRIVERSBrFiltLo.sys

16:24:26.0684 4192 BrFiltLo - ok

16:24:26.0700 4192 BrFiltUp (56801ad62213a41f6497f96dee83755a) F:Windowssystem32DRIVERSBrFiltUp.sys

16:24:26.0700 4192 BrFiltUp - ok

16:24:26.0715 4192 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) F:Windowssystem32DRIVERSbridge.sys

16:24:26.0715 4192 BridgeMP - ok

16:24:26.0793 4192 Browser (6e11f33d14d020f58d5e02e4d67dfa19) F:WindowsSystem32browser.dll

16:24:26.0793 4192 Browser - ok

16:24:26.0824 4192 Brserid (845b8ce732e67f3b4133164868c666ea) F:Windowssystem32DRIVERSBrSerId.sys

16:24:26.0824 4192 Brserid - ok

16:24:26.0856 4192 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) F:WindowsSystem32DriversBrSerWdm.sys

16:24:26.0856 4192 BrSerWdm - ok

16:24:26.0871 4192 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) F:WindowsSystem32DriversBrUsbMdm.sys

16:24:26.0871 4192 BrUsbMdm - ok

16:24:26.0887 4192 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) F:Windowssystem32DRIVERSBrUsbSer.sys

16:24:26.0887 4192 BrUsbSer - ok

16:24:26.0902 4192 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) F:Windowssystem32DRIVERSbthmodem.sys

16:24:26.0902 4192 BTHMODEM - ok

16:24:26.0918 4192 bthserv (1df19c96eef6c29d1c3e1a8678e07190) F:Windowssystem32bthserv.dll

16:24:26.0918 4192 bthserv - ok

16:24:26.0980 4192 catchme - ok

16:24:27.0012 4192 cdfs (77ea11b065e0a8ab902d78145ca51e10) F:Windowssystem32DRIVERScdfs.sys

16:24:27.0012 4192 cdfs - ok

16:24:27.0043 4192 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) F:Windowssystem32DRIVERScdrom.sys

16:24:27.0058 4192 cdrom - ok

16:24:27.0074 4192 CertPropSvc (319c6b309773d063541d01df8ac6f55f) F:WindowsSystem32certprop.dll

16:24:27.0074 4192 CertPropSvc - ok

16:24:27.0121 4192 CFcatchme - ok

16:24:27.0152 4192 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) F:Windowssystem32DRIVERScirclass.sys

16:24:27.0152 4192 circlass - ok

16:24:27.0199 4192 CLFS (635181e0e9bbf16871bf5380d71db02d) F:Windowssystem32CLFS.sys

16:24:27.0214 4192 CLFS - ok

16:24:27.0246 4192 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) F:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe

16:24:27.0261 4192 clr_optimization_v2.0.50727_32 - ok

16:24:27.0308 4192 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) F:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe

16:24:27.0308 4192 clr_optimization_v4.0.30319_32 - ok

16:24:27.0324 4192 CmBatt (dea805815e587dad1dd2c502220b5616) F:Windowssystem32DRIVERSCmBatt.sys

16:24:27.0324 4192 CmBatt - ok

16:24:27.0480 4192 cmdAgent (907324001ae25ac5959c91eaa34cabae) F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe

16:24:27.0495 4192 cmdAgent - ok

16:24:27.0620 4192 cmdGuard (ed042da80d9d6a087e83df395ceefd65) F:Windowssystem32DRIVERScmdguard.sys

16:24:27.0620 4192 cmdGuard - ok

16:24:27.0651 4192 cmdHlp (ed6b6a222cb9adf6751e02ad478a89fb) F:Windowssystem32DRIVERScmdhlp.sys

16:24:27.0651 4192 cmdHlp - ok

16:24:27.0698 4192 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) F:Windowssystem32driverscmdide.sys

16:24:27.0698 4192 cmdide - ok

16:24:27.0745 4192 CNG (247b4ce2dab1160cd422d532d5241e1f) F:Windowssystem32Driverscng.sys

16:24:27.0760 4192 CNG - ok

16:24:27.0760 4192 Compbatt (a6023d3823c37043986713f118a89bee) F:Windowssystem32DRIVERScompbatt.sys

16:24:27.0760 4192 Compbatt - ok

16:24:27.0792 4192 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) F:Windowssystem32driversCompositeBus.sys

16:24:27.0792 4192 CompositeBus - ok

16:24:27.0792 4192 COMSysApp - ok

16:24:27.0807 4192 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) F:Windowssystem32DRIVERScrcdisk.sys

16:24:27.0807 4192 crcdisk - ok

16:24:27.0916 4192 Credential Vault Host Control Service (4163c86ea091f9621017b899ad66a8be) F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe

16:24:27.0948 4192 Credential Vault Host Control Service - ok

16:24:27.0963 4192 Credential Vault Host Storage (ad6ba00e4f4e847151a3b4a0a2945c7c) F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe

16:24:27.0963 4192 Credential Vault Host Storage - ok

16:24:27.0994 4192 CryptSvc (06e771aa596b8761107ab57e99f128d7) F:Windowssystem32cryptsvc.dll

16:24:27.0994 4192 CryptSvc - ok

16:24:28.0010 4192 cvusbdrv (d1697063e2cdb6575aa46d668ffee825) F:Windowssystem32Driverscvusbdrv.sys

16:24:28.0010 4192 cvusbdrv - ok

16:24:28.0057 4192 DcomLaunch (7660f01d3b38aca1747e397d21d790af) F:Windowssystem32rpcss.dll

16:24:28.0072 4192 DcomLaunch - ok

16:24:28.0104 4192 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) F:WindowsSystem32defragsvc.dll

16:24:28.0119 4192 defragsvc - ok

16:24:28.0150 4192 DfsC (f024449c97ec1e464aaffda18593db88) F:Windowssystem32Driversdfsc.sys

16:24:28.0150 4192 DfsC - ok

16:24:28.0197 4192 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) F:Windowssystem32dhcpcore.dll

16:24:28.0213 4192 Dhcp - ok

16:24:28.0244 4192 discache (1a050b0274bfb3890703d490f330c0da) F:Windowssystem32driversdiscache.sys

16:24:28.0244 4192 discache - ok

16:24:28.0260 4192 Disk (565003f326f99802e68ca78f2a68e9ff) F:Windowssystem32DRIVERSdisk.sys

16:24:28.0260 4192 Disk - ok

16:24:28.0291 4192 Dnscache (33ef4861f19a0736b11314aad9ae28d0) F:WindowsSystem32dnsrslvr.dll

16:24:28.0291 4192 Dnscache - ok

16:24:28.0338 4192 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) F:WindowsSystem32dot3svc.dll

16:24:28.0353 4192 dot3svc - ok

16:24:28.0384 4192 DPS (8ec04ca86f1d68da9e11952eb85973d6) F:Windowssystem32dps.dll

16:24:28.0384 4192 DPS - ok

16:24:28.0416 4192 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) F:Windowssystem32driversdrmkaud.sys

16:24:28.0416 4192 drmkaud - ok

16:24:28.0478 4192 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) F:WindowsSystem32driversdxgkrnl.sys

16:24:28.0494 4192 DXGKrnl - ok

16:24:28.0540 4192 e1yexpress (44a91d98d6719b49bcd649a863225b5c) F:Windowssystem32DRIVERSe1y6232.sys

16:24:28.0556 4192 e1yexpress - ok

16:24:28.0572 4192 EapHost (8600142fa91c1b96367d3300ad0f3f3a) F:WindowsSystem32eapsvc.dll

16:24:28.0572 4192 EapHost - ok

16:24:28.0728 4192 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) F:Windowssystem32DRIVERSevbdx.sys

16:24:28.0774 4192 ebdrv - ok

16:24:28.0868 4192 EFS (81951f51e318aecc2d68559e47485cc4) F:WindowsSystem32lsass.exe

16:24:28.0868 4192 EFS - ok

16:24:28.0915 4192 ehRecvr (a8c362018efc87beb013ee28f29c0863) F:WindowsehomeehRecvr.exe

16:24:28.0930 4192 ehRecvr - ok

16:24:28.0946 4192 ehSched (d389bff34f80caede417bf9d1507996a) F:Windowsehomeehsched.exe

16:24:28.0946 4192 ehSched - ok

16:24:28.0993 4192 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) F:Windowssystem32DRIVERSelxstor.sys

16:24:29.0008 4192 elxstor - ok

16:24:29.0040 4192 ErrDev (8fc3208352dd3912c94367a206ab3f11) F:Windowssystem32driverserrdev.sys

16:24:29.0040 4192 ErrDev - ok

16:24:29.0133 4192 EventSystem (f6916efc29d9953d5d0df06882ae8e16) F:Windowssystem32es.dll

16:24:29.0133 4192 EventSystem - ok

16:24:29.0149 4192 exfat (2dc9108d74081149cc8b651d3a26207f) F:Windowssystem32driversexfat.sys

16:24:29.0164 4192 exfat - ok

16:24:29.0180 4192 fastfat (7e0ab74553476622fb6ae36f73d97d35) F:Windowssystem32driversfastfat.sys

16:24:29.0180 4192 fastfat - ok

16:24:29.0242 4192 Fax (967ea5b213e9984cbe270205df37755b) F:Windowssystem32fxssvc.exe

16:24:29.0242 4192 Fax - ok

16:24:29.0258 4192 fdc (e817a017f82df2a1f8cfdbda29388b29) F:Windowssystem32DRIVERSfdc.sys

16:24:29.0274 4192 fdc - ok

16:24:29.0274 4192 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) F:Windowssystem32fdPHost.dll

