Jump to content

luluhifi

Advanced Member
  • Content Count

    1,963
  • Joined

  • Last visited

Posts posted by luluhifi


  1. [2011/01/30 05:30:55 | 000,084,480 | ---- | C] () -- F:WindowsSystem32ff_vfw.dll

    [2011/01/29 13:02:14 | 000,003,884 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingdvdae.config

    [2010/11/14 06:08:43 | 000,001,378 | ---- | C] () -- F:WindowsSystem32SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat

    [2010/10/23 20:04:09 | 000,130,048 | ---- | C] () -- F:WindowsSystem32SpoonUninstall.exe

    [2010/10/23 05:02:04 | 000,001,057 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml

    [2010/10/23 05:00:39 | 000,087,608 | ---- | C] () -- F:UsersTTArmstrongAppDataRoaminginst.exe

    [2010/10/23 05:00:39 | 000,007,887 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.cat

    [2010/10/23 05:00:39 | 000,001,144 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.inf

    [2010/10/16 13:33:30 | 000,308,624 | ---- | C] () -- F:WindowsSystem32brcmbsp.dll

    [2010/10/16 13:33:30 | 000,206,216 | ---- | C] () -- F:WindowsSystem32bipbsp.dll

    [2010/10/16 13:31:49 | 000,080,368 | ---- | C] () -- F:WindowsSystem32pbadrvdll.dll

    [2010/09/30 17:07:06 | 000,000,376 | ---- | C] () -- F:WindowsODBC.INI

    [2010/09/30 00:22:17 | 001,474,832 | ---- | C] () -- F:WindowsSystem32driverssfi.dat

    [2010/09/30 00:19:12 | 001,724,416 | ---- | C] () -- F:WindowsSystem32nvwdmcpl.dll

    [2010/09/30 00:19:12 | 001,657,376 | ---- | C] () -- F:WindowsSystem32nwiz.exe

    [2010/09/30 00:19:12 | 001,507,328 | ---- | C] () -- F:WindowsSystem32nView.dll

    [2010/09/30 00:19:12 | 001,101,824 | ---- | C] () -- F:WindowsSystem32nvwimg.dll

    [2010/09/30 00:19:12 | 000,466,944 | ---- | C] () -- F:WindowsSystem32nvShell.dll

    [2010/09/30 00:19:12 | 000,449,056 | ---- | C] () -- F:WindowsSystem32nvAppBar.exe

    [2010/09/30 00:19:12 | 000,267,296 | ---- | C] () -- F:WindowsSystem32nvTaskbar.exe

     

    ========== LOP Check ==========

     

    [2011/08/13 15:53:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingApowersoft

    [2010/10/23 09:09:08 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBackTalk

    [2012/07/22 18:25:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBitTorrent

    [2010/10/23 20:17:56 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingdBpoweramp

    [2010/10/02 11:17:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDisk Cleaner

    [2012/02/01 23:36:24 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDVDFab

    [2012/07/12 22:43:10 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingf-secure

    [2011/05/22 13:07:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingFDRLab

    [2011/08/24 17:01:40 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingImgBurn

    [2011/10/06 23:15:21 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingIObit

    [2011/04/20 16:26:24 | 000,000,000 | RHSD | M] -- F:UsersTTArmstrongAppDataRoamingJava

    [2010/10/17 21:57:31 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingMoonchild Productions

    [2012/04/04 22:53:16 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingPanda Security

    [2011/10/30 07:10:05 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingSystemRequirementsLab

    [2011/06/03 07:03:42 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingUpdater

    [2012/07/31 08:14:02 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingVso

    [2012/06/23 07:47:39 | 000,032,606 | ---- | M] () -- F:WindowsTasksSCHEDLGU.TXT

     

    ========== Purity Check ==========

     

     

     

    ========== Custom Scans ==========

     

    < %systemroot%*. /rp /s >

     

    < MD5 for: EXPLORER.EXE >

    [2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fcexplorer.exe

    [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430explorer.exe

    [2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373explorer.exe

    [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1explorer.exe

    [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cefexplorer.exe

    [2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- F:UsersTTArmstrongAppDataLocaltempRarSFX0procsexplorer.exe

    [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87caexplorer.exe

    [2011/05/15 02:53:30 | 007,012,752 | ---- | M] () MD5=497144C537E73165F7A39C24CC29510C -- F:UsersTTArmstrongAppDataRoamingUpdaterexplorer.exe

    [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowserdntcacheexplorer.exe

    [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowsexplorer.exe

    [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84explorer.exe

    [2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6explorer.exe

    [2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- F:UsersTTArmstrongAppDataLocaltempRarSFX0hexplorer.exe

    [2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878explorer.exe

    [2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691explorer.exe

     

    < MD5 for: SVCHOST.EXE >

    [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:Windowserdntcachesvchost.exe

    [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:WindowsSystem32svchost.exe

    [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356svchost.exe

    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- F:Program FilesMalwarebytes' Anti-MalwareChameleonsvchost.exe

     

    < MD5 for: USERINIT.EXE >

    [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:Windowserdntcacheuserinit.exe

    [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:WindowsSystem32userinit.exe

    [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116userinit.exe

    [2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7cuserinit.exe

    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- F:UsersTTArmstrongAppDataLocaltempRarSFX0userinit.exe

     

    < MD5 for: WINLOGON.EXE >

    [2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177winlogon.exe

    [2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2winlogon.exe

    [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:Windowserdntcachewinlogon.exe

    [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:WindowsSystem32winlogon.exe

    [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500winlogon.exe

    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- F:Program FilesMalwarebytes' Anti-MalwareChameleonwinlogon.exe

    [2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166winlogon.exe

    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- F:UsersTTArmstrongAppDataLocaltempRarSFX0winlogon.exe

     

    ========== Alternate Data Streams ==========

     

    @Alternate Data Stream - 105 bytes -> F:ProgramDataTEMP:5C321E34

     

    < End of report >


  2. OTL logfile created on: 8/1/2012 8:47:10 AM - Run 3

    OTL by OldTimer - Version 3.2.54.1 Folder = F:UsersTTArmstrongDesktop

    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

    Internet Explorer (Version = 9.0.8112.16421)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

     

    1.99 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.63% Memory free

    3.98 Gb Paging File | 2.43 Gb Available in Paging File | 61.12% Paging File free

    Paging file location(s): ?:pagefile.sys [binary data]

     

    %SystemDrive% = F: | %SystemRoot% = F:Windows | %ProgramFiles% = F:Program Files

    Drive C: | 58.93 Gb Total Space | 6.95 Gb Free Space | 11.79% Space Free | Partition Type: NTFS

    Drive E: | 39.71 Gb Total Space | 30.29 Gb Free Space | 76.28% Space Free | Partition Type: NTFS

    Drive F: | 50.14 Gb Total Space | 9.10 Gb Free Space | 18.15% Space Free | Partition Type: NTFS

     

    Computer Name: TTARMSTRONG-PC | User Name: TTArmstrong | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: Current user

    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

     

    ========== Processes (SafeList) ==========

     

    PRC - [2012/07/31 10:19:38 | 003,075,920 | ---- | M] (Emsisoft GmbH) -- F:Program FilesEmsisoft Anti-Malwarea2service.exe

    PRC - [2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe

    PRC - [2012/07/13 07:15:56 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe

    PRC - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe

    PRC - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe

    PRC - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe

    PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe

    PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIpsia.exe

    PRC - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIsua.exe

    PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- F:Program FilesSUPERAntiSpywareSASCore.exe

    PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- F:Windowsexplorer.exe

    PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFTray.exe

    PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFService.exe

    PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- F:WindowsSystem32taskhost.exe

    PRC - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe

    PRC - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe

    PRC - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe

    PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- F:Program FilesNeroUpdateNASvc.exe

    PRC - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe

    PRC - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe

    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- F:Program FilesSpybot - Search & DestroyTeaTimer.exe

    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- F:Program FilesSpybot - Search & DestroySDWinSec.exe

    PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe

    PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe

     

     

    ========== Modules (No Company Name) ==========

     

    MOD - [2012/07/10 00:09:00 | 000,438,296 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppgooglenaclpluginchrome.dll

    MOD - [2012/07/10 00:08:59 | 003,972,120 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll

    MOD - [2012/07/10 00:07:39 | 000,554,520 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libglesv2.dll

    MOD - [2012/07/10 00:07:37 | 000,117,784 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libegl.dll

    MOD - [2012/07/10 00:07:22 | 000,140,328 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avutil-51.dll

    MOD - [2012/07/10 00:07:21 | 000,262,184 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avformat-54.dll

    MOD - [2012/07/10 00:07:19 | 002,386,984 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avcodec-54.dll

    MOD - [2012/07/09 22:17:27 | 009,255,112 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57gcswf32.dll

    MOD - [2011/11/17 08:51:58 | 000,073,728 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANPDApi.dll

    MOD - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe

    MOD - [2010/07/05 18:41:40 | 000,299,008 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless Utilitywlanapp.dll

    MOD - [2010/06/29 17:42:42 | 000,040,960 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.dll

    MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- F:Program FilesMicrosoft OfficeOffice141033GrooveIntlResource.dll

    MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- F:Program FilesCommon Filesmicrosoft sharedOFFICE14CulturesOFFICE.ODF

    MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe

    MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe

     

     

    ========== Win32 Services (SafeList) ==========

     

    SRV - File not found [Auto | Stopped] -- -- (tgsrvc_verizondm)

    SRV - File not found [Auto | Running] -- F:Program FilesSpybot -- (SBSDWSCService)

    SRV - [2012/07/31 10:19:38 | 003,075,920 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- F:Program FilesEmsisoft Anti-Malwarea2service.exe -- (a2AntiMalware)

    SRV - [2012/07/28 22:19:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:WindowsSystem32MacromedFlashFlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

    SRV - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe -- (PSUAService)

    SRV - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe -- (NanoServiceMain)

    SRV - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe -- (cmdAgent)

    SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe -- (AdobeARMservice)

    SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIpsia.exe -- (Secunia PSI Agent)

    SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIsua.exe -- (Secunia Update Agent)

    SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- F:Program FilesSUPERAntiSpywareSASCore.exe -- (!SASCORE)

    SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe -- (NisSrv)

    SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc)

    SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- F:Program FilesThreatFireTFService.exe -- (ThreatFire)

    SRV - [2010/10/01 12:50:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32WatWatAdminSvc.exe -- (WatAdminSvc)

    SRV - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe -- (Nonbrand_WUS-N)

    SRV - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe -- (Nonbrand_WUS-N_WPS)

    SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- F:Program FilesNeroUpdateNASvc.exe -- (NAUpdate)

    SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft OfficeOffice14GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

    SRV - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe -- (Credential Vault Host Control Service)

    SRV - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe -- (Credential Vault Host Storage)

    SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32sensrsvc.dll -- (SensrSvc)

    SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:Program FilesWindows DefenderMpSvc.dll -- (WinDefend)

     

     

    ========== Driver Services (SafeList) ==========

     

    DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempCFcatchme.sys -- (CFcatchme)

    DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempcatchme.sys -- (catchme)

    DRV - [2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversPSINKNC.sys -- (PSINKNC)

    DRV - [2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINProt.sys -- (PSINProt)

    DRV - [2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINProc.sys -- (PSINProc)

    DRV - [2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINAflt.sys -- (PSINAflt)

    DRV - [2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINFile.sys -- (PSINFile)

    DRV - [2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSStrm.sys -- (NNSSTRM)

    DRV - [2012/06/29 13:37:46 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- F:Program FilesEmsisoft Anti-Malwarea2accx86.sys -- (a2acc)

    DRV - [2012/06/27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNStlsc.sys -- (NNSTLSC)

    DRV - [2012/06/27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSProt.sys -- (NNSPROT)

    DRV - [2012/06/27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPrv.sys -- (NNSPRV)

    DRV - [2012/06/27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSSmtp.sys -- (NNSSMTP)

    DRV - [2012/06/27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPop3.sys -- (NNSPOP3)

    DRV - [2012/06/27 15:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- F:WindowsSystem32driversNNSPihsw.sys -- (NNSPIHSW)

    DRV - [2012/06/27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSIds.sys -- (NNSIDS)

    DRV - [2012/06/27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSpicc.sys -- (NNSPICC)

    DRV - [2012/06/27 15:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- F:WindowsSystem32driversNNSNAHSL.sys -- (NNSNAHSL)

    DRV - [2012/06/27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSHttp.sys -- (NNSHTTP)

    DRV - [2012/06/27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSAlpc.sys -- (NNSALPC)

    DRV - [2012/03/11 21:13:38 | 000,039,640 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driverscmdhlp.sys -- (cmdHlp)

    DRV - [2012/03/11 21:13:36 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- F:WindowsSystem32driverscmdGuard.sys -- (cmdGuard)

    DRV - [2012/02/03 19:27:48 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driversinspect.sys -- (inspect)

    DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywaresasdifsv.sys -- (SASDIFSV)

    DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywareSASKUTIL.SYS -- (SASKUTIL)

    DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- F:Program FilesEmsisoft Anti-Malwarea2ddax86.sys -- (A2DDA)

    DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversNisDrvWFP.sys -- (NisDrv)

    DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversMpNWMon.sys -- (MpNWMon)

    DRV - [2011/03/10 18:04:57 | 000,046,280 | ---- | M] (Panda Security) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversPSKMAD.sys -- (PSKMAD)

    DRV - [2011/02/23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- F:WindowsSystem32driversSmartDefragDriver.sys -- (SmartDefragDriver)

    DRV - [2011/02/22 13:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfSysMon.sys -- (TfSysMon)

    DRV - [2011/02/22 13:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversTfNetMon.sys -- (TfNetMon)

    DRV - [2011/02/22 13:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfFsMon.sys -- (TfFsMon)

    DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversTsUsbFlt.sys -- (TsUsbFlt)

    DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverswinusb.sys -- (WinUsb)

    DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- F:WindowsSystem32driverspsi_mf.sys -- (PSI)

    DRV - [2010/07/29 01:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversivusb.sys -- (ivusb)

    DRV - [2010/06/21 14:28:02 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- F:WindowsSystem32driversanodlwf.sys -- (anodlwf)

    DRV - [2010/05/26 21:29:42 | 000,856,928 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversnetr28u.sys -- (netr28u)

    DRV - [2009/11/03 16:40:42 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverscvusbdrv.sys -- (cvusbdrv)

    DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversvwifimp.sys -- (vwifimp)

    DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Stopped] -- F:WindowsSystem32driversserial.sys -- (Serial)

    DRV - [2009/06/16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversnvlddmkm.sys -- (nvlddmkm)

    DRV - [2009/06/13 01:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverse1y6232.sys -- (e1yexpress)

    DRV - [2009/04/03 00:25:50 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- F:WindowsSystem32driversrimmptsk.sys -- (rimmptsk)

    DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- F:WindowsSystem32driversPBADRV.sys -- (PBADRV)

    DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverswdcsam.sys -- (WDC_SAM)

    DRV - [2007/06/14 16:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversPAC7302.SYS -- (PAC7302)

    DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:Program FilesPeerGuardian2pgfilter.sys -- (pgfilter)

     

     

    ========== Standard Registry (SafeList) ==========

     

     

    ========== Internet Explorer ==========

     

    IE - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

    IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKLM..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

     

    IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com/

    IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 32 3B 56 CC 32 DD CB 01 [binary data]

    IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

    IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

    IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS399

    IE - HKCU..SearchScopes{7DA22919-2250-49B5-B6AF-6EDF78DB766E}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110939,17118,0,18,0

    IE - HKCU..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

    IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

     

    ========== FireFox ==========

     

    FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"

    FF - prefs.js..extensions.enabledItems: [email protected]:1.0

    FF - prefs.js..network.proxy.type: 0

    FF - user.js - File not found

     

    FF - [email protected]/FlashPlayer: F:Windowssystem32MacromedFlashNPSWF32_11_3_300_268.dll ()

    FF - [email protected]/JavaPlugin: F:Program FilesJavajre6binplugin2npjp2.dll (Sun Microsystems, Inc.)

    FF - [email protected]/GENUINE: disabled File not found

    FF - [email protected]/NpCtrl,version=1.0: F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)

    FF - [email protected]/OfficeAuthz,version=14.0: F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation)

    FF - [email protected]/SharePoint,version=14.0: F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL (Microsoft Corporation)

    FF - [email protected]/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found

    FF - [email protected]/nppl3260;version=6.0.11.2852: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.)

    FF - [email protected]/nppl3260;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.)

    FF - [email protected]/nprpjplug;version=6.0.12.1662: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.)

    FF - [email protected]/nprpjplug;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.)

    FF - [email protected]/nsJSRealPlayerPlugin;version=: File not found

    FF - [email protected]/Google Update;version=3: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

    FF - [email protected]/Google Update;version=9: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

    FF - [email protected]/vlc,version=2.0.1: F:Program FilesVideoLANVLCnpvlc.dll (VideoLAN)

    FF - HKLMSoftwareMozillaPluginsAdobe Reader: F:Program FilesAdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

    FF - [email protected]/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found

    FF - [email protected]/Google Update;version=3: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

    FF - [email protected]/Google Update;version=9: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

     

    FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsComponents: F:Program FilesPale Mooncomponents [2012/07/22 21:39:17 | 000,000,000 | ---D | M]

    FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsPlugins: F:Program FilesPale Moonplugins [2012/07/22 21:04:49 | 000,000,000 | ---D | M]

    FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensions{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: F:Program FilesPriceGong2.1.0FF

     

    [2012/02/15 13:45:42 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaExtensions

    [2012/07/29 20:58:45 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensions

    [2012/07/29 20:58:45 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfiles0extensions

    [2012/02/15 09:13:57 | 000,000,000 | ---D | M] (No name found) -- F:Program FilesMozilla Firefoxextensions

    [2011/07/07 09:43:57 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

    [2011/10/24 01:58:25 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

    [2012/02/26 15:32:27 | 000,000,000 | ---D | M] (PageFont) -- F:USERSTTARMSTRONGAPPDATAROAMINGMOONCHILD PRODUCTIONSPALE [email protected]

     

    ========== Chrome ==========

     

    CHR - homepage: http://www.google.com/

    CHR - default_search_provider: Google (Enabled)

    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

    CHR - homepage: http://www.google.com/

    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

    CHR - plugin: Native Client (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppGoogleNaClPluginChrome.dll

    CHR - plugin: Chrome PDF Viewer (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll

    CHR - plugin: Shockwave Flash (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57gcswf32.dll

    CHR - plugin: Shockwave Flash (Disabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataPepperFlash11.2.31.144pepflashplayer.dll

    CHR - plugin: Shockwave Flash (Enabled) = F:Windowssystem32MacromedFlashNPSWF32_11_2_202_235.dll

    CHR - plugin: Adobe Acrobat (Disabled) = F:Program FilesAdobeReader 10.0ReaderBrowsernppdf32.dll

    CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnppl3260.dll

    CHR - plugin: RealPlayer Version Plugin (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnprpjplug.dll

    CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL

    CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL

    CHR - plugin: Google Update (Enabled) = F:Program FilesGoogleUpdate1.3.21.111npGoogleUpdate3.dll

    CHR - plugin: Java Platform SE 6 U31 (Enabled) = F:Program FilesJavajre6binplugin2npjp2.dll

    CHR - plugin: Silverlight Plug-In (Enabled) = F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll

    CHR - plugin: VLC Web Plugin (Enabled) = F:Program FilesVideoLANVLCnpvlc.dll

    CHR - Extension: YouTube = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0

    CHR - Extension: Google Search = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0

    CHR - Extension: Gmail = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0

     

    O1 HOSTS File: ([2012/07/26 18:47:24 | 000,443,084 | R--- | M]) - F:WindowsSystem32driversetchosts

    O1 - Hosts: 127.0.0.1 localhost

    O1 - Hosts: 127.0.0.1 www.007guard.com

    O1 - Hosts: 127.0.0.1 007guard.com

    O1 - Hosts: 127.0.0.1 008i.com

    O1 - Hosts: 127.0.0.1 www.008k.com

    O1 - Hosts: 127.0.0.1 008k.com

    O1 - Hosts: 127.0.0.1 www.00hq.com

    O1 - Hosts: 127.0.0.1 00hq.com

    O1 - Hosts: 127.0.0.1 010402.com

    O1 - Hosts: 127.0.0.1 www.032439.com

    O1 - Hosts: 127.0.0.1 032439.com

    O1 - Hosts: 127.0.0.1 www.0scan.com

    O1 - Hosts: 127.0.0.1 0scan.com

    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

    O1 - Hosts: 127.0.0.1 1000gratisproben.com

    O1 - Hosts: 127.0.0.1 1001namen.com

    O1 - Hosts: 127.0.0.1 www.1001namen.com

    O1 - Hosts: 127.0.0.1 100888290cs.com

    O1 - Hosts: 127.0.0.1 www.100888290cs.com

    O1 - Hosts: 127.0.0.1 www.100sexlinks.com

    O1 - Hosts: 127.0.0.1 100sexlinks.com

    O1 - Hosts: 127.0.0.1 www.10sek.com

    O1 - Hosts: 127.0.0.1 10sek.com

    O1 - Hosts: 127.0.0.1 www.1-2005-search.com

    O1 - Hosts: 127.0.0.1 1-2005-search.com

    O1 - Hosts: 15245 more lines...

    O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:Program FilesSpywareGuarddlprotect.dll ()

    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited)

    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation)

    O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:Program FilesJavajre6binssv.dll (Sun Microsystems, Inc.)

    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:Program FilesMicrosoft OfficeOffice14URLREDIR.DLL (Microsoft Corporation)

    O3 - HKLM..Toolbar: (@msdxmLC.dll,[email protected],&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation)

    O3 - HKLM..Toolbar: (no name) - InprocServer32 - No CLSID value found.

    O4 - HKLM..Run: [COMODO Internet Security] F:Program FilesCOMODOCOMODO Internet Securitycfp.exe (COMODO)

    O4 - HKLM..Run: [KEEBOX 150N Wireless Utility] F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe ()

    O4 - HKLM..Run: [PSUAMain] F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe (Panda Security, S.L.)

    O4 - HKLM..Run: [ThreatFire] F:Program FilesThreatFireTFTray.exe (PC Tools)

    O4 - HKCU..Run: [spybotSD TeaTimer] F:Program FilesSpybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.)

    O4 - Startup: F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSpywareGuard.lnk = F:Program FilesSpywareGuardsgmain.exe ()

    O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

    O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5

    O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

    O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0

    O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLinkedConnections = 1

    O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

    O8 - Extra context menu item: E&xport to Microsoft Excel - F:Program FilesMicrosoft OfficeOffice14EXCEL.EXE (Microsoft Corporation)

    O8 - Extra context menu item: Se&nd to OneNote - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited)

    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)

    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

    O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1

    O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10}: DhcpNameServer = 192.168.1.1

    O18 - ProtocolHandlervnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation)

    O20 - AppInit_DLLs: (F:WindowsSystem32guard32.dll) - F:WindowsSystem32guard32.dll (COMODO)

    O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:Windowsexplorer.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: UserInit - (F:Windowssystem32userinit.exe) - F:WindowsSystem32userinit.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:WindowsSystem32SystemPropertiesPerformance.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

    O20 - WinlogonNotify!SASWinLogon: DllName - (F:Program FilesSUPERAntiSpywareSASWINLO.DLL) - F:Program FilesSUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com)

    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:Program FilesSUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com)

    O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - F:Program FilesSpywareGuardspywareguard.dll ()

    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation)

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]

    O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - F:autoexec.bat -- [ NTFS ]

    O34 - HKLM BootExecute: (autocheck autochk *)

    O35 - HKLM..comfile [open] -- "%1" %*

    O35 - HKLM..exefile [open] -- "%1" %*

    O37 - HKLM...com [@ = ComFile] -- "%1" %*

    O37 - HKLM...exe [@ = exefile] -- "%1" %*

    O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)

    O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2)

    O38 - SubSystemsWindows: (ServerDll=sxssrv,4)

     

    ========== Files/Folders - Created Within 30 Days ==========

     

    [2012/07/31 17:50:21 | 000,046,280 | ---- | C] (Panda Security) -- F:WindowsSystem32driversPSKMAD.sys

    [2012/07/30 06:11:06 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopSOUND EFFECTS2

    [2012/07/30 06:08:44 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopKINGVIPER VDJ AUG

    [2012/07/29 20:58:44 | 000,000,000 | ---D | C] -- F:_OTL

    [2012/07/29 03:38:00 | 000,000,000 | ---D | C] -- F:ProgramDataKaspersky Lab

    [2012/07/28 22:19:24 | 009,821,896 | ---- | C] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerInstaller.exe

    [2012/07/26 18:41:04 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy

    [2012/07/26 18:40:41 | 000,000,000 | ---D | C] -- F:ProgramDataSpybot - Search & Destroy

    [2012/07/26 18:40:41 | 000,000,000 | ---D | C] -- F:Program FilesSpybot - Search & Destroy

    [2012/07/26 15:02:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe

    [2012/07/26 11:35:48 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys

    [2012/07/26 11:35:48 | 000,131,344 | ---- | C] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys

    [2012/07/26 11:09:33 | 000,000,000 | ---D | C] -- F:ProgramDataSophos

    [2012/07/26 11:09:24 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsSophos

    [2012/07/26 11:09:20 | 000,000,000 | ---D | C] -- F:Program FilesSophos

    [2012/07/26 08:29:29 | 000,000,000 | -HSD | C] -- F:$RECYCLE.BIN

    [2012/07/23 12:49:13 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPanda Cloud Antivirus

    [2012/07/22 20:02:33 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataLocaltemp

    [2012/07/22 19:49:13 | 000,518,144 | ---- | C] (SteelWerX) -- F:WindowsSWREG.exe

    [2012/07/22 19:49:13 | 000,406,528 | ---- | C] (SteelWerX) -- F:WindowsSWSC.exe

    [2012/07/22 19:49:13 | 000,060,416 | ---- | C] (NirSoft) -- F:WindowsNIRCMD.exe

    [2012/07/22 18:59:15 | 000,000,000 | ---D | C] -- F:Windowserdnt

    [2012/07/22 18:56:03 | 004,721,680 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe

    [2012/07/22 18:32:51 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopdvdmoviecover

    [2012/07/22 09:33:06 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopHIPHOP

    [2012/07/21 14:16:19 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoporignal dance

    [2012/07/21 13:20:04 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopwedding songs

    [2012/07/19 23:17:06 | 000,607,260 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr

    [2012/07/18 11:34:09 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoprockerz2 joe gibbs

    [2012/07/18 03:21:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32mshtml.tlb

    [2012/07/18 03:21:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieui.dll

    [2012/07/18 03:21:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieUnatt.exe

    [2012/07/18 03:21:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jsproxy.dll

    [2012/07/18 03:21:38 | 001,800,192 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jscript9.dll

    [2012/07/18 03:21:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32url.dll

    [2012/07/18 03:21:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32inetcpl.cpl

    [2012/07/18 03:18:31 | 002,345,984 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32win32k.sys

    [2012/07/17 21:26:03 | 000,000,000 | ---D | C] -- F:VritualRoot

    [2012/07/17 20:17:45 | 000,219,136 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ncrypt.dll

    [2012/07/17 20:17:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32msxml3r.dll

    [2012/07/17 20:17:41 | 000,805,376 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32cdosys.dll

    [2012/07/17 20:13:11 | 002,422,272 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wucltux.dll

    [2012/07/17 20:13:11 | 000,045,080 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups2.dll

    [2012/07/17 20:12:59 | 000,577,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapi.dll

    [2012/07/17 20:12:59 | 000,088,576 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wudriver.dll

    [2012/07/17 20:12:59 | 000,035,864 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups.dll

    [2012/07/17 20:12:50 | 000,171,904 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuwebv.dll

    [2012/07/17 20:12:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapp.exe

    [2012/07/17 20:11:47 | 000,000,000 | ---D | C] -- F:Program FilesMicrosoft Security Client

    [2012/07/14 08:45:02 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsThreatFire

    [2012/07/14 08:45:01 | 000,069,392 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfSysMon.sys

    [2012/07/14 08:45:01 | 000,051,984 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfFsMon.sys

    [2012/07/14 08:45:01 | 000,033,552 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfNetMon.sys

    [2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:Program FilesThreatFire

    [2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:ProgramDataPC Tools

    [2012/07/13 07:02:16 | 000,174,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys

    [2012/07/13 07:02:16 | 000,120,872 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys

    [2012/07/13 07:02:16 | 000,114,216 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys

    [2012/07/13 07:02:15 | 000,148,520 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys

    [2012/07/13 07:02:15 | 000,103,464 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys

    [2012/07/12 22:43:10 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingf-secure

    [2012/07/12 22:42:53 | 000,000,000 | ---D | C] -- F:ProgramDataF-Secure

    [2012/07/12 22:23:42 | 000,014,664 | ---- | C] (McAfee, Inc.) -- F:Windowsstinger.sys

    [2012/07/12 22:22:14 | 000,000,000 | ---D | C] -- F:Program Filesstinger

    [2012/07/12 11:18:32 | 000,206,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys

    [2012/07/11 19:25:56 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopWEDDIN SONG JULY 15

    [2012/07/11 05:43:36 | 000,000,000 | ---D | C] -- F:Program FilesReal

    [2012/07/10 20:45:16 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopnew riddim & cover april 30

    [2012/07/07 16:16:44 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopsamplesforkingcd

    [2012/07/07 13:28:51 | 000,000,000 | ---D | C] -- F:Program FilesNewAgeDesign

    [2010/10/23 05:00:39 | 000,047,360 | ---- | C] (VSO Software) -- F:UsersTTArmstrongAppDataRoamingpcouffin.sys

     

    ========== Files - Modified Within 30 Days ==========

     

    [2012/08/01 08:47:15 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    [2012/08/01 08:47:15 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    [2012/08/01 08:42:27 | 000,000,830 | ---- | M] () -- F:WindowstasksAdobe Flash Player Updater.job

    [2012/08/01 08:42:26 | 000,000,932 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001UA.job

    [2012/08/01 08:42:26 | 000,000,896 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineUA.job

    [2012/08/01 08:42:15 | 000,067,584 | --S- | M] () -- F:Windowsbootstat.dat

    [2012/07/31 21:00:59 | 000,626,486 | ---- | M] () -- F:WindowsSystem32perfh009.dat

    [2012/07/31 21:00:59 | 000,107,730 | ---- | M] () -- F:WindowsSystem32perfc009.dat

    [2012/07/31 20:53:50 | 000,000,892 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineCore.job

    [2012/07/31 20:53:41 | 000,065,536 | ---- | M] () -- F:WindowsSystem32Ikeext.etl

    [2012/07/31 20:53:28 | 1601,097,728 | -HS- | M] () -- F:hiberfil.sys

    [2012/07/31 08:58:45 | 000,003,232 | ---- | M] () -- F:UsersTTArmstrongDesktopmed.jpg

    [2012/07/31 08:14:02 | 000,001,057 | ---- | M] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml

    [2012/07/30 20:47:34 | 018,282,540 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj009.wav

    [2012/07/30 20:45:51 | 029,122,604 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj008.wav

    [2012/07/30 20:43:05 | 036,538,412 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj007.wav

    [2012/07/30 20:39:38 | 045,281,324 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj006.wav

    [2012/07/30 20:35:22 | 036,782,124 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj005.wav

    [2012/07/30 20:31:53 | 035,053,612 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj004.wav

    [2012/07/30 20:28:34 | 027,793,452 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj003.wav

    [2012/07/30 20:25:57 | 052,572,204 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj002.wav

    [2012/07/30 20:20:59 | 035,688,492 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj001.wav

    [2012/07/30 20:17:37 | 047,814,700 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj000.wav

    [2012/07/30 19:31:56 | 038,260,780 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj005.wav

    [2012/07/30 19:28:19 | 022,362,156 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj004.wav

    [2012/07/30 19:26:12 | 035,506,220 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj003.wav

    [2012/07/30 19:22:51 | 053,954,604 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj002.wav

    [2012/07/30 19:17:45 | 031,518,764 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj001.wav

    [2012/07/30 19:14:46 | 062,074,924 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj000.wav

    [2012/07/30 19:00:48 | 000,067,072 | ---- | M] () -- F:UsersTTArmstrongDesktopFuture Pluto Mixtape.jwl

    [2012/07/30 18:48:06 | 000,099,328 | ---- | M] () -- F:UsersTTArmstrongDesktopDJ SMALL RNB 12 SUPER JAY 124.jwl

    [2012/07/30 18:35:24 | 000,042,496 | ---- | M] () -- F:UsersTTArmstrongDesktopDJ Black Reggae Mix best of 2011 Mixtape.jwl

    [2012/07/30 18:24:56 | 000,091,648 | ---- | M] () -- F:UsersTTArmstrongDesktopdj scream dj smallz.jwl

    [2012/07/30 17:08:01 | 000,000,880 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001Core.job

    [2012/07/30 15:34:21 | 000,045,070 | ---- | M] () -- F:UsersTTArmstrongDesktop215276_10150168504124133_4115803_n.jpg

    [2012/07/30 06:41:02 | 004,339,756 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj008.wav

    [2012/07/30 06:40:37 | 024,279,084 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj007.wav

    [2012/07/30 06:38:20 | 024,641,580 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj006.wav

    [2012/07/30 06:36:00 | 030,982,188 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj005.wav

    [2012/07/30 06:33:04 | 042,895,404 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj004.wav

    [2012/07/30 06:29:01 | 033,499,180 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj003.wav

    [2012/07/30 06:25:51 | 025,878,572 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj002.wav

    [2012/07/30 06:23:24 | 025,231,404 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj001.wav

    [2012/07/30 06:21:01 | 034,054,188 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj000.wav

    [2012/07/30 06:03:32 | 000,006,656 | ---- | M] () -- F:UsersTTArmstrongDesktopsoca.jwl

    [2012/07/30 04:24:19 | 000,165,376 | ---- | M] () -- F:UsersTTArmstrongDesktopThe Tall Man.jwl

