Jump to content
Sign in to follow this  
luluhifi

Trojans win32 Sirefef!E2 & E1

Recommended Posts

yet this one was a real nasty one that i could not get rid of>>>Is there any other progam that i can put with and work with the other ones i have to protect me from this again :hammer: ??I will run the scan when I get back to system in trouble..Thanks alot :)

Share this post


Link to post
Share on other sites

Hello luluhifi

 

this one was a real nasty one that i could not get rid of

This is certainly a very serious infection and we have more work to do before the all clear can be given.

 

Is there any other progam that i can put with and work with the other ones i have to protect me from this again

Lets concentrate on getting the system clean first. Once this has been taken care of we'll talk about security programs.

 

I will run the scan when I get back to system in trouble

:tup:

Share this post


Link to post
Share on other sites

Here you go :hammer:

 

 

All processes killed

========== OTL ==========

File HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensions{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: F:Program FilesPriceGong2.1.0FF not found.

F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.comskin folder moved successfully.

F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.comlocaleen-US folder moved successfully.

F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.comlocale folder moved successfully.

F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.comdefaultspreferences folder moved successfully.

F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.comdefaults folder moved successfully.

F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.comchromecontent folder moved successfully.

F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.comchrome folder moved successfully.

F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensionsOneClickDownload@OneClickDownload.com folder moved successfully.

F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfiles0extensionsOneClickDownload@OneClickDownload.com folder moved successfully.

Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{02478D38-C3F9-4efb-9B51-7695ECA05670} not found.

Registry key HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftInternet ExplorerRestrictions deleted successfully.

Registry key HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet ExplorerControl Panel deleted successfully.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

Registry error reading value HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{E2883E8F-472F-4FB0-9522-AC9BF37916A7}DownloadInformationINF .

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{E2883E8F-472F-4FB0-9522-AC9BF37916A7} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2883E8F-472F-4FB0-9522-AC9BF37916A7} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{E2883E8F-472F-4FB0-9522-AC9BF37916A7} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2883E8F-472F-4FB0-9522-AC9BF37916A7} not found.

ADS F:WindowsSystem32driversgtqjbadj.sys:changelist deleted successfully.

ADS F:UsersTTArmstrongDesktoporignal dance:Mac_Metadata deleted successfully.

ADS F:ProgramDataTEMP:5C321E34 deleted successfully.

========== FILES ==========

F:WindowsSystem32driversgtqjbadj.sys moved successfully.

F:ProgramDataMicrosoftWindowsDRMD27B.tmp moved successfully.

F:Windows12225517.dat moved successfully.

FileFolder F:Program FilesPriceGong not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: TTArmstrong

->Temp folder emptied: 16384 bytes

->Temporary Internet Files folder emptied: 65938 bytes

->Java cache emptied: 653092238 bytes

->Google Chrome cache emptied: 73215879 bytes

->Flash cache emptied: 1242012 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 17310853 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 710.00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

 

User: All Users

 

User: Default

 

User: Default User

 

User: Public

 

User: TTArmstrong

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTL by OldTimer - Version 3.2.54.1 log created on 07292012_205844

 

FilesFolders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Hello luluhifi

 

Thank you for the log.

 

Please re-scan the machine with OTL exactly as you did in post number 16 and post the log in your next reply.

Share this post


Link to post
Share on other sites

OTL logfile created on: 7/30/2012 9:57:44 PM - Run 2

OTL by OldTimer - Version 3.2.54.1 Folder = F:UsersTTArmstrongDesktop

Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.99 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.66% Memory free

3.98 Gb Paging File | 2.34 Gb Available in Paging File | 58.92% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = F: | %SystemRoot% = F:Windows | %ProgramFiles% = F:Program Files

Drive C: | 58.93 Gb Total Space | 6.95 Gb Free Space | 11.79% Space Free | Partition Type: NTFS

Drive E: | 39.71 Gb Total Space | 29.45 Gb Free Space | 74.16% Space Free | Partition Type: NTFS

Drive F: | 50.14 Gb Total Space | 8.77 Gb Free Space | 17.49% Space Free | Partition Type: NTFS

 

Computer Name: TTARMSTRONG-PC | User Name: TTArmstrong | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe

PRC - [2012/07/13 07:15:56 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe

PRC - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe

PRC - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe

PRC - [2012/06/29 13:38:24 | 003,069,752 | ---- | M] (Emsisoft GmbH) -- F:Program FilesEmsisoft Anti-Malwarea2service.exe

PRC - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe

PRC - [2012/03/11 21:13:02 | 006,749,512 | ---- | M] (COMODO) -- F:Program FilesCOMODOCOMODO Internet Securitycfp.exe

PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe

PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIpsia.exe

PRC - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIsua.exe

PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- F:Program FilesSUPERAntiSpywareSASCore.exe

PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- F:Windowsexplorer.exe

PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFTray.exe

PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFService.exe

PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- F:WindowsSystem32taskhost.exe

PRC - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe

PRC - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe

PRC - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe

PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- F:Program FilesNeroUpdateNASvc.exe

PRC - [2010/03/24 12:16:02 | 029,373,736 | ---- | M] (Nero AG) -- F:Program FilesNeroNero 10Nero ExpressNeroExpress.exe

PRC - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe

PRC - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe

PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- F:Program FilesSpybot - Search & DestroyTeaTimer.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- F:Program FilesSpybot - Search & DestroySDWinSec.exe

PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe

PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/07/10 00:09:00 | 000,438,296 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppgooglenaclpluginchrome.dll

MOD - [2012/07/10 00:08:59 | 003,972,120 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll

MOD - [2012/07/10 00:07:39 | 000,554,520 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libglesv2.dll

MOD - [2012/07/10 00:07:37 | 000,117,784 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libegl.dll

MOD - [2012/07/10 00:07:22 | 000,140,328 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avutil-51.dll

MOD - [2012/07/10 00:07:21 | 000,262,184 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avformat-54.dll

MOD - [2012/07/10 00:07:19 | 002,386,984 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avcodec-54.dll

MOD - [2011/11/17 08:51:58 | 000,073,728 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANPDApi.dll

MOD - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe

MOD - [2010/07/05 18:41:40 | 000,299,008 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless Utilitywlanapp.dll

MOD - [2010/06/29 17:42:42 | 000,040,960 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.dll

MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- F:Program FilesWinRARRarExt.dll

MOD - [2010/03/04 13:22:14 | 000,374,056 | ---- | M] () -- F:Program FilesNeroNero 10Nero ExpressAudioPluginMgrlame_enc.dll

MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- F:Program FilesMicrosoft OfficeOffice141033GrooveIntlResource.dll

MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- F:Program FilesCommon Filesmicrosoft sharedOFFICE14CulturesOFFICE.ODF

MOD - [2009/12/11 13:44:02 | 000,045,864 | R--- | M] () -- F:Program FilesNeroNero 10Nero ExpressBCGPOleAcc.dll

MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe

MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- -- (tgsrvc_verizondm)

SRV - File not found [Auto | Running] -- F:Program FilesSpybot -- (SBSDWSCService)

SRV - [2012/07/28 22:19:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:WindowsSystem32MacromedFlashFlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe -- (PSUAService)

SRV - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe -- (NanoServiceMain)

SRV - [2012/06/29 13:38:24 | 003,069,752 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- F:Program FilesEmsisoft Anti-Malwarea2service.exe -- (a2AntiMalware)

SRV - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe -- (cmdAgent)

SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe -- (AdobeARMservice)

SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIpsia.exe -- (Secunia PSI Agent)

SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIsua.exe -- (Secunia Update Agent)

SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- F:Program FilesSUPERAntiSpywareSASCore.exe -- (!SASCORE)

SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe -- (NisSrv)

SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc)

SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- F:Program FilesThreatFireTFService.exe -- (ThreatFire)

SRV - [2010/10/01 12:50:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32WatWatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe -- (Nonbrand_WUS-N)

SRV - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe -- (Nonbrand_WUS-N_WPS)

SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- F:Program FilesNeroUpdateNASvc.exe -- (NAUpdate)

SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft OfficeOffice14GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe -- (Credential Vault Host Control Service)

SRV - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe -- (Credential Vault Host Storage)

SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:Program FilesWindows DefenderMpSvc.dll -- (WinDefend)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempCFcatchme.sys -- (CFcatchme)

DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempcatchme.sys -- (catchme)

DRV - [2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversPSINKNC.sys -- (PSINKNC)

DRV - [2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINProt.sys -- (PSINProt)

DRV - [2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINProc.sys -- (PSINProc)

DRV - [2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINAflt.sys -- (PSINAflt)

DRV - [2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINFile.sys -- (PSINFile)

DRV - [2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSStrm.sys -- (NNSSTRM)

DRV - [2012/06/29 13:37:46 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- F:Program FilesEmsisoft Anti-Malwarea2accx86.sys -- (a2acc)

DRV - [2012/06/27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNStlsc.sys -- (NNSTLSC)

DRV - [2012/06/27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSProt.sys -- (NNSPROT)

DRV - [2012/06/27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPrv.sys -- (NNSPRV)

DRV - [2012/06/27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSSmtp.sys -- (NNSSMTP)

DRV - [2012/06/27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPop3.sys -- (NNSPOP3)

DRV - [2012/06/27 15:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- F:WindowsSystem32driversNNSPihsw.sys -- (NNSPIHSW)

DRV - [2012/06/27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSIds.sys -- (NNSIDS)

DRV - [2012/06/27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSpicc.sys -- (NNSPICC)

DRV - [2012/06/27 15:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- F:WindowsSystem32driversNNSNAHSL.sys -- (NNSNAHSL)

DRV - [2012/06/27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSHttp.sys -- (NNSHTTP)

DRV - [2012/06/27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSAlpc.sys -- (NNSALPC)

DRV - [2012/03/11 21:13:38 | 000,039,640 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driverscmdhlp.sys -- (cmdHlp)

DRV - [2012/03/11 21:13:36 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- F:WindowsSystem32driverscmdGuard.sys -- (cmdGuard)

DRV - [2012/02/03 19:27:48 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driversinspect.sys -- (inspect)

DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywaresasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywareSASKUTIL.SYS -- (SASKUTIL)

DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- F:Program FilesEmsisoft Anti-Malwarea2ddax86.sys -- (A2DDA)

DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversNisDrvWFP.sys -- (NisDrv)

DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversMpNWMon.sys -- (MpNWMon)

DRV - [2011/03/10 18:04:57 | 000,046,280 | ---- | M] (Panda Security) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversPSKMAD.sys -- (PSKMAD)

DRV - [2011/02/23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- F:WindowsSystem32driversSmartDefragDriver.sys -- (SmartDefragDriver)

DRV - [2011/02/22 13:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfSysMon.sys -- (TfSysMon)

DRV - [2011/02/22 13:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversTfNetMon.sys -- (TfNetMon)

DRV - [2011/02/22 13:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfFsMon.sys -- (TfFsMon)

DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversTsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverswinusb.sys -- (WinUsb)

DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- F:WindowsSystem32driverspsi_mf.sys -- (PSI)

DRV - [2010/07/29 01:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversivusb.sys -- (ivusb)

DRV - [2010/06/21 14:28:02 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- F:WindowsSystem32driversanodlwf.sys -- (anodlwf)

DRV - [2010/05/26 21:29:42 | 000,856,928 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversnetr28u.sys -- (netr28u)

DRV - [2009/11/03 16:40:42 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverscvusbdrv.sys -- (cvusbdrv)

DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversvwifimp.sys -- (vwifimp)

DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Stopped] -- F:WindowsSystem32driversserial.sys -- (Serial)