16:24:29.0274 4192 fdPHost - ok

16:24:29.0289 4192 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) F:Windowssystem32fdrespub.dll

16:24:29.0289 4192 FDResPub - ok

16:24:29.0289 4192 FileInfo (6cf00369c97f3cf563be99be983d13d8) F:Windowssystem32driversfileinfo.sys

16:24:29.0289 4192 FileInfo - ok

16:24:29.0305 4192 Filetrace (42c51dc94c91da21cb9196eb64c45db9) F:Windowssystem32driversfiletrace.sys

16:24:29.0305 4192 Filetrace - ok

16:24:29.0320 4192 flpydisk (87907aa70cb3c56600f1c2fb8841579b) F:Windowssystem32DRIVERSflpydisk.sys

16:24:29.0320 4192 flpydisk - ok

16:24:29.0352 4192 FltMgr (7520ec808e0c35e0ee6f841294316653) F:Windowssystem32driversfltmgr.sys

16:24:29.0352 4192 FltMgr - ok

16:24:29.0398 4192 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) F:Windowssystem32FntCache.dll

16:24:29.0414 4192 FontCache - ok

16:24:29.0461 4192 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) F:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe

16:24:29.0461 4192 FontCache3.0.0.0 - ok

16:24:29.0476 4192 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) F:Windowssystem32driversFsDepends.sys

16:24:29.0476 4192 FsDepends - ok

16:24:29.0539 4192 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) F:Windowssystem32driversFs_Rec.sys

16:24:29.0539 4192 Fs_Rec - ok

16:24:29.0570 4192 fvevol (8a73e79089b282100b9393b644cb853b) F:Windowssystem32DRIVERSfvevol.sys

16:24:29.0586 4192 fvevol - ok

16:24:29.0601 4192 gagp30kx (65ee0c7a58b65e74ae05637418153938) F:Windowssystem32DRIVERSgagp30kx.sys

16:24:29.0601 4192 gagp30kx - ok

16:24:29.0648 4192 gpsvc (e897eaf5ed6ba41e081060c9b447a673) F:WindowsSystem32gpsvc.dll

16:24:29.0664 4192 gpsvc - ok

16:24:29.0773 4192 gupdate (f02a533f517eb38333cb12a9e8963773) F:Program FilesGoogleUpdateGoogleUpdate.exe

16:24:29.0773 4192 gupdate - ok

16:24:29.0788 4192 gupdatem (f02a533f517eb38333cb12a9e8963773) F:Program FilesGoogleUpdateGoogleUpdate.exe

16:24:29.0788 4192 gupdatem - ok

16:24:29.0804 4192 gusvc (cc839e8d766cc31a7710c9f38cf3e375) F:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

16:24:29.0804 4192 gusvc - ok

16:24:29.0820 4192 hcw85cir (c44e3c2bab6837db337ddee7544736db) F:Windowssystem32drivershcw85cir.sys

16:24:29.0820 4192 hcw85cir - ok

16:24:29.0866 4192 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) F:Windowssystem32driversHdAudio.sys

16:24:29.0866 4192 HdAudAddService - ok

16:24:29.0882 4192 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) F:Windowssystem32driversHDAudBus.sys

16:24:29.0882 4192 HDAudBus - ok

16:24:29.0898 4192 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) F:Windowssystem32DRIVERSHidBatt.sys

16:24:29.0913 4192 HidBatt - ok

16:24:29.0929 4192 HidBth (89448f40e6df260c206a193a4683ba78) F:Windowssystem32DRIVERShidbth.sys

16:24:29.0929 4192 HidBth - ok

16:24:29.0944 4192 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) F:Windowssystem32DRIVERShidir.sys

16:24:29.0944 4192 HidIr - ok

16:24:29.0976 4192 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) F:WindowsSystem32hidserv.dll

16:24:29.0976 4192 hidserv - ok

16:24:30.0007 4192 HidUsb (10c19f8290891af023eaec0832e1eb4d) F:Windowssystem32DRIVERShidusb.sys

16:24:30.0007 4192 HidUsb - ok

16:24:30.0054 4192 hkmsvc (196b4e3f4cccc24af836ce58facbb699) F:Windowssystem32kmsvc.dll

16:24:30.0054 4192 hkmsvc - ok

16:24:30.0100 4192 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) F:Windowssystem32ListSvc.dll

16:24:30.0100 4192 HomeGroupListener - ok

16:24:30.0147 4192 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) F:Windowssystem32provsvc.dll

16:24:30.0147 4192 HomeGroupProvider - ok

16:24:30.0163 4192 HpSAMD (295fdc419039090eb8b49ffdbb374549) F:Windowssystem32driversHpSAMD.sys

16:24:30.0163 4192 HpSAMD - ok

16:24:30.0210 4192 HTTP (871917b07a141bff43d76d8844d48106) F:Windowssystem32driversHTTP.sys

16:24:30.0225 4192 HTTP - ok

16:24:30.0272 4192 hwpolicy (0c4e035c7f105f1299258c90886c64c5) F:Windowssystem32drivershwpolicy.sys

16:24:30.0272 4192 hwpolicy - ok

16:24:30.0303 4192 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) F:Windowssystem32driversi8042prt.sys

16:24:30.0303 4192 i8042prt - ok

16:24:30.0350 4192 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) F:Windowssystem32driversiaStorV.sys

16:24:30.0350 4192 iaStorV - ok

16:24:30.0490 4192 idsvc (c521d7eb6497bb1af6afa89e322fb43c) F:WindowsMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe

16:24:30.0506 4192 idsvc - ok

16:24:30.0584 4192 iirsp (4173ff5708f3236cf25195fecd742915) F:Windowssystem32DRIVERSiirsp.sys

16:24:30.0584 4192 iirsp - ok

16:24:30.0646 4192 IKEEXT (f95622f161474511b8d80d6b093aa610) F:WindowsSystem32ikeext.dll

16:24:30.0662 4192 IKEEXT - ok

16:24:30.0709 4192 inspect (2ee3db2c1760171c6f72f2f1792a47b5) F:Windowssystem32DRIVERSinspect.sys

16:24:30.0709 4192 inspect - ok

16:24:30.0709 4192 intelide (a0f12f2c9ba6c72f3987ce780e77c130) F:Windowssystem32driversintelide.sys

16:24:30.0724 4192 intelide - ok

16:24:30.0740 4192 intelppm (3b514d27bfc4accb4037bc6685f766e0) F:Windowssystem32DRIVERSintelppm.sys

16:24:30.0740 4192 intelppm - ok

16:24:30.0756 4192 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) F:Windowssystem32ipbusenum.dll

16:24:30.0756 4192 IPBusEnum - ok

16:24:30.0771 4192 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) F:Windowssystem32DRIVERSipfltdrv.sys

16:24:30.0771 4192 IpFilterDriver - ok

16:24:30.0849 4192 iphlpsvc (4d65a07b795d6674312f879d09aa7663) F:WindowsSystem32iphlpsvc.dll

16:24:30.0849 4192 iphlpsvc - ok

16:24:30.0880 4192 IPMIDRV (4bd7134618c1d2a27466a099062547bf) F:Windowssystem32driversIPMIDrv.sys

16:24:30.0880 4192 IPMIDRV - ok

16:24:30.0927 4192 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) F:Windowssystem32driversipnat.sys

16:24:30.0927 4192 IPNAT - ok

16:24:30.0958 4192 IRENUM (42996cff20a3084a56017b7902307e9f) F:Windowssystem32driversirenum.sys

16:24:30.0958 4192 IRENUM - ok

16:24:30.0958 4192 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) F:Windowssystem32driversisapnp.sys

16:24:30.0974 4192 isapnp - ok

16:24:31.0005 4192 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) F:Windowssystem32driversmsiscsi.sys

16:24:31.0021 4192 iScsiPrt - ok

16:24:31.0068 4192 ivusb (994ebb45c4b438e1f6ea0b958ae9b9a3) F:Windowssystem32DRIVERSivusb.sys

16:24:31.0068 4192 ivusb - ok

16:24:31.0114 4192 kbdclass (adef52ca1aeae82b50df86b56413107e) F:Windowssystem32driverskbdclass.sys

16:24:31.0114 4192 kbdclass - ok

16:24:31.0146 4192 kbdhid (9e3ced91863e6ee98c24794d05e27a71) F:Windowssystem32driverskbdhid.sys

16:24:31.0146 4192 kbdhid - ok

16:24:31.0177 4192 KeyIso (81951f51e318aecc2d68559e47485cc4) F:Windowssystem32lsass.exe

16:24:31.0177 4192 KeyIso - ok

16:24:31.0224 4192 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) F:Windowssystem32Driversksecdd.sys

16:24:31.0224 4192 KSecDD - ok

16:24:31.0255 4192 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) F:Windowssystem32Driversksecpkg.sys

16:24:31.0255 4192 KSecPkg - ok

16:24:31.0286 4192 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) F:Windowssystem32msdtckrm.dll

16:24:31.0302 4192 KtmRm - ok

16:24:31.0364 4192 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) F:WindowsSystem32srvsvc.dll

16:24:31.0364 4192 LanmanServer - ok

16:24:31.0395 4192 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) F:WindowsSystem32wkssvc.dll

16:24:31.0395 4192 LanmanWorkstation - ok

16:24:31.0411 4192 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) F:Windowssystem32DRIVERSlltdio.sys

16:24:31.0426 4192 lltdio - ok

16:24:31.0442 4192 lltdsvc (5700673e13a2117fa3b9020c852c01e2) F:WindowsSystem32lltdsvc.dll

16:24:31.0458 4192 lltdsvc - ok

16:24:31.0473 4192 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) F:WindowsSystem32lmhsvc.dll