    [2012/07/30 04:21:25 | 000,107,335 | ---- | M] () -- F:UsersTTArmstrongDesktop56056892538297718450.jpg

    [2012/07/30 04:21:15 | 001,498,112 | ---- | M] () -- F:UsersTTArmstrongDesktopCole Younger & The Black Train.jwl

    [2012/07/30 04:17:30 | 000,165,376 | ---- | M] () -- F:UsersTTArmstrongDesktopHeadhunters.jwl

    [2012/07/30 04:13:20 | 000,122,880 | ---- | M] () -- F:UsersTTArmstrongDesktopAirborne.jwl

    [2012/07/30 04:10:34 | 000,129,024 | ---- | M] () -- F:UsersTTArmstrongDesktopSiones 2 Unfinished Business.jwl

    [2012/07/30 04:07:27 | 000,040,448 | ---- | M] () -- F:UsersTTArmstrongDesktopCellular.jwl

    [2012/07/30 04:02:38 | 000,052,224 | ---- | M] () -- F:UsersTTArmstrongDesktopLizzie.jwl

    [2012/07/29 04:17:53 | 000,105,601 | ---- | M] () -- F:UsersTTArmstrongDesktop523955_3764822717353_643435299_n.jpg

    [2012/07/28 22:19:26 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerApp.exe

    [2012/07/28 22:19:26 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerCPLApp.cpl

    [2012/07/28 22:19:24 | 009,821,896 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerInstaller.exe

    [2012/07/26 18:47:24 | 000,443,084 | R--- | M] () -- F:WindowsSystem32driversetchosts

    [2012/07/26 18:44:57 | 000,443,084 | R--- | M] () -- F:WindowsSystem32driversetchosts.20120726-184724.backup

    [2012/07/26 18:41:05 | 000,001,251 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk

    [2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe

    [2012/07/26 11:35:48 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys

    [2012/07/26 11:35:48 | 000,131,344 | ---- | M] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys

    [2012/07/26 11:09:24 | 000,003,221 | ---- | M] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk

    [2012/07/26 08:23:41 | 000,000,027 | ---- | M] () -- F:WindowsSystem32driversetchosts.20120726-184457.backup

    [2012/07/26 08:04:12 | 004,721,680 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe

    [2012/07/23 12:51:42 | 000,462,152 | ---- | M] () -- F:WindowsSystem32FNTCACHE.DAT

    [2012/07/23 12:50:26 | 000,000,000 | ---- | M] () -- F:ProgramData0x0304A000.sfl

    [2012/07/22 21:39:21 | 000,000,758 | ---- | M] () -- F:UsersPublicDesktopPale Moon.lnk

    [2012/07/22 21:05:36 | 000,001,952 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchPale Moon.lnk

    [2012/07/19 23:16:58 | 000,607,260 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr

    [2012/07/18 04:31:41 | 051,150,892 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav

    [2012/07/18 04:26:51 | 022,272,044 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav

    [2012/07/18 04:24:45 | 028,700,716 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav

    [2012/07/18 04:22:02 | 027,181,100 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav

    [2012/07/18 04:19:28 | 035,190,828 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav

    [2012/07/18 04:16:09 | 040,550,444 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav

    [2012/07/18 04:12:19 | 031,346,732 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav

    [2012/07/18 04:09:21 | 045,740,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav

    [2012/07/18 04:05:02 | 052,380,232 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav

    [2012/07/18 04:00:01 | 020,090,924 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav

    [2012/07/18 03:58:07 | 029,100,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav

    [2012/07/18 03:18:29 | 000,002,141 | ---- | M] () -- F:Windowsepplauncher.mif

    [2012/07/16 17:27:15 | 000,052,001 | ---- | M] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg

    [2012/07/14 08:45:02 | 000,000,939 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk

    [2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys

    [2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys

    [2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys

    [2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys

    [2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys

    [2012/07/12 23:01:43 | 000,281,862 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalcensus.cache

    [2012/07/12 23:01:22 | 000,158,340 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalars.cache

    [2012/07/12 22:53:41 | 000,000,036 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache

    [2012/07/12 22:23:42 | 000,014,664 | ---- | M] (McAfee, Inc.) -- F:Windowsstinger.sys

    [2012/07/12 22:23:03 | 000,000,045 | RH-- | M] () -- F:UsersTTArmstrongDesktopstinger.opt

    [2012/07/12 22:06:02 | 000,001,078 | ---- | M] () -- F:UsersPublicDesktopMalwarebytes Anti-Malware.lnk

    [2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys

    [2012/07/08 18:36:53 | 002,616,633 | ---- | M] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3

    [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- F:WindowsSystem32driversmbam.sys

    [2012/07/02 16:51:55 | 000,041,909 | ---- | M] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg

     

    ========== Files Created - No Company Name ==========

     

    [2012/07/31 08:59:11 | 000,003,232 | ---- | C] () -- F:UsersTTArmstrongDesktopmed.jpg

    [2012/07/30 20:45:51 | 018,282,540 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj009.wav

    [2012/07/30 20:43:05 | 029,122,604 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj008.wav

    [2012/07/30 20:39:38 | 036,538,412 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj007.wav

    [2012/07/30 20:35:22 | 045,281,324 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj006.wav

    [2012/07/30 20:31:53 | 036,782,124 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj005.wav

    [2012/07/30 20:28:34 | 035,053,612 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj004.wav

    [2012/07/30 20:25:57 | 027,793,452 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj003.wav

    [2012/07/30 20:20:59 | 052,572,204 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj002.wav

    [2012/07/30 20:17:37 | 035,688,492 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj001.wav

    [2012/07/30 20:13:05 | 047,814,700 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj000.wav

    [2012/07/30 19:28:19 | 038,260,780 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj005.wav

    [2012/07/30 19:26:12 | 022,362,156 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj004.wav

    [2012/07/30 19:22:51 | 035,506,220 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj003.wav

    [2012/07/30 19:17:45 | 053,954,604 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj002.wav

    [2012/07/30 19:14:46 | 031,518,764 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj001.wav

    [2012/07/30 19:08:54 | 062,074,924 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj000.wav

    [2012/07/30 19:00:48 | 000,067,072 | ---- | C] () -- F:UsersTTArmstrongDesktopFuture Pluto Mixtape.jwl

    [2012/07/30 18:48:06 | 000,099,328 | ---- | C] () -- F:UsersTTArmstrongDesktopDJ SMALL RNB 12 SUPER JAY 124.jwl

    [2012/07/30 18:35:24 | 000,042,496 | ---- | C] () -- F:UsersTTArmstrongDesktopDJ Black Reggae Mix best of 2011 Mixtape.jwl

    [2012/07/30 18:24:56 | 000,091,648 | ---- | C] () -- F:UsersTTArmstrongDesktopdj scream dj smallz.jwl

    [2012/07/30 15:34:26 | 000,045,070 | ---- | C] () -- F:UsersTTArmstrongDesktop215276_10150168504124133_4115803_n.jpg

    [2012/07/30 06:40:37 | 004,339,756 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj008.wav

    [2012/07/30 06:38:20 | 024,279,084 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj007.wav

    [2012/07/30 06:36:00 | 024,641,580 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj006.wav

    [2012/07/30 06:33:04 | 030,982,188 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj005.wav

    [2012/07/30 06:29:01 | 042,895,404 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj004.wav

    [2012/07/30 06:25:51 | 033,499,180 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj003.wav

    [2012/07/30 06:23:24 | 025,878,572 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj002.wav

    [2012/07/30 06:21:01 | 025,231,404 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj001.wav

    [2012/07/30 06:17:48 | 034,054,188 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj000.wav

    [2012/07/30 06:03:32 | 000,006,656 | ---- | C] () -- F:UsersTTArmstrongDesktopsoca.jwl

    [2012/07/30 04:24:19 | 000,165,376 | ---- | C] () -- F:UsersTTArmstrongDesktopThe Tall Man.jwl

    [2012/07/30 04:21:27 | 000,107,335 | ---- | C] () -- F:UsersTTArmstrongDesktop56056892538297718450.jpg

    [2012/07/30 04:21:14 | 001,498,112 | ---- | C] () -- F:UsersTTArmstrongDesktopCole Younger & The Black Train.jwl

    [2012/07/30 04:17:29 | 000,165,376 | ---- | C] () -- F:UsersTTArmstrongDesktopHeadhunters.jwl

    [2012/07/30 04:13:20 | 000,122,880 | ---- | C] () -- F:UsersTTArmstrongDesktopAirborne.jwl

    [2012/07/30 04:10:34 | 000,129,024 | ---- | C] () -- F:UsersTTArmstrongDesktopSiones 2 Unfinished Business.jwl

    [2012/07/30 04:07:27 | 000,040,448 | ---- | C] () -- F:UsersTTArmstrongDesktopCellular.jwl

    [2012/07/30 04:02:38 | 000,052,224 | ---- | C] () -- F:UsersTTArmstrongDesktopLizzie.jwl

    [2012/07/29 04:18:00 | 000,105,601 | ---- | C] () -- F:UsersTTArmstrongDesktop523955_3764822717353_643435299_n.jpg

    [2012/07/26 18:41:05 | 000,001,251 | ---- | C] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk

    [2012/07/26 11:09:24 | 000,003,221 | ---- | C] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk

    [2012/07/23 12:50:26 | 000,000,000 | ---- | C] () -- F:ProgramData0x0304A000.sfl

    [2012/07/22 21:05:37 | 000,000,770 | ---- | C] () -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPale Moon.lnk

    [2012/07/22 21:05:37 | 000,000,758 | ---- | C] () -- F:UsersPublicDesktopPale Moon.lnk

    [2012/07/22 19:49:13 | 000,256,000 | ---- | C] () -- F:WindowsPEV.exe

    [2012/07/22 19:49:13 | 000,208,896 | ---- | C] () -- F:WindowsMBR.exe

    [2012/07/22 19:49:13 | 000,098,816 | ---- | C] () -- F:Windowssed.exe

    [2012/07/22 19:49:13 | 000,080,412 | ---- | C] () -- F:Windowsgrep.exe

    [2012/07/22 19:49:13 | 000,068,096 | ---- | C] () -- F:Windowszip.exe

    [2012/07/18 04:26:51 | 051,150,892 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav

    [2012/07/18 04:24:45 | 022,272,044 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav

    [2012/07/18 04:22:02 | 028,700,716 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav

    [2012/07/18 04:19:28 | 027,181,100 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav

    [2012/07/18 04:16:09 | 035,190,828 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav

    [2012/07/18 04:12:19 | 040,550,444 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav

    [2012/07/18 04:09:21 | 031,346,732 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav

    [2012/07/18 04:05:02 | 045,740,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav

    [2012/07/17 20:12:11 | 000,002,141 | ---- | C] () -- F:Windowsepplauncher.mif

    [2012/07/16 17:27:26 | 000,052,001 | ---- | C] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg

    [2012/07/14 08:45:02 | 000,000,939 | ---- | C] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk

    [2012/07/13 09:18:58 | 052,380,232 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav

    [2012/07/13 09:11:36 | 020,090,924 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav

    [2012/07/13 08:44:28 | 029,100,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav

    [2012/07/12 23:01:43 | 000,281,862 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalcensus.cache

    [2012/07/12 23:01:22 | 000,158,340 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalars.cache

    [2012/07/12 22:53:41 | 000,000,036 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache

    [2012/07/12 22:22:19 | 000,000,045 | RH-- | C] () -- F:UsersTTArmstrongDesktopstinger.opt

    [2012/07/08 18:32:23 | 002,616,633 | ---- | C] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3

    [2012/07/08 06:41:30 | 005,213,752 | ---- | C] () -- F:UsersTTArmstrongDesktopShana Wilson Press In Your Presence.mp3

    [2012/07/08 06:39:47 | 004,589,338 | ---- | C] () -- F:UsersTTArmstrongDesktopGo Get It.mp3

    [2012/07/07 17:36:45 | 000,213,141 | R--- | C] () -- F:UsersTTArmstrongDesktop00-sanchez-best_of_sanchez_(dj_rondon)-bootleg-cd-2006-spliff.jpg

    [2012/07/02 16:51:55 | 000,041,909 | ---- | C] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg

    [2012/03/26 11:55:00 | 000,147,456 | ---- | C] () -- F:WindowsSystem32DiagFunc.dll

    [2012/03/26 11:55:00 | 000,000,451 | ---- | C] () -- F:WindowsSystem32DiagFunc.ini

    [2012/03/07 19:24:25 | 000,116,224 | ---- | C] () -- F:WindowsSystem32redmonnt.dll

    [2012/03/07 19:24:25 | 000,045,056 | ---- | C] () -- F:WindowsSystem32unredmon.exe

    [2012/02/16 06:21:03 | 000,032,768 | ---- | C] () -- F:WindowsSystem32driverssp_rsdrv2.sys

    [2011/11/17 08:53:51 | 000,003,284 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingANIWZCS{A21875C3-23CF-4FF2-ACA3-6B9A1DE459D5}

    [2011/11/17 08:50:28 | 000,012,800 | ---- | C] () -- F:WindowsSystem32driversanodlwf.sys

    [2011/11/17 08:50:27 | 000,014,051 | ---- | C] () -- F:WindowsSystem32RaCoInst.dat

    [2011/11/09 19:55:48 | 000,000,566 | ---- | C] () -- F:WindowsSystem32SP7302.INI

    [2011/07/27 08:53:38 | 000,000,000 | ---- | C] () -- F:UsersTTArmstrongAppDataLocal{DEB393EC-9D07-4AAF-B6DE-442513357526}

    [2011/03/24 22:02:01 | 000,029,008 | ---- | C] () -- F:WindowsSystem32SmartDefragBootTime.exe

    [2011/03/24 22:02:01 | 000,016,184 | ---- | C] () -- F:WindowsSystem32drivers


  3. Malwarebytes Anti-Malware 1.62.0.1300

    www.malwarebytes.org

     

    Database version: v2012.07.31.13

     

    Windows 7 Service Pack 1 x86 NTFS

    Internet Explorer 9.0.8112.16421

    TTArmstrong :: TTARMSTRONG-PC [administrator]

     

    7/31/2012 7:47:54 PM

    mbam-log-2012-07-31 (19-47-54).txt

     

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 206811

    Time elapsed: 4 minute(s), 13 second(s)

     

    Memory Processes Detected: 0

    (No malicious items detected)

     

    Memory Modules Detected: 0

    (No malicious items detected)

     

    Registry Keys Detected: 0

    (No malicious items detected)

     

    Registry Values Detected: 0

    (No malicious items detected)

     

    Registry Data Items Detected: 0

    (No malicious items detected)

     

    Folders Detected: 0

    (No malicious items detected)

     

    Files Detected: 0

    (No malicious items detected)

     

    (end)

    :clap::b33r:


  4. I run the ESET Scan yesturday before post #32 and this is what the log is>>i will run both scan again posted in #32 and post log :)

     

     

     

    F:Program FilesLoarisTrojan Remover 1.2ltr12.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined

    F:QooboxQuarantineFWindowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}[email protected] Win32/Conedex.D trojan cleaned by deleting - quarantined

    F:QooboxQuarantineFWindowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}[email protected] a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined

    F:QooboxQuarantineFWindowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}[email protected] a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined

    F:QooboxQuarantineFWindowsSystem32services.exe.vir Win32/Sirefef.FC trojan deleted - quarantined

    F:_OTLMovedFiles07292012_205844F_ProgramDataMicrosoftWindowsDRMD27B.tmp a variant of Win32/Kryptik.AITT trojan cleaned by deleting - quarantined


  5. [2011/11/17 08:50:28 | 000,012,800 | ---- | C] () -- F:WindowsSystem32driversanodlwf.sys

    [2011/11/17 08:50:27 | 000,014,051 | ---- | C] () -- F:WindowsSystem32RaCoInst.dat

    [2011/11/09 19:55:48 | 000,000,566 | ---- | C] () -- F:WindowsSystem32SP7302.INI

    [2011/07/27 08:53:38 | 000,000,000 | ---- | C] () -- F:UsersTTArmstrongAppDataLocal{DEB393EC-9D07-4AAF-B6DE-442513357526}

    [2011/03/24 22:02:01 | 000,029,008 | ---- | C] () -- F:WindowsSystem32SmartDefragBootTime.exe

    [2011/03/24 22:02:01 | 000,016,184 | ---- | C] () -- F:WindowsSystem32driversSmartDefragDriver.sys

    [2011/01/30 05:30:55 | 000,084,480 | ---- | C] () -- F:WindowsSystem32ff_vfw.dll

    [2011/01/29 13:02:14 | 000,003,884 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingdvdae.config

    [2010/11/14 06:08:43 | 000,001,378 | ---- | C] () -- F:WindowsSystem32SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat

    [2010/10/23 20:04:09 | 000,130,048 | ---- | C] () -- F:WindowsSystem32SpoonUninstall.exe

    [2010/10/23 05:02:04 | 000,001,057 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml

    [2010/10/23 05:00:39 | 000,087,608 | ---- | C] () -- F:UsersTTArmstrongAppDataRoaminginst.exe

    [2010/10/23 05:00:39 | 000,007,887 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.cat

    [2010/10/23 05:00:39 | 000,001,144 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.inf

    [2010/10/16 13:33:30 | 000,308,624 | ---- | C] () -- F:WindowsSystem32brcmbsp.dll

    [2010/10/16 13:33:30 | 000,206,216 | ---- | C] () -- F:WindowsSystem32bipbsp.dll

    [2010/10/16 13:31:49 | 000,080,368 | ---- | C] () -- F:WindowsSystem32pbadrvdll.dll

    [2010/09/30 17:07:06 | 000,000,376 | ---- | C] () -- F:WindowsODBC.INI

    [2010/09/30 00:22:17 | 001,474,832 | ---- | C] () -- F:WindowsSystem32driverssfi.dat

    [2010/09/30 00:19:12 | 001,724,416 | ---- | C] () -- F:WindowsSystem32nvwdmcpl.dll

    [2010/09/30 00:19:12 | 001,657,376 | ---- | C] () -- F:WindowsSystem32nwiz.exe

    [2010/09/30 00:19:12 | 001,507,328 | ---- | C] () -- F:WindowsSystem32nView.dll

    [2010/09/30 00:19:12 | 001,101,824 | ---- | C] () -- F:WindowsSystem32nvwimg.dll

    [2010/09/30 00:19:12 | 000,466,944 | ---- | C] () -- F:WindowsSystem32nvShell.dll

    [2010/09/30 00:19:12 | 000,449,056 | ---- | C] () -- F:WindowsSystem32nvAppBar.exe

    [2010/09/30 00:19:12 | 000,267,296 | ---- | C] () -- F:WindowsSystem32nvTaskbar.exe

     

    ========== LOP Check ==========

     

    [2011/08/13 15:53:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingApowersoft

    [2010/10/23 09:09:08 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBackTalk

    [2012/07/22 18:25:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBitTorrent

    [2010/10/23 20:17:56 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingdBpoweramp

    [2010/10/02 11:17:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDisk Cleaner

    [2012/02/01 23:36:24 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDVDFab

    [2012/07/12 22:43:10 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingf-secure

    [2011/05/22 13:07:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingFDRLab

    [2011/08/24 17:01:40 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingImgBurn

    [2011/10/06 23:15:21 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingIObit

    [2011/04/20 16:26:24 | 000,000,000 | RHSD | M] -- F:UsersTTArmstrongAppDataRoamingJava

    [2010/10/17 21:57:31 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingMoonchild Productions

    [2012/04/04 22:53:16 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingPanda Security

    [2011/10/30 07:10:05 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingSystemRequirementsLab

    [2011/06/03 07:03:42 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingUpdater

    [2012/07/28 09:25:40 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingVso

    [2012/06/23 07:47:39 | 000,032,606 | ---- | M] () -- F:WindowsTasksSCHEDLGU.TXT

     

    ========== Purity Check ==========

     

     

     

    ========== Custom Scans ==========

     

    < %systemroot%*. /rp /s >

     

    < MD5 for: EXPLORER.EXE >

    [2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fcexplorer.exe

    [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430explorer.exe

    [2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373explorer.exe

    [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1explorer.exe

    [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cefexplorer.exe

    [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87caexplorer.exe

    [2011/05/15 02:53:30 | 007,012,752 | ---- | M] () MD5=497144C537E73165F7A39C24CC29510C -- F:UsersTTArmstrongAppDataRoamingUpdaterexplorer.exe

    [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowserdntcacheexplorer.exe

    [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowsexplorer.exe

    [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84explorer.exe

    [2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6explorer.exe

    [2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878explorer.exe

    [2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691explorer.exe

     

    < MD5 for: SVCHOST.EXE >

    [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:Windowserdntcachesvchost.exe

    [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:WindowsSystem32svchost.exe

    [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356svchost.exe

    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- F:Program FilesMalwarebytes' Anti-MalwareChameleonsvchost.exe

     

    < MD5 for: USERINIT.EXE >

    [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:Windowserdntcacheuserinit.exe

    [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:WindowsSystem32userinit.exe

    [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116userinit.exe

    [2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7cuserinit.exe

     

    < MD5 for: WINLOGON.EXE >

    [2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177winlogon.exe

    [2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2winlogon.exe

    [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:Windowserdntcachewinlogon.exe

    [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:WindowsSystem32winlogon.exe

    [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500winlogon.exe

    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- F:Program FilesMalwarebytes' Anti-MalwareChameleonwinlogon.exe

    [2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166winlogon.exe

     

    < End of report >

     

     

    YEA this is the part :)


  6. OTL logfile created on: 7/30/2012 9:57:44 PM - Run 2

    OTL by OldTimer - Version 3.2.54.1 Folder = F:UsersTTArmstrongDesktop

    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

    Internet Explorer (Version = 9.0.8112.16421)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

     

    1.99 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.66% Memory free

    3.98 Gb Paging File | 2.34 Gb Available in Paging File | 58.92% Paging File free

    Paging file location(s): ?:pagefile.sys [binary data]

     

    %SystemDrive% = F: | %SystemRoot% = F:Windows | %ProgramFiles% = F:Program Files

    Drive C: | 58.93 Gb Total Space | 6.95 Gb Free Space | 11.79% Space Free | Partition Type: NTFS

    Drive E: | 39.71 Gb Total Space | 29.45 Gb Free Space | 74.16% Space Free | Partition Type: NTFS

    Drive F: | 50.14 Gb Total Space | 8.77 Gb Free Space | 17.49% Space Free | Partition Type: NTFS

     

    Computer Name: TTARMSTRONG-PC | User Name: TTArmstrong | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: Current user

    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

     

    ========== Processes (SafeList) ==========

     

    PRC - [2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe

    PRC - [2012/07/13 07:15:56 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe

    PRC - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe

    PRC - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe

    PRC - [2012/06/29 13:38:24 | 003,069,752 | ---- | M] (Emsisoft GmbH) -- F:Program FilesEmsisoft Anti-Malwarea2service.exe

    PRC - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe

    PRC - [2012/03/11 21:13:02 | 006,749,512 | ---- | M] (COMODO) -- F:Program FilesCOMODOCOMODO Internet Securitycfp.exe

    PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe

    PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIpsia.exe

    PRC - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIsua.exe

    PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- F:Program FilesSUPERAntiSpywareSASCore.exe

    PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- F:Windowsexplorer.exe

    PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFTray.exe

    PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFService.exe

    PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- F:WindowsSystem32taskhost.exe

    PRC - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe

    PRC - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe

    PRC - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe

    PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- F:Program FilesNeroUpdateNASvc.exe

    PRC - [2010/03/24 12:16:02 | 029,373,736 | ---- | M] (Nero AG) -- F:Program FilesNeroNero 10Nero ExpressNeroExpress.exe

    PRC - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe

    PRC - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe

    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- F:Program FilesSpybot - Search & DestroyTeaTimer.exe

    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- F:Program FilesSpybot - Search & DestroySDWinSec.exe

    PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe

    PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe

     

     

    ========== Modules (No Company Name) ==========

     

    MOD - [2012/07/10 00:09:00 | 000,438,296 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppgooglenaclpluginchrome.dll

    MOD - [2012/07/10 00:08:59 | 003,972,120 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll

    MOD - [2012/07/10 00:07:39 | 000,554,520 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libglesv2.dll

    MOD - [2012/07/10 00:07:37 | 000,117,784 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libegl.dll

    MOD - [2012/07/10 00:07:22 | 000,140,328 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avutil-51.dll

    MOD - [2012/07/10 00:07:21 | 000,262,184 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avformat-54.dll

    MOD - [2012/07/10 00:07:19 | 002,386,984 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avcodec-54.dll

    MOD - [2011/11/17 08:51:58 | 000,073,728 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANPDApi.dll

    MOD - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe

    MOD - [2010/07/05 18:41:40 | 000,299,008 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless Utilitywlanapp.dll

    MOD - [2010/06/29 17:42:42 | 000,040,960 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.dll

    MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- F:Program FilesWinRARRarExt.dll

    MOD - [2010/03/04 13:22:14 | 000,374,056 | ---- | M] () -- F:Program FilesNeroNero 10Nero ExpressAudioPluginMgrlame_enc.dll

    MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- F:Program FilesMicrosoft OfficeOffice141033GrooveIntlResource.dll

    MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- F:Program FilesCommon Filesmicrosoft sharedOFFICE14CulturesOFFICE.ODF

    MOD - [2009/12/11 13:44:02 | 000,045,864 | R--- | M] () -- F:Program FilesNeroNero 10Nero ExpressBCGPOleAcc.dll

    MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe

    MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe

     

     

    ========== Win32 Services (SafeList) ==========

     

    SRV - File not found [Auto | Stopped] -- -- (tgsrvc_verizondm)

    SRV - File not found [Auto | Running] -- F:Program FilesSpybot -- (SBSDWSCService)

    SRV - [2012/07/28 22:19:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:WindowsSystem32MacromedFlashFlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

    SRV - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe -- (PSUAService)

    SRV - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe -- (NanoServiceMain)

    SRV - [2012/06/29 13:38:24 | 003,069,752 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- F:Program FilesEmsisoft Anti-Malwarea2service.exe -- (a2AntiMalware)

    SRV - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe -- (cmdAgent)

    SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe -- (AdobeARMservice)

    SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIpsia.exe -- (Secunia PSI Agent)

    SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIsua.exe -- (Secunia Update Agent)

    SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- F:Program FilesSUPERAntiSpywareSASCore.exe -- (!SASCORE)

    SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe -- (NisSrv)

    SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc)

    SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- F:Program FilesThreatFireTFService.exe -- (ThreatFire)

    SRV - [2010/10/01 12:50:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32WatWatAdminSvc.exe -- (WatAdminSvc)

    SRV - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe -- (Nonbrand_WUS-N)

    SRV - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe -- (Nonbrand_WUS-N_WPS)

    SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- F:Program FilesNeroUpdateNASvc.exe -- (NAUpdate)

    SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft OfficeOffice14GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

    SRV - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe -- (Credential Vault Host Control Service)

    SRV - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe -- (Credential Vault Host Storage)

    SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32sensrsvc.dll -- (SensrSvc)

    SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:Program FilesWindows DefenderMpSvc.dll -- (WinDefend)

     

     

    ========== Driver Services (SafeList) ==========

     

    DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempCFcatchme.sys -- (CFcatchme)

    DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempcatchme.sys -- (catchme)

    DRV - [2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversPSINKNC.sys -- (PSINKNC)

    DRV - [2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINProt.sys -- (PSINProt)

    DRV - [2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINProc.sys -- (PSINProc)

    DRV - [2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINAflt.sys -- (PSINAflt)

    DRV - [2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINFile.sys -- (PSINFile)

    DRV - [2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSStrm.sys -- (NNSSTRM)

    DRV - [2012/06/29 13:37:46 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- F:Program FilesEmsisoft Anti-Malwarea2accx86.sys -- (a2acc)

    DRV - [2012/06/27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNStlsc.sys -- (NNSTLSC)

    DRV - [2012/06/27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSProt.sys -- (NNSPROT)

    DRV - [2012/06/27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPrv.sys -- (NNSPRV)

    DRV - [2012/06/27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSSmtp.sys -- (NNSSMTP)

    DRV - [2012/06/27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPop3.sys -- (NNSPOP3)

    DRV - [2012/06/27 15:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- F:WindowsSystem32driversNNSPihsw.sys -- (NNSPIHSW)

    DRV - [2012/06/27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSIds.sys -- (NNSIDS)

    DRV - [2012/06/27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSpicc.sys -- (NNSPICC)

    DRV - [2012/06/27 15:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- F:WindowsSystem32driversNNSNAHSL.sys -- (NNSNAHSL)

    DRV - [2012/06/27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSHttp.sys -- (NNSHTTP)

    DRV - [2012/06/27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSAlpc.sys -- (NNSALPC)

    DRV - [2012/03/11 21:13:38 | 000,039,640 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driverscmdhlp.sys -- (cmdHlp)

    DRV - [2012/03/11 21:13:36 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- F:WindowsSystem32driverscmdGuard.sys -- (cmdGuard)

    DRV - [2012/02/03 19:27:48 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driversinspect.sys -- (inspect)

    DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywaresasdifsv.sys -- (SASDIFSV)

    DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywareSASKUTIL.SYS -- (SASKUTIL)

    DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- F:Program FilesEmsisoft Anti-Malwarea2ddax86.sys -- (A2DDA)

    DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversNisDrvWFP.sys -- (NisDrv)

    DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversMpNWMon.sys -- (MpNWMon)

    DRV - [2011/03/10 18:04:57 | 000,046,280 | ---- | M] (Panda Security) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversPSKMAD.sys -- (PSKMAD)

    DRV - [2011/02/23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- F:WindowsSystem32driversSmartDefragDriver.sys -- (SmartDefragDriver)

    DRV - [2011/02/22 13:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfSysMon.sys -- (TfSysMon)

    DRV - [2011/02/22 13:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversTfNetMon.sys -- (TfNetMon)

    DRV - [2011/02/22 13:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfFsMon.sys -- (TfFsMon)

    DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversTsUsbFlt.sys -- (TsUsbFlt)

    DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverswinusb.sys -- (WinUsb)

    DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- F:WindowsSystem32driverspsi_mf.sys -- (PSI)

    DRV - [2010/07/29 01:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversivusb.sys -- (ivusb)

    DRV - [2010/06/21 14:28:02 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- F:WindowsSystem32driversanodlwf.sys -- (anodlwf)

    DRV - [2010/05/26 21:29:42 | 000,856,928 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversnetr28u.sys -- (netr28u)

    DRV - [2009/11/03 16:40:42 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverscvusbdrv.sys -- (cvusbdrv)

    DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversvwifimp.sys -- (vwifimp)

    DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Stopped] -- F:WindowsSystem32driversserial.sys -- (Serial)

    DRV - [2009/06/16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversnvlddmkm.sys -- (nvlddmkm)

    DRV - [2009/06/13 01:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverse1y6232.sys -- (e1yexpress)

    DRV - [2009/04/03 00:25:50 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- F:WindowsSystem32driversrimmptsk.sys -- (rimmptsk)

    DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- F:WindowsSystem32driversPBADRV.sys -- (PBADRV)

    DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverswdcsam.sys -- (WDC_SAM)

    DRV - [2007/06/14 16:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversPAC7302.SYS -- (PAC7302)

    DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:Program FilesPeerGuardian2pgfilter.sys -- (pgfilter)

     

     

    ========== Standard Registry (SafeList) ==========

     

     

    ========== Internet Explorer ==========

     

    IE - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

    IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKLM..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

     

    IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com/

    IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 32 3B 56 CC 32 DD CB 01 [binary data]

    IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

    IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

    IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS399

    IE - HKCU..SearchScopes{7DA22919-2250-49B5-B6AF-6EDF78DB766E}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110939,17118,0,18,0

    IE - HKCU..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

    IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

     

    ========== FireFox ==========

     

    FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"

    FF - prefs.js..extensions.enabledItems: [email protected]:1.0

    FF - prefs.js..network.proxy.type: 0

    FF - user.js - File not found

     

    FF - [email protected]/FlashPlayer: F:Windowssystem32MacromedFlashNPSWF32_11_3_300_268.dll ()

    FF - [email protected]/JavaPlugin: F:Program FilesJavajre6binplugin2npjp2.dll (Sun Microsystems, Inc.)

    FF - [email protected]/GENUINE: disabled File not found

    FF - [email protected]/NpCtrl,version=1.0: F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)

    FF - [email protected]/OfficeAuthz,version=14.0: F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation)

    FF - [email protected]/SharePoint,version=14.0: F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL (Microsoft Corporation)

    FF - [email protected]/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found

    FF - [email protected]/nppl3260;version=6.0.11.2852: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.)

    FF - [email protected]/nppl3260;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.)

    FF - [email protected]/nprpjplug;version=6.0.12.1662: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.)

    FF - [email protected]/nprpjplug;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.)