DRV - [2009/06/16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversnvlddmkm.sys -- (nvlddmkm)

DRV - [2009/06/13 01:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverse1y6232.sys -- (e1yexpress)

DRV - [2009/04/03 00:25:50 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- F:WindowsSystem32driversrimmptsk.sys -- (rimmptsk)

DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- F:WindowsSystem32driversPBADRV.sys -- (PBADRV)

DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverswdcsam.sys -- (WDC_SAM)

DRV - [2007/06/14 16:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversPAC7302.SYS -- (PAC7302)

DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:Program FilesPeerGuardian2pgfilter.sys -- (pgfilter)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com/

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 32 3B 56 CC 32 DD CB 01 [binary data]

IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS399

IE - HKCU..SearchScopes{7DA22919-2250-49B5-B6AF-6EDF78DB766E}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110939,17118,0,18,0

IE - HKCU..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"

FF - prefs.js..extensions.enabledItems: facadazzle@atlinkcom.com:1.0

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: F:Windowssystem32MacromedFlashNPSWF32_11_3_300_268.dll ()

FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: F:Program FilesJavajre6binplugin2npjp2.dll (Sun Microsystems, Inc.)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/SharePoint,version=14.0: F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@mozilla.zeniko.ch/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found

FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=6.0.11.2852: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=6.0.12.1662: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPlugins@videolan.org/vlc,version=2.0.1: F:Program FilesVideoLANVLCnpvlc.dll (VideoLAN)

FF - HKLMSoftwareMozillaPluginsAdobe Reader: F:Program FilesAdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

FF - HKCUSoftwareMozillaPlugins@mozilla.zeniko.ch/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found

FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsComponents: F:Program FilesPale Mooncomponents [2012/07/22 21:39:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsPlugins: F:Program FilesPale Moonplugins [2012/07/22 21:04:49 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensions{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: F:Program FilesPriceGong2.1.0FF

 

[2012/02/15 13:45:42 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaExtensions

[2012/07/29 20:58:45 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensions

[2012/07/29 20:58:45 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfiles0extensions

[2012/02/15 09:13:57 | 000,000,000 | ---D | M] (No name found) -- F:Program FilesMozilla Firefoxextensions

[2011/07/07 09:43:57 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011/10/24 01:58:25 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2012/02/26 15:32:27 | 000,000,000 | ---D | M] (PageFont) -- F:USERSTTARMSTRONGAPPDATAROAMINGMOONCHILD PRODUCTIONSPALE MOONPROFILES7WJJ87FK.DEFAULTEXTENSIONSFACADAZZLE@ATLINKCOM.COM

 

========== Chrome ==========

 

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataPepperFlash11.2.31.144pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = F:Windowssystem32MacromedFlashNPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Disabled) = F:Program FilesAdobeReader 10.0ReaderBrowsernppdf32.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnprpjplug.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = F:Program FilesGoogleUpdate1.3.21.111npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = F:Program FilesJavajre6binplugin2npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll

CHR - plugin: VLC Web Plugin (Enabled) = F:Program FilesVideoLANVLCnpvlc.dll

CHR - Extension: YouTube = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0

CHR - Extension: Google Search = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0

CHR - Extension: Gmail = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0

 

O1 HOSTS File: ([2012/07/26 18:47:24 | 000,443,084 | R--- | M]) - F:WindowsSystem32driversetchosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 15245 more lines...

O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:Program FilesSpywareGuarddlprotect.dll ()

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:Program FilesJavajre6binssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:Program FilesMicrosoft OfficeOffice14URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM..Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation)

O3 - HKLM..Toolbar: (no name) - InprocServer32 - No CLSID value found.

O4 - HKLM..Run: [burnStudio] F:Program FilesMagic Burning Studiombs.exe (MagicVideoSoftware Inc.)

O4 - HKLM..Run: [COMODO Internet Security] F:Program FilesCOMODOCOMODO Internet Securitycfp.exe (COMODO)

O4 - HKLM..Run: [KEEBOX 150N Wireless Utility] F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe ()

O4 - HKLM..Run: [PSUAMain] F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe (Panda Security, S.L.)

O4 - HKLM..Run: [sonneDVDCreator] F:Program FilesMagic Burning StudioDVDCreator.exe (MagicVideoSoftware Inc.)

O4 - HKLM..Run: [ThreatFire] F:Program FilesThreatFireTFTray.exe (PC Tools)

O4 - HKCU..Run: [spybotSD TeaTimer] F:Program FilesSpybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSpywareGuard.lnk = F:Program FilesSpywareGuardsgmain.exe ()

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLinkedConnections = 1

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - F:Program FilesMicrosoft OfficeOffice14EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.254.254

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10}: DhcpNameServer = 192.168.254.254

O18 - ProtocolHandlervnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation)

O20 - AppInit_DLLs: (F:WindowsSystem32guard32.dll) - F:WindowsSystem32guard32.dll (COMODO)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:Windowsexplorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (F:Windowssystem32userinit.exe) - F:WindowsSystem32userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:WindowsSystem32SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - WinlogonNotify!SASWinLogon: DllName - (F:Program FilesSUPERAntiSpywareSASWINLO.DLL) - F:Program FilesSUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:Program FilesSUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - F:Program FilesSpywareGuardspywareguard.dll ()

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - F:autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37 - HKLM...com [@ = ComFile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystemsWindows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/07/30 06:11:06 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopSOUND EFFECTS2

[2012/07/30 06:08:44 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopKINGVIPER VDJ AUG

[2012/07/29 21:00:35 | 000,046,280 | ---- | C] (Panda Security) -- F:WindowsSystem32driversPSKMAD.sys

[2012/07/29 20:58:44 | 000,000,000 | ---D | C] -- F:_OTL

[2012/07/29 03:38:00 | 000,000,000 | ---D | C] -- F:ProgramDataKaspersky Lab

[2012/07/28 22:19:24 | 009,821,896 | ---- | C] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerInstaller.exe

[2012/07/26 18:41:04 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy

[2012/07/26 18:40:41 | 000,000,000 | ---D | C] -- F:ProgramDataSpybot - Search & Destroy

[2012/07/26 18:40:41 | 000,000,000 | ---D | C] -- F:Program FilesSpybot - Search & Destroy

[2012/07/26 15:02:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe

[2012/07/26 11:35:48 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys

[2012/07/26 11:35:48 | 000,131,344 | ---- | C] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys

[2012/07/26 11:09:33 | 000,000,000 | ---D | C] -- F:ProgramDataSophos

[2012/07/26 11:09:24 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsSophos

[2012/07/26 11:09:20 | 000,000,000 | ---D | C] -- F:Program FilesSophos

[2012/07/26 08:29:29 | 000,000,000 | -HSD | C] -- F:$RECYCLE.BIN

[2012/07/23 12:49:13 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPanda Cloud Antivirus

[2012/07/22 20:02:33 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataLocaltemp

[2012/07/22 19:49:13 | 000,518,144 | ---- | C] (SteelWerX) -- F:WindowsSWREG.exe

[2012/07/22 19:49:13 | 000,406,528 | ---- | C] (SteelWerX) -- F:WindowsSWSC.exe

[2012/07/22 19:49:13 | 000,060,416 | ---- | C] (NirSoft) -- F:WindowsNIRCMD.exe

[2012/07/22 18:59:15 | 000,000,000 | ---D | C] -- F:Windowserdnt

[2012/07/22 18:56:03 | 004,721,680 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe

[2012/07/22 18:32:51 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopdvdmoviecover

[2012/07/22 09:33:06 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopHIPHOP

[2012/07/21 14:16:19 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoporignal dance

[2012/07/21 13:20:04 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopwedding songs

[2012/07/19 23:17:06 | 000,607,260 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr

[2012/07/18 11:34:09 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoprockerz2 joe gibbs

[2012/07/18 03:21:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32mshtml.tlb

[2012/07/18 03:21:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieui.dll

[2012/07/18 03:21:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieUnatt.exe

[2012/07/18 03:21:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jsproxy.dll

[2012/07/18 03:21:38 | 001,800,192 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jscript9.dll

[2012/07/18 03:21:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32url.dll

[2012/07/18 03:21:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32inetcpl.cpl

[2012/07/18 03:18:31 | 002,345,984 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32win32k.sys

[2012/07/17 21:26:03 | 000,000,000 | ---D | C] -- F:VritualRoot

[2012/07/17 20:17:45 | 000,219,136 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ncrypt.dll

[2012/07/17 20:17:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32msxml3r.dll

[2012/07/17 20:17:41 | 000,805,376 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32cdosys.dll

[2012/07/17 20:13:11 | 002,422,272 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wucltux.dll

[2012/07/17 20:13:11 | 000,045,080 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups2.dll

[2012/07/17 20:12:59 | 000,577,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapi.dll

[2012/07/17 20:12:59 | 000,088,576 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wudriver.dll

[2012/07/17 20:12:59 | 000,035,864 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups.dll

[2012/07/17 20:12:50 | 000,171,904 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuwebv.dll

[2012/07/17 20:12:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapp.exe

[2012/07/17 20:11:47 | 000,000,000 | ---D | C] -- F:Program FilesMicrosoft Security Client

[2012/07/14 08:45:02 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsThreatFire

[2012/07/14 08:45:01 | 000,069,392 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfSysMon.sys

[2012/07/14 08:45:01 | 000,051,984 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfFsMon.sys

[2012/07/14 08:45:01 | 000,033,552 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfNetMon.sys

[2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:Program FilesThreatFire

[2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:ProgramDataPC Tools

[2012/07/13 07:02:16 | 000,174,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys

[2012/07/13 07:02:16 | 000,120,872 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys

[2012/07/13 07:02:16 | 000,114,216 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys

[2012/07/13 07:02:15 | 000,148,520 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys

[2012/07/13 07:02:15 | 000,103,464 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys

[2012/07/12 22:43:10 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingf-secure

[2012/07/12 22:42:53 | 000,000,000 | ---D | C] -- F:ProgramDataF-Secure

[2012/07/12 22:23:42 | 000,014,664 | ---- | C] (McAfee, Inc.) -- F:Windowsstinger.sys

[2012/07/12 22:22:14 | 000,000,000 | ---D | C] -- F:Program Filesstinger

[2012/07/12 11:18:32 | 000,206,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys

[2012/07/11 19:25:56 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopWEDDIN SONG JULY 15

[2012/07/11 05:43:36 | 000,000,000 | ---D | C] -- F:Program FilesReal

[2012/07/10 20:45:16 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopnew riddim & cover april 30

[2012/07/07 16:16:44 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopsamplesforkingcd

[2012/07/07 13:28:51 | 000,000,000 | ---D | C] -- F:Program FilesNewAgeDesign

[2012/07/01 20:12:45 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopwowWORSHIP

[2012/07/01 17:25:05 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopWOW GOSPEL MUSIC

[2010/10/23 05:00:39 | 000,047,360 | ---- | C] (VSO Software) -- F:UsersTTArmstrongAppDataRoamingpcouffin.sys

 

========== Files - Modified Within 30 Days ==========

 

[2012/07/30 21:40:02 | 000,000,896 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineUA.job

[2012/07/30 21:17:01 | 000,000,830 | ---- | M] () -- F:WindowstasksAdobe Flash Player Updater.job

[2012/07/30 21:08:00 | 000,000,932 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001UA.job

[2012/07/30 20:47:34 | 018,282,540 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj009.wav

[2012/07/30 20:45:51 | 029,122,604 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj008.wav

[2012/07/30 20:43:05 | 036,538,412 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj007.wav

[2012/07/30 20:39:38 | 045,281,324 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj006.wav