16:24:31.0473 4192 lmhosts - ok

16:24:31.0504 4192 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) F:Windowssystem32DRIVERSlsi_fc.sys

16:24:31.0504 4192 LSI_FC - ok

16:24:31.0520 4192 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) F:Windowssystem32DRIVERSlsi_sas.sys

16:24:31.0520 4192 LSI_SAS - ok

16:24:31.0536 4192 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) F:Windowssystem32DRIVERSlsi_sas2.sys

16:24:31.0536 4192 LSI_SAS2 - ok

16:24:31.0551 4192 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) F:Windowssystem32DRIVERSlsi_scsi.sys

16:24:31.0551 4192 LSI_SCSI - ok

16:24:31.0582 4192 luafv (6703e366cc18d3b6e534f5cf7df39cee) F:Windowssystem32driversluafv.sys

16:24:31.0598 4192 luafv - ok

16:24:31.0629 4192 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) F:Windowssystem32Mcx2Svc.dll

16:24:31.0629 4192 Mcx2Svc - ok

16:24:31.0645 4192 megasas (0fff5b045293002ab38eb1fd1fc2fb74) F:Windowssystem32DRIVERSmegasas.sys

16:24:31.0645 4192 megasas - ok

16:24:31.0676 4192 MegaSR (dcbab2920c75f390caf1d29f675d03d6) F:Windowssystem32DRIVERSMegaSR.sys

16:24:31.0676 4192 MegaSR - ok

16:24:31.0770 4192 Microsoft SharePoint Workspace Audit Service - ok

16:24:31.0801 4192 MMCSS (146b6f43a673379a3c670e86d89be5ea) F:Windowssystem32mmcss.dll

16:24:31.0801 4192 MMCSS - ok

16:24:31.0816 4192 Modem (f001861e5700ee84e2d4e52c712f4964) F:Windowssystem32driversmodem.sys

16:24:31.0816 4192 Modem - ok

16:24:31.0863 4192 monitor (79d10964de86b292320e9dfe02282a23) F:Windowssystem32DRIVERSmonitor.sys

16:24:31.0863 4192 monitor - ok

16:24:31.0894 4192 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) F:Windowssystem32DRIVERSmouclass.sys

16:24:31.0894 4192 mouclass - ok

16:24:31.0910 4192 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) F:Windowssystem32DRIVERSmouhid.sys

16:24:31.0910 4192 mouhid - ok

16:24:31.0926 4192 mountmgr (fc8771f45ecccfd89684e38842539b9b) F:Windowssystem32driversmountmgr.sys

16:24:31.0941 4192 mountmgr - ok

16:24:32.0004 4192 MpFilter (fee0baded54222e9f1dae9541212aab1) F:Windowssystem32DRIVERSMpFilter.sys

16:24:32.0004 4192 MpFilter - ok

16:24:32.0035 4192 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) F:Windowssystem32driversmpio.sys

16:24:32.0050 4192 mpio - ok

16:24:32.0050 4192 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) F:Windowssystem32DRIVERSMpNWMon.sys

16:24:32.0050 4192 MpNWMon - ok

16:24:32.0082 4192 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) F:Windowssystem32driversmpsdrv.sys

16:24:32.0082 4192 mpsdrv - ok

16:24:32.0160 4192 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) F:Windowssystem32mpssvc.dll

16:24:32.0160 4192 MpsSvc - ok

16:24:32.0206 4192 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) F:Windowssystem32driversmrxdav.sys

16:24:32.0206 4192 MRxDAV - ok

16:24:32.0269 4192 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) F:Windowssystem32DRIVERSmrxsmb.sys

16:24:32.0269 4192 mrxsmb - ok

16:24:32.0316 4192 mrxsmb10 (6d17a4791aca19328c685d256349fefc) F:Windowssystem32DRIVERSmrxsmb10.sys

16:24:32.0316 4192 mrxsmb10 - ok

16:24:32.0362 4192 mrxsmb20 (b81f204d146000be76651a50670a5e9e) F:Windowssystem32DRIVERSmrxsmb20.sys

16:24:32.0378 4192 mrxsmb20 - ok

16:24:32.0378 4192 msahci (012c5f4e9349e711e11e0f19a8589f0a) F:Windowssystem32driversmsahci.sys

16:24:32.0378 4192 msahci - ok

16:24:32.0394 4192 msdsm (55055f8ad8be27a64c831322a780a228) F:Windowssystem32driversmsdsm.sys

16:24:32.0394 4192 msdsm - ok

16:24:32.0425 4192 MSDTC (e1bce74a3bd9902b72599c0192a07e27) F:WindowsSystem32msdtc.exe

16:24:32.0425 4192 MSDTC - ok

16:24:32.0456 4192 Msfs (daefb28e3af5a76abcc2c3078c07327f) F:Windowssystem32driversMsfs.sys

16:24:32.0456 4192 Msfs - ok

16:24:32.0456 4192 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) F:WindowsSystem32driversmshidkmdf.sys

16:24:32.0472 4192 mshidkmdf - ok

16:24:32.0503 4192 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) F:Windowssystem32driversmsisadrv.sys

16:24:32.0503 4192 msisadrv - ok

16:24:32.0518 4192 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) F:Windowssystem32iscsiexe.dll

16:24:32.0518 4192 MSiSCSI - ok

16:24:32.0534 4192 msiserver - ok

16:24:32.0550 4192 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) F:Windowssystem32driversMSKSSRV.sys

16:24:32.0565 4192 MSKSSRV - ok

16:24:32.0690 4192 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) F:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe

16:24:32.0690 4192 MsMpSvc - ok

16:24:32.0706 4192 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) F:Windowssystem32driversMSPCLOCK.sys

16:24:32.0706 4192 MSPCLOCK - ok

16:24:32.0706 4192 MSPQM (f456e973590d663b1073e9c463b40932) F:Windowssystem32driversMSPQM.sys

16:24:32.0706 4192 MSPQM - ok

16:24:32.0737 4192 MsRPC (0e008fc4819d238c51d7c93e7b41e560) F:Windowssystem32driversMsRPC.sys

16:24:32.0737 4192 MsRPC - ok

16:24:32.0752 4192 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) F:Windowssystem32driversmssmbios.sys

16:24:32.0752 4192 mssmbios - ok

16:24:32.0784 4192 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) F:Windowssystem32driversMSTEE.sys

16:24:32.0784 4192 MSTEE - ok

16:24:32.0799 4192 MTConfig (33599130f44e1f34631cea241de8ac84) F:Windowssystem32DRIVERSMTConfig.sys

16:24:32.0799 4192 MTConfig - ok

16:24:32.0815 4192 Mup (159fad02f64e6381758c990f753bcc80) F:Windowssystem32Driversmup.sys

16:24:32.0815 4192 Mup - ok

16:24:32.0924 4192 NanoServiceMain (07b2740cf3294b98380b9e1bf8ab05b8) F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe

16:24:32.0940 4192 NanoServiceMain - ok

16:24:32.0971 4192 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) F:Windowssystem32qagentRT.dll

16:24:32.0986 4192 napagent - ok

16:24:33.0018 4192 NativeWifiP (26384429fcd85d83746f63e798ab1480) F:Windowssystem32DRIVERSnwifi.sys

16:24:33.0018 4192 NativeWifiP - ok

16:24:33.0111 4192 NAUpdate (e4534bccdd1ea7a7a256bb9d6688a5fc) F:Program FilesNeroUpdateNASvc.exe

16:24:33.0111 4192 NAUpdate - ok

16:24:33.0174 4192 NDIS (e7c54812a2aaf43316eb6930c1ffa108) F:Windowssystem32driversndis.sys

16:24:33.0189 4192 NDIS - ok

16:24:33.0205 4192 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) F:Windowssystem32DRIVERSndiscap.sys

16:24:33.0205 4192 NdisCap - ok

16:24:33.0220 4192 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) F:Windowssystem32DRIVERSndistapi.sys

16:24:33.0220 4192 NdisTapi - ok

16:24:33.0252 4192 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) F:Windowssystem32DRIVERSndisuio.sys

16:24:33.0252 4192 Ndisuio - ok

16:24:33.0298 4192 NdisWan (38fbe267e7e6983311179230facb1017) F:Windowssystem32DRIVERSndiswan.sys

16:24:33.0298 4192 NdisWan - ok

16:24:33.0423 4192 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) F:Windowssystem32driversNDProxy.sys

16:24:33.0423 4192 NDProxy - ok

16:24:33.0470 4192 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) F:Windowssystem32DRIVERSnetbios.sys

16:24:33.0470 4192 NetBIOS - ok

16:24:33.0501 4192 NetBT (280122ddcf04b378edd1ad54d71c1e54) F:Windowssystem32DRIVERSnetbt.sys

16:24:33.0501 4192 NetBT - ok

16:24:33.0532 4192 Netlogon (81951f51e318aecc2d68559e47485cc4) F:Windowssystem32lsass.exe

16:24:33.0548 4192 Netlogon - ok

16:24:33.0579 4192 Netman (7cccfca7510684768da22092d1fa4db2) F:WindowsSystem32netman.dll

16:24:33.0595 4192 Netman - ok

16:24:33.0610 4192 netprofm (8c338238c16777a802d6a9211eb2ba50) F:WindowsSystem32netprofm.dll

16:24:33.0626 4192 netprofm - ok

16:24:33.0688 4192 netr28u (efd7c94281882cbba8ec1b967e9f73d8) F:Windowssystem32DRIVERSnetr28u.sys

16:24:33.0688 4192 netr28u - ok

16:24:33.0766 4192 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) F:WindowsMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe

16:24:33.0766 4192 NetTcpPortSharing - ok

16:24:33.0782 4192 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) F:Windowssystem32DRIVERSnfrd960.sys

16:24:33.0782 4192 nfrd960 - ok

16:24:33.0829 4192 NisDrv (7b01c6172cfd0b10116175e09200d4b4) F:Windowssystem32DRIVERSNisDrvWFP.sys

16:24:33.0829 4192 NisDrv - ok

16:24:33.0907 4192 NisSrv (a5cb074f34bbd89948e34a630d459c0c) F:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe

16:24:33.0907 4192 NisSrv - ok

16:24:33.0954 4192 NlaSvc (912084381d30d8b89ec4e293053f4710) F:WindowsSystem32nlasvc.dll

16:24:33.0969 4192 NlaSvc - ok

16:24:34.0016 4192 NNSALPC (cfee15a88280d369672da0e378bbc702) F:Windowssystem32DRIVERSNNSAlpc.sys

16:24:34.0016 4192 NNSALPC - ok

16:24:34.0063 4192 NNSHTTP (2708799adc223c4412341f0c68d032e3) F:Windowssystem32DRIVERSNNSHttp.sys

16:24:34.0063 4192 NNSHTTP - ok

16:24:34.0110 4192 NNSIDS (533f19056b98d9cce466b64186905bc1) F:Windowssystem32DRIVERSNNSIds.sys

16:24:34.0110 4192 NNSIDS - ok

16:24:34.0141 4192 NNSNAHSL (bf5295ec6f9e4737f891f58fea879b31) F:Windowssystem32DRIVERSNNSNAHSL.sys

16:24:34.0141 4192 NNSNAHSL - ok

16:24:34.0203 4192 NNSPICC (1f054c5ca627fcd3983538d74574016b) F:Windowssystem32DRIVERSNNSPicc.sys

16:24:34.0219 4192 NNSPICC - ok

16:24:34.0266 4192 NNSPIHSW (a15b00ecd15dacfb9dd33f0ce26ee60d) F:Windowssystem32DRIVERSNNSPihsw.sys

16:24:34.0266 4192 NNSPIHSW - ok

16:24:34.0281 4192 NNSPOP3 (5f8c023775b8f4a0a8ffc93dd0a27285) F:Windowssystem32DRIVERSNNSPop3.sys

16:24:34.0281 4192 NNSPOP3 - ok

16:24:34.0328 4192 NNSPROT (ca541ce4a1fc034eec8cfd6c155b9d30) F:Windowssystem32DRIVERSNNSProt.sys

16:24:34.0344 4192 NNSPROT - ok

16:24:34.0359 4192 NNSPRV (938e8ccc7ac5922f2e3dbdf3e7a3035c) F:Windowssystem32DRIVERSNNSPrv.sys

16:24:34.0359 4192 NNSPRV - ok

16:24:34.0390 4192 NNSSMTP (2458e950f0a0dd9ad08385209b5e1702) F:Windowssystem32DRIVERSNNSSmtp.sys

16:24:34.0390 4192 NNSSMTP - ok

16:24:34.0406 4192 NNSSTRM (75d990651236a570c4c80ed56bfb4009) F:Windowssystem32DRIVERSNNSStrm.sys

16:24:34.0406 4192 NNSSTRM - ok

16:24:34.0437 4192 NNSTLSC (9d526b79e7d438056ed7d382ab94019a) F:Windowssystem32DRIVERSNNSTlsc.sys

16:24:34.0437 4192 NNSTLSC - ok

16:24:34.0500 4192 Nonbrand_WUS-N (f195fbc375342bd25c936982245a8fb0) F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe

16:24:34.0500 4192 Nonbrand_WUS-N - ok

16:24:34.0531 4192 Nonbrand_WUS-N_WPS (c062a2b158ed9c643d24f8e33a607c9f) F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe

16:24:34.0531 4192 Nonbrand_WUS-N_WPS - ok

16:24:34.0546 4192 Npfs (1db262a9f8c087e8153d89bef3d2235f) F:Windowssystem32driversNpfs.sys

16:24:34.0546 4192 Npfs - ok

16:24:34.0562 4192 nsi (ba387e955e890c8a88306d9b8d06bf17) F:Windowssystem32nsisvc.dll

16:24:34.0562 4192 nsi - ok

16:24:34.0578 4192 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) F:Windowssystem32driversnsiproxy.sys

16:24:34.0578 4192 nsiproxy - ok

16:24:34.0671 4192 Ntfs (81189c3d7763838e55c397759d49007a) F:Windowssystem32driversNtfs.sys

16:24:34.0671 4192 Ntfs - ok

16:24:34.0718 4192 Null (f9756a98d69098dca8945d62858a812c) F:Windowssystem32driversNull.sys

16:24:34.0718 4192 Null - ok

16:24:35.0155 4192 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) F:Windowssystem32DRIVERSnvlddmkm.sys

16:24:35.0264 4192 nvlddmkm - ok

16:24:35.0373 4192 nvraid (b3e25ee28883877076e0e1ff877d02e0) F:Windowssystem32driversnvraid.sys

16:24:35.0373 4192 nvraid - ok

16:24:35.0389 4192 nvstor (4380e59a170d88c4f1022eff6719a8a4) F:Windowssystem32driversnvstor.sys

16:24:35.0404 4192 nvstor - ok

16:24:35.0436 4192 nvsvc (ded8f2c0070478f13c37f7bd849b83fa) F:Windowssystem32nvvsvc.exe

16:24:35.0436 4192 nvsvc - ok

16:24:35.0467 4192 nv_agp (5a0983915f02bae73267cc2a041f717d) F:Windowssystem32driversnv_agp.sys

16:24:35.0467 4192 nv_agp - ok

16:24:35.0514 4192 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) F:Windowssystem32driversohci1394.sys

16:24:35.0514 4192 ohci1394 - ok

16:24:35.0576 4192 ose (9d10f99a6712e28f8acd5641e3a7ea6b) F:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE

16:24:35.0576 4192 ose - ok

16:24:35.0826 4192 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) F:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE

16:24:35.0872 4192 osppsvc - ok

16:24:35.0966 4192 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) F:Windowssystem32pnrpsvc.dll

16:24:35.0966 4192 p2pimsvc - ok

16:24:35.0997 4192 p2psvc (59c3ddd501e39e006dac31bf55150d91) F:Windowssystem32p2psvc.dll

16:24:36.0044 4192 p2psvc - ok

16:24:36.0106 4192 PAC7302 (aff9a1986555e4592de8092f9a5fa2d2) F:Windowssystem32DRIVERSPAC7302.SYS

16:24:36.0122 4192 PAC7302 - ok

16:24:36.0169 4192 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) F:Windowssystem32DRIVERSparport.sys

16:24:36.0169 4192 Parport - ok

16:24:36.0200 4192 partmgr (3f34a1b4c5f6475f320c275e63afce9b) F:Windowssystem32driverspartmgr.sys

16:24:36.0200 4192 partmgr - ok

16:24:36.0247 4192 Parvdm (eb0a59f29c19b86479d36b35983daadc) F:Windowssystem32DRIVERSparvdm.sys

16:24:36.0247 4192 Parvdm - ok

16:24:36.0278 4192 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) F:Windowssystem32DRIVERSPBADRV.sys

16:24:36.0278 4192 PBADRV - ok

16:24:36.0330 4192 PcaSvc (358ab7956d3160000726574083dfc8a6) F:WindowsSystem32pcasvc.dll

16:24:36.0343 4192 PcaSvc - ok

16:24:36.0379 4192 pci (673e55c3498eb970088e812ea820aa8f) F:Windowssystem32driverspci.sys

16:24:36.0381 4192 pci - ok

16:24:36.0399 4192 pciide (afe86f419014db4e5593f69ffe26ce0a) F:Windowssystem32driverspciide.sys

16:24:36.0400 4192 pciide - ok

16:24:36.0422 4192 pcmcia (f396431b31693e71e8a80687ef523506) F:Windowssystem32DRIVERSpcmcia.sys

16:24:36.0424 4192 pcmcia - ok

16:24:36.0459 4192 pcouffin (5b6c11de7e839c05248ced8825470fef) F:Windowssystem32Driverspcouffin.sys

16:24:36.0460 4192 pcouffin - ok

16:24:36.0506 4192 pcw (250f6b43d2b613172035c6747aeeb19f) F:Windowssystem32driverspcw.sys

16:24:36.0507 4192 pcw - ok

16:24:36.0572 4192 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) F:Windowssystem32driverspeauth.sys

16:24:36.0588 4192 PEAUTH - ok

16:24:36.0640 4192 pgfilter (2cf226173b467ab48f89d77e89936951) F:Program FilesPeerGuardian2pgfilter.sys

16:24:36.0641 4192 pgfilter - ok

16:24:36.0743 4192 pla (414bba67a3ded1d28437eb66aeb8a720) F:Windowssystem32pla.dll

16:24:36.0771 4192 pla - ok

16:24:36.0856 4192 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) F:Windowssystem32umpnpmgr.dll

16:24:36.0861 4192 PlugPlay - ok

16:24:36.0876 4192 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) F:Windowssystem32pnrpauto.dll

16:24:36.0879 4192 PNRPAutoReg - ok

16:24:36.0905 4192 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) F:Windowssystem32pnrpsvc.dll

16:24:36.0908 4192 PNRPsvc - ok

16:24:36.0973 4192 PolicyAgent (53946b69ba0836bd95b03759530c81ec) F:WindowsSystem32ipsecsvc.dll

16:24:36.0988 4192 PolicyAgent - ok

16:24:37.0030 4192 Power (f87d30e72e03d579a5199ccb3831d6ea) F:Windowssystem32umpo.dll