    FF - [email protected]/nsJSRealPlayerPlugin;version=: File not found

    FF - [email protected]/Google Update;version=3: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

    FF - [email protected]/Google Update;version=9: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

    FF - [email protected]/vlc,version=2.0.1: F:Program FilesVideoLANVLCnpvlc.dll (VideoLAN)

    FF - HKLMSoftwareMozillaPluginsAdobe Reader: F:Program FilesAdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

    FF - [email protected]/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found

    FF - [email protected]/Google Update;version=3: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

    FF - [email protected]/Google Update;version=9: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

     

    FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsComponents: F:Program FilesPale Mooncomponents [2012/07/22 21:39:17 | 000,000,000 | ---D | M]

    FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsPlugins: F:Program FilesPale Moonplugins [2012/07/22 21:04:49 | 000,000,000 | ---D | M]

    FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensions{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: F:Program FilesPriceGong2.1.0FF

     

    [2012/02/15 13:45:42 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaExtensions

    [2012/07/29 20:58:45 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensions

    [2012/07/29 20:58:45 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfiles0extensions

    [2012/02/15 09:13:57 | 000,000,000 | ---D | M] (No name found) -- F:Program FilesMozilla Firefoxextensions

    [2011/07/07 09:43:57 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

    [2011/10/24 01:58:25 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

    [2012/02/26 15:32:27 | 000,000,000 | ---D | M] (PageFont) -- F:USERSTTARMSTRONGAPPDATAROAMINGMOONCHILD PRODUCTIONSPALE [email protected]

     

    ========== Chrome ==========

     

    CHR - homepage: http://www.google.com/

    CHR - default_search_provider: Google (Enabled)

    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

    CHR - homepage: http://www.google.com/

    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

    CHR - plugin: Native Client (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppGoogleNaClPluginChrome.dll

    CHR - plugin: Chrome PDF Viewer (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll

    CHR - plugin: Shockwave Flash (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57gcswf32.dll

    CHR - plugin: Shockwave Flash (Disabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataPepperFlash11.2.31.144pepflashplayer.dll

    CHR - plugin: Shockwave Flash (Enabled) = F:Windowssystem32MacromedFlashNPSWF32_11_2_202_235.dll

    CHR - plugin: Adobe Acrobat (Disabled) = F:Program FilesAdobeReader 10.0ReaderBrowsernppdf32.dll

    CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnppl3260.dll

    CHR - plugin: RealPlayer Version Plugin (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnprpjplug.dll

    CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL

    CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL

    CHR - plugin: Google Update (Enabled) = F:Program FilesGoogleUpdate1.3.21.111npGoogleUpdate3.dll

    CHR - plugin: Java Platform SE 6 U31 (Enabled) = F:Program FilesJavajre6binplugin2npjp2.dll

    CHR - plugin: Silverlight Plug-In (Enabled) = F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll

    CHR - plugin: VLC Web Plugin (Enabled) = F:Program FilesVideoLANVLCnpvlc.dll

    CHR - Extension: YouTube = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0

    CHR - Extension: Google Search = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0

    CHR - Extension: Gmail = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0

     

    O1 HOSTS File: ([2012/07/26 18:47:24 | 000,443,084 | R--- | M]) - F:WindowsSystem32driversetchosts

    O1 - Hosts: 127.0.0.1 localhost

    O1 - Hosts: 127.0.0.1 www.007guard.com

    O1 - Hosts: 127.0.0.1 007guard.com

    O1 - Hosts: 127.0.0.1 008i.com

    O1 - Hosts: 127.0.0.1 www.008k.com

    O1 - Hosts: 127.0.0.1 008k.com

    O1 - Hosts: 127.0.0.1 www.00hq.com

    O1 - Hosts: 127.0.0.1 00hq.com

    O1 - Hosts: 127.0.0.1 010402.com

    O1 - Hosts: 127.0.0.1 www.032439.com

    O1 - Hosts: 127.0.0.1 032439.com

    O1 - Hosts: 127.0.0.1 www.0scan.com

    O1 - Hosts: 127.0.0.1 0scan.com

    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

    O1 - Hosts: 127.0.0.1 1000gratisproben.com

    O1 - Hosts: 127.0.0.1 1001namen.com

    O1 - Hosts: 127.0.0.1 www.1001namen.com

    O1 - Hosts: 127.0.0.1 100888290cs.com

    O1 - Hosts: 127.0.0.1 www.100888290cs.com

    O1 - Hosts: 127.0.0.1 www.100sexlinks.com

    O1 - Hosts: 127.0.0.1 100sexlinks.com

    O1 - Hosts: 127.0.0.1 www.10sek.com

    O1 - Hosts: 127.0.0.1 10sek.com

    O1 - Hosts: 127.0.0.1 www.1-2005-search.com

    O1 - Hosts: 127.0.0.1 1-2005-search.com

    O1 - Hosts: 15245 more lines...

    O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:Program FilesSpywareGuarddlprotect.dll ()

    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited)

    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation)

    O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:Program FilesJavajre6binssv.dll (Sun Microsystems, Inc.)

    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:Program FilesMicrosoft OfficeOffice14URLREDIR.DLL (Microsoft Corporation)

    O3 - HKLM..Toolbar: (@msdxmLC.dll,[email protected],&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation)

    O3 - HKLM..Toolbar: (no name) - InprocServer32 - No CLSID value found.

    O4 - HKLM..Run: [burnStudio] F:Program FilesMagic Burning Studiombs.exe (MagicVideoSoftware Inc.)

    O4 - HKLM..Run: [COMODO Internet Security] F:Program FilesCOMODOCOMODO Internet Securitycfp.exe (COMODO)

    O4 - HKLM..Run: [KEEBOX 150N Wireless Utility] F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe ()

    O4 - HKLM..Run: [PSUAMain] F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe (Panda Security, S.L.)

    O4 - HKLM..Run: [sonneDVDCreator] F:Program FilesMagic Burning StudioDVDCreator.exe (MagicVideoSoftware Inc.)

    O4 - HKLM..Run: [ThreatFire] F:Program FilesThreatFireTFTray.exe (PC Tools)

    O4 - HKCU..Run: [spybotSD TeaTimer] F:Program FilesSpybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.)

    O4 - Startup: F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSpywareGuard.lnk = F:Program FilesSpywareGuardsgmain.exe ()

    O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

    O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5

    O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

    O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0

    O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLinkedConnections = 1

    O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

    O8 - Extra context menu item: E&xport to Microsoft Excel - F:Program FilesMicrosoft OfficeOffice14EXCEL.EXE (Microsoft Corporation)

    O8 - Extra context menu item: Se&nd to OneNote - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited)

    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)

    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

    O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.254.254

    O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10}: DhcpNameServer = 192.168.254.254

    O18 - ProtocolHandlervnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation)

    O20 - AppInit_DLLs: (F:WindowsSystem32guard32.dll) - F:WindowsSystem32guard32.dll (COMODO)

    O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:Windowsexplorer.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: UserInit - (F:Windowssystem32userinit.exe) - F:WindowsSystem32userinit.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:WindowsSystem32SystemPropertiesPerformance.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

    O20 - WinlogonNotify!SASWinLogon: DllName - (F:Program FilesSUPERAntiSpywareSASWINLO.DLL) - F:Program FilesSUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com)

    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:Program FilesSUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com)

    O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - F:Program FilesSpywareGuardspywareguard.dll ()

    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation)

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]

    O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - F:autoexec.bat -- [ NTFS ]

    O34 - HKLM BootExecute: (autocheck autochk *)

    O35 - HKLM..comfile [open] -- "%1" %*

    O35 - HKLM..exefile [open] -- "%1" %*

    O37 - HKLM...com [@ = ComFile] -- "%1" %*

    O37 - HKLM...exe [@ = exefile] -- "%1" %*

    O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)

    O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2)

    O38 - SubSystemsWindows: (ServerDll=sxssrv,4)

     

    ========== Files/Folders - Created Within 30 Days ==========

     

    [2012/07/30 06:11:06 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopSOUND EFFECTS2

    [2012/07/30 06:08:44 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopKINGVIPER VDJ AUG

    [2012/07/29 21:00:35 | 000,046,280 | ---- | C] (Panda Security) -- F:WindowsSystem32driversPSKMAD.sys

    [2012/07/29 20:58:44 | 000,000,000 | ---D | C] -- F:_OTL

    [2012/07/29 03:38:00 | 000,000,000 | ---D | C] -- F:ProgramDataKaspersky Lab

    [2012/07/28 22:19:24 | 009,821,896 | ---- | C] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerInstaller.exe

    [2012/07/26 18:41:04 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy

    [2012/07/26 18:40:41 | 000,000,000 | ---D | C] -- F:ProgramDataSpybot - Search & Destroy

    [2012/07/26 18:40:41 | 000,000,000 | ---D | C] -- F:Program FilesSpybot - Search & Destroy

    [2012/07/26 15:02:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe

    [2012/07/26 11:35:48 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys

    [2012/07/26 11:35:48 | 000,131,344 | ---- | C] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys

    [2012/07/26 11:09:33 | 000,000,000 | ---D | C] -- F:ProgramDataSophos

    [2012/07/26 11:09:24 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsSophos

    [2012/07/26 11:09:20 | 000,000,000 | ---D | C] -- F:Program FilesSophos

    [2012/07/26 08:29:29 | 000,000,000 | -HSD | C] -- F:$RECYCLE.BIN

    [2012/07/23 12:49:13 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPanda Cloud Antivirus

    [2012/07/22 20:02:33 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataLocaltemp

    [2012/07/22 19:49:13 | 000,518,144 | ---- | C] (SteelWerX) -- F:WindowsSWREG.exe

    [2012/07/22 19:49:13 | 000,406,528 | ---- | C] (SteelWerX) -- F:WindowsSWSC.exe

    [2012/07/22 19:49:13 | 000,060,416 | ---- | C] (NirSoft) -- F:WindowsNIRCMD.exe

    [2012/07/22 18:59:15 | 000,000,000 | ---D | C] -- F:Windowserdnt

    [2012/07/22 18:56:03 | 004,721,680 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe

    [2012/07/22 18:32:51 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopdvdmoviecover

    [2012/07/22 09:33:06 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopHIPHOP

    [2012/07/21 14:16:19 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoporignal dance

    [2012/07/21 13:20:04 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopwedding songs

    [2012/07/19 23:17:06 | 000,607,260 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr

    [2012/07/18 11:34:09 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoprockerz2 joe gibbs

    [2012/07/18 03:21:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32mshtml.tlb

    [2012/07/18 03:21:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieui.dll

    [2012/07/18 03:21:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieUnatt.exe

    [2012/07/18 03:21:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jsproxy.dll

    [2012/07/18 03:21:38 | 001,800,192 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jscript9.dll

    [2012/07/18 03:21:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32url.dll

    [2012/07/18 03:21:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32inetcpl.cpl

    [2012/07/18 03:18:31 | 002,345,984 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32win32k.sys

    [2012/07/17 21:26:03 | 000,000,000 | ---D | C] -- F:VritualRoot

    [2012/07/17 20:17:45 | 000,219,136 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ncrypt.dll

    [2012/07/17 20:17:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32msxml3r.dll

    [2012/07/17 20:17:41 | 000,805,376 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32cdosys.dll

    [2012/07/17 20:13:11 | 002,422,272 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wucltux.dll

    [2012/07/17 20:13:11 | 000,045,080 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups2.dll

    [2012/07/17 20:12:59 | 000,577,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapi.dll

    [2012/07/17 20:12:59 | 000,088,576 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wudriver.dll

    [2012/07/17 20:12:59 | 000,035,864 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups.dll

    [2012/07/17 20:12:50 | 000,171,904 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuwebv.dll

    [2012/07/17 20:12:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapp.exe

    [2012/07/17 20:11:47 | 000,000,000 | ---D | C] -- F:Program FilesMicrosoft Security Client

    [2012/07/14 08:45:02 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsThreatFire

    [2012/07/14 08:45:01 | 000,069,392 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfSysMon.sys

    [2012/07/14 08:45:01 | 000,051,984 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfFsMon.sys

    [2012/07/14 08:45:01 | 000,033,552 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfNetMon.sys

    [2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:Program FilesThreatFire

    [2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:ProgramDataPC Tools

    [2012/07/13 07:02:16 | 000,174,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys

    [2012/07/13 07:02:16 | 000,120,872 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys

    [2012/07/13 07:02:16 | 000,114,216 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys

    [2012/07/13 07:02:15 | 000,148,520 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys

    [2012/07/13 07:02:15 | 000,103,464 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys

    [2012/07/12 22:43:10 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingf-secure

    [2012/07/12 22:42:53 | 000,000,000 | ---D | C] -- F:ProgramDataF-Secure

    [2012/07/12 22:23:42 | 000,014,664 | ---- | C] (McAfee, Inc.) -- F:Windowsstinger.sys

    [2012/07/12 22:22:14 | 000,000,000 | ---D | C] -- F:Program Filesstinger

    [2012/07/12 11:18:32 | 000,206,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys

    [2012/07/11 19:25:56 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopWEDDIN SONG JULY 15

    [2012/07/11 05:43:36 | 000,000,000 | ---D | C] -- F:Program FilesReal

    [2012/07/10 20:45:16 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopnew riddim & cover april 30

    [2012/07/07 16:16:44 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopsamplesforkingcd

    [2012/07/07 13:28:51 | 000,000,000 | ---D | C] -- F:Program FilesNewAgeDesign

    [2012/07/01 20:12:45 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopwowWORSHIP

    [2012/07/01 17:25:05 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopWOW GOSPEL MUSIC

    [2010/10/23 05:00:39 | 000,047,360 | ---- | C] (VSO Software) -- F:UsersTTArmstrongAppDataRoamingpcouffin.sys

     

    ========== Files - Modified Within 30 Days ==========

     

    [2012/07/30 21:40:02 | 000,000,896 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineUA.job

    [2012/07/30 21:17:01 | 000,000,830 | ---- | M] () -- F:WindowstasksAdobe Flash Player Updater.job

    [2012/07/30 21:08:00 | 000,000,932 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001UA.job

    [2012/07/30 20:47:34 | 018,282,540 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj009.wav

    [2012/07/30 20:45:51 | 029,122,604 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj008.wav

    [2012/07/30 20:43:05 | 036,538,412 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj007.wav

    [2012/07/30 20:39:38 | 045,281,324 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj006.wav

    [2012/07/30 20:35:22 | 036,782,124 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj005.wav

    [2012/07/30 20:31:53 | 035,053,612 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj004.wav

    [2012/07/30 20:28:34 | 027,793,452 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj003.wav

    [2012/07/30 20:25:57 | 052,572,204 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj002.wav

    [2012/07/30 20:20:59 | 035,688,492 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj001.wav

    [2012/07/30 20:17:37 | 047,814,700 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj000.wav

    [2012/07/30 19:31:56 | 038,260,780 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj005.wav

    [2012/07/30 19:28:19 | 022,362,156 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj004.wav

    [2012/07/30 19:26:12 | 035,506,220 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj003.wav

    [2012/07/30 19:22:51 | 053,954,604 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj002.wav

    [2012/07/30 19:17:45 | 031,518,764 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj001.wav

    [2012/07/30 19:14:46 | 062,074,924 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj000.wav

    [2012/07/30 19:00:48 | 000,067,072 | ---- | M] () -- F:UsersTTArmstrongDesktopFuture Pluto Mixtape.jwl

    [2012/07/30 18:48:06 | 000,099,328 | ---- | M] () -- F:UsersTTArmstrongDesktopDJ SMALL RNB 12 SUPER JAY 124.jwl

    [2012/07/30 18:35:24 | 000,042,496 | ---- | M] () -- F:UsersTTArmstrongDesktopDJ Black Reggae Mix best of 2011 Mixtape.jwl

    [2012/07/30 18:24:56 | 000,091,648 | ---- | M] () -- F:UsersTTArmstrongDesktopdj scream dj smallz.jwl

    [2012/07/30 17:08:01 | 000,000,880 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001Core.job

    [2012/07/30 16:38:38 | 000,067,584 | --S- | M] () -- F:Windowsbootstat.dat

    [2012/07/30 15:34:21 | 000,045,070 | ---- | M] () -- F:UsersTTArmstrongDesktop215276_10150168504124133_4115803_n.jpg

    [2012/07/30 15:24:27 | 000,000,892 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineCore.job

    [2012/07/30 07:04:46 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    [2012/07/30 07:04:46 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    [2012/07/30 07:04:24 | 000,626,486 | ---- | M] () -- F:WindowsSystem32perfh009.dat

    [2012/07/30 07:04:24 | 000,107,730 | ---- | M] () -- F:WindowsSystem32perfc009.dat

    [2012/07/30 06:57:12 | 000,065,536 | ---- | M] () -- F:WindowsSystem32Ikeext.etl

    [2012/07/30 06:56:58 | 1601,097,728 | -HS- | M] () -- F:hiberfil.sys

    [2012/07/30 06:41:02 | 004,339,756 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj008.wav

    [2012/07/30 06:40:37 | 024,279,084 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj007.wav

    [2012/07/30 06:38:20 | 024,641,580 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj006.wav

    [2012/07/30 06:36:00 | 030,982,188 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj005.wav

    [2012/07/30 06:33:04 | 042,895,404 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj004.wav

    [2012/07/30 06:29:01 | 033,499,180 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj003.wav

    [2012/07/30 06:25:51 | 025,878,572 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj002.wav

    [2012/07/30 06:23:24 | 025,231,404 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj001.wav

    [2012/07/30 06:21:01 | 034,054,188 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj000.wav

    [2012/07/30 04:24:19 | 000,165,376 | ---- | M] () -- F:UsersTTArmstrongDesktopThe Tall Man.jwl

    [2012/07/30 04:21:25 | 000,107,335 | ---- | M] () -- F:UsersTTArmstrongDesktop56056892538297718450.jpg

    [2012/07/30 04:21:15 | 001,498,112 | ---- | M] () -- F:UsersTTArmstrongDesktopCole Younger & The Black Train.jwl

    [2012/07/30 04:17:30 | 000,165,376 | ---- | M] () -- F:UsersTTArmstrongDesktopHeadhunters.jwl

    [2012/07/30 04:13:20 | 000,122,880 | ---- | M] () -- F:UsersTTArmstrongDesktopAirborne.jwl

    [2012/07/30 04:10:34 | 000,129,024 | ---- | M] () -- F:UsersTTArmstrongDesktopSiones 2 Unfinished Business.jwl

    [2012/07/30 04:07:27 | 000,040,448 | ---- | M] () -- F:UsersTTArmstrongDesktopCellular.jwl

    [2012/07/30 04:02:38 | 000,052,224 | ---- | M] () -- F:UsersTTArmstrongDesktopLizzie.jwl

    [2012/07/29 04:17:53 | 000,105,601 | ---- | M] () -- F:UsersTTArmstrongDesktop523955_3764822717353_643435299_n.jpg

    [2012/07/28 22:19:26 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerApp.exe

    [2012/07/28 22:19:26 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerCPLApp.cpl

    [2012/07/28 22:19:24 | 009,821,896 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerInstaller.exe

    [2012/07/28 10:01:16 | 000,001,057 | ---- | M] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml

    [2012/07/26 18:47:24 | 000,443,084 | R--- | M] () -- F:WindowsSystem32driversetchosts

    [2012/07/26 18:44:57 | 000,443,084 | R--- | M] () -- F:WindowsSystem32driversetchosts.20120726-184724.backup

    [2012/07/26 18:41:05 | 000,001,251 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk

    [2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe

    [2012/07/26 11:35:48 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys

    [2012/07/26 11:35:48 | 000,131,344 | ---- | M] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys

    [2012/07/26 11:09:24 | 000,003,221 | ---- | M] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk

    [2012/07/26 08:23:41 | 000,000,027 | ---- | M] () -- F:WindowsSystem32driversetchosts.20120726-184457.backup

    [2012/07/26 08:04:12 | 004,721,680 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe

    [2012/07/23 12:51:42 | 000,462,152 | ---- | M] () -- F:WindowsSystem32FNTCACHE.DAT

    [2012/07/23 12:50:26 | 000,000,000 | ---- | M] () -- F:ProgramData0x0304A000.sfl

    [2012/07/22 21:39:21 | 000,000,758 | ---- | M] () -- F:UsersPublicDesktopPale Moon.lnk

    [2012/07/22 21:05:36 | 000,001,952 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchPale Moon.lnk

    [2012/07/19 23:16:58 | 000,607,260 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr

    [2012/07/18 04:31:41 | 051,150,892 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav

    [2012/07/18 04:26:51 | 022,272,044 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav

    [2012/07/18 04:24:45 | 028,700,716 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav

    [2012/07/18 04:22:02 | 027,181,100 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav

    [2012/07/18 04:19:28 | 035,190,828 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav

    [2012/07/18 04:16:09 | 040,550,444 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav

    [2012/07/18 04:12:19 | 031,346,732 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav

    [2012/07/18 04:09:21 | 045,740,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav

    [2012/07/18 04:05:02 | 052,380,232 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav

    [2012/07/18 04:00:01 | 020,090,924 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav

    [2012/07/18 03:58:07 | 029,100,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav

    [2012/07/18 03:18:29 | 000,002,141 | ---- | M] () -- F:Windowsepplauncher.mif

    [2012/07/16 17:27:15 | 000,052,001 | ---- | M] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg

    [2012/07/14 08:45:02 | 000,000,939 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk

    [2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys

    [2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys

    [2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys

    [2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys

    [2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys

    [2012/07/12 23:01:43 | 000,281,862 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalcensus.cache

    [2012/07/12 23:01:22 | 000,158,340 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalars.cache

    [2012/07/12 22:53:41 | 000,000,036 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache

    [2012/07/12 22:23:42 | 000,014,664 | ---- | M] (McAfee, Inc.) -- F:Windowsstinger.sys

    [2012/07/12 22:23:03 | 000,000,045 | RH-- | M] () -- F:UsersTTArmstrongDesktopstinger.opt

    [2012/07/12 22:06:02 | 000,001,078 | ---- | M] () -- F:UsersPublicDesktopMalwarebytes Anti-Malware.lnk

    [2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys

    [2012/07/08 18:36:53 | 002,616,633 | ---- | M] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3

    [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- F:WindowsSystem32driversmbam.sys

    [2012/07/02 16:51:55 | 000,041,909 | ---- | M] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg

    [2012/07/01 15:35:20 | 004,589,338 | ---- | M] () -- F:UsersTTArmstrongDesktopGo Get It.mp3

     

    ========== Files Created - No Company Name ==========

     

    [2012/07/30 20:45:51 | 018,282,540 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj009.wav

    [2012/07/30 20:43:05 | 029,122,604 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj008.wav

    [2012/07/30 20:39:38 | 036,538,412 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj007.wav

    [2012/07/30 20:35:22 | 045,281,324 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj006.wav

    [2012/07/30 20:31:53 | 036,782,124 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj005.wav

    [2012/07/30 20:28:34 | 035,053,612 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj004.wav

    [2012/07/30 20:25:57 | 027,793,452 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj003.wav

    [2012/07/30 20:20:59 | 052,572,204 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj002.wav

    [2012/07/30 20:17:37 | 035,688,492 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj001.wav

    [2012/07/30 20:13:05 | 047,814,700 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA4 djvdj000.wav

    [2012/07/30 19:28:19 | 038,260,780 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj005.wav

    [2012/07/30 19:26:12 | 022,362,156 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj004.wav

    [2012/07/30 19:22:51 | 035,506,220 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj003.wav

    [2012/07/30 19:17:45 | 053,954,604 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj002.wav

    [2012/07/30 19:14:46 | 031,518,764 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj001.wav

    [2012/07/30 19:08:54 | 062,074,924 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 djvdj000.wav

    [2012/07/30 19:00:48 | 000,067,072 | ---- | C] () -- F:UsersTTArmstrongDesktopFuture Pluto Mixtape.jwl

    [2012/07/30 18:48:06 | 000,099,328 | ---- | C] () -- F:UsersTTArmstrongDesktopDJ SMALL RNB 12 SUPER JAY 124.jwl

    [2012/07/30 18:35:24 | 000,042,496 | ---- | C] () -- F:UsersTTArmstrongDesktopDJ Black Reggae Mix best of 2011 Mixtape.jwl

    [2012/07/30 18:24:56 | 000,091,648 | ---- | C] () -- F:UsersTTArmstrongDesktopdj scream dj smallz.jwl

    [2012/07/30 15:34:26 | 000,045,070 | ---- | C] () -- F:UsersTTArmstrongDesktop215276_10150168504124133_4115803_n.jpg

    [2012/07/30 06:40:37 | 004,339,756 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj008.wav

    [2012/07/30 06:38:20 | 024,279,084 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj007.wav

    [2012/07/30 06:36:00 | 024,641,580 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj006.wav

    [2012/07/30 06:33:04 | 030,982,188 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj005.wav

    [2012/07/30 06:29:01 | 042,895,404 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj004.wav

    [2012/07/30 06:25:51 | 033,499,180 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj003.wav

    [2012/07/30 06:23:24 | 025,878,572 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj002.wav

    [2012/07/30 06:21:01 | 025,231,404 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj001.wav

    [2012/07/30 06:17:48 | 034,054,188 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA3 AUG djvdj000.wav

    [2012/07/30 04:24:19 | 000,165,376 | ---- | C] () -- F:UsersTTArmstrongDesktopThe Tall Man.jwl

    [2012/07/30 04:21:27 | 000,107,335 | ---- | C] () -- F:UsersTTArmstrongDesktop56056892538297718450.jpg

    [2012/07/30 04:21:14 | 001,498,112 | ---- | C] () -- F:UsersTTArmstrongDesktopCole Younger & The Black Train.jwl

    [2012/07/30 04:17:29 | 000,165,376 | ---- | C] () -- F:UsersTTArmstrongDesktopHeadhunters.jwl

    [2012/07/30 04:13:20 | 000,122,880 | ---- | C] () -- F:UsersTTArmstrongDesktopAirborne.jwl

    [2012/07/30 04:10:34 | 000,129,024 | ---- | C] () -- F:UsersTTArmstrongDesktopSiones 2 Unfinished Business.jwl

    [2012/07/30 04:07:27 | 000,040,448 | ---- | C] () -- F:UsersTTArmstrongDesktopCellular.jwl

    [2012/07/30 04:02:38 | 000,052,224 | ---- | C] () -- F:UsersTTArmstrongDesktopLizzie.jwl

    [2012/07/29 04:18:00 | 000,105,601 | ---- | C] () -- F:UsersTTArmstrongDesktop523955_3764822717353_643435299_n.jpg

    [2012/07/26 18:41:05 | 000,001,251 | ---- | C] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk

    [2012/07/26 11:09:24 | 000,003,221 | ---- | C] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk

    [2012/07/23 12:50:26 | 000,000,000 | ---- | C] () -- F:ProgramData0x0304A000.sfl

    [2012/07/22 21:05:37 | 000,000,770 | ---- | C] () -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPale Moon.lnk

    [2012/07/22 21:05:37 | 000,000,758 | ---- | C] () -- F:UsersPublicDesktopPale Moon.lnk

    [2012/07/22 19:49:13 | 000,256,000 | ---- | C] () -- F:WindowsPEV.exe

    [2012/07/22 19:49:13 | 000,208,896 | ---- | C] () -- F:WindowsMBR.exe

    [2012/07/22 19:49:13 | 000,098,816 | ---- | C] () -- F:Windowssed.exe

    [2012/07/22 19:49:13 | 000,080,412 | ---- | C] () -- F:Windowsgrep.exe

    [2012/07/22 19:49:13 | 000,068,096 | ---- | C] () -- F:Windowszip.exe

    [2012/07/18 04:26:51 | 051,150,892 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav

    [2012/07/18 04:24:45 | 022,272,044 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav

    [2012/07/18 04:22:02 | 028,700,716 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav

    [2012/07/18 04:19:28 | 027,181,100 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav

    [2012/07/18 04:16:09 | 035,190,828 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav

    [2012/07/18 04:12:19 | 040,550,444 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav

    [2012/07/18 04:09:21 | 031,346,732 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav

    [2012/07/18 04:05:02 | 045,740,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav

    [2012/07/17 20:12:11 | 000,002,141 | ---- | C] () -- F:Windowsepplauncher.mif

    [2012/07/16 17:27:26 | 000,052,001 | ---- | C] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg

    [2012/07/14 08:45:02 | 000,000,939 | ---- | C] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk

    [2012/07/13 09:18:58 | 052,380,232 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav

    [2012/07/13 09:11:36 | 020,090,924 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav

    [2012/07/13 08:44:28 | 029,100,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav

    [2012/07/12 23:01:43 | 000,281,862 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalcensus.cache

    [2012/07/12 23:01:22 | 000,158,340 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalars.cache

    [2012/07/12 22:53:41 | 000,000,036 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache

    [2012/07/12 22:22:19 | 000,000,045 | RH-- | C] () -- F:UsersTTArmstrongDesktopstinger.opt

    [2012/07/08 18:32:23 | 002,616,633 | ---- | C] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3

    [2012/07/08 06:41:30 | 005,213,752 | ---- | C] () -- F:UsersTTArmstrongDesktopShana Wilson Press In Your Presence.mp3

    [2012/07/08 06:39:47 | 004,589,338 | ---- | C] () -- F:UsersTTArmstrongDesktopGo Get It.mp3

    [2012/07/07 17:36:45 | 000,213,141 | R--- | C] () -- F:UsersTTArmstrongDesktop00-sanchez-best_of_sanchez_(dj_rondon)-bootleg-cd-2006-spliff.jpg

    [2012/07/02 16:51:55 | 000,041,909 | ---- | C] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg

    [2012/03/26 11:55:00 | 000,147,456 | ---- | C] () -- F:WindowsSystem32DiagFunc.dll

    [2012/03/26 11:55:00 | 000,000,451 | ---- | C] () -- F:WindowsSystem32DiagFunc.ini

    [2012/03/07 19:24:25 | 000,116,224 | ---- | C] () -- F:WindowsSystem32redmonnt.dll

    [2012/03/07 19:24:25 | 000,045,056 | ---- | C] () -- F:WindowsSystem32unredmon.exe

    [2012/02/16 06:21:03 | 000,032,768 | ---- | C] () -- F:WindowsSystem32driverssp_rsdrv2.sys

    [2011/11/17 08:53:51 | 000,003,284 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingANIWZCS{A21875C3-23CF-4FF2-ACA3-


  7. Here you go :hammer:

     

     

    All processes killed

    ========== OTL ==========

    File HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensions{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: F:Program FilesPriceGong2.1.0FF not found.

    F:UsersTTArmstron[email protected]OneClickDownload.comskin folder moved successfully.

    F:UsersTTArmstron[email protected]OneClickDownload.comlocaleen-US folder moved successfully.

    F:UsersTTArmstron[email protected]OneClickDownload.comlocale folder moved successfully.

    F:UsersTTArmstron[email protected]OneClickDownload.comdefaultspreferences folder moved successfully.

    F:UsersTTArmstron[email protected]OneClickDownload.comdefaults folder moved successfully.

    F:UsersTTArmstron[email protected]OneClickDownload.comchromecontent folder moved successfully.

    F:UsersTTArmstron[email protected]OneClickDownload.comchrome folder moved successfully.

    F:UsersTTArmstron[email protected]OneClickDownload.com folder moved successfully.

    F:UsersTTArmstrong[email protected]OneClickDownload.com folder moved successfully.

    Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully.

    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{02478D38-C3F9-4efb-9B51-7695ECA05670} not found.

    Registry key HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftInternet ExplorerRestrictions deleted successfully.

    Registry key HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet ExplorerControl Panel deleted successfully.

    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

    Registry error reading value HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{E2883E8F-472F-4FB0-9522-AC9BF37916A7}DownloadInformationINF .

    Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{E2883E8F-472F-4FB0-9522-AC9BF37916A7} deleted successfully.

    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2883E8F-472F-4FB0-9522-AC9BF37916A7} not found.

    Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{E2883E8F-472F-4FB0-9522-AC9BF37916A7} not found.

    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2883E8F-472F-4FB0-9522-AC9BF37916A7} not found.

    ADS F:WindowsSystem32driversgtqjbadj.sys:changelist deleted successfully.

    ADS F:UsersTTArmstrongDesktoporignal dance:Mac_Metadata deleted successfully.

    ADS F:ProgramDataTEMP:5C321E34 deleted successfully.

    ========== FILES ==========

    F:WindowsSystem32driversgtqjbadj.sys moved successfully.

    F:ProgramDataMicrosoftWindowsDRMD27B.tmp moved successfully.

    F:Windows12225517.dat moved successfully.

    FileFolder F:Program FilesPriceGong not found.

    ========== COMMANDS ==========

     

    [EMPTYTEMP]

     

    User: Administrator

    ->Temp folder emptied: 0 bytes

     

    User: All Users

     

    User: Default

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 0 bytes

     

    User: Default User

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 0 bytes

     

    User: Public

    ->Temp folder emptied: 0 bytes

     

    User: TTArmstrong

    ->Temp folder emptied: 16384 bytes

    ->Temporary Internet Files folder emptied: 65938 bytes

    ->Java cache emptied: 653092238 bytes

    ->Google Chrome cache emptied: 73215879 bytes

    ->Flash cache emptied: 1242012 bytes

     

    %systemdrive% .tmp files removed: 0 bytes

    %systemroot% .tmp files removed: 0 bytes

    %systemroot%System32 .tmp files removed: 0 bytes

    %systemroot%System32drivers .tmp files removed: 0 bytes

    Windows Temp folder emptied: 17310853 bytes

    RecycleBin emptied: 0 bytes

     

    Total Files Cleaned = 710.00 mb

     

     

    [EMPTYFLASH]

     

    User: Administrator

     

    User: All Users

     

    User: Default

     

    User: Default User

     

    User: Public

     

    User: TTArmstrong

    ->Flash cache emptied: 0 bytes

     

    Total Flash Files Cleaned = 0.00 mb

     

     

    OTL by OldTimer - Version 3.2.54.1 log created on 07292012_205844

     

    FilesFolders moved on Reboot...

     

    PendingFileRenameOperations files...

     

    Registry entries deleted on Reboot...