[2012/07/30 20:35:22 | 036,782,124 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj005.wav

[2012/07/30 20:31:53 | 035,053,612 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj004.wav

[2012/07/30 20:28:34 | 027,793,452 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj003.wav

[2012/07/30 20:25:57 | 052,572,204 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj002.wav

[2012/07/30 20:20:59 | 035,688,492 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj001.wav

[2012/07/30 20:17:37 | 047,814,700 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj000.wav

[2012/07/30 19:31:56 | 038,260,780 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj005.wav

[2012/07/30 19:28:19 | 022,362,156 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj004.wav

[2012/07/30 19:26:12 | 035,506,220 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj003.wav

[2012/07/30 19:22:51 | 053,954,604 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj002.wav

[2012/07/30 19:17:45 | 031,518,764 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj001.wav

[2012/07/30 19:14:46 | 062,074,924 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj000.wav

[2012/07/30 19:00:48 | 000,067,072 | ---- | M] () -- F:UsersTTArmstrongDesktopFuture Pluto Mixtape.jwl

[2012/07/30 18:48:06 | 000,099,328 | ---- | M] () -- F:UsersTTArmstrongDesktopDJ SMALL RNB 12 SUPER JAY 124.jwl

[2012/07/30 18:35:24 | 000,042,496 | ---- | M] () -- F:UsersTTArmstrongDesktopDJ Black Reggae Mix best of 2011 Mixtape.jwl

[2012/07/30 18:24:56 | 000,091,648 | ---- | M] () -- F:UsersTTArmstrongDesktopdj scream dj smallz.jwl

[2012/07/30 17:08:01 | 000,000,880 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001Core.job

[2012/07/30 16:38:38 | 000,067,584 | --S- | M] () -- F:Windowsbootstat.dat

[2012/07/30 15:34:21 | 000,045,070 | ---- | M] () -- F:UsersTTArmstrongDesktop215276_10150168504124133_4115803_n.jpg

[2012/07/30 15:24:27 | 000,000,892 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineCore.job

[2012/07/30 07:04:46 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/30 07:04:46 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/30 07:04:24 | 000,626,486 | ---- | M] () -- F:WindowsSystem32perfh009.dat

[2012/07/30 07:04:24 | 000,107,730 | ---- | M] () -- F:WindowsSystem32perfc009.dat

[2012/07/30 06:57:12 | 000,065,536 | ---- | M] () -- F:WindowsSystem32Ikeext.etl

[2012/07/30 06:56:58 | 1601,097,728 | -HS- | M] () -- F:hiberfil.sys

[2012/07/30 06:41:02 | 004,339,756 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj008.wav

[2012/07/30 06:40:37 | 024,279,084 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj007.wav

[2012/07/30 06:38:20 | 024,641,580 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj006.wav

[2012/07/30 06:36:00 | 030,982,188 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj005.wav

[2012/07/30 06:33:04 | 042,895,404 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj004.wav

[2012/07/30 06:29:01 | 033,499,180 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj003.wav

[2012/07/30 06:25:51 | 025,878,572 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj002.wav

[2012/07/30 06:23:24 | 025,231,404 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj001.wav

[2012/07/30 06:21:01 | 034,054,188 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj000.wav

[2012/07/30 04:24:19 | 000,165,376 | ---- | M] () -- F:UsersTTArmstrongDesktopThe Tall Man.jwl

[2012/07/30 04:21:25 | 000,107,335 | ---- | M] () -- F:UsersTTArmstrongDesktop56056892538297718450.jpg

[2012/07/30 04:21:15 | 001,498,112 | ---- | M] () -- F:UsersTTArmstrongDesktopCole Younger & The Black Train.jwl

[2012/07/30 04:17:30 | 000,165,376 | ---- | M] () -- F:UsersTTArmstrongDesktopHeadhunters.jwl

[2012/07/30 04:13:20 | 000,122,880 | ---- | M] () -- F:UsersTTArmstrongDesktopAirborne.jwl

[2012/07/30 04:10:34 | 000,129,024 | ---- | M] () -- F:UsersTTArmstrongDesktopSiones 2 Unfinished Business.jwl

[2012/07/30 04:07:27 | 000,040,448 | ---- | M] () -- F:UsersTTArmstrongDesktopCellular.jwl

[2012/07/30 04:02:38 | 000,052,224 | ---- | M] () -- F:UsersTTArmstrongDesktopLizzie.jwl

[2012/07/29 04:17:53 | 000,105,601 | ---- | M] () -- F:UsersTTArmstrongDesktop523955_3764822717353_643435299_n.jpg

[2012/07/28 22:19:26 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerApp.exe

[2012/07/28 22:19:26 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerCPLApp.cpl

[2012/07/28 22:19:24 | 009,821,896 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerInstaller.exe

[2012/07/28 10:01:16 | 000,001,057 | ---- | M] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml

[2012/07/26 18:47:24 | 000,443,084 | R--- | M] () -- F:WindowsSystem32driversetchosts

[2012/07/26 18:44:57 | 000,443,084 | R--- | M] () -- F:WindowsSystem32driversetchosts.20120726-184724.backup

[2012/07/26 18:41:05 | 000,001,251 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk

[2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe

[2012/07/26 11:35:48 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys

[2012/07/26 11:35:48 | 000,131,344 | ---- | M] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys

[2012/07/26 11:09:24 | 000,003,221 | ---- | M] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk

[2012/07/26 08:23:41 | 000,000,027 | ---- | M] () -- F:WindowsSystem32driversetchosts.20120726-184457.backup

[2012/07/26 08:04:12 | 004,721,680 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe

[2012/07/23 12:51:42 | 000,462,152 | ---- | M] () -- F:WindowsSystem32FNTCACHE.DAT

[2012/07/23 12:50:26 | 000,000,000 | ---- | M] () -- F:ProgramData0x0304A000.sfl

[2012/07/22 21:39:21 | 000,000,758 | ---- | M] () -- F:UsersPublicDesktopPale Moon.lnk

[2012/07/22 21:05:36 | 000,001,952 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchPale Moon.lnk

[2012/07/19 23:16:58 | 000,607,260 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr

[2012/07/18 04:31:41 | 051,150,892 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav

[2012/07/18 04:26:51 | 022,272,044 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav

[2012/07/18 04:24:45 | 028,700,716 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav

[2012/07/18 04:22:02 | 027,181,100 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav

[2012/07/18 04:19:28 | 035,190,828 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav

[2012/07/18 04:16:09 | 040,550,444 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav

[2012/07/18 04:12:19 | 031,346,732 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav

[2012/07/18 04:09:21 | 045,740,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav

[2012/07/18 04:05:02 | 052,380,232 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav

[2012/07/18 04:00:01 | 020,090,924 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav

[2012/07/18 03:58:07 | 029,100,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav

[2012/07/18 03:18:29 | 000,002,141 | ---- | M] () -- F:Windowsepplauncher.mif

[2012/07/16 17:27:15 | 000,052,001 | ---- | M] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg

[2012/07/14 08:45:02 | 000,000,939 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk

[2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys

[2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys

[2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys

[2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys

[2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys

[2012/07/12 23:01:43 | 000,281,862 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalcensus.cache

[2012/07/12 23:01:22 | 000,158,340 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalars.cache

[2012/07/12 22:53:41 | 000,000,036 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache

[2012/07/12 22:23:42 | 000,014,664 | ---- | M] (McAfee, Inc.) -- F:Windowsstinger.sys

[2012/07/12 22:23:03 | 000,000,045 | RH-- | M] () -- F:UsersTTArmstrongDesktopstinger.opt

[2012/07/12 22:06:02 | 000,001,078 | ---- | M] () -- F:UsersPublicDesktopMalwarebytes Anti-Malware.lnk

[2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys

[2012/07/08 18:36:53 | 002,616,633 | ---- | M] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3

[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- F:WindowsSystem32driversmbam.sys

[2012/07/02 16:51:55 | 000,041,909 | ---- | M] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg

[2012/07/01 15:35:20 | 004,589,338 | ---- | M] () -- F:UsersTTArmstrongDesktopGo Get It.mp3

 

========== Files Created - No Company Name ==========

 

[2012/07/30 20:45:51 | 018,282,540 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj009.wav

[2012/07/30 20:43:05 | 029,122,604 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj008.wav

[2012/07/30 20:39:38 | 036,538,412 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj007.wav

[2012/07/30 20:35:22 | 045,281,324 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj006.wav

[2012/07/30 20:31:53 | 036,782,124 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj005.wav

[2012/07/30 20:28:34 | 035,053,612 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj004.wav

[2012/07/30 20:25:57 | 027,793,452 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj003.wav

[2012/07/30 20:20:59 | 052,572,204 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj002.wav

[2012/07/30 20:17:37 | 035,688,492 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj001.wav

[2012/07/30 20:13:05 | 047,814,700 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj000.wav

[2012/07/30 19:28:19 | 038,260,780 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj005.wav

[2012/07/30 19:26:12 | 022,362,156 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj004.wav

[2012/07/30 19:22:51 | 035,506,220 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj003.wav

[2012/07/30 19:17:45 | 053,954,604 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj002.wav

[2012/07/30 19:14:46 | 031,518,764 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj001.wav

[2012/07/30 19:08:54 | 062,074,924 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj000.wav

[2012/07/30 19:00:48 | 000,067,072 | ---- | C] () -- F:UsersTTArmstrongDesktopFuture Pluto Mixtape.jwl

[2012/07/30 18:48:06 | 000,099,328 | ---- | C] () -- F:UsersTTArmstrongDesktopDJ SMALL RNB 12 SUPER JAY 124.jwl

[2012/07/30 18:35:24 | 000,042,496 | ---- | C] () -- F:UsersTTArmstrongDesktopDJ Black Reggae Mix best of 2011 Mixtape.jwl

[2012/07/30 18:24:56 | 000,091,648 | ---- | C] () -- F:UsersTTArmstrongDesktopdj scream dj smallz.jwl

[2012/07/30 15:34:26 | 000,045,070 | ---- | C] () -- F:UsersTTArmstrongDesktop215276_10150168504124133_4115803_n.jpg

[2012/07/30 06:40:37 | 004,339,756 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj008.wav

[2012/07/30 06:38:20 | 024,279,084 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj007.wav

[2012/07/30 06:36:00 | 024,641,580 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj006.wav

[2012/07/30 06:33:04 | 030,982,188 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj005.wav

[2012/07/30 06:29:01 | 042,895,404 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj004.wav

[2012/07/30 06:25:51 | 033,499,180 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj003.wav

[2012/07/30 06:23:24 | 025,878,572 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj002.wav

[2012/07/30 06:21:01 | 025,231,404 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj001.wav

[2012/07/30 06:17:48 | 034,054,188 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj000.wav

[2012/07/30 04:24:19 | 000,165,376 | ---- | C] () -- F:UsersTTArmstrongDesktopThe Tall Man.jwl

[2012/07/30 04:21:27 | 000,107,335 | ---- | C] () -- F:UsersTTArmstrongDesktop56056892538297718450.jpg

[2012/07/30 04:21:14 | 001,498,112 | ---- | C] () -- F:UsersTTArmstrongDesktopCole Younger & The Black Train.jwl

[2012/07/30 04:17:29 | 000,165,376 | ---- | C] () -- F:UsersTTArmstrongDesktopHeadhunters.jwl

[2012/07/30 04:13:20 | 000,122,880 | ---- | C] () -- F:UsersTTArmstrongDesktopAirborne.jwl

[2012/07/30 04:10:34 | 000,129,024 | ---- | C] () -- F:UsersTTArmstrongDesktopSiones 2 Unfinished Business.jwl