16:24:37.0034 4192 Power - ok

16:24:37.0065 4192 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) F:Windowssystem32DRIVERSraspptp.sys

16:24:37.0067 4192 PptpMiniport - ok

16:24:37.0085 4192 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) F:Windowssystem32DRIVERSprocessr.sys

16:24:37.0086 4192 Processor - ok

16:24:37.0119 4192 ProfSvc (cadefac453040e370a1bdff3973be00d) F:Windowssystem32profsvc.dll

16:24:37.0123 4192 ProfSvc - ok

16:24:37.0158 4192 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) F:Windowssystem32lsass.exe

16:24:37.0160 4192 ProtectedStorage - ok

16:24:37.0181 4192 Psched (6270ccae2a86de6d146529fe55b3246a) F:Windowssystem32DRIVERSpacer.sys

16:24:37.0182 4192 Psched - ok

16:24:37.0228 4192 PSI (d24dfd16a1e2a76034df5aa18125c35d) F:Windowssystem32DRIVERSpsi_mf.sys

16:24:37.0229 4192 PSI - ok

16:24:37.0276 4192 PSINAflt (389d8cc1f8d7c5ec736bded9d1a98c4c) F:Windowssystem32DRIVERSPSINAflt.sys

16:24:37.0278 4192 PSINAflt - ok

16:24:37.0322 4192 PSINFile (04e2992c67ab310409531be99e66dd1f) F:Windowssystem32DRIVERSPSINFile.sys

16:24:37.0322 4192 PSINFile - ok

16:24:37.0322 4192 PSINKNC (5292037b8839d9de8ace23eba1268a34) F:Windowssystem32DRIVERSpsinknc.sys

16:24:37.0338 4192 PSINKNC - ok

16:24:37.0354 4192 PSINProc (b10d97ff830f677a1295f3b9e5e6f8fb) F:Windowssystem32DRIVERSPSINProc.sys

16:24:37.0354 4192 PSINProc - ok

16:24:37.0369 4192 PSINProt (49dd888c415611da5654ce895b9f37d9) F:Windowssystem32DRIVERSPSINProt.sys

16:24:37.0385 4192 PSINProt - ok

16:24:37.0432 4192 PSKMAD (476769481841007583875023f7ecc4ca) F:Windowssystem32DRIVERSPSKMAD.sys

16:24:37.0432 4192 PSKMAD - ok

16:24:37.0525 4192 PSUAService (98a9d3236c6301503571de79b86e8538) F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe

16:24:37.0525 4192 PSUAService - ok

16:24:37.0603 4192 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) F:Windowssystem32DRIVERSql2300.sys

16:24:37.0634 4192 ql2300 - ok

16:24:37.0728 4192 ql40xx (b4dd51dd25182244b86737dc51af2270) F:Windowssystem32DRIVERSql40xx.sys

16:24:37.0728 4192 ql40xx - ok

16:24:37.0744 4192 QWAVE (31ac809e7707eb580b2bdb760390765a) F:Windowssystem32qwave.dll

16:24:37.0759 4192 QWAVE - ok

16:24:37.0775 4192 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) F:Windowssystem32driversqwavedrv.sys

16:24:37.0775 4192 QWAVEdrv - ok

16:24:37.0790 4192 RasAcd (30a81b53c766d0133bb86d234e5556ab) F:Windowssystem32DRIVERSrasacd.sys

16:24:37.0790 4192 RasAcd - ok

16:24:37.0822 4192 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) F:Windowssystem32DRIVERSAgileVpn.sys

16:24:37.0837 4192 RasAgileVpn - ok

16:24:37.0853 4192 RasAuto (a60f1839849c0c00739787fd5ec03f13) F:WindowsSystem32rasauto.dll

16:24:37.0853 4192 RasAuto - ok

16:24:37.0868 4192 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) F:Windowssystem32DRIVERSrasl2tp.sys

16:24:37.0884 4192 Rasl2tp - ok

16:24:37.0915 4192 RasMan (cb9e04dc05eacf5b9a36ca276d475006) F:WindowsSystem32rasmans.dll

16:24:37.0931 4192 RasMan - ok

16:24:37.0946 4192 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) F:Windowssystem32DRIVERSraspppoe.sys

16:24:37.0946 4192 RasPppoe - ok

16:24:37.0962 4192 RasSstp (44101f495a83ea6401d886e7fd70096b) F:Windowssystem32DRIVERSrassstp.sys

16:24:37.0962 4192 RasSstp - ok

16:24:38.0009 4192 rdbss (d528bc58a489409ba40334ebf96a311b) F:Windowssystem32DRIVERSrdbss.sys

16:24:38.0024 4192 rdbss - ok

16:24:38.0040 4192 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) F:Windowssystem32DRIVERSrdpbus.sys

16:24:38.0040 4192 rdpbus - ok

16:24:38.0071 4192 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) F:Windowssystem32DRIVERSRDPCDD.sys

16:24:38.0071 4192 RDPCDD - ok

16:24:38.0102 4192 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) F:Windowssystem32driversrdpencdd.sys

16:24:38.0102 4192 RDPENCDD - ok

16:24:38.0118 4192 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) F:Windowssystem32driversrdprefmp.sys

16:24:38.0118 4192 RDPREFMP - ok

16:24:38.0149 4192 RDPWD (f031683e6d1fea157abb2ff260b51e61) F:Windowssystem32driversRDPWD.sys

16:24:38.0149 4192 RDPWD - ok

16:24:38.0212 4192 rdyboost (518395321dc96fe2c9f0e96ac743b656) F:Windowssystem32driversrdyboost.sys

16:24:38.0212 4192 rdyboost - ok

16:24:38.0243 4192 RemoteAccess (7b5e1419717fac363a31cc302895217a) F:WindowsSystem32mprdim.dll

16:24:38.0243 4192 RemoteAccess - ok

16:24:38.0258 4192 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) F:Windowssystem32regsvc.dll

16:24:38.0258 4192 RemoteRegistry - ok

16:24:38.0305 4192 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) F:Windowssystem32DRIVERSrimmptsk.sys

16:24:38.0305 4192 rimmptsk - ok

16:24:38.0336 4192 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) F:WindowsSystem32RpcEpMap.dll

16:24:38.0336 4192 RpcEptMapper - ok

16:24:38.0368 4192 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) F:Windowssystem32locator.exe

16:24:38.0368 4192 RpcLocator - ok

16:24:38.0414 4192 RpcSs (7660f01d3b38aca1747e397d21d790af) F:Windowssystem32rpcss.dll

16:24:38.0414 4192 RpcSs - ok

16:24:38.0446 4192 rspndr (032b0d36ad92b582d869879f5af5b928) F:Windowssystem32DRIVERSrspndr.sys

16:24:38.0446 4192 rspndr - ok

16:24:38.0492 4192 SamSs (81951f51e318aecc2d68559e47485cc4) F:Windowssystem32lsass.exe

16:24:38.0492 4192 SamSs - ok

16:24:38.0586 4192 SASDIFSV (39763504067962108505bff25f024345) F:Program FilesSUPERAntiSpywareSASDIFSV.SYS

16:24:38.0586 4192 SASDIFSV - ok

16:24:38.0602 4192 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) F:Program FilesSUPERAntiSpywareSASKUTIL.SYS

16:24:38.0602 4192 SASKUTIL - ok

16:24:38.0633 4192 sbp2port (05d860da1040f111503ac416ccef2bca) F:Windowssystem32driverssbp2port.sys

16:24:38.0633 4192 sbp2port - ok

16:24:38.0664 4192 SCardSvr (8fc518ffe9519c2631d37515a68009c4) F:WindowsSystem32SCardSvr.dll

16:24:38.0680 4192 SCardSvr - ok

16:24:38.0695 4192 scfilter (0693b5ec673e34dc147e195779a4dcf6) F:Windowssystem32DRIVERSscfilter.sys

16:24:38.0695 4192 scfilter - ok

16:24:38.0758 4192 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) F:Windowssystem32schedsvc.dll

16:24:38.0773 4192 Schedule - ok

16:24:38.0804 4192 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) F:WindowsSystem32certprop.dll

16:24:38.0804 4192 SCPolicySvc - ok

16:24:38.0851 4192 sdbus (0328be1c7f1cba23848179f8762e391c) F:Windowssystem32driverssdbus.sys

16:24:38.0851 4192 sdbus - ok

16:24:38.0898 4192 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) F:WindowsSystem32SDRSVC.dll

16:24:38.0898 4192 SDRSVC - ok

16:24:38.0914 4192 secdrv (90a3935d05b494a5a39d37e71f09a677) F:Windowssystem32driverssecdrv.sys

16:24:38.0914 4192 secdrv - ok

16:24:38.0929 4192 seclogon (a59b3a4442c52060cc7a85293aa3546f) F:Windowssystem32seclogon.dll

16:24:38.0929 4192 seclogon - ok

16:24:39.0023 4192 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) F:Program FilesSecuniaPSIPSIA.exe

16:24:39.0038 4192 Secunia PSI Agent - ok

16:24:39.0070 4192 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) F:Program FilesSecuniaPSIsua.exe

16:24:39.0070 4192 Secunia Update Agent - ok

16:24:39.0148 4192 SENS (dcb7fcdcc97f87360f75d77425b81737) F:Windowssystem32sens.dll

16:24:39.0163 4192 SENS - ok

16:24:39.0179 4192 SensrSvc (50087fe1ee447009c9cc2997b90de53f) F:Windowssystem32sensrsvc.dll

16:24:39.0179 4192 SensrSvc - ok

16:24:39.0210 4192 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) F:Windowssystem32DRIVERSserenum.sys