  8. 16:24:42.0798 4192 VSS (209a3b1901b83aeb8527ed211cce9e4c) F:Windowssystem32vssvc.exe

    16:24:42.0814 4192 VSS - ok

    16:24:42.0845 4192 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) F:Windowssystem32DRIVERSvwifibus.sys

    16:24:42.0845 4192 vwifibus - ok

    16:24:42.0860 4192 vwififlt (7090d3436eeb4e7da3373090a23448f7) F:Windowssystem32DRIVERSvwififlt.sys

    16:24:42.0876 4192 vwififlt - ok

    16:24:42.0907 4192 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) F:Windowssystem32DRIVERSvwifimp.sys

    16:24:42.0907 4192 vwifimp - ok

    16:24:42.0954 4192 W32Time (55187fd710e27d5095d10a472c8baf1c) F:Windowssystem32w32time.dll

    16:24:42.0985 4192 W32Time - ok

    16:24:43.0001 4192 WacomPen (de3721e89c653aa281428c8a69745d90) F:Windowssystem32DRIVERSwacompen.sys

    16:24:43.0001 4192 WacomPen - ok

    16:24:43.0032 4192 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) F:Windowssystem32DRIVERSwanarp.sys

    16:24:43.0032 4192 WANARP - ok

    16:24:43.0048 4192 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) F:Windowssystem32DRIVERSwanarp.sys

    16:24:43.0048 4192 Wanarpv6 - ok

    16:24:43.0141 4192 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) F:Windowssystem32WatWatAdminSvc.exe

    16:24:43.0172 4192 WatAdminSvc - ok

    16:24:43.0266 4192 wbengine (691e3285e53dca558e1a84667f13e15a) F:Windowssystem32wbengine.exe

    16:24:43.0282 4192 wbengine - ok

    16:24:43.0313 4192 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) F:WindowsSystem32wbiosrvc.dll

    16:24:43.0328 4192 WbioSrvc - ok

    16:24:43.0375 4192 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) F:WindowsSystem32wcncsvc.dll

    16:24:43.0391 4192 wcncsvc - ok

    16:24:43.0406 4192 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) F:WindowsSystem32WcsPlugInService.dll

    16:24:43.0406 4192 WcsPlugInService - ok

    16:24:43.0453 4192 Wd (1112a9badacb47b7c0bb0392e3158dff) F:Windowssystem32DRIVERSwd.sys

    16:24:43.0453 4192 Wd - ok

    16:24:43.0484 4192 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) F:Windowssystem32DRIVERSwdcsam.sys

    16:24:43.0484 4192 WDC_SAM - ok

    16:24:43.0531 4192 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) F:Windowssystem32driversWdf01000.sys

    16:24:43.0531 4192 Wdf01000 - ok

    16:24:43.0547 4192 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) F:Windowssystem32wdi.dll

    16:24:43.0547 4192 WdiServiceHost - ok

    16:24:43.0562 4192 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) F:Windowssystem32wdi.dll

    16:24:43.0562 4192 WdiSystemHost - ok

    16:24:43.0609 4192 WebClient (a9d880f97530d5b8fee278923349929d) F:WindowsSystem32webclnt.dll

    16:24:43.0625 4192 WebClient - ok

    16:24:43.0640 4192 Wecsvc (760f0afe937a77cff27153206534f275) F:Windowssystem32wecsvc.dll

    16:24:43.0656 4192 Wecsvc - ok

    16:24:43.0672 4192 wercplsupport (ac804569bb2364fb6017370258a4091b) F:WindowsSystem32wercplsupport.dll

    16:24:43.0672 4192 wercplsupport - ok

    16:24:43.0687 4192 WerSvc (08e420d873e4fd85241ee2421b02c4a4) F:WindowsSystem32WerSvc.dll

    16:24:43.0703 4192 WerSvc - ok

    16:24:43.0718 4192 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) F:Windowssystem32DRIVERSwfplwf.sys

    16:24:43.0718 4192 WfpLwf - ok

    16:24:43.0734 4192 WIMMount (5cf95b35e59e2a38023836fff31be64c) F:Windowssystem32driverswimmount.sys

    16:24:43.0734 4192 WIMMount - ok

    16:24:43.0843 4192 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) F:Program FilesWindows Defendermpsvc.dll

    16:24:43.0843 4192 WinDefend - ok

    16:24:43.0859 4192 WinHttpAutoProxySvc - ok

    16:24:43.0921 4192 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) F:Windowssystem32wbemWMIsvc.dll

    16:24:43.0921 4192 Winmgmt - ok

    16:24:43.0999 4192 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) F:Windowssystem32WsmSvc.dll

    16:24:44.0030 4192 WinRM - ok

    16:24:44.0093 4192 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) F:Windowssystem32DRIVERSWinUsb.sys

    16:24:44.0093 4192 WinUsb - ok

    16:24:44.0155 4192 Wlansvc (16935c98ff639d185086a3529b1f2067) F:WindowsSystem32wlansvc.dll

    16:24:44.0171 4192 Wlansvc - ok

    16:24:44.0186 4192 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) F:Windowssystem32driverswmiacpi.sys

    16:24:44.0186 4192 WmiAcpi - ok

    16:24:44.0218 4192 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) F:Windowssystem32wbemWmiApSrv.exe

    16:24:44.0218 4192 wmiApSrv - ok

    16:24:44.0342 4192 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) F:Program FilesWindows Media Playerwmpnetwk.exe

    16:24:44.0358 4192 WMPNetworkSvc - ok

    16:24:44.0358 4192 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) F:WindowsSystem32wpcsvc.dll

    16:24:44.0374 4192 WPCSvc - ok

    16:24:44.0405 4192 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) F:Windowssystem32wpdbusenum.dll

    16:24:44.0405 4192 WPDBusEnum - ok

    16:24:44.0436 4192 ws2ifsl (6db3276587b853bf886b69528fdb048c) F:Windowssystem32driversws2ifsl.sys

    16:24:44.0436 4192 ws2ifsl - ok

    16:24:44.0467 4192 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) F:Windowssystem32wscsvc.dll

    16:24:44.0467 4192 wscsvc - ok

    16:24:44.0483 4192 WSearch - ok

    16:24:44.0608 4192 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) F:Windowssystem32wuaueng.dll

    16:24:44.0639 4192 wuauserv - ok

    16:24:44.0764 4192 WudfPf (e714a1c0354636837e20ccbf00888ee7) F:Windowssystem32driversWudfPf.sys

    16:24:44.0764 4192 WudfPf - ok

    16:24:44.0810 4192 WUDFRd (1023ee888c9b47178c5293ed5336ab69) F:Windowssystem32DRIVERSWUDFRd.sys

    16:24:44.0810 4192 WUDFRd - ok

    16:24:44.0857 4192 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) F:WindowsSystem32WUDFSvc.dll

    16:24:44.0857 4192 wudfsvc - ok

    16:24:44.0873 4192 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) F:WindowsSystem32wwansvc.dll

    16:24:44.0888 4192 WwanSvc - ok

    16:24:44.0951 4192 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) DeviceHarddisk0DR0

    16:24:45.0263 4192 DeviceHarddisk0DR0 - ok

    16:24:45.0263 4192 Boot (0x1200) (614c198eb7962e63f03cfa397ea98a50) DeviceHarddisk0DR0Partition0

    16:24:45.0263 4192 DeviceHarddisk0DR0Partition0 - ok

    16:24:45.0278 4192 Boot (0x1200) (fb9bd8f2626b0027723cae9e8adbe71c) DeviceHarddisk0DR0Partition1

    16:24:45.0278 4192 DeviceHarddisk0DR0Partition1 - ok

    16:24:45.0294 4192 Boot (0x1200) (c86343aa68ad897dc5f518d97b9d52f3) DeviceHarddisk0DR0Partition2

    16:24:45.0294 4192 DeviceHarddisk0DR0Partition2 - ok

    16:24:45.0294 4192 ============================================================

    16:24:45.0294 4192 Scan finished

    16:24:45.0294 4192 ============================================================

    16:24:45.0310 2532 Detected object count: 0

    16:24:45.0310 2532 Actual detected object count: 0

    16:33:20.0198 4992 Deinitialize success

     

     

     

    Hats off to you with the help JonTom :b33r::)


  9. ========== LOP Check ==========

     

    [2011/08/13 15:53:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingApowersoft

    [2010/10/23 09:09:08 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBackTalk

    [2012/07/22 18:25:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBitTorrent

    [2010/10/23 20:17:56 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingdBpoweramp

    [2010/10/02 11:17:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDisk Cleaner

    [2012/02/01 23:36:24 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDVDFab

    [2012/07/12 22:43:10 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingf-secure

    [2011/05/22 13:07:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingFDRLab

    [2011/08/24 17:01:40 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingImgBurn

    [2011/10/06 23:15:21 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingIObit

    [2011/04/20 16:26:24 | 000,000,000 | RHSD | M] -- F:UsersTTArmstrongAppDataRoamingJava

    [2010/10/17 21:57:31 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingMoonchild Productions

    [2012/04/04 22:53:16 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingPanda Security

    [2011/10/30 07:10:05 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingSystemRequirementsLab

    [2011/06/03 07:03:42 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingUpdater

    [2012/07/23 21:45:56 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingVso

    [2012/06/23 07:47:39 | 000,032,606 | ---- | M] () -- F:WindowsTasksSCHEDLGU.TXT

     

    ========== Purity Check ==========

     

     

     

    ========== Custom Scans ==========

     

    < %systemroot%*. /rp /s >

     

    < MD5 for: EXPLORER.EXE >

    [2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fcexplorer.exe

    [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430explorer.exe

    [2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373explorer.exe

    [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1explorer.exe

    [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cefexplorer.exe

    [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87caexplorer.exe

    [2011/05/15 02:53:30 | 007,012,752 | ---- | M] () MD5=497144C537E73165F7A39C24CC29510C -- F:UsersTTArmstrongAppDataRoamingUpdaterexplorer.exe

    [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowserdntcacheexplorer.exe

    [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowsexplorer.exe

    [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84explorer.exe

    [2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6explorer.exe

    [2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878explorer.exe

    [2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- F:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691explorer.exe

     

    < MD5 for: SVCHOST.EXE >

    [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:Windowserdntcachesvchost.exe

    [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:WindowsSystem32svchost.exe

    [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356svchost.exe

    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- F:Program FilesMalwarebytes' Anti-MalwareChameleonsvchost.exe

     

    < MD5 for: USERINIT.EXE >

    [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:Windowserdntcacheuserinit.exe

    [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:WindowsSystem32userinit.exe

    [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116userinit.exe

    [2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7cuserinit.exe

     

    < MD5 for: WINLOGON.EXE >

    [2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177winlogon.exe

    [2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2winlogon.exe

    [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:Windowserdntcachewinlogon.exe

    [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:WindowsSystem32winlogon.exe

    [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500winlogon.exe

    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- F:Program FilesMalwarebytes' Anti-MalwareChameleonwinlogon.exe

    [2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- F:Windowswinsxsx86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166winlogon.exe

     

    ========== Alternate Data Streams ==========

     

    @Alternate Data Stream - 298 bytes -> F:WindowsSystem32driversgtqjbadj.sys:changelist

    @Alternate Data Stream - 20 bytes -> F:UsersTTArmstrongDesktoporignal dance:Mac_Metadata

    @Alternate Data Stream - 105 bytes -> F:ProgramDataTEMP:5C321E34

     

    < End of report >


  10. 16:23:03.0231 4288 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

    16:23:04.0042 4288 ============================================================

    16:23:04.0042 4288 Current date / time: 2012/07/26 16:23:04.0042

    16:23:04.0042 4288 SystemInfo:

    16:23:04.0042 4288

    16:23:04.0042 4288 OS Version: 6.1.7601 ServicePack: 1.0

    16:23:04.0042 4288 Product type: Workstation

    16:23:04.0042 4288 ComputerName: TTARMSTRONG-PC

    16:23:04.0042 4288 UserName: TTArmstrong

    16:23:04.0042 4288 Windows directory: F:Windows

    16:23:04.0042 4288 System windows directory: F:Windows

    16:23:04.0042 4288 Processor architecture: Intel x86

    16:23:04.0042 4288 Number of processors: 2

    16:23:04.0042 4288 Page size: 0x1000

    16:23:04.0042 4288 Boot type: Normal boot

    16:23:04.0042 4288 ============================================================

    16:23:05.0524 4288 Drive DeviceHarddisk0DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

    16:23:05.0524 4288 ============================================================

    16:23:05.0524 4288 DeviceHarddisk0DR0:

    16:23:05.0524 4288 MBR partitions:

    16:23:05.0524 4288 DeviceHarddisk0DR0Partition0: MBR, Type 0x7, StartLBA 0x855A2, BlocksNum 0x75DCDCD

    16:23:05.0555 4288 DeviceHarddisk0DR0Partition1: MBR, Type 0x7, StartLBA 0x76623AE, BlocksNum 0x644A2D3

    16:23:05.0571 4288 DeviceHarddisk0DR0Partition2: MBR, Type 0x7, StartLBA 0xDAAC6C0, BlocksNum 0x4F6C401

    16:23:05.0571 4288 ============================================================

    16:23:05.0602 4288 C: <-> DeviceHarddisk0DR0Partition0

    16:23:05.0618 4288 E: <-> DeviceHarddisk0DR0Partition2

    16:23:05.0633 4288 F: <-> DeviceHarddisk0DR0Partition1

    16:23:05.0633 4288 ============================================================

    16:23:05.0633 4288 Initialize success

    16:23:05.0633 4288 ============================================================

    16:24:23.0985 4192 ============================================================

    16:24:23.0985 4192 Scan started

    16:24:23.0985 4192 Mode: Manual; TDLFS;

    16:24:23.0985 4192 ============================================================

    16:24:24.0734 4192 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) F:Program FilesSUPERAntiSpywareSASCORE.EXE

    16:24:24.0734 4192 !SASCORE - ok

    16:24:24.0890 4192 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) F:Windowssystem32drivers1394ohci.sys

    16:24:24.0890 4192 1394ohci - ok

    16:24:24.0952 4192 a2acc (a8a4e18857cdfd8d9ab81e2c9eaf89b5) F:PROGRAM FILESEMSISOFT ANTI-MALWAREa2accx86.sys

    16:24:24.0952 4192 a2acc - ok

    16:24:25.0124 4192 a2AntiMalware (8b75ba256bcada2b73ffa5bd77aa9e6c) F:Program FilesEmsisoft Anti-Malwarea2service.exe

    16:24:25.0140 4192 a2AntiMalware - ok

    16:24:25.0171 4192 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) F:Program FilesEmsisoft Anti-Malwarea2ddax86.sys

    16:24:25.0171 4192 A2DDA - ok

    16:24:25.0264 4192 ACPI (cea80c80bed809aa0da6febc04733349) F:Windowssystem32driversACPI.sys

    16:24:25.0264 4192 ACPI - ok

    16:24:25.0296 4192 AcpiPmi (1efbc664abff416d1d07db115dcb264f) F:Windowssystem32driversacpipmi.sys

    16:24:25.0296 4192 AcpiPmi - ok

    16:24:25.0374 4192 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) F:Program FilesCommon FilesAdobeARM1.0armsvc.exe

    16:24:25.0374 4192 AdobeARMservice - ok

    16:24:25.0436 4192 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) F:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe

    16:24:25.0452 4192 AdobeFlashPlayerUpdateSvc - ok

    16:24:25.0483 4192 adp94xx (21e785ebd7dc90a06391141aac7892fb) F:Windowssystem32DRIVERSadp94xx.sys

    16:24:25.0498 4192 adp94xx - ok

    16:24:25.0514 4192 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) F:Windowssystem32DRIVERSadpahci.sys

    16:24:25.0530 4192 adpahci - ok

    16:24:25.0545 4192 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) F:Windowssystem32DRIVERSadpu320.sys

    16:24:25.0545 4192 adpu320 - ok

    16:24:25.0576 4192 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) F:WindowsSystem32aelupsvc.dll

    16:24:25.0576 4192 AeLookupSvc - ok

    16:24:25.0623 4192 AFD (9ebbba55060f786f0fcaa3893bfa2806) F:Windowssystem32driversafd.sys

    16:24:25.0623 4192 AFD - ok

    16:24:25.0670 4192 agp440 (507812c3054c21cef746b6ee3d04dd6e) F:Windowssystem32driversagp440.sys

    16:24:25.0670 4192 agp440 - ok

    16:24:25.0686 4192 aic78xx (8b30250d573a8f6b4bd23195160d8707) F:Windowssystem32DRIVERSdjsvs.sys

    16:24:25.0686 4192 aic78xx - ok

    16:24:25.0717 4192 ALG (18a54e132947cd98fea9accc57f98f13) F:WindowsSystem32alg.exe

    16:24:25.0717 4192 ALG - ok

    16:24:25.0732 4192 aliide (0d40bcf52ea90fc7df2aeab6503dea44) F:Windowssystem32driversaliide.sys

    16:24:25.0732 4192 aliide - ok

    16:24:25.0779 4192 amdagp (3c6600a0696e90a463771c7422e23ab5) F:Windowssystem32driversamdagp.sys

    16:24:25.0779 4192 amdagp - ok

    16:24:25.0795 4192 amdide (cd5914170297126b6266860198d1d4f0) F:Windowssystem32driversamdide.sys

    16:24:25.0795 4192 amdide - ok

    16:24:25.0810 4192 AmdK8 (00dda200d71bac534bf56a9db5dfd666) F:Windowssystem32DRIVERSamdk8.sys

    16:24:25.0810 4192 AmdK8 - ok

    16:24:25.0826 4192 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) F:Windowssystem32DRIVERSamdppm.sys

    16:24:25.0826 4192 AmdPPM - ok

    16:24:25.0857 4192 amdsata (d320bf87125326f996d4904fe24300fc) F:Windowssystem32driversamdsata.sys

    16:24:25.0857 4192 amdsata - ok

    16:24:25.0888 4192 amdsbs (ea43af0c423ff267355f74e7a53bdaba) F:Windowssystem32DRIVERSamdsbs.sys

    16:24:25.0888 4192 amdsbs - ok

    16:24:25.0904 4192 amdxata (46387fb17b086d16dea267d5be23a2f2) F:Windowssystem32driversamdxata.sys

    16:24:25.0904 4192 amdxata - ok

    16:24:25.0951 4192 anodlwf (48e008cf2edcf8fc91a9d3507865a51d) F:Windowssystem32DRIVERSanodlwf.sys

    16:24:25.0951 4192 anodlwf - ok

    16:24:25.0982 4192 AppID (aea177f783e20150ace5383ee368da19) F:Windowssystem32driversappid.sys

    16:24:25.0982 4192 AppID - ok

    16:24:25.0998 4192 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) F:WindowsSystem32appidsvc.dll

    16:24:25.0998 4192 AppIDSvc - ok

    16:24:26.0044 4192 Appinfo (fb1959012294d6ad43e5304df65e3c26) F:WindowsSystem32appinfo.dll

    16:24:26.0044 4192 Appinfo - ok

    16:24:26.0091 4192 arc (2932004f49677bd84dbc72edb754ffb3) F:Windowssystem32DRIVERSarc.sys

    16:24:26.0091 4192 arc - ok

    16:24:26.0107 4192 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) F:Windowssystem32DRIVERSarcsas.sys

    16:24:26.0107 4192 arcsas - ok

    16:24:26.0122 4192 AsyncMac (add2ade1c2b285ab8378d2daaf991481) F:Windowssystem32DRIVERSasyncmac.sys

    16:24:26.0122 4192 AsyncMac - ok

    16:24:26.0138 4192 atapi (338c86357871c167a96ab976519bf59e) F:Windowssystem32driversatapi.sys

    16:24:26.0138 4192 atapi - ok

    16:24:26.0185 4192 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) F:WindowsSystem32Audiosrv.dll

    16:24:26.0185 4192 AudioEndpointBuilder - ok

    16:24:26.0200 4192 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) F:WindowsSystem32Audiosrv.dll

    16:24:26.0200 4192 Audiosrv - ok

    16:24:26.0247 4192 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) F:WindowsSystem32AxInstSV.dll

    16:24:26.0247 4192 AxInstSV - ok

    16:24:26.0278 4192 b06bdrv (1a231abec60fd316ec54c66715543cec) F:Windowssystem32DRIVERSbxvbdx.sys

    16:24:26.0294 4192 b06bdrv - ok

    16:24:26.0325 4192 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) F:Windowssystem32DRIVERSb57nd60x.sys

    16:24:26.0325 4192 b57nd60x - ok

    16:24:26.0434 4192 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) F:Windowssystem32DRIVERSbcmwl6.sys

    16:24:26.0450 4192 BCM43XX - ok

    16:24:26.0466 4192 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) F:WindowsSystem32bdesvc.dll

    16:24:26.0466 4192 BDESVC - ok

    16:24:26.0512 4192 Beep (505506526a9d467307b3c393dedaf858) F:Windowssystem32driversBeep.sys

    16:24:26.0512 4192 Beep - ok

    16:24:26.0590 4192 BFE (1e2bac209d184bb851e1a187d8a29136) F:WindowsSystem32bfe.dll

    16:24:26.0590 4192 BFE - ok

    16:24:26.0637 4192 blbdrive (2287078ed48fcfc477b05b20cf38f36f) F:Windowssystem32DRIVERSblbdrive.sys

    16:24:26.0637 4192 blbdrive - ok

    16:24:26.0668 4192 bowser (8f2da3028d5fcbd1a060a3de64cd6506) F:Windowssystem32DRIVERSbowser.sys

    16:24:26.0668 4192 bowser - ok

    16:24:26.0684 4192 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) F:Windowssystem32DRIVERSBrFiltLo.sys

    16:24:26.0684 4192 BrFiltLo - ok

    16:24:26.0700 4192 BrFiltUp (56801ad62213a41f6497f96dee83755a) F:Windowssystem32DRIVERSBrFiltUp.sys

    16:24:26.0700 4192 BrFiltUp - ok

    16:24:26.0715 4192 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) F:Windowssystem32DRIVERSbridge.sys

    16:24:26.0715 4192 BridgeMP - ok

    16:24:26.0793 4192 Browser (6e11f33d14d020f58d5e02e4d67dfa19) F:WindowsSystem32browser.dll

    16:24:26.0793 4192 Browser - ok

    16:24:26.0824 4192 Brserid (845b8ce732e67f3b4133164868c666ea) F:Windowssystem32DRIVERSBrSerId.sys

    16:24:26.0824 4192 Brserid - ok

    16:24:26.0856 4192 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) F:WindowsSystem32DriversBrSerWdm.sys

    16:24:26.0856 4192 BrSerWdm - ok

    16:24:26.0871 4192 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) F:WindowsSystem32DriversBrUsbMdm.sys

    16:24:26.0871 4192 BrUsbMdm - ok

    16:24:26.0887 4192 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) F:Windowssystem32DRIVERSBrUsbSer.sys

    16:24:26.0887 4192 BrUsbSer - ok

    16:24:26.0902 4192 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) F:Windowssystem32DRIVERSbthmodem.sys

    16:24:26.0902 4192 BTHMODEM - ok

    16:24:26.0918 4192 bthserv (1df19c96eef6c29d1c3e1a8678e07190) F:Windowssystem32bthserv.dll

    16:24:26.0918 4192 bthserv - ok

    16:24:26.0980 4192 catchme - ok

    16:24:27.0012 4192 cdfs (77ea11b065e0a8ab902d78145ca51e10) F:Windowssystem32DRIVERScdfs.sys

    16:24:27.0012 4192 cdfs - ok

    16:24:27.0043 4192 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) F:Windowssystem32DRIVERScdrom.sys

    16:24:27.0058 4192 cdrom - ok

    16:24:27.0074 4192 CertPropSvc (319c6b309773d063541d01df8ac6f55f) F:WindowsSystem32certprop.dll

    16:24:27.0074 4192 CertPropSvc - ok

    16:24:27.0121 4192 CFcatchme - ok

    16:24:27.0152 4192 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) F:Windowssystem32DRIVERScirclass.sys

    16:24:27.0152 4192 circlass - ok

    16:24:27.0199 4192 CLFS (635181e0e9bbf16871bf5380d71db02d) F:Windowssystem32CLFS.sys

    16:24:27.0214 4192 CLFS - ok

    16:24:27.0246 4192 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) F:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe

    16:24:27.0261 4192 clr_optimization_v2.0.50727_32 - ok

    16:24:27.0308 4192 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) F:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe

    16:24:27.0308 4192 clr_optimization_v4.0.30319_32 - ok

    16:24:27.0324 4192 CmBatt (dea805815e587dad1dd2c502220b5616) F:Windowssystem32DRIVERSCmBatt.sys

    16:24:27.0324 4192 CmBatt - ok

    16:24:27.0480 4192 cmdAgent (907324001ae25ac5959c91eaa34cabae) F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe

    16:24:27.0495 4192 cmdAgent - ok

    16:24:27.0620 4192 cmdGuard (ed042da80d9d6a087e83df395ceefd65) F:Windowssystem32DRIVERScmdguard.sys

    16:24:27.0620 4192 cmdGuard - ok

    16:24:27.0651 4192 cmdHlp (ed6b6a222cb9adf6751e02ad478a89fb) F:Windowssystem32DRIVERScmdhlp.sys

    16:24:27.0651 4192 cmdHlp - ok

    16:24:27.0698 4192 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) F:Windowssystem32driverscmdide.sys

    16:24:27.0698 4192 cmdide - ok

    16:24:27.0745 4192 CNG (247b4ce2dab1160cd422d532d5241e1f) F:Windowssystem32Driverscng.sys

    16:24:27.0760 4192 CNG - ok

    16:24:27.0760 4192 Compbatt (a6023d3823c37043986713f118a89bee) F:Windowssystem32DRIVERScompbatt.sys

    16:24:27.0760 4192 Compbatt - ok

    16:24:27.0792 4192 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) F:Windowssystem32driversCompositeBus.sys

    16:24:27.0792 4192 CompositeBus - ok

    16:24:27.0792 4192 COMSysApp - ok

    16:24:27.0807 4192 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) F:Windowssystem32DRIVERScrcdisk.sys

    16:24:27.0807 4192 crcdisk - ok

    16:24:27.0916 4192 Credential Vault Host Control Service (4163c86ea091f9621017b899ad66a8be) F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe

    16:24:27.0948 4192 Credential Vault Host Control Service - ok

    16:24:27.0963 4192 Credential Vault Host Storage (ad6ba00e4f4e847151a3b4a0a2945c7c) F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe

    16:24:27.0963 4192 Credential Vault Host Storage - ok

    16:24:27.0994 4192 CryptSvc (06e771aa596b8761107ab57e99f128d7) F:Windowssystem32cryptsvc.dll

    16:24:27.0994 4192 CryptSvc - ok

    16:24:28.0010 4192 cvusbdrv (d1697063e2cdb6575aa46d668ffee825) F:Windowssystem32Driverscvusbdrv.sys

    16:24:28.0010 4192 cvusbdrv - ok

    16:24:28.0057 4192 DcomLaunch (7660f01d3b38aca1747e397d21d790af) F:Windowssystem32rpcss.dll

    16:24:28.0072 4192 DcomLaunch - ok

    16:24:28.0104 4192 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) F:WindowsSystem32defragsvc.dll

    16:24:28.0119 4192 defragsvc - ok

    16:24:28.0150 4192 DfsC (f024449c97ec1e464aaffda18593db88) F:Windowssystem32Driversdfsc.sys

    16:24:28.0150 4192 DfsC - ok

    16:24:28.0197 4192 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) F:Windowssystem32dhcpcore.dll

    16:24:28.0213 4192 Dhcp - ok

    16:24:28.0244 4192 discache (1a050b0274bfb3890703d490f330c0da) F:Windowssystem32driversdiscache.sys

    16:24:28.0244 4192 discache - ok

    16:24:28.0260 4192 Disk (565003f326f99802e68ca78f2a68e9ff) F:Windowssystem32DRIVERSdisk.sys

    16:24:28.0260 4192 Disk - ok

    16:24:28.0291 4192 Dnscache (33ef4861f19a0736b11314aad9ae28d0) F:WindowsSystem32dnsrslvr.dll

    16:24:28.0291 4192 Dnscache - ok

    16:24:28.0338 4192 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) F:WindowsSystem32dot3svc.dll

    16:24:28.0353 4192 dot3svc - ok

    16:24:28.0384 4192 DPS (8ec04ca86f1d68da9e11952eb85973d6) F:Windowssystem32dps.dll

    16:24:28.0384 4192 DPS - ok

    16:24:28.0416 4192 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) F:Windowssystem32driversdrmkaud.sys

    16:24:28.0416 4192 drmkaud - ok

    16:24:28.0478 4192 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) F:WindowsSystem32driversdxgkrnl.sys

    16:24:28.0494 4192 DXGKrnl - ok

    16:24:28.0540 4192 e1yexpress (44a91d98d6719b49bcd649a863225b5c) F:Windowssystem32DRIVERSe1y6232.sys

    16:24:28.0556 4192 e1yexpress - ok

    16:24:28.0572 4192 EapHost (8600142fa91c1b96367d3300ad0f3f3a) F:WindowsSystem32eapsvc.dll

    16:24:28.0572 4192 EapHost - ok

    16:24:28.0728 4192 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) F:Windowssystem32DRIVERSevbdx.sys

    16:24:28.0774 4192 ebdrv - ok

    16:24:28.0868 4192 EFS (81951f51e318aecc2d68559e47485cc4) F:WindowsSystem32lsass.exe

    16:24:28.0868 4192 EFS - ok

    16:24:28.0915 4192 ehRecvr (a8c362018efc87beb013ee28f29c0863) F:WindowsehomeehRecvr.exe

    16:24:28.0930 4192 ehRecvr - ok

    16:24:28.0946 4192 ehSched (d389bff34f80caede417bf9d1507996a) F:Windowsehomeehsched.exe

    16:24:28.0946 4192 ehSched - ok

    16:24:28.0993 4192 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) F:Windowssystem32DRIVERSelxstor.sys

    16:24:29.0008 4192 elxstor - ok

    16:24:29.0040 4192 ErrDev (8fc3208352dd3912c94367a206ab3f11) F:Windowssystem32driverserrdev.sys

    16:24:29.0040 4192 ErrDev - ok

    16:24:29.0133 4192 EventSystem (f6916efc29d9953d5d0df06882ae8e16) F:Windowssystem32es.dll

    16:24:29.0133 4192 EventSystem - ok

    16:24:29.0149 4192 exfat (2dc9108d74081149cc8b651d3a26207f) F:Windowssystem32driversexfat.sys

    16:24:29.0164 4192 exfat - ok

    16:24:29.0180 4192 fastfat (7e0ab74553476622fb6ae36f73d97d35) F:Windowssystem32driversfastfat.sys

    16:24:29.0180 4192 fastfat - ok

    16:24:29.0242 4192 Fax (967ea5b213e9984cbe270205df37755b) F:Windowssystem32fxssvc.exe

    16:24:29.0242 4192 Fax - ok

    16:24:29.0258 4192 fdc (e817a017f82df2a1f8cfdbda29388b29) F:Windowssystem32DRIVERSfdc.sys

    16:24:29.0274 4192 fdc - ok

    16:24:29.0274 4192 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) F:Windowssystem32fdPHost.dll

    16:24:29.0274 4192 fdPHost - ok

    16:24:29.0289 4192 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) F:Windowssystem32fdrespub.dll

    16:24:29.0289 4192 FDResPub - ok

    16:24:29.0289 4192 FileInfo (6cf00369c97f3cf563be99be983d13d8) F:Windowssystem32driversfileinfo.sys

    16:24:29.0289 4192 FileInfo - ok

    16:24:29.0305 4192 Filetrace (42c51dc94c91da21cb9196eb64c45db9) F:Windowssystem32driversfiletrace.sys

    16:24:29.0305 4192 Filetrace - ok

    16:24:29.0320 4192 flpydisk (87907aa70cb3c56600f1c2fb8841579b) F:Windowssystem32DRIVERSflpydisk.sys

    16:24:29.0320 4192 flpydisk - ok

    16:24:29.0352 4192 FltMgr (7520ec808e0c35e0ee6f841294316653) F:Windowssystem32driversfltmgr.sys

    16:24:29.0352 4192 FltMgr - ok

    16:24:29.0398 4192 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) F:Windowssystem32FntCache.dll

    16:24:29.0414 4192 FontCache - ok

    16:24:29.0461 4192 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) F:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe

    16:24:29.0461 4192 FontCache3.0.0.0 - ok

    16:24:29.0476 4192 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) F:Windowssystem32driversFsDepends.sys

    16:24:29.0476 4192 FsDepends - ok

    16:24:29.0539 4192 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) F:Windowssystem32driversFs_Rec.sys

    16:24:29.0539 4192 Fs_Rec - ok

    16:24:29.0570 4192 fvevol (8a73e79089b282100b9393b644cb853b) F:Windowssystem32DRIVERSfvevol.sys

    16:24:29.0586 4192 fvevol - ok

    16:24:29.0601 4192 gagp30kx (65ee0c7a58b65e74ae05637418153938) F:Windowssystem32DRIVERSgagp30kx.sys

    16:24:29.0601 4192 gagp30kx - ok

    16:24:29.0648 4192 gpsvc (e897eaf5ed6ba41e081060c9b447a673) F:WindowsSystem32gpsvc.dll

    16:24:29.0664 4192 gpsvc - ok

    16:24:29.0773 4192 gupdate (f02a533f517eb38333cb12a9e8963773) F:Program FilesGoogleUpdateGoogleUpdate.exe

    16:24:29.0773 4192 gupdate - ok

    16:24:29.0788 4192 gupdatem (f02a533f517eb38333cb12a9e8963773) F:Program FilesGoogleUpdateGoogleUpdate.exe

    16:24:29.0788 4192 gupdatem - ok

    16:24:29.0804 4192 gusvc (cc839e8d766cc31a7710c9f38cf3e375) F:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

    16:24:29.0804 4192 gusvc - ok

    16:24:29.0820 4192 hcw85cir (c44e3c2bab6837db337ddee7544736db) F:Windowssystem32drivershcw85cir.sys

    16:24:29.0820 4192 hcw85cir - ok

    16:24:29.0866 4192 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) F:Windowssystem32driversHdAudio.sys

    16:24:29.0866 4192 HdAudAddService - ok

    16:24:29.0882 4192 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) F:Windowssystem32driversHDAudBus.sys

    16:24:29.0882 4192 HDAudBus - ok

    16:24:29.0898 4192 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) F:Windowssystem32DRIVERSHidBatt.sys

    16:24:29.0913 4192 HidBatt - ok

    16:24:29.0929 4192 HidBth (89448f40e6df260c206a193a4683ba78) F:Windowssystem32DRIVERShidbth.sys

    16:24:29.0929 4192 HidBth - ok

    16:24:29.0944 4192 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) F:Windowssystem32DRIVERShidir.sys

    16:24:29.0944 4192 HidIr - ok

    16:24:29.0976 4192 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) F:WindowsSystem32hidserv.dll

    16:24:29.0976 4192 hidserv - ok

    16:24:30.0007 4192 HidUsb (10c19f8290891af023eaec0832e1eb4d) F:Windowssystem32DRIVERShidusb.sys