[2012/07/30 04:07:27 | 000,040,448 | ---- | C] () -- F:UsersTTArmstrongDesktopCellular.jwl

[2012/07/30 04:02:38 | 000,052,224 | ---- | C] () -- F:UsersTTArmstrongDesktopLizzie.jwl

[2012/07/29 04:18:00 | 000,105,601 | ---- | C] () -- F:UsersTTArmstrongDesktop523955_3764822717353_643435299_n.jpg

[2012/07/26 18:41:05 | 000,001,251 | ---- | C] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk

[2012/07/26 11:09:24 | 000,003,221 | ---- | C] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk

[2012/07/23 12:50:26 | 000,000,000 | ---- | C] () -- F:ProgramData0x0304A000.sfl

[2012/07/22 21:05:37 | 000,000,770 | ---- | C] () -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPale Moon.lnk

[2012/07/22 21:05:37 | 000,000,758 | ---- | C] () -- F:UsersPublicDesktopPale Moon.lnk

[2012/07/22 19:49:13 | 000,256,000 | ---- | C] () -- F:WindowsPEV.exe

[2012/07/22 19:49:13 | 000,208,896 | ---- | C] () -- F:WindowsMBR.exe

[2012/07/22 19:49:13 | 000,098,816 | ---- | C] () -- F:Windowssed.exe

[2012/07/22 19:49:13 | 000,080,412 | ---- | C] () -- F:Windowsgrep.exe

[2012/07/22 19:49:13 | 000,068,096 | ---- | C] () -- F:Windowszip.exe

[2012/07/18 04:26:51 | 051,150,892 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav

[2012/07/18 04:24:45 | 022,272,044 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav

[2012/07/18 04:22:02 | 028,700,716 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav

[2012/07/18 04:19:28 | 027,181,100 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav

[2012/07/18 04:16:09 | 035,190,828 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav

[2012/07/18 04:12:19 | 040,550,444 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav

[2012/07/18 04:09:21 | 031,346,732 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav

[2012/07/18 04:05:02 | 045,740,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav

[2012/07/17 20:12:11 | 000,002,141 | ---- | C] () -- F:Windowsepplauncher.mif

[2012/07/16 17:27:26 | 000,052,001 | ---- | C] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg

[2012/07/14 08:45:02 | 000,000,939 | ---- | C] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk

[2012/07/13 09:18:58 | 052,380,232 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav

[2012/07/13 09:11:36 | 020,090,924 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav

[2012/07/13 08:44:28 | 029,100,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav

[2012/07/12 23:01:43 | 000,281,862 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalcensus.cache

[2012/07/12 23:01:22 | 000,158,340 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalars.cache

[2012/07/12 22:53:41 | 000,000,036 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache

[2012/07/12 22:22:19 | 000,000,045 | RH-- | C] () -- F:UsersTTArmstrongDesktopstinger.opt

[2012/07/08 18:32:23 | 002,616,633 | ---- | C] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3

[2012/07/08 06:41:30 | 005,213,752 | ---- | C] () -- F:UsersTTArmstrongDesktopShana Wilson Press In Your Presence.mp3

[2012/07/08 06:39:47 | 004,589,338 | ---- | C] () -- F:UsersTTArmstrongDesktopGo Get It.mp3

[2012/07/07 17:36:45 | 000,213,141 | R--- | C] () -- F:UsersTTArmstrongDesktop00-sanchez-best_of_sanchez_(dj_rondon)-bootleg-cd-2006-spliff.jpg

[2012/07/02 16:51:55 | 000,041,909 | ---- | C] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg

[2012/03/26 11:55:00 | 000,147,456 | ---- | C] () -- F:WindowsSystem32DiagFunc.dll

[2012/03/26 11:55:00 | 000,000,451 | ---- | C] () -- F:WindowsSystem32DiagFunc.ini

[2012/03/07 19:24:25 | 000,116,224 | ---- | C] () -- F:WindowsSystem32redmonnt.dll

[2012/03/07 19:24:25 | 000,045,056 | ---- | C] () -- F:WindowsSystem32unredmon.exe

[2012/02/16 06:21:03 | 000,032,768 | ---- | C] () -- F:WindowsSystem32driverssp_rsdrv2.sys

[2011/11/17 08:53:51 | 000,003,284 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingANIWZCS{A21875C3-23CF-4FF2-ACA3-

Share this post


Link to post
Share on other sites

[2011/11/17 08:50:28 | 000,012,800 | ---- | C] () -- F:WindowsSystem32driversanodlwf.sys

[2011/11/17 08:50:27 | 000,014,051 | ---- | C] () -- F:WindowsSystem32RaCoInst.dat

[2011/11/09 19:55:48 | 000,000,566 | ---- | C] () -- F:WindowsSystem32SP7302.INI

[2011/07/27 08:53:38 | 000,000,000 | ---- | C] () -- F:UsersTTArmstrongAppDataLocal{DEB393EC-9D07-4AAF-B6DE-442513357526}

[2011/03/24 22:02:01 | 000,029,008 | ---- | C] () -- F:WindowsSystem32SmartDefragBootTime.exe

[2011/03/24 22:02:01 | 000,016,184 | ---- | C] () -- F:WindowsSystem32driversSmartDefragDriver.sys

[2011/01/30 05:30:55 | 000,084,480 | ---- | C] () -- F:WindowsSystem32ff_vfw.dll

[2011/01/29 13:02:14 | 000,003,884 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingdvdae.config

[2010/11/14 06:08:43 | 000,001,378 | ---- | C] () -- F:WindowsSystem32SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat

[2010/10/23 20:04:09 | 000,130,048 | ---- | C] () -- F:WindowsSystem32SpoonUninstall.exe

[2010/10/23 05:02:04 | 000,001,057 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml

[2010/10/23 05:00:39 | 000,087,608 | ---- | C] () -- F:UsersTTArmstrongAppDataRoaminginst.exe

[2010/10/23 05:00:39 | 000,007,887 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.cat

[2010/10/23 05:00:39 | 000,001,144 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.inf

[2010/10/16 13:33:30 | 000,308,624 | ---- | C] () -- F:WindowsSystem32brcmbsp.dll

[2010/10/16 13:33:30 | 000,206,216 | ---- | C] () -- F:WindowsSystem32bipbsp.dll

[2010/10/16 13:31:49 | 000,080,368 | ---- | C] () -- F:WindowsSystem32pbadrvdll.dll

[2010/09/30 17:07:06 | 000,000,376 | ---- | C] () -- F:WindowsODBC.INI

[2010/09/30 00:22:17 | 001,474,832 | ---- | C] () -- F:WindowsSystem32driverssfi.dat

[2010/09/30 00:19:12 | 001,724,416 | ---- | C] () -- F:WindowsSystem32nvwdmcpl.dll

[2010/09/30 00:19:12 | 001,657,376 | ---- | C] () -- F:WindowsSystem32nwiz.exe

[2010/09/30 00:19:12 | 001,507,328 | ---- | C] () -- F:WindowsSystem32nView.dll

[2010/09/30 00:19:12 | 001,101,824 | ---- | C] () -- F:WindowsSystem32nvwimg.dll

[2010/09/30 00:19:12 | 000,466,944 | ---- | C] () -- F:WindowsSystem32nvShell.dll

[2010/09/30 00:19:12 | 000,449,056 | ---- | C] () -- F:WindowsSystem32nvAppBar.exe

[2010/09/30 00:19:12 | 000,267,296 | ---- | C] () -- F:WindowsSystem32nvTaskbar.exe

 

========== LOP Check ==========

 

[2011/08/13 15:53:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingApowersoft

[2010/10/23 09:09:08 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBackTalk

[2012/07/22 18:25:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBitTorrent

[2010/10/23 20:17:56 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingdBpoweramp

[2010/10/02 11:17:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDisk Cleaner

[2012/02/01 23:36:24 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDVDFab

[2012/07/12 22:43:10 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingf-secure

[2011/05/22 13:07:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingFDRLab

[2011/08/24 17:01:40 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingImgBurn

[2011/10/06 23:15:21 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingIObit

[2011/04/20 16:26:24 | 000,000,000 | RHSD | M] -- F:UsersTTArmstrongAppDataRoamingJava

[2010/10/17 21:57:31 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingMoonchild Productions

[2012/04/04 22:53:16 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingPanda Security

[2011/10/30 07:10:05 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingSystemRequirementsLab

[2011/06/03 07:03:42 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingUpdater

[2012/07/28 09:25:40 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingVso

[2012/06/23 07:47:39 | 000,032,606 | ---- | M] () -- F:WindowsTasksSCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

< %systemroot%*. /rp /s >

 

< MD5 for: EXPLORER.EXE >

[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fcexplorer.exe

[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430explorer.exe

[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373explorer.exe

[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1explorer.exe

[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cefexplorer.exe

[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87caexplorer.exe

[2011/05/15 02:53:30 | 007,012,752 | ---- | M] () MD5=497144C537E73165F7A39C24CC29510C -- F:UsersTTArmstrongAppDataRoamingUpdaterexplorer.exe

[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowserdntcacheexplorer.exe

[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowsexplorer.exe

[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84explorer.exe

[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6explorer.exe

[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878explorer.exe

[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691explorer.exe

 

< MD5 for: SVCHOST.EXE >

[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:Windowserdntcachesvchost.exe

[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:WindowsSystem32svchost.exe

[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356svchost.exe

[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- F:Program FilesMalwarebytes' Anti-MalwareChameleonsvchost.exe

 

< MD5 for: USERINIT.EXE >

[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:Windowserdntcacheuserinit.exe

[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:WindowsSystem32userinit.exe

[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116userinit.exe

[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7cuserinit.exe

 

< MD5 for: WINLOGON.EXE >

[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177winlogon.exe

[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2winlogon.exe

[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:Windowserdntcachewinlogon.exe

[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:WindowsSystem32winlogon.exe

[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500winlogon.exe

[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- F:Program FilesMalwarebytes' Anti-MalwareChameleonwinlogon.exe

[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166winlogon.exe

 

< End of report >

 

 

YEA this is the part :)

Edited by luluhifi

Share this post


Link to post
Share on other sites

Hello luluhifi

 

Thank you for the log.

  • MalwareBytes AntiMalware:

    • I can see that you have MBAM installed.
    • Double click on your MalwareBytes AntiMalware icon to launch the program.
    • Click on the "Update" tab and then on "Check for Updates".
    • The program will now install the latest Malware definition files.
    • Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
    • Once the program has scanned your computer, a log file will be created in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
    • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
    • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
    • Come back here to this thread and Paste the log in your next reply.
  • Please run the following scan

    • Note: You will need to use Internet Explorer for this scan.
    • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
    • Please disable your real time security programs before performing the scan.
    • Scan your system with Eset Online Scanner
    • Place a check mark in the box YES, I accept the Terms Of Use.
    • Click the Posted Image button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
    • Check Posted Image
    • Click the Posted Image button.
    • Accept any security warnings from your browser.
    • Check Posted Image
    • Make sure that the option to "Remove Found Threats" is UN checked.
    • Push the "Start" button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push Posted Image
    • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the Posted Image button.
    • Push Posted Image
    Please post the MBAM log and the ESET log in your next reply and let me know how the machine is running now.