16:24:39.0210 4192 Serenum - ok

16:24:39.0241 4192 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) F:Windowssystem32DRIVERSserial.sys

16:24:39.0241 4192 Serial - ok

16:24:39.0272 4192 sermouse (79bffb520327ff916a582dfea17aa813) F:Windowssystem32DRIVERSsermouse.sys

16:24:39.0272 4192 sermouse - ok

16:24:39.0319 4192 SessionEnv (4ae380f39a0032eab7dd953030b26d28) F:Windowssystem32sessenv.dll

16:24:39.0319 4192 SessionEnv - ok

16:24:39.0382 4192 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) F:Windowssystem32DRIVERSsffdisk.sys

16:24:39.0382 4192 sffdisk - ok

16:24:39.0397 4192 sffp_mmc (932a68ee27833cfd57c1639d375f2731) F:Windowssystem32driverssffp_mmc.sys

16:24:39.0397 4192 sffp_mmc - ok

16:24:39.0428 4192 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) F:Windowssystem32DRIVERSsffp_sd.sys

16:24:39.0444 4192 sffp_sd - ok

16:24:39.0460 4192 sfloppy (db96666cc8312ebc45032f30b007a547) F:Windowssystem32DRIVERSsfloppy.sys

16:24:39.0460 4192 sfloppy - ok

16:24:39.0522 4192 SharedAccess (d1a079a0de2ea524513b6930c24527a2) F:WindowsSystem32ipnathlp.dll

16:24:39.0538 4192 SharedAccess - ok

16:24:39.0600 4192 ShellHWDetection (414da952a35bf5d50192e28263b40577) F:WindowsSystem32shsvcs.dll

16:24:39.0616 4192 ShellHWDetection - ok

16:24:39.0662 4192 sisagp (2565cac0dc9fe0371bdce60832582b2e) F:Windowssystem32driverssisagp.sys

16:24:39.0662 4192 sisagp - ok

16:24:39.0678 4192 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) F:Windowssystem32DRIVERSSiSRaid2.sys

16:24:39.0678 4192 SiSRaid2 - ok

16:24:39.0709 4192 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) F:Windowssystem32DRIVERSsisraid4.sys

16:24:39.0709 4192 SiSRaid4 - ok

16:24:39.0756 4192 SmartDefragDriver (4aa2772a355226e9ac96d01ba431d253) F:Windowssystem32DriversSmartDefragDriver.sys

16:24:39.0756 4192 SmartDefragDriver - ok

16:24:39.0772 4192 Smb (3e21c083b8a01cb70ba1f09303010fce) F:Windowssystem32DRIVERSsmb.sys

16:24:39.0772 4192 Smb - ok

16:24:39.0803 4192 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) F:WindowsSystem32snmptrap.exe

16:24:39.0803 4192 SNMPTRAP - ok

16:24:39.0818 4192 spldr (95cf1ae7527fb70f7816563cbc09d942) F:Windowssystem32driversspldr.sys

16:24:39.0818 4192 spldr - ok

16:24:39.0865 4192 Spooler (866a43013535dc8587c258e43579c764) F:WindowsSystem32spoolsv.exe

16:24:39.0865 4192 Spooler - ok

16:24:40.0037 4192 sppsvc (cf87a1de791347e75b98885214ced2b8) F:Windowssystem32sppsvc.exe

16:24:40.0052 4192 sppsvc - ok

16:24:40.0146 4192 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) F:Windowssystem32sppuinotify.dll

16:24:40.0146 4192 sppuinotify - ok

16:24:40.0240 4192 srv (e4c2764065d66ea1d2d3ebc28fe99c46) F:Windowssystem32DRIVERSsrv.sys

16:24:40.0240 4192 srv - ok

16:24:40.0318 4192 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) F:Windowssystem32DRIVERSsrv2.sys

16:24:40.0318 4192 srv2 - ok

16:24:40.0364 4192 srvnet (be6bd660caa6f291ae06a718a4fa8abc) F:Windowssystem32DRIVERSsrvnet.sys

16:24:40.0364 4192 srvnet - ok

16:24:40.0396 4192 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) F:WindowsSystem32ssdpsrv.dll

16:24:40.0396 4192 SSDPSRV - ok

16:24:40.0411 4192 SstpSvc (d318f23be45d5e3a107469eb64815b50) F:Windowssystem32sstpsvc.dll

16:24:40.0427 4192 SstpSvc - ok

16:24:40.0442 4192 stexstor (db32d325c192b801df274bfd12a7e72b) F:Windowssystem32DRIVERSstexstor.sys

16:24:40.0442 4192 stexstor - ok

16:24:40.0489 4192 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) F:WindowsSystem32wiaservc.dll

16:24:40.0505 4192 StiSvc - ok

16:24:40.0536 4192 swenum (e58c78a848add9610a4db6d214af5224) F:Windowssystem32driversswenum.sys

16:24:40.0536 4192 swenum - ok

16:24:40.0567 4192 swprv (a28bd92df340e57b024ba433165d34d7) F:WindowsSystem32swprv.dll

16:24:40.0583 4192 swprv - ok

16:24:40.0661 4192 SysMain (36650d618ca34c9d357dfd3d89b2c56f) F:Windowssystem32sysmain.dll

16:24:40.0676 4192 SysMain - ok

16:24:40.0723 4192 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) F:WindowsSystem32TabSvc.dll

16:24:40.0723 4192 TabletInputService - ok

16:24:40.0770 4192 TapiSrv (613bf4820361543956909043a265c6ac) F:WindowsSystem32tapisrv.dll

16:24:40.0770 4192 TapiSrv - ok

16:24:40.0786 4192 TBS (b799d9fdb26111737f58288d8dc172d9) F:WindowsSystem32tbssvc.dll

16:24:40.0786 4192 TBS - ok

16:24:40.0895 4192 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) F:Windowssystem32driverstcpip.sys

16:24:40.0910 4192 Tcpip - ok

16:24:41.0035 4192 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) F:Windowssystem32DRIVERStcpip.sys

16:24:41.0035 4192 TCPIP6 - ok

16:24:41.0098 4192 tcpipreg (cca24162e055c3714ce5a88b100c64ed) F:Windowssystem32driverstcpipreg.sys

16:24:41.0098 4192 tcpipreg - ok

16:24:41.0144 4192 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) F:Windowssystem32driverstdpipe.sys

16:24:41.0144 4192 TDPIPE - ok

16:24:41.0176 4192 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) F:Windowssystem32driverstdtcp.sys

16:24:41.0176 4192 TDTCP - ok

16:24:41.0222 4192 tdx (b459575348c20e8121d6039da063c704) F:Windowssystem32DRIVERStdx.sys

16:24:41.0222 4192 tdx - ok

16:24:41.0254 4192 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) F:Windowssystem32driverstermdd.sys

16:24:41.0269 4192 TermDD - ok

16:24:41.0316 4192 TermService (382c804c92811be57829d8e550a900e2) F:WindowsSystem32termsrv.dll

16:24:41.0332 4192 TermService - ok

16:24:41.0363 4192 TfFsMon (a56ec942ecabfb7849bfa76060f929fb) F:Windowssystem32driversTfFsMon.sys

16:24:41.0363 4192 TfFsMon - ok

16:24:41.0410 4192 TfNetMon (917ef522563f6047685486efa486fb3c) F:Windowssystem32driversTfNetMon.sys

16:24:41.0410 4192 TfNetMon - ok

16:24:41.0456 4192 TfSysMon (57edbb5fe7ff09bb21121d13bb950ba5) F:Windowssystem32driversTfSysMon.sys

16:24:41.0456 4192 TfSysMon - ok

16:24:41.0472 4192 Themes (42fb6afd6b79d9fe07381609172e7ca4) F:Windowssystem32themeservice.dll

16:24:41.0472 4192 Themes - ok

16:24:41.0503 4192 THREADORDER (146b6f43a673379a3c670e86d89be5ea) F:Windowssystem32mmcss.dll

16:24:41.0503 4192 THREADORDER - ok

16:24:41.0534 4192 ThreatFire - ok

16:24:41.0550 4192 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) F:WindowsSystem32trkwks.dll

16:24:41.0566 4192 TrkWks - ok

16:24:41.0597 4192 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) F:WindowsservicingTrustedInstaller.exe

16:24:41.0612 4192 TrustedInstaller - ok

16:24:41.0644 4192 tssecsrv (254bb140eee3c59d6114c1a86b636877) F:Windowssystem32DRIVERStssecsrv.sys

16:24:41.0644 4192 tssecsrv - ok

16:24:41.0659 4192 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) F:Windowssystem32driverstsusbflt.sys

16:24:41.0659 4192 TsUsbFlt - ok

16:24:41.0706 4192 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) F:Windowssystem32DRIVERStunnel.sys

16:24:41.0706 4192 tunnel - ok

16:24:41.0737 4192 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) F:Windowssystem32DRIVERSuagp35.sys

16:24:41.0737 4192 uagp35 - ok

16:24:41.0784 4192 udfs (ee43346c7e4b5e63e54f927babbb32ff) F:Windowssystem32DRIVERSudfs.sys

16:24:41.0784 4192 udfs - ok

16:24:41.0815 4192 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) F:Windowssystem32UI0Detect.exe

16:24:41.0815 4192 UI0Detect - ok

16:24:41.0862 4192 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) F:Windowssystem32driversuliagpkx.sys

16:24:41.0862 4192 uliagpkx - ok

16:24:41.0909 4192 umbus (d295bed4b898f0fd999fcfa9b32b071b) F:Windowssystem32driversumbus.sys