    16:24:30.0007 4192 HidUsb - ok

    16:24:30.0054 4192 hkmsvc (196b4e3f4cccc24af836ce58facbb699) F:Windowssystem32kmsvc.dll

    16:24:30.0054 4192 hkmsvc - ok

    16:24:30.0100 4192 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) F:Windowssystem32ListSvc.dll

    16:24:30.0100 4192 HomeGroupListener - ok

    16:24:30.0147 4192 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) F:Windowssystem32provsvc.dll

    16:24:30.0147 4192 HomeGroupProvider - ok

    16:24:30.0163 4192 HpSAMD (295fdc419039090eb8b49ffdbb374549) F:Windowssystem32driversHpSAMD.sys

    16:24:30.0163 4192 HpSAMD - ok

    16:24:30.0210 4192 HTTP (871917b07a141bff43d76d8844d48106) F:Windowssystem32driversHTTP.sys

    16:24:30.0225 4192 HTTP - ok

    16:24:30.0272 4192 hwpolicy (0c4e035c7f105f1299258c90886c64c5) F:Windowssystem32drivershwpolicy.sys

    16:24:30.0272 4192 hwpolicy - ok

    16:24:30.0303 4192 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) F:Windowssystem32driversi8042prt.sys

    16:24:30.0303 4192 i8042prt - ok

    16:24:30.0350 4192 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) F:Windowssystem32driversiaStorV.sys

    16:24:30.0350 4192 iaStorV - ok

    16:24:30.0490 4192 idsvc (c521d7eb6497bb1af6afa89e322fb43c) F:WindowsMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe

    16:24:30.0506 4192 idsvc - ok

    16:24:30.0584 4192 iirsp (4173ff5708f3236cf25195fecd742915) F:Windowssystem32DRIVERSiirsp.sys

    16:24:30.0584 4192 iirsp - ok

    16:24:30.0646 4192 IKEEXT (f95622f161474511b8d80d6b093aa610) F:WindowsSystem32ikeext.dll

    16:24:30.0662 4192 IKEEXT - ok

    16:24:30.0709 4192 inspect (2ee3db2c1760171c6f72f2f1792a47b5) F:Windowssystem32DRIVERSinspect.sys

    16:24:30.0709 4192 inspect - ok

    16:24:30.0709 4192 intelide (a0f12f2c9ba6c72f3987ce780e77c130) F:Windowssystem32driversintelide.sys

    16:24:30.0724 4192 intelide - ok

    16:24:30.0740 4192 intelppm (3b514d27bfc4accb4037bc6685f766e0) F:Windowssystem32DRIVERSintelppm.sys

    16:24:30.0740 4192 intelppm - ok

    16:24:30.0756 4192 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) F:Windowssystem32ipbusenum.dll

    16:24:30.0756 4192 IPBusEnum - ok

    16:24:30.0771 4192 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) F:Windowssystem32DRIVERSipfltdrv.sys

    16:24:30.0771 4192 IpFilterDriver - ok

    16:24:30.0849 4192 iphlpsvc (4d65a07b795d6674312f879d09aa7663) F:WindowsSystem32iphlpsvc.dll

    16:24:30.0849 4192 iphlpsvc - ok

    16:24:30.0880 4192 IPMIDRV (4bd7134618c1d2a27466a099062547bf) F:Windowssystem32driversIPMIDrv.sys

    16:24:30.0880 4192 IPMIDRV - ok

    16:24:30.0927 4192 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) F:Windowssystem32driversipnat.sys

    16:24:30.0927 4192 IPNAT - ok

    16:24:30.0958 4192 IRENUM (42996cff20a3084a56017b7902307e9f) F:Windowssystem32driversirenum.sys

    16:24:30.0958 4192 IRENUM - ok

    16:24:30.0958 4192 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) F:Windowssystem32driversisapnp.sys

    16:24:30.0974 4192 isapnp - ok

    16:24:31.0005 4192 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) F:Windowssystem32driversmsiscsi.sys

    16:24:31.0021 4192 iScsiPrt - ok

    16:24:31.0068 4192 ivusb (994ebb45c4b438e1f6ea0b958ae9b9a3) F:Windowssystem32DRIVERSivusb.sys

    16:24:31.0068 4192 ivusb - ok

    16:24:31.0114 4192 kbdclass (adef52ca1aeae82b50df86b56413107e) F:Windowssystem32driverskbdclass.sys

    16:24:31.0114 4192 kbdclass - ok

    16:24:31.0146 4192 kbdhid (9e3ced91863e6ee98c24794d05e27a71) F:Windowssystem32driverskbdhid.sys

    16:24:31.0146 4192 kbdhid - ok

    16:24:31.0177 4192 KeyIso (81951f51e318aecc2d68559e47485cc4) F:Windowssystem32lsass.exe

    16:24:31.0177 4192 KeyIso - ok

    16:24:31.0224 4192 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) F:Windowssystem32Driversksecdd.sys

    16:24:31.0224 4192 KSecDD - ok

    16:24:31.0255 4192 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) F:Windowssystem32Driversksecpkg.sys

    16:24:31.0255 4192 KSecPkg - ok

    16:24:31.0286 4192 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) F:Windowssystem32msdtckrm.dll

    16:24:31.0302 4192 KtmRm - ok

    16:24:31.0364 4192 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) F:WindowsSystem32srvsvc.dll

    16:24:31.0364 4192 LanmanServer - ok

    16:24:31.0395 4192 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) F:WindowsSystem32wkssvc.dll

    16:24:31.0395 4192 LanmanWorkstation - ok

    16:24:31.0411 4192 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) F:Windowssystem32DRIVERSlltdio.sys

    16:24:31.0426 4192 lltdio - ok

    16:24:31.0442 4192 lltdsvc (5700673e13a2117fa3b9020c852c01e2) F:WindowsSystem32lltdsvc.dll

    16:24:31.0458 4192 lltdsvc - ok

    16:24:31.0473 4192 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) F:WindowsSystem32lmhsvc.dll

    16:24:31.0473 4192 lmhosts - ok

    16:24:31.0504 4192 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) F:Windowssystem32DRIVERSlsi_fc.sys

    16:24:31.0504 4192 LSI_FC - ok

    16:24:31.0520 4192 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) F:Windowssystem32DRIVERSlsi_sas.sys

    16:24:31.0520 4192 LSI_SAS - ok

    16:24:31.0536 4192 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) F:Windowssystem32DRIVERSlsi_sas2.sys

    16:24:31.0536 4192 LSI_SAS2 - ok

    16:24:31.0551 4192 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) F:Windowssystem32DRIVERSlsi_scsi.sys

    16:24:31.0551 4192 LSI_SCSI - ok

    16:24:31.0582 4192 luafv (6703e366cc18d3b6e534f5cf7df39cee) F:Windowssystem32driversluafv.sys

    16:24:31.0598 4192 luafv - ok

    16:24:31.0629 4192 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) F:Windowssystem32Mcx2Svc.dll

    16:24:31.0629 4192 Mcx2Svc - ok

    16:24:31.0645 4192 megasas (0fff5b045293002ab38eb1fd1fc2fb74) F:Windowssystem32DRIVERSmegasas.sys

    16:24:31.0645 4192 megasas - ok

    16:24:31.0676 4192 MegaSR (dcbab2920c75f390caf1d29f675d03d6) F:Windowssystem32DRIVERSMegaSR.sys

    16:24:31.0676 4192 MegaSR - ok

    16:24:31.0770 4192 Microsoft SharePoint Workspace Audit Service - ok

    16:24:31.0801 4192 MMCSS (146b6f43a673379a3c670e86d89be5ea) F:Windowssystem32mmcss.dll

    16:24:31.0801 4192 MMCSS - ok

    16:24:31.0816 4192 Modem (f001861e5700ee84e2d4e52c712f4964) F:Windowssystem32driversmodem.sys

    16:24:31.0816 4192 Modem - ok

    16:24:31.0863 4192 monitor (79d10964de86b292320e9dfe02282a23) F:Windowssystem32DRIVERSmonitor.sys

    16:24:31.0863 4192 monitor - ok

    16:24:31.0894 4192 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) F:Windowssystem32DRIVERSmouclass.sys

    16:24:31.0894 4192 mouclass - ok

    16:24:31.0910 4192 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) F:Windowssystem32DRIVERSmouhid.sys

    16:24:31.0910 4192 mouhid - ok

    16:24:31.0926 4192 mountmgr (fc8771f45ecccfd89684e38842539b9b) F:Windowssystem32driversmountmgr.sys

    16:24:31.0941 4192 mountmgr - ok

    16:24:32.0004 4192 MpFilter (fee0baded54222e9f1dae9541212aab1) F:Windowssystem32DRIVERSMpFilter.sys

    16:24:32.0004 4192 MpFilter - ok

    16:24:32.0035 4192 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) F:Windowssystem32driversmpio.sys

    16:24:32.0050 4192 mpio - ok

    16:24:32.0050 4192 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) F:Windowssystem32DRIVERSMpNWMon.sys

    16:24:32.0050 4192 MpNWMon - ok

    16:24:32.0082 4192 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) F:Windowssystem32driversmpsdrv.sys

    16:24:32.0082 4192 mpsdrv - ok

    16:24:32.0160 4192 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) F:Windowssystem32mpssvc.dll

    16:24:32.0160 4192 MpsSvc - ok

    16:24:32.0206 4192 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) F:Windowssystem32driversmrxdav.sys

    16:24:32.0206 4192 MRxDAV - ok

    16:24:32.0269 4192 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) F:Windowssystem32DRIVERSmrxsmb.sys

    16:24:32.0269 4192 mrxsmb - ok

    16:24:32.0316 4192 mrxsmb10 (6d17a4791aca19328c685d256349fefc) F:Windowssystem32DRIVERSmrxsmb10.sys

    16:24:32.0316 4192 mrxsmb10 - ok

    16:24:32.0362 4192 mrxsmb20 (b81f204d146000be76651a50670a5e9e) F:Windowssystem32DRIVERSmrxsmb20.sys

    16:24:32.0378 4192 mrxsmb20 - ok

    16:24:32.0378 4192 msahci (012c5f4e9349e711e11e0f19a8589f0a) F:Windowssystem32driversmsahci.sys

    16:24:32.0378 4192 msahci - ok

    16:24:32.0394 4192 msdsm (55055f8ad8be27a64c831322a780a228) F:Windowssystem32driversmsdsm.sys

    16:24:32.0394 4192 msdsm - ok

    16:24:32.0425 4192 MSDTC (e1bce74a3bd9902b72599c0192a07e27) F:WindowsSystem32msdtc.exe

    16:24:32.0425 4192 MSDTC - ok

    16:24:32.0456 4192 Msfs (daefb28e3af5a76abcc2c3078c07327f) F:Windowssystem32driversMsfs.sys

    16:24:32.0456 4192 Msfs - ok

    16:24:32.0456 4192 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) F:WindowsSystem32driversmshidkmdf.sys

    16:24:32.0472 4192 mshidkmdf - ok

    16:24:32.0503 4192 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) F:Windowssystem32driversmsisadrv.sys

    16:24:32.0503 4192 msisadrv - ok

    16:24:32.0518 4192 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) F:Windowssystem32iscsiexe.dll

    16:24:32.0518 4192 MSiSCSI - ok

    16:24:32.0534 4192 msiserver - ok

    16:24:32.0550 4192 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) F:Windowssystem32driversMSKSSRV.sys

    16:24:32.0565 4192 MSKSSRV - ok

    16:24:32.0690 4192 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) F:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe

    16:24:32.0690 4192 MsMpSvc - ok

    16:24:32.0706 4192 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) F:Windowssystem32driversMSPCLOCK.sys

    16:24:32.0706 4192 MSPCLOCK - ok

    16:24:32.0706 4192 MSPQM (f456e973590d663b1073e9c463b40932) F:Windowssystem32driversMSPQM.sys

    16:24:32.0706 4192 MSPQM - ok

    16:24:32.0737 4192 MsRPC (0e008fc4819d238c51d7c93e7b41e560) F:Windowssystem32driversMsRPC.sys

    16:24:32.0737 4192 MsRPC - ok

    16:24:32.0752 4192 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) F:Windowssystem32driversmssmbios.sys

    16:24:32.0752 4192 mssmbios - ok

    16:24:32.0784 4192 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) F:Windowssystem32driversMSTEE.sys

    16:24:32.0784 4192 MSTEE - ok

    16:24:32.0799 4192 MTConfig (33599130f44e1f34631cea241de8ac84) F:Windowssystem32DRIVERSMTConfig.sys

    16:24:32.0799 4192 MTConfig - ok

    16:24:32.0815 4192 Mup (159fad02f64e6381758c990f753bcc80) F:Windowssystem32Driversmup.sys

    16:24:32.0815 4192 Mup - ok

    16:24:32.0924 4192 NanoServiceMain (07b2740cf3294b98380b9e1bf8ab05b8) F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe

    16:24:32.0940 4192 NanoServiceMain - ok

    16:24:32.0971 4192 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) F:Windowssystem32qagentRT.dll

    16:24:32.0986 4192 napagent - ok

    16:24:33.0018 4192 NativeWifiP (26384429fcd85d83746f63e798ab1480) F:Windowssystem32DRIVERSnwifi.sys

    16:24:33.0018 4192 NativeWifiP - ok

    16:24:33.0111 4192 NAUpdate (e4534bccdd1ea7a7a256bb9d6688a5fc) F:Program FilesNeroUpdateNASvc.exe

    16:24:33.0111 4192 NAUpdate - ok

    16:24:33.0174 4192 NDIS (e7c54812a2aaf43316eb6930c1ffa108) F:Windowssystem32driversndis.sys

    16:24:33.0189 4192 NDIS - ok

    16:24:33.0205 4192 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) F:Windowssystem32DRIVERSndiscap.sys

    16:24:33.0205 4192 NdisCap - ok

    16:24:33.0220 4192 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) F:Windowssystem32DRIVERSndistapi.sys

    16:24:33.0220 4192 NdisTapi - ok

    16:24:33.0252 4192 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) F:Windowssystem32DRIVERSndisuio.sys

    16:24:33.0252 4192 Ndisuio - ok

    16:24:33.0298 4192 NdisWan (38fbe267e7e6983311179230facb1017) F:Windowssystem32DRIVERSndiswan.sys

    16:24:33.0298 4192 NdisWan - ok

    16:24:33.0423 4192 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) F:Windowssystem32driversNDProxy.sys

    16:24:33.0423 4192 NDProxy - ok

    16:24:33.0470 4192 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) F:Windowssystem32DRIVERSnetbios.sys

    16:24:33.0470 4192 NetBIOS - ok

    16:24:33.0501 4192 NetBT (280122ddcf04b378edd1ad54d71c1e54) F:Windowssystem32DRIVERSnetbt.sys

    16:24:33.0501 4192 NetBT - ok

    16:24:33.0532 4192 Netlogon (81951f51e318aecc2d68559e47485cc4) F:Windowssystem32lsass.exe

    16:24:33.0548 4192 Netlogon - ok

    16:24:33.0579 4192 Netman (7cccfca7510684768da22092d1fa4db2) F:WindowsSystem32netman.dll

    16:24:33.0595 4192 Netman - ok

    16:24:33.0610 4192 netprofm (8c338238c16777a802d6a9211eb2ba50) F:WindowsSystem32netprofm.dll

    16:24:33.0626 4192 netprofm - ok

    16:24:33.0688 4192 netr28u (efd7c94281882cbba8ec1b967e9f73d8) F:Windowssystem32DRIVERSnetr28u.sys

    16:24:33.0688 4192 netr28u - ok

    16:24:33.0766 4192 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) F:WindowsMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe

    16:24:33.0766 4192 NetTcpPortSharing - ok

    16:24:33.0782 4192 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) F:Windowssystem32DRIVERSnfrd960.sys

    16:24:33.0782 4192 nfrd960 - ok

    16:24:33.0829 4192 NisDrv (7b01c6172cfd0b10116175e09200d4b4) F:Windowssystem32DRIVERSNisDrvWFP.sys

    16:24:33.0829 4192 NisDrv - ok

    16:24:33.0907 4192 NisSrv (a5cb074f34bbd89948e34a630d459c0c) F:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe

    16:24:33.0907 4192 NisSrv - ok

    16:24:33.0954 4192 NlaSvc (912084381d30d8b89ec4e293053f4710) F:WindowsSystem32nlasvc.dll

    16:24:33.0969 4192 NlaSvc - ok

    16:24:34.0016 4192 NNSALPC (cfee15a88280d369672da0e378bbc702) F:Windowssystem32DRIVERSNNSAlpc.sys

    16:24:34.0016 4192 NNSALPC - ok

    16:24:34.0063 4192 NNSHTTP (2708799adc223c4412341f0c68d032e3) F:Windowssystem32DRIVERSNNSHttp.sys

    16:24:34.0063 4192 NNSHTTP - ok

    16:24:34.0110 4192 NNSIDS (533f19056b98d9cce466b64186905bc1) F:Windowssystem32DRIVERSNNSIds.sys

    16:24:34.0110 4192 NNSIDS - ok

    16:24:34.0141 4192 NNSNAHSL (bf5295ec6f9e4737f891f58fea879b31) F:Windowssystem32DRIVERSNNSNAHSL.sys

    16:24:34.0141 4192 NNSNAHSL - ok

    16:24:34.0203 4192 NNSPICC (1f054c5ca627fcd3983538d74574016b) F:Windowssystem32DRIVERSNNSPicc.sys

    16:24:34.0219 4192 NNSPICC - ok

    16:24:34.0266 4192 NNSPIHSW (a15b00ecd15dacfb9dd33f0ce26ee60d) F:Windowssystem32DRIVERSNNSPihsw.sys

    16:24:34.0266 4192 NNSPIHSW - ok

    16:24:34.0281 4192 NNSPOP3 (5f8c023775b8f4a0a8ffc93dd0a27285) F:Windowssystem32DRIVERSNNSPop3.sys

    16:24:34.0281 4192 NNSPOP3 - ok

    16:24:34.0328 4192 NNSPROT (ca541ce4a1fc034eec8cfd6c155b9d30) F:Windowssystem32DRIVERSNNSProt.sys

    16:24:34.0344 4192 NNSPROT - ok

    16:24:34.0359 4192 NNSPRV (938e8ccc7ac5922f2e3dbdf3e7a3035c) F:Windowssystem32DRIVERSNNSPrv.sys

    16:24:34.0359 4192 NNSPRV - ok

    16:24:34.0390 4192 NNSSMTP (2458e950f0a0dd9ad08385209b5e1702) F:Windowssystem32DRIVERSNNSSmtp.sys

    16:24:34.0390 4192 NNSSMTP - ok

    16:24:34.0406 4192 NNSSTRM (75d990651236a570c4c80ed56bfb4009) F:Windowssystem32DRIVERSNNSStrm.sys

    16:24:34.0406 4192 NNSSTRM - ok

    16:24:34.0437 4192 NNSTLSC (9d526b79e7d438056ed7d382ab94019a) F:Windowssystem32DRIVERSNNSTlsc.sys

    16:24:34.0437 4192 NNSTLSC - ok

    16:24:34.0500 4192 Nonbrand_WUS-N (f195fbc375342bd25c936982245a8fb0) F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe

    16:24:34.0500 4192 Nonbrand_WUS-N - ok

    16:24:34.0531 4192 Nonbrand_WUS-N_WPS (c062a2b158ed9c643d24f8e33a607c9f) F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe

    16:24:34.0531 4192 Nonbrand_WUS-N_WPS - ok

    16:24:34.0546 4192 Npfs (1db262a9f8c087e8153d89bef3d2235f) F:Windowssystem32driversNpfs.sys

    16:24:34.0546 4192 Npfs - ok

    16:24:34.0562 4192 nsi (ba387e955e890c8a88306d9b8d06bf17) F:Windowssystem32nsisvc.dll

    16:24:34.0562 4192 nsi - ok

    16:24:34.0578 4192 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) F:Windowssystem32driversnsiproxy.sys

    16:24:34.0578 4192 nsiproxy - ok

    16:24:34.0671 4192 Ntfs (81189c3d7763838e55c397759d49007a) F:Windowssystem32driversNtfs.sys

    16:24:34.0671 4192 Ntfs - ok

    16:24:34.0718 4192 Null (f9756a98d69098dca8945d62858a812c) F:Windowssystem32driversNull.sys

    16:24:34.0718 4192 Null - ok

    16:24:35.0155 4192 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) F:Windowssystem32DRIVERSnvlddmkm.sys

    16:24:35.0264 4192 nvlddmkm - ok

    16:24:35.0373 4192 nvraid (b3e25ee28883877076e0e1ff877d02e0) F:Windowssystem32driversnvraid.sys

    16:24:35.0373 4192 nvraid - ok

    16:24:35.0389 4192 nvstor (4380e59a170d88c4f1022eff6719a8a4) F:Windowssystem32driversnvstor.sys

    16:24:35.0404 4192 nvstor - ok

    16:24:35.0436 4192 nvsvc (ded8f2c0070478f13c37f7bd849b83fa) F:Windowssystem32nvvsvc.exe

    16:24:35.0436 4192 nvsvc - ok

    16:24:35.0467 4192 nv_agp (5a0983915f02bae73267cc2a041f717d) F:Windowssystem32driversnv_agp.sys

    16:24:35.0467 4192 nv_agp - ok

    16:24:35.0514 4192 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) F:Windowssystem32driversohci1394.sys

    16:24:35.0514 4192 ohci1394 - ok

    16:24:35.0576 4192 ose (9d10f99a6712e28f8acd5641e3a7ea6b) F:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE

    16:24:35.0576 4192 ose - ok

    16:24:35.0826 4192 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) F:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE

    16:24:35.0872 4192 osppsvc - ok

    16:24:35.0966 4192 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) F:Windowssystem32pnrpsvc.dll

    16:24:35.0966 4192 p2pimsvc - ok

    16:24:35.0997 4192 p2psvc (59c3ddd501e39e006dac31bf55150d91) F:Windowssystem32p2psvc.dll

    16:24:36.0044 4192 p2psvc - ok

    16:24:36.0106 4192 PAC7302 (aff9a1986555e4592de8092f9a5fa2d2) F:Windowssystem32DRIVERSPAC7302.SYS

    16:24:36.0122 4192 PAC7302 - ok

    16:24:36.0169 4192 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) F:Windowssystem32DRIVERSparport.sys

    16:24:36.0169 4192 Parport - ok

    16:24:36.0200 4192 partmgr (3f34a1b4c5f6475f320c275e63afce9b) F:Windowssystem32driverspartmgr.sys

    16:24:36.0200 4192 partmgr - ok

    16:24:36.0247 4192 Parvdm (eb0a59f29c19b86479d36b35983daadc) F:Windowssystem32DRIVERSparvdm.sys

    16:24:36.0247 4192 Parvdm - ok

    16:24:36.0278 4192 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) F:Windowssystem32DRIVERSPBADRV.sys

    16:24:36.0278 4192 PBADRV - ok

    16:24:36.0330 4192 PcaSvc (358ab7956d3160000726574083dfc8a6) F:WindowsSystem32pcasvc.dll

    16:24:36.0343 4192 PcaSvc - ok

    16:24:36.0379 4192 pci (673e55c3498eb970088e812ea820aa8f) F:Windowssystem32driverspci.sys

    16:24:36.0381 4192 pci - ok

    16:24:36.0399 4192 pciide (afe86f419014db4e5593f69ffe26ce0a) F:Windowssystem32driverspciide.sys

    16:24:36.0400 4192 pciide - ok

    16:24:36.0422 4192 pcmcia (f396431b31693e71e8a80687ef523506) F:Windowssystem32DRIVERSpcmcia.sys

    16:24:36.0424 4192 pcmcia - ok

    16:24:36.0459 4192 pcouffin (5b6c11de7e839c05248ced8825470fef) F:Windowssystem32Driverspcouffin.sys

    16:24:36.0460 4192 pcouffin - ok

    16:24:36.0506 4192 pcw (250f6b43d2b613172035c6747aeeb19f) F:Windowssystem32driverspcw.sys

    16:24:36.0507 4192 pcw - ok

    16:24:36.0572 4192 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) F:Windowssystem32driverspeauth.sys

    16:24:36.0588 4192 PEAUTH - ok

    16:24:36.0640 4192 pgfilter (2cf226173b467ab48f89d77e89936951) F:Program FilesPeerGuardian2pgfilter.sys

    16:24:36.0641 4192 pgfilter - ok

    16:24:36.0743 4192 pla (414bba67a3ded1d28437eb66aeb8a720) F:Windowssystem32pla.dll

    16:24:36.0771 4192 pla - ok

    16:24:36.0856 4192 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) F:Windowssystem32umpnpmgr.dll

    16:24:36.0861 4192 PlugPlay - ok

    16:24:36.0876 4192 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) F:Windowssystem32pnrpauto.dll

    16:24:36.0879 4192 PNRPAutoReg - ok

    16:24:36.0905 4192 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) F:Windowssystem32pnrpsvc.dll

    16:24:36.0908 4192 PNRPsvc - ok

    16:24:36.0973 4192 PolicyAgent (53946b69ba0836bd95b03759530c81ec) F:WindowsSystem32ipsecsvc.dll

    16:24:36.0988 4192 PolicyAgent - ok

    16:24:37.0030 4192 Power (f87d30e72e03d579a5199ccb3831d6ea) F:Windowssystem32umpo.dll

    16:24:37.0034 4192 Power - ok

    16:24:37.0065 4192 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) F:Windowssystem32DRIVERSraspptp.sys

    16:24:37.0067 4192 PptpMiniport - ok

    16:24:37.0085 4192 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) F:Windowssystem32DRIVERSprocessr.sys

    16:24:37.0086 4192 Processor - ok

    16:24:37.0119 4192 ProfSvc (cadefac453040e370a1bdff3973be00d) F:Windowssystem32profsvc.dll

    16:24:37.0123 4192 ProfSvc - ok

    16:24:37.0158 4192 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) F:Windowssystem32lsass.exe

    16:24:37.0160 4192 ProtectedStorage - ok

    16:24:37.0181 4192 Psched (6270ccae2a86de6d146529fe55b3246a) F:Windowssystem32DRIVERSpacer.sys

    16:24:37.0182 4192 Psched - ok

    16:24:37.0228 4192 PSI (d24dfd16a1e2a76034df5aa18125c35d) F:Windowssystem32DRIVERSpsi_mf.sys

    16:24:37.0229 4192 PSI - ok

    16:24:37.0276 4192 PSINAflt (389d8cc1f8d7c5ec736bded9d1a98c4c) F:Windowssystem32DRIVERSPSINAflt.sys

    16:24:37.0278 4192 PSINAflt - ok

    16:24:37.0322 4192 PSINFile (04e2992c67ab310409531be99e66dd1f) F:Windowssystem32DRIVERSPSINFile.sys

    16:24:37.0322 4192 PSINFile - ok

    16:24:37.0322 4192 PSINKNC (5292037b8839d9de8ace23eba1268a34) F:Windowssystem32DRIVERSpsinknc.sys

    16:24:37.0338 4192 PSINKNC - ok

    16:24:37.0354 4192 PSINProc (b10d97ff830f677a1295f3b9e5e6f8fb) F:Windowssystem32DRIVERSPSINProc.sys

    16:24:37.0354 4192 PSINProc - ok

    16:24:37.0369 4192 PSINProt (49dd888c415611da5654ce895b9f37d9) F:Windowssystem32DRIVERSPSINProt.sys

    16:24:37.0385 4192 PSINProt - ok

    16:24:37.0432 4192 PSKMAD (476769481841007583875023f7ecc4ca) F:Windowssystem32DRIVERSPSKMAD.sys

    16:24:37.0432 4192 PSKMAD - ok

    16:24:37.0525 4192 PSUAService (98a9d3236c6301503571de79b86e8538) F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe

    16:24:37.0525 4192 PSUAService - ok

    16:24:37.0603 4192 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) F:Windowssystem32DRIVERSql2300.sys

    16:24:37.0634 4192 ql2300 - ok

    16:24:37.0728 4192 ql40xx (b4dd51dd25182244b86737dc51af2270) F:Windowssystem32DRIVERSql40xx.sys

    16:24:37.0728 4192 ql40xx - ok

    16:24:37.0744 4192 QWAVE (31ac809e7707eb580b2bdb760390765a) F:Windowssystem32qwave.dll

    16:24:37.0759 4192 QWAVE - ok

    16:24:37.0775 4192 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) F:Windowssystem32driversqwavedrv.sys

    16:24:37.0775 4192 QWAVEdrv - ok

    16:24:37.0790 4192 RasAcd (30a81b53c766d0133bb86d234e5556ab) F:Windowssystem32DRIVERSrasacd.sys

    16:24:37.0790 4192 RasAcd - ok

    16:24:37.0822 4192 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) F:Windowssystem32DRIVERSAgileVpn.sys

    16:24:37.0837 4192 RasAgileVpn - ok

    16:24:37.0853 4192 RasAuto (a60f1839849c0c00739787fd5ec03f13) F:WindowsSystem32rasauto.dll

    16:24:37.0853 4192 RasAuto - ok

    16:24:37.0868 4192 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) F:Windowssystem32DRIVERSrasl2tp.sys

    16:24:37.0884 4192 Rasl2tp - ok

    16:24:37.0915 4192 RasMan (cb9e04dc05eacf5b9a36ca276d475006) F:WindowsSystem32rasmans.dll

    16:24:37.0931 4192 RasMan - ok

    16:24:37.0946 4192 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) F:Windowssystem32DRIVERSraspppoe.sys

    16:24:37.0946 4192 RasPppoe - ok

    16:24:37.0962 4192 RasSstp (44101f495a83ea6401d886e7fd70096b) F:Windowssystem32DRIVERSrassstp.sys

    16:24:37.0962 4192 RasSstp - ok

    16:24:38.0009 4192 rdbss (d528bc58a489409ba40334ebf96a311b) F:Windowssystem32DRIVERSrdbss.sys

    16:24:38.0024 4192 rdbss - ok

    16:24:38.0040 4192 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) F:Windowssystem32DRIVERSrdpbus.sys

    16:24:38.0040 4192 rdpbus - ok

    16:24:38.0071 4192 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) F:Windowssystem32DRIVERSRDPCDD.sys

    16:24:38.0071 4192 RDPCDD - ok

    16:24:38.0102 4192 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) F:Windowssystem32driversrdpencdd.sys

    16:24:38.0102 4192 RDPENCDD - ok

    16:24:38.0118 4192 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) F:Windowssystem32driversrdprefmp.sys

    16:24:38.0118 4192 RDPREFMP - ok

    16:24:38.0149 4192 RDPWD (f031683e6d1fea157abb2ff260b51e61) F:Windowssystem32driversRDPWD.sys

    16:24:38.0149 4192 RDPWD - ok

    16:24:38.0212 4192 rdyboost (518395321dc96fe2c9f0e96ac743b656) F:Windowssystem32driversrdyboost.sys

    16:24:38.0212 4192 rdyboost - ok

    16:24:38.0243 4192 RemoteAccess (7b5e1419717fac363a31cc302895217a) F:WindowsSystem32mprdim.dll

    16:24:38.0243 4192 RemoteAccess - ok

    16:24:38.0258 4192 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) F:Windowssystem32regsvc.dll

    16:24:38.0258 4192 RemoteRegistry - ok

    16:24:38.0305 4192 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) F:Windowssystem32DRIVERSrimmptsk.sys

    16:24:38.0305 4192 rimmptsk - ok

    16:24:38.0336 4192 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) F:WindowsSystem32RpcEpMap.dll

    16:24:38.0336 4192 RpcEptMapper - ok

    16:24:38.0368 4192 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) F:Windowssystem32locator.exe

    16:24:38.0368 4192 RpcLocator - ok

    16:24:38.0414 4192 RpcSs (7660f01d3b38aca1747e397d21d790af) F:Windowssystem32rpcss.dll

    16:24:38.0414 4192 RpcSs - ok

    16:24:38.0446 4192 rspndr (032b0d36ad92b582d869879f5af5b928) F:Windowssystem32DRIVERSrspndr.sys

    16:24:38.0446 4192 rspndr - ok

    16:24:38.0492 4192 SamSs (81951f51e318aecc2d68559e47485cc4) F:Windowssystem32lsass.exe

    16:24:38.0492 4192 SamSs - ok

    16:24:38.0586 4192 SASDIFSV (39763504067962108505bff25f024345) F:Program FilesSUPERAntiSpywareSASDIFSV.SYS

    16:24:38.0586 4192 SASDIFSV - ok

    16:24:38.0602 4192 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) F:Program FilesSUPERAntiSpywareSASKUTIL.SYS

    16:24:38.0602 4192 SASKUTIL - ok

    16:24:38.0633 4192 sbp2port (05d860da1040f111503ac416ccef2bca) F:Windowssystem32driverssbp2port.sys

    16:24:38.0633 4192 sbp2port - ok

    16:24:38.0664 4192 SCardSvr (8fc518ffe9519c2631d37515a68009c4) F:WindowsSystem32SCardSvr.dll

    16:24:38.0680 4192 SCardSvr - ok

    16:24:38.0695 4192 scfilter (0693b5ec673e34dc147e195779a4dcf6) F:Windowssystem32DRIVERSscfilter.sys

    16:24:38.0695 4192 scfilter - ok

    16:24:38.0758 4192 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) F:Windowssystem32schedsvc.dll

    16:24:38.0773 4192 Schedule - ok

    16:24:38.0804 4192 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) F:WindowsSystem32certprop.dll

    16:24:38.0804 4192 SCPolicySvc - ok

    16:24:38.0851 4192 sdbus (0328be1c7f1cba23848179f8762e391c) F:Windowssystem32driverssdbus.sys

    16:24:38.0851 4192 sdbus - ok

    16:24:38.0898 4192 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) F:WindowsSystem32SDRSVC.dll

    16:24:38.0898 4192 SDRSVC - ok

    16:24:38.0914 4192 secdrv (90a3935d05b494a5a39d37e71f09a677) F:Windowssystem32driverssecdrv.sys