Share this post


Link to post
Share on other sites

I run the ESET Scan yesturday before post #32 and this is what the log is>>i will run both scan again posted in #32 and post log :)

 

 

 

F:Program FilesLoarisTrojan Remover 1.2ltr12.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined

F:QooboxQuarantineFWindowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U00000004.@.vir Win32/Conedex.D trojan cleaned by deleting - quarantined

F:QooboxQuarantineFWindowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U80000000.@.vir a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined

F:QooboxQuarantineFWindowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U80000032.@.vir a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined

F:QooboxQuarantineFWindowsSystem32services.exe.vir Win32/Sirefef.FC trojan deleted - quarantined

F:_OTLMovedFiles07292012_205844F_ProgramDataMicrosoftWindowsDRMD27B.tmp a variant of Win32/Kryptik.AITT trojan cleaned by deleting - quarantined

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

 

Database version: v2012.07.31.13

 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

TTArmstrong :: TTARMSTRONG-PC [administrator]

 

7/31/2012 7:47:54 PM

mbam-log-2012-07-31 (19-47-54).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 206811

Time elapsed: 4 minute(s), 13 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

:clap::b33r:

Share this post


Link to post
Share on other sites

The system is running much better now and only one thing seem funny to me is that in a idle state my CPU is bouncing between 50% -60% :hammer: Eset in next post. :)

Share this post


Link to post
Share on other sites

F:QooboxQuarantineFWindowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}U000000cb.@.vir Win32/Conedex.E trojan cleaned by deleting - quarantined

 

 

Make sure that the option to "Remove Found Threats" is UN checked. i miss doin this before the scan sorry

 

ESET

Edited by luluhifi

Share this post


Link to post
Share on other sites

Hello luluhifi

 

Thank you for the logs.

 

Make sure that the option to "Remove Found Threats" is UN checked. i miss doin this before the scan sorry

Its okay in this case (nothing legitimate was removed).

 

Please post a new OTL scan log (run the scan exactly as you did in post number 16).

Share this post


Link to post
Share on other sites

OTL logfile created on: 8/1/2012 8:47:10 AM - Run 3

OTL by OldTimer - Version 3.2.54.1 Folder = F:UsersTTArmstrongDesktop

Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.99 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.63% Memory free

3.98 Gb Paging File | 2.43 Gb Available in Paging File | 61.12% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = F: | %SystemRoot% = F:Windows | %ProgramFiles% = F:Program Files

Drive C: | 58.93 Gb Total Space | 6.95 Gb Free Space | 11.79% Space Free | Partition Type: NTFS

Drive E: | 39.71 Gb Total Space | 30.29 Gb Free Space | 76.28% Space Free | Partition Type: NTFS

Drive F: | 50.14 Gb Total Space | 9.10 Gb Free Space | 18.15% Space Free | Partition Type: NTFS

 

Computer Name: TTARMSTRONG-PC | User Name: TTArmstrong | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/07/31 10:19:38 | 003,075,920 | ---- | M] (Emsisoft GmbH) -- F:Program FilesEmsisoft Anti-Malwarea2service.exe

PRC - [2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe

PRC - [2012/07/13 07:15:56 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe

PRC - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe

PRC - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe

PRC - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe

PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe

PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIpsia.exe

PRC - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIsua.exe

PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- F:Program FilesSUPERAntiSpywareSASCore.exe

PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- F:Windowsexplorer.exe

PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFTray.exe

PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFService.exe

PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- F:WindowsSystem32taskhost.exe

PRC - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe

PRC - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe

PRC - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe

PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- F:Program FilesNeroUpdateNASvc.exe

PRC - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe

PRC - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe

PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- F:Program FilesSpybot - Search & DestroyTeaTimer.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- F:Program FilesSpybot - Search & DestroySDWinSec.exe

PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe

PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/07/10 00:09:00 | 000,438,296 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppgooglenaclpluginchrome.dll

MOD - [2012/07/10 00:08:59 | 003,972,120 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll

MOD - [2012/07/10 00:07:39 | 000,554,520 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libglesv2.dll

MOD - [2012/07/10 00:07:37 | 000,117,784 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libegl.dll

MOD - [2012/07/10 00:07:22 | 000,140,328 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avutil-51.dll

MOD - [2012/07/10 00:07:21 | 000,262,184 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avformat-54.dll

MOD - [2012/07/10 00:07:19 | 002,386,984 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avcodec-54.dll

MOD - [2012/07/09 22:17:27 | 009,255,112 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57gcswf32.dll

MOD - [2011/11/17 08:51:58 | 000,073,728 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANPDApi.dll

MOD - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe

MOD - [2010/07/05 18:41:40 | 000,299,008 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless Utilitywlanapp.dll

MOD - [2010/06/29 17:42:42 | 000,040,960 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.dll

MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- F:Program FilesMicrosoft OfficeOffice141033GrooveIntlResource.dll

MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- F:Program FilesCommon Filesmicrosoft sharedOFFICE14CulturesOFFICE.ODF

MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe

MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- -- (tgsrvc_verizondm)

SRV - File not found [Auto | Running] -- F:Program FilesSpybot -- (SBSDWSCService)

SRV - [2012/07/31 10:19:38 | 003,075,920 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- F:Program FilesEmsisoft Anti-Malwarea2service.exe -- (a2AntiMalware)

SRV - [2012/07/28 22:19:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:WindowsSystem32MacromedFlashFlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe -- (PSUAService)

SRV - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe -- (NanoServiceMain)

SRV - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe -- (cmdAgent)

SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe -- (AdobeARMservice)

SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIpsia.exe -- (Secunia PSI Agent)

SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIsua.exe -- (Secunia Update Agent)

SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- F:Program FilesSUPERAntiSpywareSASCore.exe -- (!SASCORE)

SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe -- (NisSrv)

SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc)

SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- F:Program FilesThreatFireTFService.exe -- (ThreatFire)

SRV - [2010/10/01 12:50:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32WatWatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe -- (Nonbrand_WUS-N)

SRV - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe -- (Nonbrand_WUS-N_WPS)

SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- F:Program FilesNeroUpdateNASvc.exe -- (NAUpdate)

SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft OfficeOffice14GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe -- (Credential Vault Host Control Service)

SRV - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe -- (Credential Vault Host Storage)

SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:Program FilesWindows DefenderMpSvc.dll -- (WinDefend)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempCFcatchme.sys -- (CFcatchme)

DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempcatchme.sys -- (catchme)

DRV - [2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversPSINKNC.sys -- (PSINKNC)

DRV - [2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINProt.sys -- (PSINProt)

DRV - [2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINProc.sys -- (PSINProc)

DRV - [2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINAflt.sys -- (PSINAflt)

DRV - [2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINFile.sys -- (PSINFile)

DRV - [2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSStrm.sys -- (NNSSTRM)

DRV - [2012/06/29 13:37:46 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- F:Program FilesEmsisoft Anti-Malwarea2accx86.sys -- (a2acc)

DRV - [2012/06/27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNStlsc.sys -- (NNSTLSC)

DRV - [2012/06/27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSProt.sys -- (NNSPROT)

DRV - [2012/06/27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPrv.sys -- (NNSPRV)

DRV - [2012/06/27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSSmtp.sys -- (NNSSMTP)

DRV - [2012/06/27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPop3.sys -- (NNSPOP3)

DRV - [2012/06/27 15:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- F:WindowsSystem32driversNNSPihsw.sys -- (NNSPIHSW)

DRV - [2012/06/27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSIds.sys -- (NNSIDS)

DRV - [2012/06/27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSpicc.sys -- (NNSPICC)

DRV - [2012/06/27 15:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- F:WindowsSystem32driversNNSNAHSL.sys -- (NNSNAHSL)

DRV - [2012/06/27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSHttp.sys -- (NNSHTTP)

DRV - [2012/06/27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSAlpc.sys -- (NNSALPC)

DRV - [2012/03/11 21:13:38 | 000,039,640 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driverscmdhlp.sys -- (cmdHlp)

DRV - [2012/03/11 21:13:36 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- F:WindowsSystem32driverscmdGuard.sys -- (cmdGuard)

DRV - [2012/02/03 19:27:48 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driversinspect.sys -- (inspect)

DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywaresasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywareSASKUTIL.SYS -- (SASKUTIL)

DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- F:Program FilesEmsisoft Anti-Malwarea2ddax86.sys -- (A2DDA)

DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversNisDrvWFP.sys -- (NisDrv)

DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversMpNWMon.sys -- (MpNWMon)

DRV - [2011/03/10 18:04:57 | 000,046,280 | ---- | M] (Panda Security) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversPSKMAD.sys -- (PSKMAD)

DRV - [2011/02/23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- F:WindowsSystem32driversSmartDefragDriver.sys -- (SmartDefragDriver)

DRV - [2011/02/22 13:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfSysMon.sys -- (TfSysMon)

DRV - [2011/02/22 13:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversTfNetMon.sys -- (TfNetMon)

DRV - [2011/02/22 13:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfFsMon.sys -- (TfFsMon)

DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversTsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverswinusb.sys -- (WinUsb)

DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- F:WindowsSystem32driverspsi_mf.sys -- (PSI)

DRV - [2010/07/29 01:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversivusb.sys -- (ivusb)

DRV - [2010/06/21 14:28:02 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- F:WindowsSystem32driversanodlwf.sys -- (anodlwf)

DRV - [2010/05/26 21:29:42 | 000,856,928 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversnetr28u.sys -- (netr28u)

DRV - [2009/11/03 16:40:42 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverscvusbdrv.sys -- (cvusbdrv)

DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversvwifimp.sys -- (vwifimp)

DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Stopped] -- F:WindowsSystem32driversserial.sys -- (Serial)

DRV - [2009/06/16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversnvlddmkm.sys -- (nvlddmkm)

DRV - [2009/06/13 01:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverse1y6232.sys -- (e1yexpress)

DRV - [2009/04/03 00:25:50 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- F:WindowsSystem32driversrimmptsk.sys -- (rimmptsk)

DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- F:WindowsSystem32driversPBADRV.sys -- (PBADRV)

DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverswdcsam.sys -- (WDC_SAM)

DRV - [2007/06/14 16:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversPAC7302.SYS -- (PAC7302)

DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:Program FilesPeerGuardian2pgfilter.sys -- (pgfilter)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com/

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 32 3B 56 CC 32 DD CB 01 [binary data]

IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS399

IE - HKCU..SearchScopes{7DA22919-2250-49B5-B6AF-6EDF78DB766E}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110939,17118,0,18,0

IE - HKCU..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"

FF - prefs.js..extensions.enabledItems: facadazzle@atlinkcom.com:1.0

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: F:Windowssystem32MacromedFlashNPSWF32_11_3_300_268.dll ()

FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: F:Program FilesJavajre6binplugin2npjp2.dll (Sun Microsystems, Inc.)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/SharePoint,version=14.0: F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@mozilla.zeniko.ch/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found

FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=6.0.11.2852: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=6.0.12.1662: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPlugins@videolan.org/vlc,version=2.0.1: F:Program FilesVideoLANVLCnpvlc.dll (VideoLAN)

FF - HKLMSoftwareMozillaPluginsAdobe Reader: F:Program FilesAdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

FF - HKCUSoftwareMozillaPlugins@mozilla.zeniko.ch/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found

FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsComponents: F:Program FilesPale Mooncomponents [2012/07/22 21:39:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsPlugins: F:Program FilesPale Moonplugins [2012/07/22 21:04:49 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensions{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: F:Program FilesPriceGong2.1.0FF

 

[2012/02/15 13:45:42 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaExtensions

[2012/07/29 20:58:45 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensions

[2012/07/29 20:58:45 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfiles0extensions

[2012/02/15 09:13:57 | 000,000,000 | ---D | M] (No name found) -- F:Program FilesMozilla Firefoxextensions

[2011/07/07 09:43:57 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011/10/24 01:58:25 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2012/02/26 15:32:27 | 000,000,000 | ---D | M] (PageFont) -- F:USERSTTARMSTRONGAPPDATAROAMINGMOONCHILD PRODUCTIONSPALE MOONPROFILES7WJJ87FK.DEFAULTEXTENSIONSFACADAZZLE@ATLINKCOM.COM

 

========== Chrome ==========

 

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataPepperFlash11.2.31.144pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = F:Windowssystem32MacromedFlashNPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Disabled) = F:Program FilesAdobeReader 10.0ReaderBrowsernppdf32.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnprpjplug.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = F:Program FilesGoogleUpdate1.3.21.111npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = F:Program FilesJavajre6binplugin2npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll

CHR - plugin: VLC Web Plugin (Enabled) = F:Program FilesVideoLANVLCnpvlc.dll

CHR - Extension: YouTube = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0

CHR - Extension: Google Search = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0

CHR - Extension: Gmail = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0

 

O1 HOSTS File: ([2012/07/26 18:47:24 | 000,443,084 | R--- | M]) - F:WindowsSystem32driversetchosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 15245 more lines...