16:24:41.0909 4192 umbus - ok

16:24:41.0924 4192 UmPass (7550ad0c6998ba1cb4843e920ee0feac) F:Windowssystem32DRIVERSumpass.sys

16:24:41.0924 4192 UmPass - ok

16:24:41.0956 4192 upnphost (833fbb672460efce8011d262175fad33) F:WindowsSystem32upnphost.dll

16:24:41.0956 4192 upnphost - ok

16:24:42.0002 4192 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) F:Windowssystem32driversusbaudio.sys

16:24:42.0002 4192 usbaudio - ok

16:24:42.0049 4192 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) F:Windowssystem32DRIVERSusbccgp.sys

16:24:42.0049 4192 usbccgp - ok

16:24:42.0080 4192 usbcir (04ec7cec62ec3b6d9354eee93327fc82) F:Windowssystem32driversusbcir.sys

16:24:42.0080 4192 usbcir - ok

16:24:42.0096 4192 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) F:Windowssystem32DRIVERSusbehci.sys

16:24:42.0096 4192 usbehci - ok

16:24:42.0143 4192 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) F:Windowssystem32DRIVERSusbhub.sys

16:24:42.0143 4192 usbhub - ok

16:24:42.0158 4192 usbohci (a6fb7957ea7afb1165991e54ce934b74) F:Windowssystem32DRIVERSusbohci.sys

16:24:42.0158 4192 usbohci - ok

16:24:42.0205 4192 usbprint (797d862fe0875e75c7cc4c1ad7b30252) F:Windowssystem32DRIVERSusbprint.sys

16:24:42.0205 4192 usbprint - ok

16:24:42.0236 4192 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) F:Windowssystem32DRIVERSusbscan.sys

16:24:42.0252 4192 usbscan - ok

16:24:42.0283 4192 USBSTOR (f991ab9cc6b908db552166768176896a) F:Windowssystem32DRIVERSUSBSTOR.SYS

16:24:42.0283 4192 USBSTOR - ok

16:24:42.0314 4192 usbuhci (68df884cf41cdada664beb01daf67e3d) F:Windowssystem32DRIVERSusbuhci.sys

16:24:42.0314 4192 usbuhci - ok

16:24:42.0330 4192 UxSms (081e6e1c91aec36758902a9f727cd23c) F:WindowsSystem32uxsms.dll

16:24:42.0330 4192 UxSms - ok

16:24:42.0361 4192 VaultSvc (81951f51e318aecc2d68559e47485cc4) F:Windowssystem32lsass.exe

16:24:42.0361 4192 VaultSvc - ok

16:24:42.0377 4192 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) F:Windowssystem32driversvdrvroot.sys

16:24:42.0377 4192 vdrvroot - ok

16:24:42.0455 4192 vds (c3cd30495687c2a2f66a65ca6fd89be9) F:WindowsSystem32vds.exe

16:24:42.0470 4192 vds - ok

16:24:42.0486 4192 vga (17c408214ea61696cec9c66e388b14f3) F:Windowssystem32DRIVERSvgapnp.sys

16:24:42.0486 4192 vga - ok

16:24:42.0502 4192 VgaSave (8e38096ad5c8570a6f1570a61e251561) F:WindowsSystem32driversvga.sys

16:24:42.0502 4192 VgaSave - ok

16:24:42.0533 4192 vhdmp (5461686cca2fda57b024547733ab42e3) F:Windowssystem32driversvhdmp.sys

16:24:42.0533 4192 vhdmp - ok

16:24:42.0564 4192 viaagp (c829317a37b4bea8f39735d4b076e923) F:Windowssystem32driversviaagp.sys

16:24:42.0564 4192 viaagp - ok

16:24:42.0595 4192 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) F:Windowssystem32DRIVERSviac7.sys

16:24:42.0595 4192 ViaC7 - ok

16:24:42.0611 4192 viaide (e43574f6a56a0ee11809b48c09e4fd3c) F:Windowssystem32driversviaide.sys

16:24:42.0611 4192 viaide - ok

16:24:42.0611 4192 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) F:Windowssystem32driversvolmgr.sys

16:24:42.0626 4192 volmgr - ok

16:24:42.0642 4192 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) F:Windowssystem32driversvolmgrx.sys

16:24:42.0658 4192 volmgrx - ok

16:24:42.0689 4192 volsnap (f497f67932c6fa693d7de2780631cfe7) F:Windowssystem32driversvolsnap.sys

16:24:42.0689 4192 volsnap - ok

16:24:42.0720 4192 vsmraid (9dfa0cc2f8855a04816729651175b631) F:Windowssystem32DRIVERSvsmraid.sys

16:24:42.0720 4192 vsmraid - ok

16:24:42.0798 4192 VSS (209a3b1901b83aeb8527ed211cce9e4c) F:Windowssystem32vssvc.exe

16:24:42.0814 4192 VSS - ok

16:24:42.0845 4192 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) F:Windowssystem32DRIVERSvwifibus.sys

16:24:42.0845 4192 vwifibus - ok

16:24:42.0860 4192 vwififlt (7090d3436eeb4e7da3373090a23448f7) F:Windowssystem32DRIVERSvwififlt.sys

16:24:42.0876 4192 vwififlt - ok

16:24:42.0907 4192 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) F:Windowssystem32DRIVERSvwifimp.sys

16:24:42.0907 4192 vwifimp - ok

16:24:42.0954 4192 W32Time (55187fd710e27d5095d10a472c8baf1c) F:Windowssystem32w32time.dll

16:24:42.0985 4192 W32Time - ok

16:24:43.0001 4192 WacomPen (de3721e89c653aa281428c8a69745d90) F:Windowssystem32DRIVERSwacompen.sys

16:24:43.0001 4192 WacomPen - ok

16:24:43.0032 4192 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) F:Windowssystem32DRIVERSwanarp.sys

16:24:43.0032 4192 WANARP - ok

16:24:43.0048 4192 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) F:Windowssystem32DRIVERSwanarp.sys

16:24:43.0048 4192 Wanarpv6 - ok

16:24:43.0141 4192 WatAdminSvc (353a04c

Share this post


Link to post
Share on other sites

Hello luluhifi

 

Thank you for the aswMBR log.

 

Unfortunately it looks as though the OTL log and the TDSSKiller log were cut off (this can sometimes happen when the logs are over a certain length).

 

Please post the remainder of the OTL log (beginning from the ========== LOP Check ========== section) and the remainder of the TDSSKiller log (beginning from 16:24:42.0798 4192 VSS (209a3b1901b83aeb8527ed211cce9e4c) F:\Windows\system32\vssvc.exe).

 

Many thanks

 

JonTom

Share this post


Link to post
Share on other sites

========== LOP Check ==========

 

[2011/08/13 15:53:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingApowersoft

[2010/10/23 09:09:08 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBackTalk

[2012/07/22 18:25:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBitTorrent

[2010/10/23 20:17:56 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingdBpoweramp

[2010/10/02 11:17:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDisk Cleaner

[2012/02/01 23:36:24 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDVDFab

[2012/07/12 22:43:10 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingf-secure

[2011/05/22 13:07:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingFDRLab

[2011/08/24 17:01:40 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingImgBurn

[2011/10/06 23:15:21 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingIObit

[2011/04/20 16:26:24 | 000,000,000 | RHSD | M] -- F:UsersTTArmstrongAppDataRoamingJava

[2010/10/17 21:57:31 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingMoonchild Productions

[2012/04/04 22:53:16 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingPanda Security

[2011/10/30 07:10:05 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingSystemRequirementsLab

[2011/06/03 07:03:42 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingUpdater

[2012/07/23 21:45:56 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingVso

[2012/06/23 07:47:39 | 000,032,606 | ---- | M] () -- F:WindowsTasksSCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

< %systemroot%*. /rp /s >

 

< MD5 for: EXPLORER.EXE >

[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fcexplorer.exe

[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430explorer.exe

[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373explorer.exe

[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1explorer.exe

[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cefexplorer.exe

[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87caexplorer.exe

[2011/05/15 02:53:30 | 007,012,752 | ---- | M] () MD5=497144C537E73165F7A39C24CC29510C -- F:UsersTTArmstrongAppDataRoamingUpdaterexplorer.exe

[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowserdntcacheexplorer.exe

[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowsexplorer.exe

[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84explorer.exe

[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6explorer.exe

[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878explorer.exe

[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691explorer.exe

 

< MD5 for: SVCHOST.EXE >

[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:Windowserdntcachesvchost.exe

[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:WindowsSystem32svchost.exe

[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356svchost.exe

[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- F:Program FilesMalwarebytes' Anti-MalwareChameleonsvchost.exe

 

< MD5 for: USERINIT.EXE >

[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:Windowserdntcacheuserinit.exe

[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:WindowsSystem32userinit.exe

[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116userinit.exe

[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7cuserinit.exe

 

< MD5 for: WINLOGON.EXE >

[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177winlogon.exe

[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2winlogon.exe

[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:Windowserdntcachewinlogon.exe

[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:WindowsSystem32winlogon.exe

[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500winlogon.exe

[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- F:Program FilesMalwarebytes' Anti-MalwareChameleonwinlogon.exe

[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166winlogon.exe

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 298 bytes -> F:WindowsSystem32driversgtqjbadj.sys:changelist

@Alternate Data Stream - 20 bytes -> F:UsersTTArmstrongDesktoporignal dance:Mac_Metadata

@Alternate Data Stream - 105 bytes -> F:ProgramDataTEMP:5C321E34

 

< End of report >

Share this post


Link to post
Share on other sites

16:24:42.0798 4192 VSS (209a3b1901b83aeb8527ed211cce9e4c) F:Windowssystem32vssvc.exe