    16:24:38.0914 4192 secdrv - ok

    16:24:38.0929 4192 seclogon (a59b3a4442c52060cc7a85293aa3546f) F:Windowssystem32seclogon.dll

    16:24:38.0929 4192 seclogon - ok

    16:24:39.0023 4192 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) F:Program FilesSecuniaPSIPSIA.exe

    16:24:39.0038 4192 Secunia PSI Agent - ok

    16:24:39.0070 4192 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) F:Program FilesSecuniaPSIsua.exe

    16:24:39.0070 4192 Secunia Update Agent - ok

    16:24:39.0148 4192 SENS (dcb7fcdcc97f87360f75d77425b81737) F:Windowssystem32sens.dll

    16:24:39.0163 4192 SENS - ok

    16:24:39.0179 4192 SensrSvc (50087fe1ee447009c9cc2997b90de53f) F:Windowssystem32sensrsvc.dll

    16:24:39.0179 4192 SensrSvc - ok

    16:24:39.0210 4192 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) F:Windowssystem32DRIVERSserenum.sys

    16:24:39.0210 4192 Serenum - ok

    16:24:39.0241 4192 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) F:Windowssystem32DRIVERSserial.sys

    16:24:39.0241 4192 Serial - ok

    16:24:39.0272 4192 sermouse (79bffb520327ff916a582dfea17aa813) F:Windowssystem32DRIVERSsermouse.sys

    16:24:39.0272 4192 sermouse - ok

    16:24:39.0319 4192 SessionEnv (4ae380f39a0032eab7dd953030b26d28) F:Windowssystem32sessenv.dll

    16:24:39.0319 4192 SessionEnv - ok

    16:24:39.0382 4192 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) F:Windowssystem32DRIVERSsffdisk.sys

    16:24:39.0382 4192 sffdisk - ok

    16:24:39.0397 4192 sffp_mmc (932a68ee27833cfd57c1639d375f2731) F:Windowssystem32driverssffp_mmc.sys

    16:24:39.0397 4192 sffp_mmc - ok

    16:24:39.0428 4192 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) F:Windowssystem32DRIVERSsffp_sd.sys

    16:24:39.0444 4192 sffp_sd - ok

    16:24:39.0460 4192 sfloppy (db96666cc8312ebc45032f30b007a547) F:Windowssystem32DRIVERSsfloppy.sys

    16:24:39.0460 4192 sfloppy - ok

    16:24:39.0522 4192 SharedAccess (d1a079a0de2ea524513b6930c24527a2) F:WindowsSystem32ipnathlp.dll

    16:24:39.0538 4192 SharedAccess - ok

    16:24:39.0600 4192 ShellHWDetection (414da952a35bf5d50192e28263b40577) F:WindowsSystem32shsvcs.dll

    16:24:39.0616 4192 ShellHWDetection - ok

    16:24:39.0662 4192 sisagp (2565cac0dc9fe0371bdce60832582b2e) F:Windowssystem32driverssisagp.sys

    16:24:39.0662 4192 sisagp - ok

    16:24:39.0678 4192 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) F:Windowssystem32DRIVERSSiSRaid2.sys

    16:24:39.0678 4192 SiSRaid2 - ok

    16:24:39.0709 4192 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) F:Windowssystem32DRIVERSsisraid4.sys

    16:24:39.0709 4192 SiSRaid4 - ok

    16:24:39.0756 4192 SmartDefragDriver (4aa2772a355226e9ac96d01ba431d253) F:Windowssystem32DriversSmartDefragDriver.sys

    16:24:39.0756 4192 SmartDefragDriver - ok

    16:24:39.0772 4192 Smb (3e21c083b8a01cb70ba1f09303010fce) F:Windowssystem32DRIVERSsmb.sys

    16:24:39.0772 4192 Smb - ok

    16:24:39.0803 4192 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) F:WindowsSystem32snmptrap.exe

    16:24:39.0803 4192 SNMPTRAP - ok

    16:24:39.0818 4192 spldr (95cf1ae7527fb70f7816563cbc09d942) F:Windowssystem32driversspldr.sys

    16:24:39.0818 4192 spldr - ok

    16:24:39.0865 4192 Spooler (866a43013535dc8587c258e43579c764) F:WindowsSystem32spoolsv.exe

    16:24:39.0865 4192 Spooler - ok

    16:24:40.0037 4192 sppsvc (cf87a1de791347e75b98885214ced2b8) F:Windowssystem32sppsvc.exe

    16:24:40.0052 4192 sppsvc - ok

    16:24:40.0146 4192 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) F:Windowssystem32sppuinotify.dll

    16:24:40.0146 4192 sppuinotify - ok

    16:24:40.0240 4192 srv (e4c2764065d66ea1d2d3ebc28fe99c46) F:Windowssystem32DRIVERSsrv.sys

    16:24:40.0240 4192 srv - ok

    16:24:40.0318 4192 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) F:Windowssystem32DRIVERSsrv2.sys

    16:24:40.0318 4192 srv2 - ok

    16:24:40.0364 4192 srvnet (be6bd660caa6f291ae06a718a4fa8abc) F:Windowssystem32DRIVERSsrvnet.sys

    16:24:40.0364 4192 srvnet - ok

    16:24:40.0396 4192 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) F:WindowsSystem32ssdpsrv.dll

    16:24:40.0396 4192 SSDPSRV - ok

    16:24:40.0411 4192 SstpSvc (d318f23be45d5e3a107469eb64815b50) F:Windowssystem32sstpsvc.dll

    16:24:40.0427 4192 SstpSvc - ok

    16:24:40.0442 4192 stexstor (db32d325c192b801df274bfd12a7e72b) F:Windowssystem32DRIVERSstexstor.sys

    16:24:40.0442 4192 stexstor - ok

    16:24:40.0489 4192 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) F:WindowsSystem32wiaservc.dll

    16:24:40.0505 4192 StiSvc - ok

    16:24:40.0536 4192 swenum (e58c78a848add9610a4db6d214af5224) F:Windowssystem32driversswenum.sys

    16:24:40.0536 4192 swenum - ok

    16:24:40.0567 4192 swprv (a28bd92df340e57b024ba433165d34d7) F:WindowsSystem32swprv.dll

    16:24:40.0583 4192 swprv - ok

    16:24:40.0661 4192 SysMain (36650d618ca34c9d357dfd3d89b2c56f) F:Windowssystem32sysmain.dll

    16:24:40.0676 4192 SysMain - ok

    16:24:40.0723 4192 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) F:WindowsSystem32TabSvc.dll

    16:24:40.0723 4192 TabletInputService - ok

    16:24:40.0770 4192 TapiSrv (613bf4820361543956909043a265c6ac) F:WindowsSystem32tapisrv.dll

    16:24:40.0770 4192 TapiSrv - ok

    16:24:40.0786 4192 TBS (b799d9fdb26111737f58288d8dc172d9) F:WindowsSystem32tbssvc.dll

    16:24:40.0786 4192 TBS - ok

    16:24:40.0895 4192 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) F:Windowssystem32driverstcpip.sys

    16:24:40.0910 4192 Tcpip - ok

    16:24:41.0035 4192 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) F:Windowssystem32DRIVERStcpip.sys

    16:24:41.0035 4192 TCPIP6 - ok

    16:24:41.0098 4192 tcpipreg (cca24162e055c3714ce5a88b100c64ed) F:Windowssystem32driverstcpipreg.sys

    16:24:41.0098 4192 tcpipreg - ok

    16:24:41.0144 4192 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) F:Windowssystem32driverstdpipe.sys

    16:24:41.0144 4192 TDPIPE - ok

    16:24:41.0176 4192 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) F:Windowssystem32driverstdtcp.sys

    16:24:41.0176 4192 TDTCP - ok

    16:24:41.0222 4192 tdx (b459575348c20e8121d6039da063c704) F:Windowssystem32DRIVERStdx.sys

    16:24:41.0222 4192 tdx - ok

    16:24:41.0254 4192 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) F:Windowssystem32driverstermdd.sys

    16:24:41.0269 4192 TermDD - ok

    16:24:41.0316 4192 TermService (382c804c92811be57829d8e550a900e2) F:WindowsSystem32termsrv.dll

    16:24:41.0332 4192 TermService - ok

    16:24:41.0363 4192 TfFsMon (a56ec942ecabfb7849bfa76060f929fb) F:Windowssystem32driversTfFsMon.sys

    16:24:41.0363 4192 TfFsMon - ok

    16:24:41.0410 4192 TfNetMon (917ef522563f6047685486efa486fb3c) F:Windowssystem32driversTfNetMon.sys

    16:24:41.0410 4192 TfNetMon - ok

    16:24:41.0456 4192 TfSysMon (57edbb5fe7ff09bb21121d13bb950ba5) F:Windowssystem32driversTfSysMon.sys

    16:24:41.0456 4192 TfSysMon - ok

    16:24:41.0472 4192 Themes (42fb6afd6b79d9fe07381609172e7ca4) F:Windowssystem32themeservice.dll

    16:24:41.0472 4192 Themes - ok

    16:24:41.0503 4192 THREADORDER (146b6f43a673379a3c670e86d89be5ea) F:Windowssystem32mmcss.dll

    16:24:41.0503 4192 THREADORDER - ok

    16:24:41.0534 4192 ThreatFire - ok

    16:24:41.0550 4192 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) F:WindowsSystem32trkwks.dll

    16:24:41.0566 4192 TrkWks - ok

    16:24:41.0597 4192 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) F:WindowsservicingTrustedInstaller.exe

    16:24:41.0612 4192 TrustedInstaller - ok

    16:24:41.0644 4192 tssecsrv (254bb140eee3c59d6114c1a86b636877) F:Windowssystem32DRIVERStssecsrv.sys

    16:24:41.0644 4192 tssecsrv - ok

    16:24:41.0659 4192 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) F:Windowssystem32driverstsusbflt.sys

    16:24:41.0659 4192 TsUsbFlt - ok

    16:24:41.0706 4192 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) F:Windowssystem32DRIVERStunnel.sys

    16:24:41.0706 4192 tunnel - ok

    16:24:41.0737 4192 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) F:Windowssystem32DRIVERSuagp35.sys

    16:24:41.0737 4192 uagp35 - ok

    16:24:41.0784 4192 udfs (ee43346c7e4b5e63e54f927babbb32ff) F:Windowssystem32DRIVERSudfs.sys

    16:24:41.0784 4192 udfs - ok

    16:24:41.0815 4192 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) F:Windowssystem32UI0Detect.exe

    16:24:41.0815 4192 UI0Detect - ok

    16:24:41.0862 4192 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) F:Windowssystem32driversuliagpkx.sys

    16:24:41.0862 4192 uliagpkx - ok

    16:24:41.0909 4192 umbus (d295bed4b898f0fd999fcfa9b32b071b) F:Windowssystem32driversumbus.sys

    16:24:41.0909 4192 umbus - ok

    16:24:41.0924 4192 UmPass (7550ad0c6998ba1cb4843e920ee0feac) F:Windowssystem32DRIVERSumpass.sys

    16:24:41.0924 4192 UmPass - ok

    16:24:41.0956 4192 upnphost (833fbb672460efce8011d262175fad33) F:WindowsSystem32upnphost.dll

    16:24:41.0956 4192 upnphost - ok

    16:24:42.0002 4192 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) F:Windowssystem32driversusbaudio.sys

    16:24:42.0002 4192 usbaudio - ok

    16:24:42.0049 4192 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) F:Windowssystem32DRIVERSusbccgp.sys

    16:24:42.0049 4192 usbccgp - ok

    16:24:42.0080 4192 usbcir (04ec7cec62ec3b6d9354eee93327fc82) F:Windowssystem32driversusbcir.sys

    16:24:42.0080 4192 usbcir - ok

    16:24:42.0096 4192 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) F:Windowssystem32DRIVERSusbehci.sys

    16:24:42.0096 4192 usbehci - ok

    16:24:42.0143 4192 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) F:Windowssystem32DRIVERSusbhub.sys

    16:24:42.0143 4192 usbhub - ok

    16:24:42.0158 4192 usbohci (a6fb7957ea7afb1165991e54ce934b74) F:Windowssystem32DRIVERSusbohci.sys

    16:24:42.0158 4192 usbohci - ok

    16:24:42.0205 4192 usbprint (797d862fe0875e75c7cc4c1ad7b30252) F:Windowssystem32DRIVERSusbprint.sys

    16:24:42.0205 4192 usbprint - ok

    16:24:42.0236 4192 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) F:Windowssystem32DRIVERSusbscan.sys

    16:24:42.0252 4192 usbscan - ok

    16:24:42.0283 4192 USBSTOR (f991ab9cc6b908db552166768176896a) F:Windowssystem32DRIVERSUSBSTOR.SYS

    16:24:42.0283 4192 USBSTOR - ok

    16:24:42.0314 4192 usbuhci (68df884cf41cdada664beb01daf67e3d) F:Windowssystem32DRIVERSusbuhci.sys

    16:24:42.0314 4192 usbuhci - ok

    16:24:42.0330 4192 UxSms (081e6e1c91aec36758902a9f727cd23c) F:WindowsSystem32uxsms.dll

    16:24:42.0330 4192 UxSms - ok

    16:24:42.0361 4192 VaultSvc (81951f51e318aecc2d68559e47485cc4) F:Windowssystem32lsass.exe

    16:24:42.0361 4192 VaultSvc - ok

    16:24:42.0377 4192 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) F:Windowssystem32driversvdrvroot.sys

    16:24:42.0377 4192 vdrvroot - ok

    16:24:42.0455 4192 vds (c3cd30495687c2a2f66a65ca6fd89be9) F:WindowsSystem32vds.exe

    16:24:42.0470 4192 vds - ok

    16:24:42.0486 4192 vga (17c408214ea61696cec9c66e388b14f3) F:Windowssystem32DRIVERSvgapnp.sys

    16:24:42.0486 4192 vga - ok

    16:24:42.0502 4192 VgaSave (8e38096ad5c8570a6f1570a61e251561) F:WindowsSystem32driversvga.sys

    16:24:42.0502 4192 VgaSave - ok

    16:24:42.0533 4192 vhdmp (5461686cca2fda57b024547733ab42e3) F:Windowssystem32driversvhdmp.sys

    16:24:42.0533 4192 vhdmp - ok

    16:24:42.0564 4192 viaagp (c829317a37b4bea8f39735d4b076e923) F:Windowssystem32driversviaagp.sys

    16:24:42.0564 4192 viaagp - ok

    16:24:42.0595 4192 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) F:Windowssystem32DRIVERSviac7.sys

    16:24:42.0595 4192 ViaC7 - ok

    16:24:42.0611 4192 viaide (e43574f6a56a0ee11809b48c09e4fd3c) F:Windowssystem32driversviaide.sys

    16:24:42.0611 4192 viaide - ok

    16:24:42.0611 4192 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) F:Windowssystem32driversvolmgr.sys

    16:24:42.0626 4192 volmgr - ok

    16:24:42.0642 4192 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) F:Windowssystem32driversvolmgrx.sys

    16:24:42.0658 4192 volmgrx - ok

    16:24:42.0689 4192 volsnap (f497f67932c6fa693d7de2780631cfe7) F:Windowssystem32driversvolsnap.sys

    16:24:42.0689 4192 volsnap - ok

    16:24:42.0720 4192 vsmraid (9dfa0cc2f8855a04816729651175b631) F:Windowssystem32DRIVERSvsmraid.sys

    16:24:42.0720 4192 vsmraid - ok

    16:24:42.0798 4192 VSS (209a3b1901b83aeb8527ed211cce9e4c) F:Windowssystem32vssvc.exe

    16:24:42.0814 4192 VSS - ok

    16:24:42.0845 4192 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) F:Windowssystem32DRIVERSvwifibus.sys

    16:24:42.0845 4192 vwifibus - ok

    16:24:42.0860 4192 vwififlt (7090d3436eeb4e7da3373090a23448f7) F:Windowssystem32DRIVERSvwififlt.sys

    16:24:42.0876 4192 vwififlt - ok

    16:24:42.0907 4192 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) F:Windowssystem32DRIVERSvwifimp.sys

    16:24:42.0907 4192 vwifimp - ok

    16:24:42.0954 4192 W32Time (55187fd710e27d5095d10a472c8baf1c) F:Windowssystem32w32time.dll

    16:24:42.0985 4192 W32Time - ok

    16:24:43.0001 4192 WacomPen (de3721e89c653aa281428c8a69745d90) F:Windowssystem32DRIVERSwacompen.sys

    16:24:43.0001 4192 WacomPen - ok

    16:24:43.0032 4192 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) F:Windowssystem32DRIVERSwanarp.sys

    16:24:43.0032 4192 WANARP - ok

    16:24:43.0048 4192 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) F:Windowssystem32DRIVERSwanarp.sys

    16:24:43.0048 4192 Wanarpv6 - ok

    16:24:43.0141 4192 WatAdminSvc (353a04c


  11. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

    Run date: 2012-07-26 15:39:12

    -----------------------------

    15:39:12.760 OS Version: Windows 6.1.7601 Service Pack 1

    15:39:12.760 Number of processors: 2 586 0x170A

    15:39:12.760 ComputerName: TTARMSTRONG-PC UserName: TTArmstrong

    15:39:13.852 Initialize success

    15:47:07.175 AVAST engine defs: 12072601

    15:47:17.611 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIAAStorageDevice-1

    15:47:17.611 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 8

    15:47:17.627 Disk 0 MBR read successfully

    15:47:17.627 Disk 0 MBR scan

    15:47:17.642 Disk 0 Windows 7 default MBR code

    15:47:17.642 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 266 MB offset 63

    15:47:17.658 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 60345 MB offset 546210

    15:47:17.673 Disk 0 Partition - 00 0F Extended LBA 92012 MB offset 124134255

    15:47:17.689 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 51348 MB offset 124134318

    15:47:17.689 Disk 0 Partition - 00 05 Extended 40664 MB offset 229295745

    15:47:17.705 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 40664 MB offset 229295808

    15:47:17.720 Disk 0 scanning sectors +312576705

    15:47:17.783 Disk 0 scanning F:Windowssystem32drivers

    15:47:28.609 Service scanning

    15:47:53.163 Modules scanning

    15:47:58.670 Disk 0 trace - called modules:

    15:47:58.717 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorV.sys halmacpi.dll

    15:47:58.717 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0x8bba8810]

    15:47:58.733 3 CLASSPNP.SYS[8e5bd59e] -> nt!IofCallDriver -> DeviceIdeIAAStorageDevice-1[0x8ad95028]

    15:47:59.357 AVAST engine scan F:Windows

    15:48:01.182 AVAST engine scan F:Windowssystem32

    15:50:20.818 AVAST engine scan F:Windowssystem32drivers

    15:50:33.766 AVAST engine scan F:UsersTTArmstrong

    15:53:21.123 AVAST engine scan F:ProgramData

    15:53:43.415 File: F:ProgramDataMicrosoftWindowsDRMD27B.tmp **INFECTED** Win32:Crypt-NKI [Trj]

    15:54:11.542 Scan finished successfully

    16:16:33.498 Disk 0 MBR has been saved successfully to "F:UsersTTArmstrongDesktopMBR.dat"

    16:16:33.498 The log file has been saved successfully to "F:UsersTTArmstrongDesktopaswMBR july.txt"


  12. Ok Here is the OTL

     

     

     

    OTL logfile created on: 7/26/2012 3:26:09 PM - Run 1

    OTL by OldTimer - Version 3.2.54.1 Folder = F:UsersTTArmstrongDesktop

    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

    Internet Explorer (Version = 9.0.8112.16421)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

     

    1.99 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.26% Memory free

    3.98 Gb Paging File | 2.61 Gb Available in Paging File | 65.70% Paging File free

    Paging file location(s): ?:pagefile.sys [binary data]

     

    %SystemDrive% = F: | %SystemRoot% = F:Windows | %ProgramFiles% = F:Program Files

    Drive C: | 58.93 Gb Total Space | 3.53 Gb Free Space | 5.98% Space Free | Partition Type: NTFS

    Drive E: | 39.71 Gb Total Space | 23.76 Gb Free Space | 59.83% Space Free | Partition Type: NTFS

    Drive F: | 50.14 Gb Total Space | 9.29 Gb Free Space | 18.53% Space Free | Partition Type: NTFS

    Drive K: | 14.90 Gb Total Space | 1.12 Gb Free Space | 7.54% Space Free | Partition Type: FAT32

     

    Computer Name: TTARMSTRONG-PC | User Name: TTArmstrong | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: Current user

    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

     

    ========== Processes (SafeList) ==========

     

    PRC - [2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe

    PRC - [2012/07/13 07:15:56 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe

    PRC - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe

    PRC - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe

    PRC - [2012/06/29 13:38:24 | 003,069,752 | ---- | M] (Emsisoft GmbH) -- F:Program FilesEmsisoft Anti-Malwarea2service.exe

    PRC - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe

    PRC - [2012/03/11 21:13:02 | 006,749,512 | ---- | M] (COMODO) -- F:Program FilesCOMODOCOMODO Internet Securitycfp.exe

    PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe

    PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIpsia.exe

    PRC - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) -- F:Program FilesSecuniaPSIsua.exe

    PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- F:Program FilesSUPERAntiSpywareSASCore.exe

    PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- F:Windowsexplorer.exe

    PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFTray.exe

    PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- F:Program FilesThreatFireTFService.exe

    PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- F:WindowsSystem32taskhost.exe

    PRC - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe

    PRC - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe

    PRC - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe

    PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- F:Program FilesNeroUpdateNASvc.exe

    PRC - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe

    PRC - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe

    PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe

    PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe

     

     

    ========== Modules (No Company Name) ==========

     

    MOD - [2012/07/10 00:09:00 | 000,438,296 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppgooglenaclpluginchrome.dll

    MOD - [2012/07/10 00:08:59 | 003,972,120 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll

    MOD - [2012/07/10 00:07:39 | 000,554,520 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libglesv2.dll

    MOD - [2012/07/10 00:07:37 | 000,117,784 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57libegl.dll

    MOD - [2012/07/10 00:07:22 | 000,140,328 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avutil-51.dll

    MOD - [2012/07/10 00:07:21 | 000,262,184 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avformat-54.dll

    MOD - [2012/07/10 00:07:19 | 002,386,984 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57avcodec-54.dll

    MOD - [2011/11/17 08:51:58 | 000,073,728 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityANPDApi.dll

    MOD - [2010/07/06 11:58:36 | 000,835,584 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe

    MOD - [2010/07/05 18:41:40 | 000,299,008 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless Utilitywlanapp.dll

    MOD - [2010/06/29 17:42:42 | 000,040,960 | ---- | M] () -- F:Program FilesKEEBOX150N Wireless UtilityWlanMon.dll

    MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- F:Program FilesWinRARRarExt.dll

    MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- F:Program FilesMicrosoft OfficeOffice141033GrooveIntlResource.dll

    MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- F:Program FilesCommon Filesmicrosoft sharedOFFICE14CulturesOFFICE.ODF

    MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- F:Program FilesSpywareGuardsgmain.exe

    MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- F:Program FilesSpywareGuardsgbhp.exe

     

     

    ========== Win32 Services (SafeList) ==========

     

    SRV - File not found [Auto | Stopped] -- -- (tgsrvc_verizondm)

    SRV - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAService.exe -- (PSUAService)

    SRV - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- F:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe -- (NanoServiceMain)

    SRV - [2012/07/11 22:21:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:WindowsSystem32MacromedFlashFlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

    SRV - [2012/06/29 13:38:24 | 003,069,752 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- F:Program FilesEmsisoft Anti-Malwarea2service.exe -- (a2AntiMalware)

    SRV - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe -- (cmdAgent)

    SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- F:Program FilesCommon FilesAdobeARM1.0armsvc.exe -- (AdobeARMservice)

    SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIpsia.exe -- (Secunia PSI Agent)

    SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- F:Program FilesSecuniaPSIsua.exe -- (Secunia Update Agent)

    SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- F:Program FilesSUPERAntiSpywareSASCore.exe -- (!SASCORE)

    SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe -- (NisSrv)

    SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc)

    SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- F:Program FilesThreatFireTFService.exe -- (ThreatFire)

    SRV - [2010/10/01 12:50:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32WatWatAdminSvc.exe -- (WatAdminSvc)

    SRV - [2010/06/21 14:28:02 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWZCSdS.exe -- (Nonbrand_WUS-N)

    SRV - [2010/06/21 14:28:02 | 000,053,248 | ---- | M] () [Auto | Running] -- F:Program FilesKEEBOX150N Wireless UtilityANIWConnService.exe -- (Nonbrand_WUS-N_WPS)

    SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- F:Program FilesNeroUpdateNASvc.exe -- (NAUpdate)

    SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:Program FilesMicrosoft OfficeOffice14GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

    SRV - [2009/12/17 10:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe -- (Credential Vault Host Control Service)

    SRV - [2009/12/17 10:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) [Auto | Running] -- F:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe -- (Credential Vault Host Storage)

    SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:WindowsSystem32sensrsvc.dll -- (SensrSvc)

    SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:Program FilesWindows DefenderMpSvc.dll -- (WinDefend)

     

     

    ========== Driver Services (SafeList) ==========

     

    DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempCFcatchme.sys -- (CFcatchme)

    DRV - File not found [Kernel | On_Demand | Stopped] -- F:UsersTTARMS~1AppDataLocalTempcatchme.sys -- (catchme)

    DRV - [2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversPSINKNC.sys -- (PSINKNC)

    DRV - [2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINProt.sys -- (PSINProt)

    DRV - [2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINProc.sys -- (PSINProc)

    DRV - [2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:WindowsSystem32driversPSINAflt.sys -- (PSINAflt)

    DRV - [2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:WindowsSystem32driversPSINFile.sys -- (PSINFile)

    DRV - [2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSStrm.sys -- (NNSSTRM)

    DRV - [2012/06/29 13:37:46 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- F:Program FilesEmsisoft Anti-Malwarea2accx86.sys -- (a2acc)

    DRV - [2012/06/27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNStlsc.sys -- (NNSTLSC)

    DRV - [2012/06/27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSProt.sys -- (NNSPROT)

    DRV - [2012/06/27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPrv.sys -- (NNSPRV)

    DRV - [2012/06/27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSSmtp.sys -- (NNSSMTP)

    DRV - [2012/06/27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSPop3.sys -- (NNSPOP3)

    DRV - [2012/06/27 15:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- F:WindowsSystem32driversNNSPihsw.sys -- (NNSPIHSW)

    DRV - [2012/06/27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSIds.sys -- (NNSIDS)

    DRV - [2012/06/27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSpicc.sys -- (NNSPICC)

    DRV - [2012/06/27 15:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- F:WindowsSystem32driversNNSNAHSL.sys -- (NNSNAHSL)

    DRV - [2012/06/27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSHttp.sys -- (NNSHTTP)

    DRV - [2012/06/27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:WindowsSystem32driversNNSAlpc.sys -- (NNSALPC)

    DRV - [2012/03/11 21:13:38 | 000,039,640 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driverscmdhlp.sys -- (cmdHlp)

    DRV - [2012/03/11 21:13:36 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- F:WindowsSystem32driverscmdGuard.sys -- (cmdGuard)

    DRV - [2012/02/03 19:27:48 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- F:WindowsSystem32driversinspect.sys -- (inspect)

    DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywaresasdifsv.sys -- (SASDIFSV)

    DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:Program FilesSUPERAntiSpywareSASKUTIL.SYS -- (SASKUTIL)

    DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- F:Program FilesEmsisoft Anti-Malwarea2ddax86.sys -- (A2DDA)

    DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversNisDrvWFP.sys -- (NisDrv)

    DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversMpNWMon.sys -- (MpNWMon)

    DRV - [2011/03/10 18:04:57 | 000,046,280 | ---- | M] (Panda Security) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversPSKMAD.sys -- (PSKMAD)

    DRV - [2011/02/23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- F:WindowsSystem32driversSmartDefragDriver.sys -- (SmartDefragDriver)

    DRV - [2011/02/22 13:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfSysMon.sys -- (TfSysMon)

    DRV - [2011/02/22 13:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversTfNetMon.sys -- (TfNetMon)

    DRV - [2011/02/22 13:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- F:WindowsSystem32driversTfFsMon.sys -- (TfFsMon)

    DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversTsUsbFlt.sys -- (TsUsbFlt)

    DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverswinusb.sys -- (WinUsb)

    DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- F:WindowsSystem32driverspsi_mf.sys -- (PSI)

    DRV - [2010/07/29 01:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversivusb.sys -- (ivusb)

    DRV - [2010/06/21 14:28:02 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- F:WindowsSystem32driversanodlwf.sys -- (anodlwf)

    DRV - [2010/05/26 21:29:42 | 000,856,928 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversnetr28u.sys -- (netr28u)

    DRV - [2009/11/03 16:40:42 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverscvusbdrv.sys -- (cvusbdrv)

    DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversvwifimp.sys -- (vwifimp)

    DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Stopped] -- F:WindowsSystem32driversserial.sys -- (Serial)

    DRV - [2009/06/16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driversnvlddmkm.sys -- (nvlddmkm)

    DRV - [2009/06/13 01:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:WindowsSystem32driverse1y6232.sys -- (e1yexpress)

    DRV - [2009/04/03 00:25:50 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- F:WindowsSystem32driversrimmptsk.sys -- (rimmptsk)

    DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- F:WindowsSystem32driversPBADRV.sys -- (PBADRV)

    DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driverswdcsam.sys -- (WDC_SAM)

    DRV - [2007/06/14 16:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- F:WindowsSystem32driversPAC7302.SYS -- (PAC7302)

    DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:Program FilesPeerGuardian2pgfilter.sys -- (pgfilter)

     

     

    ========== Standard Registry (SafeList) ==========

     

     

    ========== Internet Explorer ==========

     

    IE - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

    IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKLM..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

     

    IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com/

    IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 32 3B 56 CC 32 DD CB 01 [binary data]

    IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

    IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

    IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS399

    IE - HKCU..SearchScopes{7DA22919-2250-49B5-B6AF-6EDF78DB766E}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110939,17118,0,18,0

    IE - HKCU..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

    IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

     

    ========== FireFox ==========

     

    FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"

    FF - prefs.js..extensions.enabledItems: [email protected]:1.0

    FF - prefs.js..network.proxy.type: 0

    FF - user.js - File not found

     

    FF - [email protected]/FlashPlayer: F:Windowssystem32MacromedFlashNPSWF32_11_3_300_265.dll ()

    FF - [email protected]/JavaPlugin: F:Program FilesJavajre6binplugin2npjp2.dll (Sun Microsystems, Inc.)

    FF - [email protected]/GENUINE: disabled File not found

    FF - [email protected]/NpCtrl,version=1.0: F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)

    FF - [email protected]/OfficeAuthz,version=14.0: F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation)

    FF - [email protected]/SharePoint,version=14.0: F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL (Microsoft Corporation)

    FF - [email protected]/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found

    FF - [email protected]/nppl3260;version=6.0.11.2852: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.)

    FF - [email protected]/nppl3260;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnppl3260.dll (RealNetworks, Inc.)

    FF - [email protected]/nprpjplug;version=6.0.12.1662: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.)

    FF - [email protected]/nprpjplug;version=6.0.12.46: F:Program FilesMagic Burning StudioRealbrowserpluginsnprpjplug.dll (RealNetworks, Inc.)

    FF - [email protected]/nsJSRealPlayerPlugin;version=: File not found

    FF - [email protected]/Google Update;version=3: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

    FF - [email protected]/Google Update;version=9: F:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

    FF - [email protected]/vlc,version=2.0.1: F:Program FilesVideoLANVLCnpvlc.dll (VideoLAN)

    FF - HKLMSoftwareMozillaPluginsAdobe Reader: F:Program FilesAdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

    FF - [email protected]/PDFlite_Browser_Plugin: F:Program FilesPDFlitenpPdfViewer.dll File not found

    FF - [email protected]/Google Update;version=3: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

    FF - [email protected]/Google Update;version=9: F:UsersTTArmstrongAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

     

    FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsComponents: F:Program FilesPale Mooncomponents [2012/07/22 21:39:17 | 000,000,000 | ---D | M]

    FF - HKEY_LOCAL_MACHINEsoftwaremozillaPale Moon 12.3extensionsPlugins: F:Program FilesPale Moonplugins [2012/07/22 21:04:49 | 000,000,000 | ---D | M]

    FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensions{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: F:Program FilesPriceGong2.1.0FF

     

    [2012/02/15 13:45:42 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaExtensions

    [2012/06/29 13:40:23 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfilesextensions

    [2012/06/29 13:40:23 | 000,000,000 | ---D | M] (OneClickDownloader) -- F:UsersTTArmstron[email protected]OneClickDownload.com

    [2012/07/22 17:10:21 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrongAppDataRoamingMozillaFirefoxProfiles0extensions

    [2012/07/22 17:10:21 | 000,000,000 | ---D | M] (No name found) -- F:UsersTTArmstrong[email protected]OneClickDownload.com

    [2012/02/15 09:13:57 | 000,000,000 | ---D | M] (No name found) -- F:Program FilesMozilla Firefoxextensions

    [2011/07/07 09:43:57 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

    [2011/10/24 01:58:25 | 000,000,000 | ---D | M] (Java Console) -- F:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

    [2012/02/26 15:32:27 | 000,000,000 | ---D | M] (PageFont) -- F:USERSTTARMSTRONGAPPDATAROAMINGMOONCHILD PRODUCTIONSPALE [email protected]

     

    ========== Chrome ==========

     

    CHR - homepage: http://www.google.com/

    CHR - default_search_provider: Google (Enabled)

    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

    CHR - homepage: http://www.google.com/

    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

    CHR - plugin: Native Client (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57ppGoogleNaClPluginChrome.dll

    CHR - plugin: Chrome PDF Viewer (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57pdf.dll

    CHR - plugin: Shockwave Flash (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplication20.0.1132.57gcswf32.dll

    CHR - plugin: Shockwave Flash (Disabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataPepperFlash11.2.31.144pepflashplayer.dll

    CHR - plugin: Shockwave Flash (Enabled) = F:Windowssystem32MacromedFlashNPSWF32_11_2_202_235.dll

    CHR - plugin: Adobe Acrobat (Disabled) = F:Program FilesAdobeReader 10.0ReaderBrowsernppdf32.dll

    CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnppl3260.dll

    CHR - plugin: RealPlayer Version Plugin (Enabled) = F:UsersTTArmstrongAppDataLocalGoogleChromeApplicationpluginsnprpjplug.dll

    CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPAUTHZ.DLL

    CHR - plugin: Microsoft Office 2010 (Enabled) = F:PROGRA~1MICROS~2Office14NPSPWRAP.DLL

    CHR - plugin: Google Update (Enabled) = F:Program FilesGoogleUpdate1.3.21.111npGoogleUpdate3.dll

    CHR - plugin: Java Platform SE 6 U31 (Enabled) = F:Program FilesJavajre6binplugin2npjp2.dll

    CHR - plugin: Silverlight Plug-In (Enabled) = F:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll

    CHR - plugin: VLC Web Plugin (Enabled) = F:Program FilesVideoLANVLCnpvlc.dll

    CHR - Extension: YouTube = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0

    CHR - Extension: Google Search = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0

    CHR - Extension: Gmail = F:UsersTTArmstrongAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0

     

    O1 HOSTS File: ([2012/07/26 08:23:41 | 000,000,027 | ---- | M]) - F:WindowsSystem32driversetchosts

    O1 - Hosts: 127.0.0.1 localhost

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

    O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:Program FilesSpywareGuarddlprotect.dll ()

    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation)

    O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:Program FilesJavajre6binssv.dll (Sun Microsystems, Inc.)