O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:Program FilesSpywareGuarddlprotect.dll ()

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:Program FilesJavajre6binssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:Program FilesMicrosoft OfficeOffice14URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM..Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation)

O3 - HKLM..Toolbar: (no name) - InprocServer32 - No CLSID value found.

O4 - HKLM..Run: [COMODO Internet Security] F:Program FilesCOMODOCOMODO Internet Securitycfp.exe (COMODO)

O4 - HKLM..Run: [KEEBOX 150N Wireless Utility] F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe ()

O4 - HKLM..Run: [PSUAMain] F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe (Panda Security, S.L.)

O4 - HKLM..Run: [ThreatFire] F:Program FilesThreatFireTFTray.exe (PC Tools)

O4 - HKCU..Run: [spybotSD TeaTimer] F:Program FilesSpybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSpywareGuard.lnk = F:Program FilesSpywareGuardsgmain.exe ()

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLinkedConnections = 1

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - F:Program FilesMicrosoft OfficeOffice14EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10}: DhcpNameServer = 192.168.1.1

O18 - ProtocolHandlervnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation)

O20 - AppInit_DLLs: (F:WindowsSystem32guard32.dll) - F:WindowsSystem32guard32.dll (COMODO)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:Windowsexplorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (F:Windowssystem32userinit.exe) - F:WindowsSystem32userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:WindowsSystem32SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - WinlogonNotify!SASWinLogon: DllName - (F:Program FilesSUPERAntiSpywareSASWINLO.DLL) - F:Program FilesSUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:Program FilesSUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - F:Program FilesSpywareGuardspywareguard.dll ()

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - F:autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37 - HKLM...com [@ = ComFile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystemsWindows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/07/31 17:50:21 | 000,046,280 | ---- | C] (Panda Security) -- F:WindowsSystem32driversPSKMAD.sys

[2012/07/30 06:11:06 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopSOUND EFFECTS2

[2012/07/30 06:08:44 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopKINGVIPER VDJ AUG

[2012/07/29 20:58:44 | 000,000,000 | ---D | C] -- F:_OTL

[2012/07/29 03:38:00 | 000,000,000 | ---D | C] -- F:ProgramDataKaspersky Lab

[2012/07/28 22:19:24 | 009,821,896 | ---- | C] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerInstaller.exe

[2012/07/26 18:41:04 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy

[2012/07/26 18:40:41 | 000,000,000 | ---D | C] -- F:ProgramDataSpybot - Search & Destroy

[2012/07/26 18:40:41 | 000,000,000 | ---D | C] -- F:Program FilesSpybot - Search & Destroy

[2012/07/26 15:02:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe

[2012/07/26 11:35:48 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys

[2012/07/26 11:35:48 | 000,131,344 | ---- | C] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys

[2012/07/26 11:09:33 | 000,000,000 | ---D | C] -- F:ProgramDataSophos

[2012/07/26 11:09:24 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsSophos

[2012/07/26 11:09:20 | 000,000,000 | ---D | C] -- F:Program FilesSophos

[2012/07/26 08:29:29 | 000,000,000 | -HSD | C] -- F:$RECYCLE.BIN

[2012/07/23 12:49:13 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPanda Cloud Antivirus

[2012/07/22 20:02:33 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataLocaltemp

[2012/07/22 19:49:13 | 000,518,144 | ---- | C] (SteelWerX) -- F:WindowsSWREG.exe

[2012/07/22 19:49:13 | 000,406,528 | ---- | C] (SteelWerX) -- F:WindowsSWSC.exe

[2012/07/22 19:49:13 | 000,060,416 | ---- | C] (NirSoft) -- F:WindowsNIRCMD.exe

[2012/07/22 18:59:15 | 000,000,000 | ---D | C] -- F:Windowserdnt

[2012/07/22 18:56:03 | 004,721,680 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe

[2012/07/22 18:32:51 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopdvdmoviecover

[2012/07/22 09:33:06 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopHIPHOP

[2012/07/21 14:16:19 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoporignal dance

[2012/07/21 13:20:04 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopwedding songs

[2012/07/19 23:17:06 | 000,607,260 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr

[2012/07/18 11:34:09 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoprockerz2 joe gibbs

[2012/07/18 03:21:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32mshtml.tlb

[2012/07/18 03:21:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieui.dll

[2012/07/18 03:21:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieUnatt.exe

[2012/07/18 03:21:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jsproxy.dll

[2012/07/18 03:21:38 | 001,800,192 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jscript9.dll

[2012/07/18 03:21:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32url.dll

[2012/07/18 03:21:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32inetcpl.cpl

[2012/07/18 03:18:31 | 002,345,984 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32win32k.sys

[2012/07/17 21:26:03 | 000,000,000 | ---D | C] -- F:VritualRoot

[2012/07/17 20:17:45 | 000,219,136 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ncrypt.dll

[2012/07/17 20:17:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32msxml3r.dll

[2012/07/17 20:17:41 | 000,805,376 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32cdosys.dll

[2012/07/17 20:13:11 | 002,422,272 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wucltux.dll

[2012/07/17 20:13:11 | 000,045,080 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups2.dll

[2012/07/17 20:12:59 | 000,577,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapi.dll

[2012/07/17 20:12:59 | 000,088,576 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wudriver.dll

[2012/07/17 20:12:59 | 000,035,864 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups.dll

[2012/07/17 20:12:50 | 000,171,904 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuwebv.dll

[2012/07/17 20:12:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapp.exe

[2012/07/17 20:11:47 | 000,000,000 | ---D | C] -- F:Program FilesMicrosoft Security Client

[2012/07/14 08:45:02 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsThreatFire

[2012/07/14 08:45:01 | 000,069,392 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfSysMon.sys

[2012/07/14 08:45:01 | 000,051,984 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfFsMon.sys

[2012/07/14 08:45:01 | 000,033,552 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfNetMon.sys

[2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:Program FilesThreatFire

[2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:ProgramDataPC Tools

[2012/07/13 07:02:16 | 000,174,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys

[2012/07/13 07:02:16 | 000,120,872 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys

[2012/07/13 07:02:16 | 000,114,216 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys

[2012/07/13 07:02:15 | 000,148,520 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys

[2012/07/13 07:02:15 | 000,103,464 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys

[2012/07/12 22:43:10 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingf-secure

[2012/07/12 22:42:53 | 000,000,000 | ---D | C] -- F:ProgramDataF-Secure

[2012/07/12 22:23:42 | 000,014,664 | ---- | C] (McAfee, Inc.) -- F:Windowsstinger.sys

[2012/07/12 22:22:14 | 000,000,000 | ---D | C] -- F:Program Filesstinger

[2012/07/12 11:18:32 | 000,206,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys

[2012/07/11 19:25:56 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopWEDDIN SONG JULY 15

[2012/07/11 05:43:36 | 000,000,000 | ---D | C] -- F:Program FilesReal

[2012/07/10 20:45:16 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopnew riddim & cover april 30

[2012/07/07 16:16:44 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopsamplesforkingcd

[2012/07/07 13:28:51 | 000,000,000 | ---D | C] -- F:Program FilesNewAgeDesign

[2010/10/23 05:00:39 | 000,047,360 | ---- | C] (VSO Software) -- F:UsersTTArmstrongAppDataRoamingpcouffin.sys

 

========== Files - Modified Within 30 Days ==========

 

[2012/08/01 08:47:15 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/01 08:47:15 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/01 08:42:27 | 000,000,830 | ---- | M] () -- F:WindowstasksAdobe Flash Player Updater.job

[2012/08/01 08:42:26 | 000,000,932 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001UA.job

[2012/08/01 08:42:26 | 000,000,896 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineUA.job

[2012/08/01 08:42:15 | 000,067,584 | --S- | M] () -- F:Windowsbootstat.dat

[2012/07/31 21:00:59 | 000,626,486 | ---- | M] () -- F:WindowsSystem32perfh009.dat

[2012/07/31 21:00:59 | 000,107,730 | ---- | M] () -- F:WindowsSystem32perfc009.dat

[2012/07/31 20:53:50 | 000,000,892 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineCore.job

[2012/07/31 20:53:41 | 000,065,536 | ---- | M] () -- F:WindowsSystem32Ikeext.etl

[2012/07/31 20:53:28 | 1601,097,728 | -HS- | M] () -- F:hiberfil.sys

[2012/07/31 08:58:45 | 000,003,232 | ---- | M] () -- F:UsersTTArmstrongDesktopmed.jpg

[2012/07/31 08:14:02 | 000,001,057 | ---- | M] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml

[2012/07/30 20:47:34 | 018,282,540 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj009.wav

[2012/07/30 20:45:51 | 029,122,604 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj008.wav

[2012/07/30 20:43:05 | 036,538,412 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj007.wav

[2012/07/30 20:39:38 | 045,281,324 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj006.wav

[2012/07/30 20:35:22 | 036,782,124 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj005.wav

[2012/07/30 20:31:53 | 035,053,612 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj004.wav

[2012/07/30 20:28:34 | 027,793,452 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj003.wav

[2012/07/30 20:25:57 | 052,572,204 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj002.wav

[2012/07/30 20:20:59 | 035,688,492 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj001.wav

[2012/07/30 20:17:37 | 047,814,700 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj000.wav

[2012/07/30 19:31:56 | 038,260,780 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj005.wav

[2012/07/30 19:28:19 | 022,362,156 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj004.wav

[2012/07/30 19:26:12 | 035,506,220 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj003.wav

[2012/07/30 19:22:51 | 053,954,604 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj002.wav

[2012/07/30 19:17:45 | 031,518,764 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj001.wav

[2012/07/30 19:14:46 | 062,074,924 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj000.wav

[2012/07/30 19:00:48 | 000,067,072 | ---- | M] () -- F:UsersTTArmstrongDesktopFuture Pluto Mixtape.jwl

[2012/07/30 18:48:06 | 000,099,328 | ---- | M] () -- F:UsersTTArmstrongDesktopDJ SMALL RNB 12 SUPER JAY 124.jwl

[2012/07/30 18:35:24 | 000,042,496 | ---- | M] () -- F:UsersTTArmstrongDesktopDJ Black Reggae Mix best of 2011 Mixtape.jwl

[2012/07/30 18:24:56 | 000,091,648 | ---- | M] () -- F:UsersTTArmstrongDesktopdj scream dj smallz.jwl

[2012/07/30 17:08:01 | 000,000,880 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001Core.job

[2012/07/30 15:34:21 | 000,045,070 | ---- | M] () -- F:UsersTTArmstrongDesktop215276_10150168504124133_4115803_n.jpg