16:24:42.0814 4192 VSS - ok

16:24:42.0845 4192 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) F:Windowssystem32DRIVERSvwifibus.sys

16:24:42.0845 4192 vwifibus - ok

16:24:42.0860 4192 vwififlt (7090d3436eeb4e7da3373090a23448f7) F:Windowssystem32DRIVERSvwififlt.sys

16:24:42.0876 4192 vwififlt - ok

16:24:42.0907 4192 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) F:Windowssystem32DRIVERSvwifimp.sys

16:24:42.0907 4192 vwifimp - ok

16:24:42.0954 4192 W32Time (55187fd710e27d5095d10a472c8baf1c) F:Windowssystem32w32time.dll

16:24:42.0985 4192 W32Time - ok

16:24:43.0001 4192 WacomPen (de3721e89c653aa281428c8a69745d90) F:Windowssystem32DRIVERSwacompen.sys

16:24:43.0001 4192 WacomPen - ok

16:24:43.0032 4192 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) F:Windowssystem32DRIVERSwanarp.sys

16:24:43.0032 4192 WANARP - ok

16:24:43.0048 4192 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) F:Windowssystem32DRIVERSwanarp.sys

16:24:43.0048 4192 Wanarpv6 - ok

16:24:43.0141 4192 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) F:Windowssystem32WatWatAdminSvc.exe

16:24:43.0172 4192 WatAdminSvc - ok

16:24:43.0266 4192 wbengine (691e3285e53dca558e1a84667f13e15a) F:Windowssystem32wbengine.exe

16:24:43.0282 4192 wbengine - ok

16:24:43.0313 4192 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) F:WindowsSystem32wbiosrvc.dll

16:24:43.0328 4192 WbioSrvc - ok

16:24:43.0375 4192 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) F:WindowsSystem32wcncsvc.dll

16:24:43.0391 4192 wcncsvc - ok

16:24:43.0406 4192 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) F:WindowsSystem32WcsPlugInService.dll

16:24:43.0406 4192 WcsPlugInService - ok

16:24:43.0453 4192 Wd (1112a9badacb47b7c0bb0392e3158dff) F:Windowssystem32DRIVERSwd.sys

16:24:43.0453 4192 Wd - ok

16:24:43.0484 4192 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) F:Windowssystem32DRIVERSwdcsam.sys

16:24:43.0484 4192 WDC_SAM - ok

16:24:43.0531 4192 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) F:Windowssystem32driversWdf01000.sys

16:24:43.0531 4192 Wdf01000 - ok

16:24:43.0547 4192 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) F:Windowssystem32wdi.dll

16:24:43.0547 4192 WdiServiceHost - ok

16:24:43.0562 4192 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) F:Windowssystem32wdi.dll

16:24:43.0562 4192 WdiSystemHost - ok

16:24:43.0609 4192 WebClient (a9d880f97530d5b8fee278923349929d) F:WindowsSystem32webclnt.dll

16:24:43.0625 4192 WebClient - ok

16:24:43.0640 4192 Wecsvc (760f0afe937a77cff27153206534f275) F:Windowssystem32wecsvc.dll

16:24:43.0656 4192 Wecsvc - ok

16:24:43.0672 4192 wercplsupport (ac804569bb2364fb6017370258a4091b) F:WindowsSystem32wercplsupport.dll

16:24:43.0672 4192 wercplsupport - ok

16:24:43.0687 4192 WerSvc (08e420d873e4fd85241ee2421b02c4a4) F:WindowsSystem32WerSvc.dll

16:24:43.0703 4192 WerSvc - ok

16:24:43.0718 4192 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) F:Windowssystem32DRIVERSwfplwf.sys

16:24:43.0718 4192 WfpLwf - ok

16:24:43.0734 4192 WIMMount (5cf95b35e59e2a38023836fff31be64c) F:Windowssystem32driverswimmount.sys

16:24:43.0734 4192 WIMMount - ok

16:24:43.0843 4192 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) F:Program FilesWindows Defendermpsvc.dll

16:24:43.0843 4192 WinDefend - ok

16:24:43.0859 4192 WinHttpAutoProxySvc - ok

16:24:43.0921 4192 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) F:Windowssystem32wbemWMIsvc.dll

16:24:43.0921 4192 Winmgmt - ok

16:24:43.0999 4192 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) F:Windowssystem32WsmSvc.dll

16:24:44.0030 4192 WinRM - ok

16:24:44.0093 4192 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) F:Windowssystem32DRIVERSWinUsb.sys

16:24:44.0093 4192 WinUsb - ok

16:24:44.0155 4192 Wlansvc (16935c98ff639d185086a3529b1f2067) F:WindowsSystem32wlansvc.dll

16:24:44.0171 4192 Wlansvc - ok

16:24:44.0186 4192 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) F:Windowssystem32driverswmiacpi.sys

16:24:44.0186 4192 WmiAcpi - ok

16:24:44.0218 4192 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) F:Windowssystem32wbemWmiApSrv.exe

16:24:44.0218 4192 wmiApSrv - ok

16:24:44.0342 4192 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) F:Program FilesWindows Media Playerwmpnetwk.exe

16:24:44.0358 4192 WMPNetworkSvc - ok

16:24:44.0358 4192 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) F:WindowsSystem32wpcsvc.dll

16:24:44.0374 4192 WPCSvc - ok

16:24:44.0405 4192 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) F:Windowssystem32wpdbusenum.dll

16:24:44.0405 4192 WPDBusEnum - ok

16:24:44.0436 4192 ws2ifsl (6db3276587b853bf886b69528fdb048c) F:Windowssystem32driversws2ifsl.sys

16:24:44.0436 4192 ws2ifsl - ok

16:24:44.0467 4192 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) F:Windowssystem32wscsvc.dll

16:24:44.0467 4192 wscsvc - ok

16:24:44.0483 4192 WSearch - ok

16:24:44.0608 4192 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) F:Windowssystem32wuaueng.dll

16:24:44.0639 4192 wuauserv - ok

16:24:44.0764 4192 WudfPf (e714a1c0354636837e20ccbf00888ee7) F:Windowssystem32driversWudfPf.sys

16:24:44.0764 4192 WudfPf - ok

16:24:44.0810 4192 WUDFRd (1023ee888c9b47178c5293ed5336ab69) F:Windowssystem32DRIVERSWUDFRd.sys

16:24:44.0810 4192 WUDFRd - ok

16:24:44.0857 4192 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) F:WindowsSystem32WUDFSvc.dll

16:24:44.0857 4192 wudfsvc - ok

16:24:44.0873 4192 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) F:WindowsSystem32wwansvc.dll

16:24:44.0888 4192 WwanSvc - ok

16:24:44.0951 4192 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) DeviceHarddisk0DR0

16:24:45.0263 4192 DeviceHarddisk0DR0 - ok

16:24:45.0263 4192 Boot (0x1200) (614c198eb7962e63f03cfa397ea98a50) DeviceHarddisk0DR0Partition0

16:24:45.0263 4192 DeviceHarddisk0DR0Partition0 - ok

16:24:45.0278 4192 Boot (0x1200) (fb9bd8f2626b0027723cae9e8adbe71c) DeviceHarddisk0DR0Partition1

16:24:45.0278 4192 DeviceHarddisk0DR0Partition1 - ok

16:24:45.0294 4192 Boot (0x1200) (c86343aa68ad897dc5f518d97b9d52f3) DeviceHarddisk0DR0Partition2

16:24:45.0294 4192 DeviceHarddisk0DR0Partition2 - ok

16:24:45.0294 4192 ============================================================

16:24:45.0294 4192 Scan finished

16:24:45.0294 4192 ============================================================

16:24:45.0310 2532 Detected object count: 0

16:24:45.0310 2532 Actual detected object count: 0

16:33:20.0198 4992 Deinitialize success

 

 

 

Hats off to you with the help JonTom :b33r::)

Share this post


Link to post
Share on other sites

Hello luluhifi

 

Thank you for posting the logs :)

 

Before we continue, I have another file for you to scan.

 

Please scan the following file using Virus Total and post the link to the results page in your next reply:

 

F:\Windows\12225517.dat

Share this post


Link to post
Share on other sites

Hello luluhifi

 

Thank you for the scan data.

 

Despite the lack of a positive detection I believe this file to be related to malware (it was created at the exact same time as an infected file which was automatically removed by combofix and it appears to be completely unique).

 

  • Please open OTL

  • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

     

    :OTL
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: F:\Program Files\PriceGong\2.1.0\FF
    [2012/06/29 13:40:23 | 000,000,000 | ---D | M] (OneClickDownloader) -- F:\Users\TTArmstrong\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
    [2012/07/22 17:10:21 | 000,000,000 | ---D | M] (No name found) -- F:\Users\TTArmstrong\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\OneClickDownload@OneClickDownload.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    @Alternate Data Stream - 298 bytes -> F:\Windows\System32\drivers\gtqjbadj.sys:changelist
    @Alternate Data Stream - 20 bytes -> F:\Users\TTArmstrong\Desktop\orignal dance:Mac_Metadata
    @Alternate Data Stream - 105 bytes -> F:\ProgramData\TEMP:5C321E34
    
    :Files
    F:\Windows\System32\drivers\gtqjbadj.sys
    F:\ProgramData\Microsoft\Windows\DRM\D27B.tmp
    F:\Windows\12225517.dat
    F:\Program Files\PriceGong
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
    
    
  • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
  • Allow the program to run unhindered.
  • Your machine will re-start itself. This is normal.
  • A log will be created after your machine reboots. Please post the contents of the log in your next reply.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

Click here to Read Amazon Reviews!



×