    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:Program FilesMicrosoft OfficeOffice14URLREDIR.DLL (Microsoft Corporation)

    O3 - HKLM..Toolbar: (@msdxmLC.dll,[email protected],&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation)

    O4 - HKLM..Run: [burnStudio] F:Program FilesMagic Burning Studiombs.exe (MagicVideoSoftware Inc.)

    O4 - HKLM..Run: [COMODO Internet Security] F:Program FilesCOMODOCOMODO Internet Securitycfp.exe (COMODO)

    O4 - HKLM..Run: [KEEBOX 150N Wireless Utility] F:Program FilesKEEBOX150N Wireless UtilityWlanMon.exe ()

    O4 - HKLM..Run: [PSUAMain] F:Program FilesPanda SecurityPanda Cloud AntivirusPSUAMain.exe (Panda Security, S.L.)

    O4 - HKLM..Run: [sonneDVDCreator] F:Program FilesMagic Burning StudioDVDCreator.exe (MagicVideoSoftware Inc.)

    O4 - HKLM..Run: [ThreatFire] F:Program FilesThreatFireTFTray.exe (PC Tools)

    O4 - Startup: F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSpywareGuard.lnk = F:Program FilesSpywareGuardsgmain.exe ()

    O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present

    O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

    O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5

    O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

    O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0

    O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLinkedConnections = 1

    O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

    O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

    O8 - Extra context menu item: E&xport to Microsoft Excel - F:Program FilesMicrosoft OfficeOffice14EXCEL.EXE (Microsoft Corporation)

    O8 - Extra context menu item: Se&nd to OneNote - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation)

    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)

    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

    O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.254.254

    O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{BC61CDAD-2E04-4E88-BC10-A52B4A81FE10}: DhcpNameServer = 192.168.254.254

    O18 - ProtocolHandlervnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - F:Program FilesSpeed Video Splittermsdxm.ocx (Microsoft Corporation)

    O20 - AppInit_DLLs: (F:WindowsSystem32guard32.dll) - F:WindowsSystem32guard32.dll (COMODO)

    O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:Windowsexplorer.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: UserInit - (F:Windowssystem32userinit.exe) - F:WindowsSystem32userinit.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:WindowsSystem32SystemPropertiesPerformance.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

    O20 - WinlogonNotify!SASWinLogon: DllName - (F:Program FilesSUPERAntiSpywareSASWINLO.DLL) - F:Program FilesSUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com)

    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:Program FilesSUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com)

    O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - F:Program FilesSpywareGuardspywareguard.dll ()

    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation)

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]

    O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - F:autoexec.bat -- [ NTFS ]

    O34 - HKLM BootExecute: (autocheck autochk *)

    O35 - HKLM..comfile [open] -- "%1" %*

    O35 - HKLM..exefile [open] -- "%1" %*

    O37 - HKLM...com [@ = ComFile] -- "%1" %*

    O37 - HKLM...exe [@ = exefile] -- "%1" %*

    O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)

    O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2)

    O38 - SubSystemsWindows: (ServerDll=sxssrv,4)

     

    ========== Files/Folders - Created Within 30 Days ==========

     

    [2012/07/26 15:19:55 | 004,731,392 | ---- | C] (AVAST Software) -- F:UsersTTArmstrongDesktopaswMBR.exe

    [2012/07/26 15:02:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe

    [2012/07/26 11:35:48 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys

    [2012/07/26 11:35:48 | 000,131,344 | ---- | C] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys

    [2012/07/26 11:09:33 | 000,000,000 | ---D | C] -- F:ProgramDataSophos

    [2012/07/26 11:09:24 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsSophos

    [2012/07/26 11:09:20 | 000,000,000 | ---D | C] -- F:Program FilesSophos

    [2012/07/26 08:29:29 | 000,000,000 | -HSD | C] -- F:$RECYCLE.BIN

    [2012/07/23 12:52:00 | 000,046,280 | ---- | C] (Panda Security) -- F:WindowsSystem32driversPSKMAD.sys

    [2012/07/23 12:49:13 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPanda Cloud Antivirus

    [2012/07/22 20:02:33 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataLocaltemp

    [2012/07/22 19:49:13 | 000,518,144 | ---- | C] (SteelWerX) -- F:WindowsSWREG.exe

    [2012/07/22 19:49:13 | 000,406,528 | ---- | C] (SteelWerX) -- F:WindowsSWSC.exe

    [2012/07/22 19:49:13 | 000,060,416 | ---- | C] (NirSoft) -- F:WindowsNIRCMD.exe

    [2012/07/22 18:59:15 | 000,000,000 | ---D | C] -- F:Windowserdnt

    [2012/07/22 18:56:03 | 004,721,680 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe

    [2012/07/22 18:32:51 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopdvdmoviecover

    [2012/07/22 09:33:06 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopHIPHOP

    [2012/07/21 14:16:19 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoporignal dance

    [2012/07/21 13:20:04 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopwedding songs

    [2012/07/19 23:17:06 | 000,607,260 | R--- | C] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr

    [2012/07/18 11:34:09 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktoprockerz2 joe gibbs

    [2012/07/18 03:21:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32mshtml.tlb

    [2012/07/18 03:21:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieui.dll

    [2012/07/18 03:21:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ieUnatt.exe

    [2012/07/18 03:21:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jsproxy.dll

    [2012/07/18 03:21:38 | 001,800,192 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32jscript9.dll

    [2012/07/18 03:21:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32url.dll

    [2012/07/18 03:21:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32inetcpl.cpl

    [2012/07/18 03:18:31 | 002,345,984 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32win32k.sys

    [2012/07/17 21:26:03 | 000,000,000 | ---D | C] -- F:VritualRoot

    [2012/07/17 20:17:45 | 000,219,136 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32ncrypt.dll

    [2012/07/17 20:17:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32msxml3r.dll

    [2012/07/17 20:17:41 | 000,805,376 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32cdosys.dll

    [2012/07/17 20:13:11 | 002,422,272 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wucltux.dll

    [2012/07/17 20:13:11 | 000,045,080 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups2.dll

    [2012/07/17 20:12:59 | 000,577,048 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapi.dll

    [2012/07/17 20:12:59 | 000,088,576 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wudriver.dll

    [2012/07/17 20:12:59 | 000,035,864 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wups.dll

    [2012/07/17 20:12:50 | 000,171,904 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuwebv.dll

    [2012/07/17 20:12:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- F:WindowsSystem32wuapp.exe

    [2012/07/17 20:11:47 | 000,000,000 | ---D | C] -- F:Program FilesMicrosoft Security Client

    [2012/07/14 08:45:02 | 000,000,000 | ---D | C] -- F:ProgramDataMicrosoftWindowsStart MenuProgramsThreatFire

    [2012/07/14 08:45:01 | 000,069,392 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfSysMon.sys

    [2012/07/14 08:45:01 | 000,051,984 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfFsMon.sys

    [2012/07/14 08:45:01 | 000,033,552 | ---- | C] (PC Tools) -- F:WindowsSystem32driversTfNetMon.sys

    [2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:Program FilesThreatFire

    [2012/07/14 08:45:00 | 000,000,000 | ---D | C] -- F:ProgramDataPC Tools

    [2012/07/13 07:02:16 | 000,174,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys

    [2012/07/13 07:02:16 | 000,120,872 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys

    [2012/07/13 07:02:16 | 000,114,216 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys

    [2012/07/13 07:02:15 | 000,148,520 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys

    [2012/07/13 07:02:15 | 000,103,464 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys

    [2012/07/12 22:43:10 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongAppDataRoamingf-secure

    [2012/07/12 22:42:53 | 000,000,000 | ---D | C] -- F:ProgramDataF-Secure

    [2012/07/12 22:23:42 | 000,014,664 | ---- | C] (McAfee, Inc.) -- F:Windowsstinger.sys

    [2012/07/12 22:22:14 | 000,000,000 | ---D | C] -- F:Program Filesstinger

    [2012/07/12 11:18:32 | 000,206,632 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys

    [2012/07/11 19:25:56 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopWEDDIN SONG JULY 15

    [2012/07/11 05:43:36 | 000,000,000 | ---D | C] -- F:Program FilesReal

    [2012/07/10 20:45:16 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopnew riddim & cover april 30

    [2012/07/07 16:16:44 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopsamplesforkingcd

    [2012/07/07 13:28:51 | 000,000,000 | ---D | C] -- F:Program FilesNewAgeDesign

    [2012/07/01 20:12:45 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopwowWORSHIP

    [2012/07/01 17:25:05 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopWOW GOSPEL MUSIC

    [2012/06/30 16:18:31 | 000,000,000 | ---D | C] -- F:UsersTTArmstrongDesktopSIZZLA VS KHAGO CLASH

    [2012/06/27 15:51:07 | 000,092,840 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNStlsc.sys

    [2012/06/27 15:51:06 | 000,286,376 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSProt.sys

    [2012/06/27 15:51:06 | 000,153,000 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPrv.sys

    [2012/06/27 15:51:06 | 000,106,536 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSSmtp.sys

    [2012/06/27 15:51:05 | 000,104,104 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPop3.sys

    [2012/06/27 15:51:05 | 000,060,968 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPihsw.sys

    [2012/06/27 15:51:04 | 000,122,664 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSIds.sys

    [2012/06/27 15:51:04 | 000,093,992 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSpicc.sys

    [2012/06/27 15:51:04 | 000,028,712 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSNAHSL.sys

    [2012/06/27 15:51:03 | 000,120,744 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSHttp.sys

    [2012/06/27 15:51:03 | 000,082,472 | ---- | C] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSAlpc.sys

    [2010/10/23 05:00:39 | 000,047,360 | ---- | C] (VSO Software) -- F:UsersTTArmstrongAppDataRoamingpcouffin.sys

     

    ========== Files - Modified Within 30 Days ==========

     

    [2012/07/26 15:23:04 | 004,731,392 | ---- | M] (AVAST Software) -- F:UsersTTArmstrongDesktopaswMBR.exe

    [2012/07/26 15:17:01 | 000,000,830 | ---- | M] () -- F:WindowstasksAdobe Flash Player Updater.job

    [2012/07/26 15:08:01 | 000,000,932 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001UA.job

    [2012/07/26 15:03:43 | 002,117,108 | ---- | M] () -- F:UsersTTArmstrongDesktoptdsskiller.zip

    [2012/07/26 15:02:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:UsersTTArmstrongDesktopOTL.exe

    [2012/07/26 14:40:01 | 000,000,896 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineUA.job

    [2012/07/26 14:40:01 | 000,000,892 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskMachineCore.job

    [2012/07/26 14:30:29 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    [2012/07/26 14:30:29 | 000,013,440 | -H-- | M] () -- F:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    [2012/07/26 14:29:34 | 000,626,486 | ---- | M] () -- F:WindowsSystem32perfh009.dat

    [2012/07/26 14:29:34 | 000,107,730 | ---- | M] () -- F:WindowsSystem32perfc009.dat

    [2012/07/26 14:23:03 | 000,065,536 | ---- | M] () -- F:WindowsSystem32Ikeext.etl

    [2012/07/26 14:22:56 | 000,067,584 | --S- | M] () -- F:Windowsbootstat.dat

    [2012/07/26 14:22:53 | 1601,097,728 | -HS- | M] () -- F:hiberfil.sys

    [2012/07/26 11:35:48 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- F:WindowsSystem32driverstmcomm.sys

    [2012/07/26 11:35:48 | 000,131,344 | ---- | M] (trend_company_name) -- F:WindowsSystem32driverstmrkb.sys

    [2012/07/26 11:09:24 | 000,003,221 | ---- | M] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk

    [2012/07/26 08:23:41 | 000,000,027 | ---- | M] () -- F:WindowsSystem32driversetchosts

    [2012/07/26 08:09:37 | 000,043,480 | ---- | M] () -- F:WindowsSystem32driversgtqjbadj.sys

    [2012/07/26 08:04:12 | 004,721,680 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopComboFix.exe

    [2012/07/23 21:45:55 | 000,001,057 | ---- | M] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml

    [2012/07/23 12:51:42 | 000,462,152 | ---- | M] () -- F:WindowsSystem32FNTCACHE.DAT

    [2012/07/23 12:50:26 | 000,000,000 | ---- | M] () -- F:ProgramData0x0304A000.sfl

    [2012/07/22 21:39:21 | 000,000,758 | ---- | M] () -- F:UsersPublicDesktopPale Moon.lnk

    [2012/07/22 21:05:36 | 000,001,952 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchPale Moon.lnk

    [2012/07/22 17:08:01 | 000,000,880 | ---- | M] () -- F:WindowstasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001Core.job

    [2012/07/21 10:54:16 | 001,729,604 | ---- | M] () -- F:UsersTTArmstrongDesktopTim McGraw - Its Your Love - Instrumental _ Karaoke.mp3

    [2012/07/19 23:42:23 | 000,000,512 | ---- | M] () -- F:UsersTTArmstrongDesktopMBR.dat

    [2012/07/19 23:16:58 | 000,607,260 | R--- | M] (Swearware) -- F:UsersTTArmstrongDesktopdds.scr

    [2012/07/19 19:24:18 | 076,128,300 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj005.wav

    [2012/07/19 19:17:06 | 031,125,548 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj004.wav

    [2012/07/19 19:14:10 | 046,991,404 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj003.wav

    [2012/07/19 19:09:44 | 032,616,492 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj002.wav

    [2012/07/19 19:06:39 | 012,724,268 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj001.wav

    [2012/07/19 19:05:27 | 024,307,756 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj000.wav

    [2012/07/18 04:31:41 | 051,150,892 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav

    [2012/07/18 04:26:51 | 022,272,044 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav

    [2012/07/18 04:24:45 | 028,700,716 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav

    [2012/07/18 04:22:02 | 027,181,100 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav

    [2012/07/18 04:19:28 | 035,190,828 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav

    [2012/07/18 04:16:09 | 040,550,444 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav

    [2012/07/18 04:12:19 | 031,346,732 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav

    [2012/07/18 04:09:21 | 045,740,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav

    [2012/07/18 04:05:02 | 052,380,232 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav

    [2012/07/18 04:00:01 | 020,090,924 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav

    [2012/07/18 03:58:07 | 029,100,076 | ---- | M] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav

    [2012/07/18 03:18:29 | 000,002,141 | ---- | M] () -- F:Windowsepplauncher.mif

    [2012/07/17 19:11:39 | 000,000,090 | ---- | M] () -- F:Windows12225517.dat

    [2012/07/16 21:58:09 | 000,146,216 | ---- | M] () -- F:UsersTTArmstrongDesktop33271375750985781045.jpg

    [2012/07/16 17:27:15 | 000,052,001 | ---- | M] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg

    [2012/07/14 08:45:02 | 000,000,939 | ---- | M] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk

    [2012/07/13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINKNC.sys

    [2012/07/13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProt.sys

    [2012/07/13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINProc.sys

    [2012/07/13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINAflt.sys

    [2012/07/13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversPSINFile.sys

    [2012/07/12 23:01:43 | 000,281,862 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalcensus.cache

    [2012/07/12 23:01:22 | 000,158,340 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalars.cache

    [2012/07/12 22:53:41 | 000,000,036 | ---- | M] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache

    [2012/07/12 22:23:42 | 000,014,664 | ---- | M] (McAfee, Inc.) -- F:Windowsstinger.sys

    [2012/07/12 22:23:03 | 000,000,045 | RH-- | M] () -- F:UsersTTArmstrongDesktopstinger.opt

    [2012/07/12 22:06:02 | 000,001,078 | ---- | M] () -- F:UsersPublicDesktopMalwarebytes Anti-Malware.lnk

    [2012/07/12 14:36:12 | 000,002,445 | ---- | M] () -- F:UsersTTArmstrongDesktopGoogle Chrome.lnk

    [2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSStrm.sys

    [2012/07/11 22:21:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerApp.exe

    [2012/07/11 22:21:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- F:WindowsSystem32FlashPlayerCPLApp.cpl

    [2012/07/08 18:36:53 | 002,616,633 | ---- | M] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3

    [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- F:WindowsSystem32driversmbam.sys

    [2012/07/02 16:51:55 | 000,041,909 | ---- | M] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg

    [2012/07/01 15:35:20 | 004,589,338 | ---- | M] () -- F:UsersTTArmstrongDesktopGo Get It.mp3

    [2012/06/30 16:14:35 | 000,057,212 | ---- | M] () -- F:UsersTTArmstrongDesktop306571_392582317467151_742435903_n.jpg

    [2012/06/27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNStlsc.sys

    [2012/06/27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSProt.sys

    [2012/06/27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPrv.sys

    [2012/06/27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSSmtp.sys

    [2012/06/27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPop3.sys

    [2012/06/27 15:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSPihsw.sys

    [2012/06/27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSIds.sys

    [2012/06/27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSpicc.sys

    [2012/06/27 15:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSNAHSL.sys

    [2012/06/27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSHttp.sys

    [2012/06/27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) -- F:WindowsSystem32driversNNSAlpc.sys

     

    ========== Files Created - No Company Name ==========

     

    [2012/07/26 15:03:04 | 002,117,108 | ---- | C] () -- F:UsersTTArmstrongDesktoptdsskiller.zip

    [2012/07/26 11:09:24 | 000,003,221 | ---- | C] () -- F:UsersTTArmstrongDesktopSophos Virus Removal Tool.lnk

    [2012/07/23 12:50:26 | 000,000,000 | ---- | C] () -- F:ProgramData0x0304A000.sfl

    [2012/07/22 21:05:37 | 000,000,770 | ---- | C] () -- F:ProgramDataMicrosoftWindowsStart MenuProgramsPale Moon.lnk

    [2012/07/22 21:05:37 | 000,000,758 | ---- | C] () -- F:UsersPublicDesktopPale Moon.lnk

    [2012/07/22 19:49:13 | 000,256,000 | ---- | C] () -- F:WindowsPEV.exe

    [2012/07/22 19:49:13 | 000,208,896 | ---- | C] () -- F:WindowsMBR.exe

    [2012/07/22 19:49:13 | 000,098,816 | ---- | C] () -- F:Windowssed.exe

    [2012/07/22 19:49:13 | 000,080,412 | ---- | C] () -- F:Windowsgrep.exe

    [2012/07/22 19:49:13 | 000,068,096 | ---- | C] () -- F:Windowszip.exe

    [2012/07/21 10:53:02 | 001,729,604 | ---- | C] () -- F:UsersTTArmstrongDesktopTim McGraw - Its Your Love - Instrumental _ Karaoke.mp3

    [2012/07/19 23:42:23 | 000,000,512 | ---- | C] () -- F:UsersTTArmstrongDesktopMBR.dat

    [2012/07/19 19:17:06 | 076,128,300 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj005.wav

    [2012/07/19 19:14:10 | 031,125,548 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj004.wav

    [2012/07/19 19:09:44 | 046,991,404 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj003.wav

    [2012/07/19 19:06:39 | 032,616,492 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj002.wav

    [2012/07/19 19:05:27 | 012,724,268 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj001.wav

    [2012/07/19 19:03:09 | 024,307,756 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGA2 djvdj000.wav

    [2012/07/18 04:26:51 | 051,150,892 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj010.wav

    [2012/07/18 04:24:45 | 022,272,044 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj009.wav

    [2012/07/18 04:22:02 | 028,700,716 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj008.wav

    [2012/07/18 04:19:28 | 027,181,100 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj007.wav

    [2012/07/18 04:16:09 | 035,190,828 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj006.wav

    [2012/07/18 04:12:19 | 040,550,444 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj005.wav

    [2012/07/18 04:09:21 | 031,346,732 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj004.wav

    [2012/07/18 04:05:02 | 045,740,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj003.wav

    [2012/07/18 01:55:25 | 000,043,480 | ---- | C] () -- F:WindowsSystem32driversgtqjbadj.sys

    [2012/07/17 20:12:11 | 000,002,141 | ---- | C] () -- F:Windowsepplauncher.mif

    [2012/07/17 19:11:39 | 000,000,090 | ---- | C] () -- F:Windows12225517.dat

    [2012/07/16 21:58:14 | 000,146,216 | ---- | C] () -- F:UsersTTArmstrongDesktop33271375750985781045.jpg

    [2012/07/16 17:27:26 | 000,052,001 | ---- | C] () -- F:UsersTTArmstrongDesktop11e64dc29e2f38b7272d70a290bad7ff5752cefa.jpg

    [2012/07/14 08:45:02 | 000,000,939 | ---- | C] () -- F:UsersTTArmstrongApplication DataMicrosoftInternet ExplorerQuick LaunchThreatFire.lnk

    [2012/07/13 09:18:58 | 052,380,232 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj002.wav

    [2012/07/13 09:11:36 | 020,090,924 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj001.wav

    [2012/07/13 08:44:28 | 029,100,076 | ---- | C] () -- F:UsersTTArmstrongDocumentsKVIPER REGGAESOCA djvdj000.wav

    [2012/07/12 23:01:43 | 000,281,862 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalcensus.cache

    [2012/07/12 23:01:22 | 000,158,340 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalars.cache

    [2012/07/12 22:53:41 | 000,000,036 | ---- | C] () -- F:UsersTTArmstrongAppDataLocalhousecall.guid.cache

    [2012/07/12 22:22:19 | 000,000,045 | RH-- | C] () -- F:UsersTTArmstrongDesktopstinger.opt

    [2012/07/08 18:32:23 | 002,616,633 | ---- | C] () -- F:UsersTTArmstrongDesktopRichie Stephens - The Gospel Medley (2012).mp3

    [2012/07/08 06:41:30 | 005,213,752 | ---- | C] () -- F:UsersTTArmstrongDesktopShana Wilson Press In Your Presence.mp3

    [2012/07/08 06:39:47 | 004,589,338 | ---- | C] () -- F:UsersTTArmstrongDesktopGo Get It.mp3

    [2012/07/07 17:36:45 | 000,213,141 | R--- | C] () -- F:UsersTTArmstrongDesktop00-sanchez-best_of_sanchez_(dj_rondon)-bootleg-cd-2006-spliff.jpg

    [2012/07/02 16:51:55 | 000,041,909 | ---- | C] () -- F:UsersTTArmstrongDesktopXXXXXXXXXXXXXXX.jpg

    [2012/06/30 19:31:03 | 000,100,352 | ---- | C] () -- F:UsersTTArmstrongDocumentsVYBZ KARTEL COLORING BOOK JUNE 2K11.jwl

    [2012/06/30 19:31:03 | 000,057,856 | ---- | C] () -- F:UsersTTArmstrongDocumentsZIGGY MARLEY WILD AND FREE.jwl

    [2012/06/30 19:31:02 | 000,074,752 | ---- | C] () -- F:UsersTTArmstrongDocumentsTyrone Taylor Sings Members Only.jwl

    [2012/06/30 19:31:02 | 000,045,568 | ---- | C] () -- F:UsersTTArmstrongDocumentsTrust.jwl

    [2012/06/30 19:31:02 | 000,038,400 | ---- | C] () -- F:UsersTTArmstrongDocumentsUNREPORTED GUNS VOTES AND MONEY.jwl

    [2012/06/30 19:31:01 | 000,127,488 | ---- | C] () -- F:UsersTTArmstrongDocumentsSTONE LOVE SWAGG TUESDAY VOL 5 PART 1 JUNE 2K11.jwl

    [2012/06/30 19:31:01 | 000,118,272 | ---- | C] () -- F:UsersTTArmstrongDocumentsSTONE LOVE SWAGG TUESDAY VOL 5 PART 2 JUNE 2K11.jwl

    [2012/06/30 19:31:01 | 000,105,984 | ---- | C] () -- F:UsersTTArmstrongDocumentsSnoop Dogg Dubstep.jwl

    [2012/06/30 19:31:01 | 000,061,952 | ---- | C] () -- F:UsersTTArmstrongDocumentsScientist The People s Choice.jwl

    [2012/06/30 19:31:01 | 000,044,544 | ---- | C] () -- F:UsersTTArmstrongDocumentsPat Kelly Wish It Would Rain.jwl

    [2012/06/30 19:31:01 | 000,018,944 | ---- | C] () -- F:UsersTTArmstrongDocumentsSMALL ISLAND.jwl

    [2012/06/30 19:31:00 | 000,208,384 | ---- | C] () -- F:UsersTTArmstrongDocumentsJohnny Osbourne Dancing Time.jwl

    [2012/06/30 19:31:00 | 000,143,360 | ---- | C] () -- F:UsersTTArmstrongDocumentsFrankie Paul SHOWCASE.jwl

    [2012/06/30 19:31:00 | 000,112,640 | ---- | C] () -- F:UsersTTArmstrongDocumentsDelroy Wilson SHOWCASE.jwl

    [2012/06/30 19:31:00 | 000,073,728 | ---- | C] () -- F:UsersTTArmstrongDocumentsDJ KENNY CULTURAL LOVERS ROCK 2011 JUNE 2K11.jwl

    [2012/06/30 19:31:00 | 000,068,608 | ---- | C] () -- F:UsersTTArmstrongDocumentsDJ BLAZER VYBZ KARTEL DA WORLD BOSS JUNE 2K11.jwl

    [2012/06/30 19:30:59 | 000,339,968 | ---- | C] () -- F:UsersTTArmstrongDocumentsCarib Vybz Di Teacha XXXclusive 2011.jwl

    [2012/06/30 19:30:59 | 000,050,176 | ---- | C] () -- F:UsersTTArmstrongDocumentsBLACK UHURU DUBBIN IT LIVE.jwl

    [2012/06/30 16:14:30 | 000,057,212 | ---- | C] () -- F:UsersTTArmstrongDesktop306571_392582317467151_742435903_n.jpg

    [2012/06/29 15:32:49 | 000,002,441 | ---- | C] () -- F:ProgramDataMicrosoftWindowsStart MenuProgramsAdobe Reader X.lnk

    [2012/03/26 11:55:00 | 000,147,456 | ---- | C] () -- F:WindowsSystem32DiagFunc.dll

    [2012/03/26 11:55:00 | 000,000,451 | ---- | C] () -- F:WindowsSystem32DiagFunc.ini

    [2012/03/07 19:24:25 | 000,116,224 | ---- | C] () -- F:WindowsSystem32redmonnt.dll

    [2012/03/07 19:24:25 | 000,045,056 | ---- | C] () -- F:WindowsSystem32unredmon.exe

    [2012/02/16 06:21:03 | 000,032,768 | ---- | C] () -- F:WindowsSystem32driverssp_rsdrv2.sys

    [2011/11/17 08:53:51 | 000,003,284 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingANIWZCS{A21875C3-23CF-4FF2-ACA3-6B9A1DE459D5}

    [2011/11/17 08:50:28 | 000,012,800 | ---- | C] () -- F:WindowsSystem32driversanodlwf.sys

    [2011/11/17 08:50:27 | 000,014,051 | ---- | C] () -- F:WindowsSystem32RaCoInst.dat

    [2011/11/09 19:55:48 | 000,000,566 | ---- | C] () -- F:WindowsSystem32SP7302.INI

    [2011/07/27 08:53:38 | 000,000,000 | ---- | C] () -- F:UsersTTArmstrongAppDataLocal{DEB393EC-9D07-4AAF-B6DE-442513357526}

    [2011/03/24 22:02:01 | 000,029,008 | ---- | C] () -- F:WindowsSystem32SmartDefragBootTime.exe

    [2011/03/24 22:02:01 | 000,016,184 | ---- | C] () -- F:WindowsSystem32driversSmartDefragDriver.sys

    [2011/01/30 05:30:55 | 000,084,480 | ---- | C] () -- F:WindowsSystem32ff_vfw.dll

    [2011/01/29 13:02:14 | 000,003,884 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingdvdae.config

    [2010/11/14 06:08:43 | 000,001,378 | ---- | C] () -- F:WindowsSystem32SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat

    [2010/10/23 20:04:09 | 000,130,048 | ---- | C] () -- F:WindowsSystem32SpoonUninstall.exe

    [2010/10/23 05:02:04 | 000,001,057 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml

    [2010/10/23 05:00:39 | 000,087,608 | ---- | C] () -- F:UsersTTArmstrongAppDataRoaminginst.exe

    [2010/10/23 05:00:39 | 000,007,887 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.cat

    [2010/10/23 05:00:39 | 000,001,144 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingpcouffin.inf

    [2010/10/16 13:33:30 | 000,308,624 | ---- | C] () -- F:WindowsSystem32brcmbsp.dll

    [2010/10/16 13:33:30 | 000,206,216 | ---- | C] () -- F:WindowsSystem32bipbsp.dll

    [2010/10/16 13:31:49 | 000,080,368 | ---- | C] () -- F:WindowsSystem32pbadrvdll.dll

    [2010/09/30 17:07:06 | 000,000,376 | ---- | C] () -- F:WindowsODBC.INI

    [2010/09/30 00:22:17 | 001,474,832 | ---- | C] () -- F:WindowsSystem32driverssfi.dat

    [2010/09/30 00:19:12 | 001,724,416 | ---- | C] () -- F:WindowsSystem32nvwdmcpl.dll

    [2010/09/30 00:19:12 | 001,657,376 | ---- | C] () -- F:WindowsSystem32nwiz.exe

    [2010/09/30 00:19:12 | 001,507,328 | ---- | C] () -- F:WindowsSystem32nView.dll

    [2010/09/30 00:19:12 | 001,101,824 | ---- | C] () -- F:WindowsSystem32nvwimg.dll

    [2010/09/30 00:19:12 | 000,466,944 | ---- | C] () -- F:WindowsSystem32nvShell.dll

    [2010/09/30 00:19:12 | 000,449,056 | ---- | C] () -- F:WindowsSystem32nvAppBar.exe

    [2010/09/30 00:19:12 | 000,267,296 | ---- | C] () -- F:WindowsSystem32nvTaskbar.exe

     

    ========== LOP Check ==========

     

    [2011/08/13 15:53:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingApowersoft

    [2010/10/23 09:09:08 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBackTalk

    [2012/07/22 18:25:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBitTorrent

    [2010/10/23 20:17:56 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingdBpoweramp

    [2010/10/02 11:17:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDisk Cleaner

    [2012/02/01 23:36:24 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDVDFab

    [2012/07/12 22:43:10 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingf-secure

    [2011/05/22 13:07:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingFDRLab

    [2011/08/24 17:01:40 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingImgBurn

    [2011/10/06 23:15:21 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingIObit

    [2011/04/20 16:26:24 | 000,000,000 | RHSD | M] -- F:UsersTTArmstrongAppDataRoamingJava

    [2010/10/17 21:57:31 | 000,000,


  13. I update ComboFix and this is what i got

     

     

     

     

    ComboFix 12-07-27.01 - TTArmstrong 07/26/2012 8:10.2.2 - x86

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2036.1001 [GMT -4:00]

    Running from: f:usersTTArmstrongDesktopComboFix.exe

    Command switches used :: f:usersTTArmstrongDesktopCFScript.txt

    AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}

    FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

    FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

    SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

    SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    * Created a new restore point

    .

    FILE ::

    "f:programdataMicrosoftWindowsDRMD27B.tmp"

    "f:windowssystem32driversxeohoein.sys"

    .

    file zipped: f:programdataMicrosoftWindowsDRMD6B1.tmp

    file zipped: f:windowssystem32driversgtqjbadj.sys

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    f:program files1ClickDownload

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    -------Service_xeohoein

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))

    .

    .