[2012/07/30 06:41:02 | 004,339,756 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj008.wav

[2012/07/30 06:40:37 | 024,279,084 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj007.wav

[2012/07/30 06:38:20 | 024,641,580 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj006.wav

[2012/07/30 06:36:00 | 030,982,188 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj005.wav

[2012/07/30 06:33:04 | 042,895,404 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj004.wav

[2012/07/30 06:29:01 | 033,499,180 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj003.wav

[2012/07/30 06:25:51 | 025,878,572 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj002.wav

[2012/07/30 06:23:24 | 025,231,404 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj001.wav

[2012/07/30 06:21:01 | 034,054,188 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj000.wav

[2012/07/30 06:03:32 | 000,006,656 | ---- | M] () -- F:UsersTTArmstrongDesktopsoca.jwl

[2012/07/30 04:24:19 | 000,165,376 | ---- | M] () -- F:UsersTTArmstrongDesktopThe Tall Man.jwl

[2012/07/30 04:21:25 | 000,107,335 | ---- | M] () -- F:UsersTTArmstrongDesktop56056892538297718450.jpg

[2012/07/30 04:21:15 | 001,498,112 | ---- | M] () -- F:UsersTTArmstrongDesktopCole Younger & The Black Train.jwl

[2012/07/30 04:17:30 | 000,165,376 | ---- | M] () -- F:UsersTTArmstrongDesktopHeadhunters.jwl

[2012/07/30 04:13:20 | 000,122,880 | ---- | M] () -- F:UsersTTArmstrongDesktopAirborne.jwl

[2012/07/30 04:10:34 | 000,129,024 | ---- | M] () -- F:UsersTTArmstrongDesktopSiones 2 Unfinished Business.jwl

[2012/07/30 04:07:27 | 000,040,448 | ---- | M] () -- F:UsersTTArmstrongDesktopCellular.jwl

[2012/07/30 04:02:38 | 000,052,224 | ---- | M] () -- F:UsersTTArmstrongDesktopLizzie.jwl

[2012/07/29 04:17:53 | 000,105,601 | ---- | M] () -- F:UsersTTArmstrongDesktop523955_3764822717353_643435299_n.jpg

[2012/07/28 22:19:26 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerApp.exe

[2012/07/28 22:19:26 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerCPLApp.cpl

[2012/07/28 22:19:24 | 009,821,896 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerInstaller.exe

[2012/07/26 18:47:24 | 000,443,084 | R--- | M] () -- F:WindowsSystem32driversetchosts

[2012/07/26 18:44:57 | 000,443,084 | R--- | M] () -- F:WindowsSystem32driversetchosts.20120726-184724.backup

[2012/07/26 18:41:05 | 000,001,251 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk

[2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe

[2012/07/26 11:35:48 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys

[2012/07/26 11:35:48 | 000,131,344 | ---- | M] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys

[2012/07/26 11:09:24 | 000,003,221 | ---- | M] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk

[2012/07/26 08:23:41 | 000,000,027 | ---- | M] () -- F:WindowsSystem32driversetchosts.20120726-184457.backup

[2012/07/26 08:04:12 | 004,721,680 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe

[2012/07/23 12:51:42 | 000,462,152 | ---- | M] () -- F:WindowsSystem32FNTCACHE.DAT

[2012/07/23 12:50:26 | 000,000,000 | ---- | M] () -- F:ProgramData0x0304A000.sfl

[2012/07/22 21:39:21 | 000,000,758 | ---- | M] () -- F:UsersPublicDesktopPale Moon.lnk

[2012/07/22 21:05:36 | 000,001,952 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchPale Moon.lnk

[2012/07/19 23:16:58 | 000,607,260 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr

[2012/07/18 04:31:41 | 051,150,892 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav

[2012/07/18 04:26:51 | 022,272,044 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav

[2012/07/18 04:24:45 | 028,700,716 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav

[2012/07/18 04:22:02 | 027,181,100 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav

[2012/07/18 04:19:28 | 035,190,828 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav

[2012/07/18 04:16:09 | 040,550,444 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav

[2012/07/18 04:12:19 | 031,346,732 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav

[2012/07/18 04:09:21 | 045,740,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav

[2012/07/18 04:05:02 | 052,380,232 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav

[2012/07/18 04:00:01 | 020,090,924 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav

[2012/07/18 03:58:07 | 029,100,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav

[2012/07/18 03:18:29 | 000,002,141 | ---- | M] () -- F:Windowsepplauncher.mif

[2012/07/16 17:27:15 | 000,052,001 | ---- | M] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg

[2012/07/14 08:45:02 | 000,000,939 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk

[2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys

[2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys

[2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys

[2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys

[2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys

[2012/07/12 23:01:43 | 000,281,862 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalcensus.cache

[2012/07/12 23:01:22 | 000,158,340 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalars.cache

[2012/07/12 22:53:41 | 000,000,036 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache

[2012/07/12 22:23:42 | 000,014,664 | ---- | M] (McAfee, Inc.) -- F:Windowsstinger.sys

[2012/07/12 22:23:03 | 000,000,045 | RH-- | M] () -- F:UsersTTArmstrongDesktopstinger.opt

[2012/07/12 22:06:02 | 000,001,078 | ---- | M] () -- F:UsersPublicDesktopMalwarebytes Anti-Malware.lnk

[2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys

[2012/07/08 18:36:53 | 002,616,633 | ---- | M] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3

[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- F:WindowsSystem32driversmbam.sys

[2012/07/02 16:51:55 | 000,041,909 | ---- | M] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg

 

========== Files Created - No Company Name ==========

 

[2012/07/31 08:59:11 | 000,003,232 | ---- | C] () -- F:UsersTTArmstrongDesktopmed.jpg

[2012/07/30 20:45:51 | 018,282,540 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj009.wav

[2012/07/30 20:43:05 | 029,122,604 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj008.wav

[2012/07/30 20:39:38 | 036,538,412 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj007.wav

[2012/07/30 20:35:22 | 045,281,324 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj006.wav

[2012/07/30 20:31:53 | 036,782,124 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj005.wav

[2012/07/30 20:28:34 | 035,053,612 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj004.wav

[2012/07/30 20:25:57 | 027,793,452 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj003.wav

[2012/07/30 20:20:59 | 052,572,204 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj002.wav

[2012/07/30 20:17:37 | 035,688,492 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj001.wav

[2012/07/30 20:13:05 | 047,814,700 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj000.wav

[2012/07/30 19:28:19 | 038,260,780 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj005.wav

[2012/07/30 19:26:12 | 022,362,156 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj004.wav

[2012/07/30 19:22:51 | 035,506,220 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj003.wav

[2012/07/30 19:17:45 | 053,954,604 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj002.wav

[2012/07/30 19:14:46 | 031,518,764 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj001.wav

[2012/07/30 19:08:54 | 062,074,924 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj000.wav

[2012/07/30 19:00:48 | 000,067,072 | ---- | C] () -- F:UsersTTArmstrongDesktopFuture Pluto Mixtape.jwl

[2012/07/30 18:48:06 | 000,099,328 | ---- | C] () -- F:UsersTTArmstrongDesktopDJ SMALL RNB 12 SUPER JAY 124.jwl

[2012/07/30 18:35:24 | 000,042,496 | ---- | C] () -- F:UsersTTArmstrongDesktopDJ Black Reggae Mix best of 2011 Mixtape.jwl

[2012/07/30 18:24:56 | 000,091,648 | ---- | C] () -- F:UsersTTArmstrongDesktopdj scream dj smallz.jwl

[2012/07/30 15:34:26 | 000,045,070 | ---- | C] () -- F:UsersTTArmstrongDesktop215276_10150168504124133_4115803_n.jpg

[2012/07/30 06:40:37 | 004,339,756 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj008.wav

[2012/07/30 06:38:20 | 024,279,084 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj007.wav

[2012/07/30 06:36:00 | 024,641,580 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj006.wav

[2012/07/30 06:33:04 | 030,982,188 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj005.wav

[2012/07/30 06:29:01 | 042,895,404 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj004.wav

[2012/07/30 06:25:51 | 033,499,180 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj003.wav

[2012/07/30 06:23:24 | 025,878,572 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj002.wav

[2012/07/30 06:21:01 | 025,231,404 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj001.wav

[2012/07/30 06:17:48 | 034,054,188 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj000.wav

[2012/07/30 06:03:32 | 000,006,656 | ---- | C] () -- F:UsersTTArmstrongDesktopsoca.jwl

[2012/07/30 04:24:19 | 000,165,376 | ---- | C] () -- F:UsersTTArmstrongDesktopThe Tall Man.jwl

[2012/07/30 04:21:27 | 000,107,335 | ---- | C] () -- F:UsersTTArmstrongDesktop56056892538297718450.jpg

[2012/07/30 04:21:14 | 001,498,112 | ---- | C] () -- F:UsersTTArmstrongDesktopCole Younger & The Black Train.jwl

[2012/07/30 04:17:29 | 000,165,376 | ---- | C] () -- F:UsersTTArmstrongDesktopHeadhunters.jwl

[2012/07/30 04:13:20 | 000,122,880 | ---- | C] () -- F:UsersTTArmstrongDesktopAirborne.jwl

[2012/07/30 04:10:34 | 000,129,024 | ---- | C] () -- F:UsersTTArmstrongDesktopSiones 2 Unfinished Business.jwl

[2012/07/30 04:07:27 | 000,040,448 | ---- | C] () -- F:UsersTTArmstrongDesktopCellular.jwl

[2012/07/30 04:02:38 | 000,052,224 | ---- | C] () -- F:UsersTTArmstrongDesktopLizzie.jwl

[2012/07/29 04:18:00 | 000,105,601 | ---- | C] () -- F:UsersTTArmstrongDesktop523955_3764822717353_643435299_n.jpg

[2012/07/26 18:41:05 | 000,001,251 | ---- | C] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk

[2012/07/26 11:09:24 | 000,003,221 | ---- | C] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk

[2012/07/23 12:50:26 | 000,000,000 | ---- | C] () -- F:ProgramData0x0304A000.sfl

[2012/07/22 21:05:37 | 000,000,770 | ---- | C] () -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPale Moon.lnk

[2012/07/22 21:05:37 | 000,000,758 | ---- | C] () -- F:UsersPublicDesktopPale Moon.lnk

[2012/07/22 19:49:13 | 000,256,000 | ---- | C] () -- F:WindowsPEV.exe

[2012/07/22 19:49:13 | 000,208,896 | ---- | C] () -- F:WindowsMBR.exe

[2012/07/22 19:49:13 | 000,098,816 | ---- | C] () -- F:Windowssed.exe

[2012/07/22 19:49:13 | 000,080,412 | ---- | C] () -- F:Windowsgrep.exe

[2012/07/22 19:49:13 | 000,068,096 | ---- | C] () -- F:Windowszip.exe

[2012/07/18 04:26:51 | 051,150,892 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav

[2012/07/18 04:24:45 | 022,272,044 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav

[2012/07/18 04:22:02 | 028,700,716 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav

[2012/07/18 04:19:28 | 027,181,100 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav

[2012/07/18 04:16:09 | 035,190,828 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav

[2012/07/18 04:12:19 | 040,550,444 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav

[2012/07/18 04:09:21 | 031,346,732 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav

[2012/07/18 04:05:02 | 045,740,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav

[2012/07/17 20:12:11 | 000,002,141 | ---- | C] () -- F:Windowsepplauncher.mif

[2012/07/16 17:27:26 | 000,052,001 | ---- | C] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg

[2012/07/14 08:45:02 | 000,000,939 | ---- | C] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk

[2012/07/13 09:18:58 | 052,380,232 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav

[2012/07/13 09:11:36 | 020,090,924 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav

[2012/07/13 08:44:28 | 029,100,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav

[2012/07/12 23:01:43 | 000,281,862 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalcensus.cache

[2012/07/12 23:01:22 | 000,158,340 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalars.cache

[2012/07/12 22:53:41 | 000,000,036 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache

[2012/07/12 22:22:19 | 000,000,045 | RH-- | C] () -- F:UsersTTArmstrongDesktopstinger.opt

[2012/07/08 18:32:23 | 002,616,633 | ---- | C] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3

[2012/07/08 06:41:30 | 005,213,752 | ---- | C] () -- F:UsersTTArmstrongDesktopShana Wilson Press In Your Presence.mp3

[2012/07/08 06:39:47 | 004,589,338 | ---- | C] () -- F:UsersTTArmstrongDesktopGo Get It.mp3

[2012/07/07 17:36:45 | 000,213,141 | R--- | C] () -- F:UsersTTArmstrongDesktop00-sanchez-best_of_sanchez_(dj_rondon)-bootleg-cd-2006-spliff.jpg

[2012/07/02 16:51:55 | 000,041,909 | ---- | C] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg

[2012/03/26 11:55:00 | 000,147,456 | ---- | C] () -- F:WindowsSystem32DiagFunc.dll

[2012/03/26 11:55:00 | 000,000,451 | ---- | C] () -- F:WindowsSystem32DiagFunc.ini

[2012/03/07 19:24:25 | 000,116,224 | ---- | C] () -- F:WindowsSystem32redmonnt.dll

[2012/03/07 19:24:25 | 000,045,056 | ---- | C] () -- F:WindowsSystem32unredmon.exe

[2012/02/16 06:21:03 | 000,032,768 | ---- | C] () -- F:WindowsSystem32driverssp_rsdrv2.sys

[2011/11/17 08:53:51 | 000,003,284 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingANIWZCS{A21875C3-23CF-4FF2-ACA3-6B9A1DE459D5}

[2011/11/17 08:50:28 | 000,012,800 | ---- | C] () -- F:WindowsSystem32driversanodlwf.sys

[2011/11/17 08:50:27 | 000,014,051 | ---- | C] () -- F:WindowsSystem32RaCoInst.dat

[2011/11/09 19:55:48 | 000,000,566 | ---- | C] () -- F:WindowsSystem32SP7302.INI

[2011/07/27 08:53:38 | 000,000,000 | ---- | C] () -- F:UsersTTArmstrongAppDataLocal{DEB393EC-9D07-4AAF-B6DE-442513357526}

[2011/03/24 22:02:01 | 000,029,008 | ---- | C] () -- F:WindowsSystem32SmartDefragBootTime.exe

[2011/03/24 22:02:01 | 000,016,184 | ---- | C] () -- F:WindowsSystem32drivers

Share this post


Link to post
Share on other sites

[2011/01/30 05:30:55 | 000,084,480 | ---- | C] () -- F:WindowsSystem32ff_vfw.dll

[2011/01/29 13:02:14 | 000,003,884 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingdvdae.config

[2010/11/14 06:08:43 | 000,001,378 | ---- | C] () -- F:WindowsSystem32SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat

[2010/10/23 20:04:09 | 000,130,048 | ---- | C] () -- F:WindowsSystem32SpoonUninstall.exe

[2010/10/23 05:02:04 | 000,001,057 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml

[2010/10/23 05:00:39 | 000,087,608 | ---- | C] () -- F:UsersTTArmstrongAppDataRoaminginst.exe

[2010/10/23 05:00:39 | 000,007,887 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.cat

[2010/10/23 05:00:39 | 000,001,144 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.inf

[2010/10/16 13:33:30 | 000,308,624 | ---- | C] () -- F:WindowsSystem32brcmbsp.dll

[2010/10/16 13:33:30 | 000,206,216 | ---- | C] () -- F:WindowsSystem32bipbsp.dll

[2010/10/16 13:31:49 | 000,080,368 | ---- | C] () -- F:WindowsSystem32pbadrvdll.dll

[2010/09/30 17:07:06 | 000,000,376 | ---- | C] () -- F:WindowsODBC.INI

[2010/09/30 00:22:17 | 001,474,832 | ---- | C] () -- F:WindowsSystem32driverssfi.dat

[2010/09/30 00:19:12 | 001,724,416 | ---- | C] () -- F:WindowsSystem32nvwdmcpl.dll

[2010/09/30 00:19:12 | 001,657,376 | ---- | C] () -- F:WindowsSystem32nwiz.exe

[2010/09/30 00:19:12 | 001,507,328 | ---- | C] () -- F:WindowsSystem32nView.dll

[2010/09/30 00:19:12 | 001,101,824 | ---- | C] () -- F:WindowsSystem32nvwimg.dll

[2010/09/30 00:19:12 | 000,466,944 | ---- | C] () -- F:WindowsSystem32nvShell.dll

[2010/09/30 00:19:12 | 000,449,056 | ---- | C] () -- F:WindowsSystem32nvAppBar.exe

[2010/09/30 00:19:12 | 000,267,296 | ---- | C] () -- F:WindowsSystem32nvTaskbar.exe

 

========== LOP Check ==========

 

[2011/08/13 15:53:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingApowersoft

[2010/10/23 09:09:08 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBackTalk

[2012/07/22 18:25:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBitTorrent

[2010/10/23 20:17:56 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingdBpoweramp

[2010/10/02 11:17:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDisk Cleaner

[2012/02/01 23:36:24 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDVDFab

[2012/07/12 22:43:10 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingf-secure

[2011/05/22 13:07:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingFDRLab

[2011/08/24 17:01:40 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingImgBurn

[2011/10/06 23:15:21 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingIObit

[2011/04/20 16:26:24 | 000,000,000 | RHSD | M] -- F:UsersTTArmstrongAppDataRoamingJava

[2010/10/17 21:57:31 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingMoonchild Productions

[2012/04/04 22:53:16 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingPanda Security

[2011/10/30 07:10:05 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingSystemRequirementsLab

[2011/06/03 07:03:42 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingUpdater

[2012/07/31 08:14:02 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingVso

[2012/06/23 07:47:39 | 000,032,606 | ---- | M] () -- F:WindowsTasksSCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

< %systemroot%*. /rp /s >

 

< MD5 for: EXPLORER.EXE >

[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fcexplorer.exe

[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430explorer.exe

[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373explorer.exe

[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1explorer.exe

[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cefexplorer.exe

[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- F:UsersTTArmstrongAppDataLocaltempRarSFX0procsexplorer.exe

[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87caexplorer.exe

[2011/05/15 02:53:30 | 007,012,752 | ---- | M] () MD5=497144C537E73165F7A39C24CC29510C -- F:UsersTTArmstrongAppDataRoamingUpdaterexplorer.exe

[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowserdntcacheexplorer.exe

[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowsexplorer.exe

[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84explorer.exe

[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6explorer.exe

[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- F:UsersTTArmstrongAppDataLocaltempRarSFX0hexplorer.exe

[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878explorer.exe

[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691explorer.exe

 

< MD5 for: SVCHOST.EXE >

[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:Windowserdntcachesvchost.exe

[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:WindowsSystem32svchost.exe

[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356svchost.exe

[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- F:Program FilesMalwarebytes' Anti-MalwareChameleonsvchost.exe

 

< MD5 for: USERINIT.EXE >

[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:Windowserdntcacheuserinit.exe

[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:WindowsSystem32userinit.exe

[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116userinit.exe

[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7cuserinit.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- F:UsersTTArmstrongAppDataLocaltempRarSFX0userinit.exe

 

< MD5 for: WINLOGON.EXE >

[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177winlogon.exe

[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2winlogon.exe

[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:Windowserdntcachewinlogon.exe

[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:WindowsSystem32winlogon.exe

[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500winlogon.exe

[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- F:Program FilesMalwarebytes' Anti-MalwareChameleonwinlogon.exe

[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166winlogon.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- F:UsersTTArmstrongAppDataLocaltempRarSFX0winlogon.exe

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 105 bytes -> F:ProgramDataTEMP:5C321E34

 

< End of report >

Share this post


Link to post
Share on other sites

Hello luluhifi

 

Your latest logs are looking much better :)

 

Provided you are no longer having problems we can remove our tools.

 

only one thing seem funny to me is that in a idle state my CPU is bouncing between 50% -60%

It does not appear to be malware related. I think you (most likely) need to look at the number of security programs you have running on your machine. Please make sure that you only have one real time antivirus running on your system. Running more than one real time AV will cause the machine to slow dramatically and can negatively affect overall security.

 

Is there any other progam that i can put with and work with the other ones i have to protect me from this again

I actually think you would be better off using one real time AV and a decent anti malware/spyware scanner rather than having several running at the same time. They can often conflict with each other and they all tend to be resource hogs, which may explain the high CPU usage.

 

If you would like to change programs you will find a link to some trusted applications in my closing notes.

 

Once you have made sure you only have a single real-time AV installed (and if the problem persists after doing so), please create a new thread in our User to User Help Forum

 

I am sure our members will be able to provide you with excellent advice.

 

 

Lets remove our tools:

 

  • Please Uninstall Combofix

    • Hold down the Windows key (has the Windows symbol on it) and press the "R" key.
    • A Run box will open.
    • Type combofix /uninstall in the run box and click "OK". Please note the space between the "x" and the "/Uninstall", it needs to be there.
  • Please perform the following cleanup procedure

    • Double click on the OTL.exe icon on your desktop to run the program. (Note: If you are running Vista/Windows 7, right-click on the file and choose Run As Administrator).
    • Once OTL has opened, click on the "CleanUp!" button.
    • Follow any prompts that you receive.
  • Removal of Tools

    • You no longer need aswMBR or TDSSKiller.
    • Please delete them from your machine.
    Once you have completed the above steps you should be good to go! If you have any further questions, please feel free to ask.
  • Finally, please take the time to read through the information provided below:

     

    Enhance your System Security

    • For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here.
    • IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
    • Once complete, remember to re-engage your resident security before going online.
    Web Browsers and Browser Security

     

    Firefox

    • Firefox is generally considered to have greater browsing security in comparison to other popular programs. You can download Firefox 3.0 from here.
    No-Script

    • If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system.
    • You can download No-Script by clicking here.
    Internet Explorer

    • The newest version of Internet Explorer is available from here.
    SpywareBlaster

    • If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security.
    • SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.
    • You can download SpywareBlaster by clicking here.
    Web of Trust

    • When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer.
    • Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop).
    • You can download Web of Trust by clicking here.
    Keep your Software Updated

    • Outdated software can sometimes have vulnerabilities that are exploitable by malware.
    • Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here.
    Passwords

    • Learn how to create strong passwords by clicking here and test the strength of the passwords you already use by clicking here.
    General Reading

    Learn How To Combat Malware

    • Would you like to learn how to fight back against malware and help others? Enroll at the What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here.

Share this post


Link to post
Share on other sites

Thank your very much for your help JonTom :clap::b33r: My system 100% better now>>I did all in post #41>>>idle is bouncing between 15 --22% while i have firefox open which makin me surf much faster than before>.i can see the increase :banana3: I am goin to do the same with my other system...I Thank u so much. :)

Share this post


Link to post
Share on other sites

Thank your very much for your help JonTom

You are Very Welcome luluhifi

 

Glad I could be of assistance :)

 

Best wishes,

 

JonTom

Share this post


Link to post
Share on other sites

Since this problem appears to be resolved this topic is now closed.

 

Glad we could help :)

 

Best wishes

JonTom

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...