    2012-07-26 12:20 . 2012-07-26 12:20 -------- d-----w- f:windowssystem32configsystemprofileAppDataLocaltemp

    2012-07-26 12:20 . 2012-07-26 12:20 -------- d-----w- f:usersDefaultAppDataLocaltemp

    2012-07-26 12:20 . 2012-07-26 12:20 -------- d-----w- f:usersAdministratorAppDataLocaltemp

    2012-07-23 16:52 . 2011-03-10 22:04 46280 ----a-w- f:windowssystem32driversPSKMAD.sys

    2012-07-23 10:00 . 2012-06-29 08:44 6891424 ----a-w- f:programdataMicrosoftWindows DefenderDefinition Updates{7E85B3AA-67D7-43B3-9B57-2104D0602929}mpengine.dll

    2012-07-23 00:02 . 2012-07-26 12:24 -------- d-----w- f:usersTTArmstrongAppDataLocaltemp

    2012-07-21 14:41 . 2012-07-21 14:41 114176 ----a-w- f:programdataMicrosoftWindowsDRMD27B.tmp

    2012-07-18 07:18 . 2012-06-12 02:40 2345984 ----a-w- f:windowssystem32win32k.sys

    2012-07-18 05:55 . 2012-07-26 12:09 43480 ----a-w- f:windowssystem32driversgtqjbadj.sys

    2012-07-18 01:26 . 2012-07-18 01:26 -------- d-----w- F:VritualRoot

    2012-07-18 00:46 . 2012-07-18 05:57 56200 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{2356B655-C2C0-4E58-BB14-9F65886A6888}offreg.dll

    2012-07-18 00:44 . 2012-07-18 00:43 713784 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{13315781-ABDC-4E56-A8C6-AF633331E555}gapaengine.dll

    2012-07-18 00:43 . 2012-06-29 05:44 6891424 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{2356B655-C2C0-4E58-BB14-9F65886A6888}mpengine.dll

    2012-07-18 00:13 . 2012-06-02 22:19 53784 ----a-w- f:windowssystem32wuauclt.exe

    2012-07-18 00:13 . 2012-06-02 22:19 45080 ----a-w- f:windowssystem32wups2.dll

    2012-07-18 00:13 . 2012-06-02 22:19 1933848 ----a-w- f:windowssystem32wuaueng.dll

    2012-07-18 00:13 . 2012-06-02 22:12 2422272 ----a-w- f:windowssystem32wucltux.dll

    2012-07-18 00:12 . 2012-06-02 22:19 35864 ----a-w- f:windowssystem32wups.dll

    2012-07-18 00:12 . 2012-06-02 22:19 577048 ----a-w- f:windowssystem32wuapi.dll

    2012-07-18 00:12 . 2012-06-02 22:12 88576 ----a-w- f:windowssystem32wudriver.dll

    2012-07-18 00:12 . 2012-06-02 19:19 171904 ----a-w- f:windowssystem32wuwebv.dll

    2012-07-18 00:12 . 2012-06-02 19:12 33792 ----a-w- f:windowssystem32wuapp.exe

    2012-07-18 00:11 . 2012-07-18 07:17 -------- d-----w- f:program filesMicrosoft Security Client

    2012-07-14 12:45 . 2011-02-22 17:57 69392 ----a-w- f:windowssystem32driversTfSysMon.sys

    2012-07-14 12:45 . 2011-02-22 17:57 33552 ----a-w- f:windowssystem32driversTfNetMon.sys

    2012-07-14 12:45 . 2011-02-22 17:57 51984 ----a-w- f:windowssystem32driversTfFsMon.sys

    2012-07-14 12:45 . 2012-07-21 13:49 -------- d-----w- f:program filesThreatFire

    2012-07-14 12:45 . 2012-07-14 12:45 -------- d-----w- f:programdataPC Tools

    2012-07-13 11:02 . 2012-07-13 11:02 174632 ----a-w- f:windowssystem32driversPSINKNC.sys

    2012-07-13 11:02 . 2012-07-13 11:02 120872 ----a-w- f:windowssystem32driversPSINProt.sys

    2012-07-13 11:02 . 2012-07-13 11:02 114216 ----a-w- f:windowssystem32driversPSINProc.sys

    2012-07-13 11:02 . 2012-07-13 11:02 148520 ----a-w- f:windowssystem32driversPSINAflt.sys

    2012-07-13 11:02 . 2012-07-13 11:02 103464 ----a-w- f:windowssystem32driversPSINFile.sys

    2012-07-13 02:43 . 2012-07-13 02:43 -------- d-----w- f:usersTTArmstrongAppDataRoamingf-secure

    2012-07-13 02:42 . 2012-07-13 02:42 -------- d-----w- f:programdataF-Secure

    2012-07-13 02:23 . 2012-07-13 02:23 14664 ----a-w- f:windowsstinger.sys

    2012-07-13 02:22 . 2012-07-13 02:30 -------- d-----w- f:program filesstinger

    2012-07-12 15:18 . 2012-07-12 15:18 206632 ----a-w- f:windowssystem32driversNNSStrm.sys

    2012-07-11 09:43 . 2012-07-11 09:43 -------- d-----w- f:program filesReal

    2012-07-07 17:28 . 2012-07-07 17:28 -------- d-----w- f:program filesNewAgeDesign

    2012-06-27 19:51 . 2012-06-27 19:51 92840 ----a-w- f:windowssystem32driversNNStlsc.sys

    2012-06-27 19:51 . 2012-06-27 19:51 286376 ----a-w- f:windowssystem32driversNNSProt.sys

    2012-06-27 19:51 . 2012-06-27 19:51 153000 ----a-w- f:windowssystem32driversNNSPrv.sys

    2012-06-27 19:51 . 2012-06-27 19:51 106536 ----a-w- f:windowssystem32driversNNSSmtp.sys

    2012-06-27 19:51 . 2012-06-27 19:51 60968 ----a-w- f:windowssystem32driversNNSPihsw.sys

    2012-06-27 19:51 . 2012-06-27 19:51 104104 ----a-w- f:windowssystem32driversNNSPop3.sys

    2012-06-27 19:51 . 2012-06-27 19:51 93992 ----a-w- f:windowssystem32driversNNSpicc.sys

    2012-06-27 19:51 . 2012-06-27 19:51 28712 ----a-w- f:windowssystem32driversNNSNAHSL.sys

    2012-06-27 19:51 . 2012-06-27 19:51 122664 ----a-w- f:windowssystem32driversNNSIds.sys

    2012-06-27 19:51 . 2012-06-27 19:51 82472 ----a-w- f:windowssystem32driversNNSAlpc.sys

    2012-06-27 19:51 . 2012-06-27 19:51 120744 ----a-w- f:windowssystem32driversNNSHttp.sys

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-07-12 02:21 . 2012-04-04 21:17 426184 ----a-w- f:windowssystem32FlashPlayerApp.exe

    2012-07-12 02:21 . 2011-05-17 13:21 70344 ----a-w- f:windowssystem32FlashPlayerCPLApp.cpl

    2012-07-03 17:46 . 2010-09-30 04:56 22344 ----a-w- f:windowssystem32driversmbam.sys

    2012-05-01 04:44 . 2012-06-18 03:23 164352 ----a-w- f:windowssystem32profsvc.dll

    2012-04-28 03:17 . 2012-06-18 03:28 183808 ----a-w- f:windowssystem32driversrdpwd.sys

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

    "Sidebar"="f:program filesWindows Sidebarsidebar.exe" [2010-11-20 1174016]

    "swg"="f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2010-09-30 39408]

    .

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

    "KEEBOX 150N Wireless Utility"="f:program filesKEEBOX150N Wireless UtilityWlanMon.exe" [2010-07-06 835584]

    "COMODO Internet Security"="f:program filesCOMODOCOMODO Internet Securitycfp.exe" [2012-03-12 6749512]

    "ThreatFire"="f:program filesThreatFireTFTray.exe" [2011-02-22 378128]

    "SonneDVDCreator"="f:program filesMagic Burning StudioDVDCreator.exe" [2010-03-09 16537088]

    "BurnStudio"="f:program filesMagic Burning Studiombs.exe" [2010-02-09 4619264]

    "PSUAMain"="f:program filesPanda SecurityPanda Cloud AntivirusPSUAMain.exe" [2012-07-13 37152]

    .

    f:usersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

    SpywareGuard.lnk - f:program filesSpywareGuardsgmain.exe [2003-8-29 360448]

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    "PromptOnSecureDesktop"= 0 (0x0)

    "EnableLinkedConnections"= 1 (0x1)

    .

    [hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]

    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:program filesSUPERAntiSpywareSASSEH.DLL" [2011-07-19 113024]

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]

    2011-05-04 17:54 551296 ----a-w- f:program filesSUPERAntiSpywareSASWINLO.DLL

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]

    "AppInit_DLLs"=f:windowsSystem32guard32.dll

    .

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]

    @=""

    .

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

    @="Service"

    .

    [HKLM~startupfolderF:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]

    path=f:programdataMicrosoftWindowsStart MenuProgramsStartupSecunia PSI Tray.lnk

    backup=f:windowspssSecunia PSI Tray.lnk.Commonstartup

    backupExtension=.Commonstartup

    .

    [HKLM~startupfolderF:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk]

    path=f:programdataMicrosoftWindowsStart MenuProgramsStartupVirtual Router Manager.lnk

    backup=f:windowspssVirtual Router Manager.lnk.Commonstartup

    backupExtension=.Commonstartup

    .

    [HKLM~startupfolderF:^Users^TTArmstrong^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LvbicEQ.exe]

    backupExtension=.Startup

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM]

    2012-01-03 07:37 843712 ----a-w- f:program filesCommon FilesAdobeARM1.0AdobeARM.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]

    2012-04-04 05:53 35736 ----a-w- f:program filesAdobeReader 10.0Readerreader_sl.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBurnStudio]

    2010-02-09 18:42 4619264 ----a-w- f:program filesMagic Burning Studiombs.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGoogle Update]

    2010-09-30 04:50 136176 ----atw- f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes' Anti-Malware (reboot)]

    2012-07-03 17:46 973488 ----a-w- f:program filesMalwarebytes' Anti-Malwarembam.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBAgent]

    2010-03-26 14:52 1234216 ----a-w- f:program filesNeroNero 10Nero BackItUpNBAgent.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNVHotkey]

    2009-06-16 14:27 92704 ----a-w- f:windowsSystem32nvhotkey.dll

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]

    2009-06-11 02:59 1657376 ----a-w- f:windowsSystem32nwiz.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPAC7302_Monitor]

    2006-11-03 16:01 319488 ----a-w- f:windowsPixartPac7302Monitor.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPDVDDXSrv]

    2009-04-02 22:33 128232 ------w- f:program filesCyberLinkPowerDVD DXPDVDDXSrv.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPeerGuardian]

    2007-06-02 20:59 1457152 ----a-w- f:program filesPeerGuardian2pg2.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSonneDVDCreator]

    2010-03-09 22:16 16537088 ----a-w- f:program filesMagic Burning StudioDVDCreator.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]

    2012-01-18 19:02 254696 ----a-w- f:program filesCommon FilesJavaJava Updatejusched.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]

    2010-09-30 14:10 39408 ----a-w- f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUpdater]

    2011-06-21 14:26 26112 ----a-w- f:usersTTArmstrongAppDataRoamingUpdaterupdateloader.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWZCSLDR2]

    2010-06-21 18:28 122880 ----a-w- f:program filesKEEBOX150N Wireless UtilityWZCSLDR2.exe

    .

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]

    "swg"="f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]

    "PDVDDXSrv"="f:program filesCyberLinkPowerDVD DXPDVDDXSrv.exe"

    "SunJavaUpdateSched"="f:program filesCommon FilesJavaJava Updatejusched.exe"

    "Adobe ARM"="f:program filesCommon FilesAdobeARM1.0AdobeARM.exe"

    "BurnStudio"="f:program filesMagic Burning Studiombs.exe" Hide

    "BCSSync"="f:program filesMicrosoft OfficeOffice14BCSSync.exe" /DelayServices

    "NvCplDaemon"=RUNDLL32.EXE f:windowssystem32NvCpl.dll,NvStartup

    .

    R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;f:windowssystem32DRIVERSNNSNAHSL.sys [x]

    R2 gupdate;Google Update Service (gupdate);f:program filesGoogleUpdateGoogleUpdate.exe [x]

    R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm); [x]

    R3 a2acc;a2acc;f:program filesEMSISOFT ANTI-MALWAREa2accx86.sys [x]

    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;f:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [x]

    R3 CFcatchme;CFcatchme;f:usersTTARMS~1AppDataLocalTempCFcatchme.sys [x]

    R3 cvusbdrv;Dell ControlVault;f:windowssystem32Driverscvusbdrv.sys [x]

    R3 gupdatem;Google Update Service (gupdatem);f:program filesGoogleUpdateGoogleUpdate.exe [x]

    R3 ivusb;Initio Driver for USB Default Controller;f:windowssystem32DRIVERSivusb.sys [x]

    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;f:program filesMicrosoft OfficeOffice14GROOVE.EXE [x]

    R3 MpNWMon;Microsoft Malware Protection Network Driver;f:windowssystem32DRIVERSMpNWMon.sys [x]

    R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;f:windowssystem32DRIVERSnetr28u.sys [x]

    R3 NisDrv;Microsoft Network Inspection System;f:windowssystem32DRIVERSNisDrvWFP.sys [x]

    R3 NisSrv;Microsoft Network Inspection;f:program filesMicrosoft Security ClientAntimalwareNisSrv.exe [x]

    R3 osppsvc;Office Software Protection Platform;f:program filesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [x]

    R3 pcouffin;VSO Software pcouffin;f:windowssystem32Driverspcouffin.sys [x]

    R3 PSI;PSI;f:windowssystem32DRIVERSpsi_mf.sys [x]

    R3 TsUsbFlt;TsUsbFlt;f:windowssystem32driverstsusbflt.sys [x]

    R3 WatAdminSvc;Windows Activation Technologies Service;f:windowssystem32WatWatAdminSvc.exe [x]

    R3 WDC_SAM;WD SCSI Pass Thru driver;f:windowssystem32DRIVERSwdcsam.sys [x]

    R4 NNSPIHSW;NNSPIHSW;f:windowssystem32DRIVERSNNSPihsw.sys [x]

    S0 SmartDefragDriver;SmartDefragDriver;f:windowsSystem32DriversSmartDefragDriver.sys [x]

    S0 TfFsMon;TfFsMon;f:windowssystem32driversTfFsMon.sys [x]

    S0 TfSysMon;TfSysMon;f:windowssystem32driversTfSysMon.sys [x]

    S1 A2DDA;A2 Direct Disk Access Support Driver;f:program filesEmsisoft Anti-Malwarea2ddax86.sys [x]

    S1 anodlwf;ANOD Network Security Filter driver;f:windowssystem32DRIVERSanodlwf.sys [x]

    S1 cmdGuard;COMODO Internet Security Sandbox Driver;f:windowssystem32DRIVERScmdguard.sys [x]

    S1 cmdHlp;COMODO Internet Security Helper Driver;f:windowssystem32DRIVERScmdhlp.sys [x]

    S1 NNSALPC;NNSALPC;f:windowssystem32DRIVERSNNSAlpc.sys [x]

    S1 NNSHTTP;NNSHTTP;f:windowssystem32DRIVERSNNSHttp.sys [x]

    S1 NNSIDS;NNSIDS;f:windowssystem32DRIVERSNNSIds.sys [x]

    S1 NNSPICC;NNSPICC;f:windowssystem32DRIVERSNNSPicc.sys [x]

    S1 NNSPOP3;NNSPOP3;f:windowssystem32DRIVERSNNSPop3.sys [x]

    S1 NNSPROT;NNSPROT;f:windowssystem32DRIVERSNNSProt.sys [x]

    S1 NNSPRV;NNSPRV;f:windowssystem32DRIVERSNNSPrv.sys [x]

    S1 NNSSMTP;NNSSMTP;f:windowssystem32DRIVERSNNSSmtp.sys [x]

    S1 NNSSTRM;NNSSTRM;f:windowssystem32DRIVERSNNSStrm.sys [x]

    S1 NNSTLSC;NNSTLSC;f:windowssystem32DRIVERSNNSTlsc.sys [x]

    S1 PSINKNC;PSINKNC;f:windowssystem32DRIVERSpsinknc.sys [x]

    S1 SASDIFSV;SASDIFSV;f:program filesSUPERAntiSpywareSASDIFSV.SYS [x]

    S1 SASKUTIL;SASKUTIL;f:program filesSUPERAntiSpywareSASKUTIL.SYS [x]

    S1 vwififlt;Virtual WiFi Filter Driver;f:windowssystem32DRIVERSvwififlt.sys [x]

    S2 !SASCORE;SAS Core Service;f:program filesSUPERAntiSpywareSASCORE.EXE [x]

    S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;f:program filesEmsisoft Anti-Malwarea2service.exe [x]

    S2 AdobeARMservice;Adobe Acrobat Update Service;f:program filesCommon FilesAdobeARM1.0armsvc.exe [x]

    S2 Credential Vault Host Control Service;Credential Vault Host Control Service;f:program filesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe [x]

    S2 Credential Vault Host Storage;Credential Vault Host Storage;f:program filesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe [x]

    S2 NanoServiceMain;Panda Cloud Antivirus Service;f:program filesPanda SecurityPanda Cloud AntivirusPSANHost.exe [x]

    S2 NAUpdate;Nero Update;f:program filesNeroUpdateNASvc.exe [x]

    S2 Nonbrand_WUS-N;Nonbrand_WUS-N Service;f:program filesKEEBOX150N Wireless UtilityANIWZCSdS.exe [x]

    S2 Nonbrand_WUS-N_WPS;Nonbrand_WUS-N_WPS Service;f:program filesKEEBOX150N Wireless UtilityANIWConnService.exe [x]

    S2 PSINAflt;PSINAflt;f:windowssystem32DRIVERSPSINAflt.sys [x]

    S2 PSINFile;PSINFile;f:windowssystem32DRIVERSPSINFile.sys [x]

    S2 PSINProc;PSINProc;f:windowssystem32DRIVERSPSINProc.sys [x]

    S2 PSINProt;PSINProt;f:windowssystem32DRIVERSPSINProt.sys [x]

    S2 PSUAService;Panda Product Service;f:program filesPanda SecurityPanda Cloud AntivirusPSUAService.exe [x]

    S2 Secunia PSI Agent;Secunia PSI Agent;f:program filesSecuniaPSIPSIA.exe [x]

    S2 Secunia Update Agent;Secunia Update Agent;f:program filesSecuniaPSIsua.exe [x]

    S2 ThreatFire;ThreatFire;f:program filesThreatFireTFService.exe service [x]

    S3 e1yexpress;Intel® Gigabit Network Connections Driver;f:windowssystem32DRIVERSe1y6232.sys [x]

    S3 PSKMAD;PSKMAD;f:windowssystem32DRIVERSPSKMAD.sys [x]

    S3 TfNetMon;TfNetMon;f:windowssystem32driversTfNetMon.sys [x]

    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;f:windowssystem32DRIVERSvwifimp.sys [x]

    .

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2012-07-26 f:windowsTasksAdobe Flash Player Updater.job

    - f:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-04-04 02:21]

    .

    2012-07-26 f:windowsTasksGoogleUpdateTaskMachineCore.job

    - f:program filesGoogleUpdateGoogleUpdate.exe [2010-09-30 14:10]

    .

    2012-07-25 f:windowsTasksGoogleUpdateTaskMachineUA.job

    - f:program filesGoogleUpdateGoogleUpdate.exe [2010-09-30 14:10]

    .

    2012-07-22 f:windowsTasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001Core.job

    - f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe [2010-09-30 04:50]

    .

    2012-07-26 f:windowsTasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001UA.job

    - f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe [2010-09-30 04:50]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.com/

    IE: E&xport to Microsoft Excel - f:progra~1MICROS~2Office14EXCEL.EXE/3000

    IE: Se&nd to OneNote - f:progra~1MICROS~2Office14ONBttnIE.dll/105

    TCP: DhcpNameServer = 192.168.254.254

    .

    .

    [HKEY_LOCAL_MACHINEsystemControlSet003servicesThreatFire]

    "AlternateImagePath"=""

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_LOCAL_MACHINEsystemControlSet003ControlPCWSecurity]

    @Denied: (Full) (Everyone)

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    .

    - - - - - - - > 'winlogon.exe'(1564)

    f:program filesThreatFireTFWAH.dll

    .

    - - - - - - - > 'lsass.exe'(1360)

    f:windowssystem32guard32.dll

    f:program filesThreatFireTFWAH.dll

    .

    - - - - - - - > 'Explorer.exe'(1580)

    f:windowssystem32guard32.dll

    f:program filesThreatFireTfWah.dll

    f:progra~1MICROS~2Office14GROOVEEX.DLL

    f:progra~1COMMON~1MICROS~1OFFICE14Culturesoffice.odf

    f:windowssystem32MsftEdit.dll

    f:windowssystem32authui.dll

    f:windowssystem32BatMeter.dll

    f:windowssystem32prnfldr.dll

    f:windowssystem32dxp.dll

    f:windowsSystem32netshell.dll

    f:windowssystem32dhcpcsvc.DLL

    f:windowsSystem32srchadmin.dll

    f:windowssystem32dhcpcsvc6.DLL

    f:windowssystem32imapi2.dll

    f:windowssystem32wwanapi.dll

    f:windowsSystem32provsvc.dll

    .

    ------------------------ Other Running Processes ------------------------

    .

    f:windowssystem32nvvsvc.exe

    f:windowssystem32WUDFHost.exe

    f:windowssystem32nvvsvc.exe

    f:program filesThreatFireTFService.exe

    f:windowssystem32taskhost.exe

    f:windowssystem32conhost.exe

    f:?f:windowssystem32wbemWMIADAP.EXE

    f:program filesSpywareGuardsgbhp.exe

    .

    **************************************************************************

    .

    Completion time: 2012-07-26 08:30:54 - machine was rebooted

    ComboFix-quarantined-files.txt 2012-07-26 12:30

    ComboFix2.txt 2012-07-23 00:26

    .

    Pre-Run: 10,893,877,248 bytes free

    Post-Run: 10,502,070,272 bytes free

    .

    - - End Of File - - E2A9FE3C888559099D94DFFAD916E0A3

    Upload was successful


  14. ComboFix 12-07-21.01 - TTArmstrong 07/22/2012 19:52:23.1.2 - x86

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2036.1031 [GMT -4:00]

    Running from: f:usersTTArmstrongDesktopComboFix.exe

    AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}

    FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

    SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

    SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    * Created a new restore point

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    f:usersTTArmstrongAppDataRoamingTTArmstronglog.dat

    f:windows12225517.exe

    f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}@

    f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}[email protected]

    f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}L1afb2d56

    f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}L201d3dde

    f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}[email protected]

    f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}[email protected]

    f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}[email protected]

    f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}[email protected]

    f:windowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}[email protected]

    .

    f:windowssystem32services.exe . . . is infected!!

    .

    Infected copy of f:windowssystem32services.exe was found and disinfected

    Restored copy from - f:windowswinsxsx86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967bservices.exe

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))

    .

    .

    2012-07-23 00:02 . 2012-07-23 00:19 -------- d-----w- f:usersTTArmstrongAppDataLocaltemp

    2012-07-23 00:02 . 2012-07-23 00:02 -------- d-----w- f:usersDefaultAppDataLocaltemp

    2012-07-21 14:41 . 2012-07-21 14:41 114176 ----a-w- f:programdataMicrosoftWindowsDRMD6B1.tmp

    2012-07-21 14:41 . 2012-07-21 14:41 114176 ----a-w- f:programdataMicrosoftWindowsDRMD27B.tmp

    2012-07-18 07:18 . 2012-06-12 02:40 2345984 ----a-w- f:windowssystem32win32k.sys

    2012-07-18 05:55 . 2012-07-18 05:55 43480 ----a-w- f:windowssystem32driversgtqjbadj.sys

    2012-07-18 01:26 . 2012-07-18 01:26 -------- d-----w- F:VritualRoot

    2012-07-18 00:46 . 2012-07-18 05:57 56200 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{2356B655-C2C0-4E58-BB14-9F65886A6888}offreg.dll

    2012-07-18 00:44 . 2012-07-18 00:43 713784 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{13315781-ABDC-4E56-A8C6-AF633331E555}gapaengine.dll

    2012-07-18 00:43 . 2012-06-29 05:44 6891424 ----a-w- f:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{2356B655-C2C0-4E58-BB14-9F65886A6888}mpengine.dll

    2012-07-18 00:13 . 2012-06-02 22:19 53784 ----a-w- f:windowssystem32wuauclt.exe

    2012-07-18 00:13 . 2012-06-02 22:19 45080 ----a-w- f:windowssystem32wups2.dll

    2012-07-18 00:13 . 2012-06-02 22:19 1933848 ----a-w- f:windowssystem32wuaueng.dll

    2012-07-18 00:13 . 2012-06-02 22:12 2422272 ----a-w- f:windowssystem32wucltux.dll

    2012-07-18 00:12 . 2012-06-02 22:19 35864 ----a-w- f:windowssystem32wups.dll

    2012-07-18 00:12 . 2012-06-02 22:19 577048 ----a-w- f:windowssystem32wuapi.dll

    2012-07-18 00:12 . 2012-06-02 22:12 88576 ----a-w- f:windowssystem32wudriver.dll

    2012-07-18 00:12 . 2012-06-02 19:19 171904 ----a-w- f:windowssystem32wuwebv.dll

    2012-07-18 00:12 . 2012-06-02 19:12 33792 ----a-w- f:windowssystem32wuapp.exe

    2012-07-18 00:11 . 2012-07-18 07:17 -------- d-----w- f:program filesMicrosoft Security Client

    2012-07-14 12:45 . 2011-02-22 17:57 69392 ----a-w- f:windowssystem32driversTfSysMon.sys

    2012-07-14 12:45 . 2011-02-22 17:57 33552 ----a-w- f:windowssystem32driversTfNetMon.sys

    2012-07-14 12:45 . 2011-02-22 17:57 51984 ----a-w- f:windowssystem32driversTfFsMon.sys

    2012-07-14 12:45 . 2012-07-21 13:49 -------- d-----w- f:program filesThreatFire

    2012-07-14 12:45 . 2012-07-14 12:45 -------- d-----w- f:programdataPC Tools

    2012-07-13 02:43 . 2012-07-13 02:43 -------- d-----w- f:usersTTArmstrongAppDataRoamingf-secure

    2012-07-13 02:42 . 2012-07-13 02:42 -------- d-----w- f:programdataF-Secure

    2012-07-13 02:23 . 2012-07-13 02:23 14664 ----a-w- f:windowsstinger.sys

    2012-07-13 02:22 . 2012-07-13 02:30 -------- d-----w- f:program filesstinger

    2012-07-11 09:43 . 2012-07-11 09:43 -------- d-----w- f:program filesReal

    2012-07-07 17:28 . 2012-07-07 17:28 -------- d-----w- f:program filesNewAgeDesign

    2012-06-30 20:17 . 2012-05-31 03:41 6762896 ----a-w- f:programdataMicrosoftWindows DefenderDefinition Updates{CD6A007C-8D62-4856-A523-23B49072749B}mpengine.dll

    2012-06-29 17:39 . 2012-07-22 22:25 -------- d-----w- f:program files1ClickDownload

    2012-06-23 22:19 . 2012-06-24 02:13 -------- d-----w- F:My Recordings

    2012-06-23 12:10 . 2012-06-23 12:12 -------- d-----w- f:programdataHP

    2012-06-23 12:10 . 2012-06-23 12:10 -------- d-----w- f:program filesHP

    2012-06-23 12:09 . 2012-06-23 12:09 -------- d-----w- f:usersTTArmstrongAppDataLocalHP

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-07-12 02:21 . 2012-04-04 21:17 426184 ----a-w- f:windowssystem32FlashPlayerApp.exe

    2012-07-12 02:21 . 2011-05-17 13:21 70344 ----a-w- f:windowssystem32FlashPlayerCPLApp.cpl

    2012-07-03 17:46 . 2010-09-30 04:56 22344 ----a-w- f:windowssystem32driversmbam.sys

    2012-05-01 04:44 . 2012-06-18 03:23 164352 ----a-w- f:windowssystem32profsvc.dll

    2012-04-28 03:17 . 2012-06-18 03:28 183808 ----a-w- f:windowssystem32driversrdpwd.sys

    2012-04-26 04:45 . 2012-06-18 03:23 58880 ----a-w- f:windowssystem32rdpwsx.dll

    2012-04-26 04:45 . 2012-06-18 03:23 129536 ----a-w- f:windowssystem32rdpcorekmts.dll

    2012-04-26 04:41 . 2012-06-18 03:23 8192 ----a-w- f:windowssystem32rdrmemptylst.exe

    2012-04-24 04:36 . 2012-06-18 03:23 140288 ----a-w- f:windowssystem32cryptsvc.dll

    2012-04-24 04:36 . 2012-06-18 03:23 1158656 ----a-w- f:windowssystem32crypt32.dll

    2012-04-24 04:36 . 2012-06-18 03:23 103936 ----a-w- f:windowssystem32cryptnet.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

    "Sidebar"="f:program filesWindows Sidebarsidebar.exe" [2010-11-20 1174016]

    "swg"="f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2010-09-30 39408]

    .

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

    "KEEBOX 150N Wireless Utility"="f:program filesKEEBOX150N Wireless UtilityWlanMon.exe" [2010-07-06 835584]

    "COMODO Internet Security"="f:program filesCOMODOCOMODO Internet Securitycfp.exe" [2012-03-12 6749512]

    "PSUNMain"="f:program filesPanda SecurityPanda Cloud AntivirusPSUNMain.exe" [2011-04-28 439616]

    "ThreatFire"="f:program filesThreatFireTFTray.exe" [2011-02-22 378128]

    "SonneDVDCreator"="f:program filesMagic Burning StudioDVDCreator.exe" [2010-03-09 16537088]

    "BurnStudio"="f:program filesMagic Burning Studiombs.exe" [2010-02-09 4619264]

    .

    f:usersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

    SpywareGuard.lnk - f:program filesSpywareGuardsgmain.exe [2003-8-29 360448]

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    "PromptOnSecureDesktop"= 0 (0x0)

    "EnableLinkedConnections"= 1 (0x1)

    .

    [hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]

    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:program filesSUPERAntiSpywareSASSEH.DLL" [2011-07-19 113024]

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]

    2011-05-04 17:54 551296 ----a-w- f:program filesSUPERAntiSpywareSASWINLO.DLL

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]

    "AppInit_DLLs"=f:windowsSystem32guard32.dll

    .

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]

    @=""

    .

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

    @="Service"

    .

    [HKLM~startupfolderF:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]

    path=f:programdataMicrosoftWindowsStart MenuProgramsStartupSecunia PSI Tray.lnk

    backup=f:windowspssSecunia PSI Tray.lnk.Commonstartup

    backupExtension=.Commonstartup

    .

    [HKLM~startupfolderF:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk]

    path=f:programdataMicrosoftWindowsStart MenuProgramsStartupVirtual Router Manager.lnk

    backup=f:windowspssVirtual Router Manager.lnk.Commonstartup

    backupExtension=.Commonstartup

    .

    [HKLM~startupfolderF:^Users^TTArmstrong^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LvbicEQ.exe]

    backupExtension=.Startup

    HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}

    HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM]

    2012-01-03 07:37 843712 ----a-w- f:program filesCommon FilesAdobeARM1.0AdobeARM.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]

    2012-04-04 05:53 35736 ----a-w- f:program filesAdobeReader 10.0Readerreader_sl.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBurnStudio]

    2010-02-09 18:42 4619264 ----a-w- f:program filesMagic Burning Studiombs.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGoogle Update]

    2010-09-30 04:50 136176 ----atw- f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes' Anti-Malware (reboot)]

    2012-07-03 17:46 973488 ----a-w- f:program filesMalwarebytes' Anti-Malwarembam.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBAgent]

    2010-03-26 14:52 1234216 ----a-w- f:program filesNeroNero 10Nero BackItUpNBAgent.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNVHotkey]

    2009-06-16 14:27 92704 ----a-w- f:windowsSystem32nvhotkey.dll

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]

    2009-06-11 02:59 1657376 ----a-w- f:windowsSystem32nwiz.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPAC7302_Monitor]

    2006-11-03 16:01 319488 ----a-w- f:windowsPixartPac7302Monitor.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPDVDDXSrv]

    2009-04-02 22:33 128232 ------w- f:program filesCyberLinkPowerDVD DXPDVDDXSrv.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPeerGuardian]

    2007-06-02 20:59 1457152 ----a-w- f:program filesPeerGuardian2pg2.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSonneDVDCreator]

    2010-03-09 22:16 16537088 ----a-w- f:program filesMagic Burning StudioDVDCreator.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]

    2012-01-18 19:02 254696 ----a-w- f:program filesCommon FilesJavaJava Updatejusched.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]

    2010-09-30 14:10 39408 ----a-w- f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUpdater]

    2011-06-21 14:26 26112 ----a-w- f:usersTTArmstrongAppDataRoamingUpdaterupdateloader.exe

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWZCSLDR2]

    2010-06-21 18:28 122880 ----a-w- f:program filesKEEBOX150N Wireless UtilityWZCSLDR2.exe

    .

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]

    "swg"="f:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]

    "PDVDDXSrv"="f:program filesCyberLinkPowerDVD DXPDVDDXSrv.exe"

    "SunJavaUpdateSched"="f:program filesCommon FilesJavaJava Updatejusched.exe"

    "Adobe ARM"="f:program filesCommon FilesAdobeARM1.0AdobeARM.exe"

    "BurnStudio"="f:program filesMagic Burning Studiombs.exe" Hide

    "BCSSync"="f:program filesMicrosoft OfficeOffice14BCSSync.exe" /DelayServices

    "NvCplDaemon"=RUNDLL32.EXE f:windowssystem32NvCpl.dll,NvStartup

    .

    R1 xeohoein;xeohoein;f:windowssystem32driversxeohoein.sys [x]

    R2 gupdate;Google Update Service (gupdate);f:program filesGoogleUpdateGoogleUpdate.exe [x]

    R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm); [x]

    R3 a2acc;a2acc;f:program filesEMSISOFT ANTI-MALWAREa2accx86.sys [x]

    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;f:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [x]

    R3 cvusbdrv;Dell ControlVault;f:windowssystem32Driverscvusbdrv.sys [x]

    R3 gupdatem;Google Update Service (gupdatem);f:program filesGoogleUpdateGoogleUpdate.exe [x]

    R3 ivusb;Initio Driver for USB Default Controller;f:windowssystem32DRIVERSivusb.sys [x]

    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;f:program filesMicrosoft OfficeOffice14GROOVE.EXE [x]

    R3 MpNWMon;Microsoft Malware Protection Network Driver;f:windowssystem32DRIVERSMpNWMon.sys [x]

    R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;f:windowssystem32DRIVERSnetr28u.sys [x]

    R3 NisDrv;Microsoft Network Inspection System;f:windowssystem32DRIVERSNisDrvWFP.sys [x]

    R3 NisSrv;Microsoft Network Inspection;f:program filesMicrosoft Security ClientAntimalwareNisSrv.exe [x]

    R3 osppsvc;Office Software Protection Platform;f:program filesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [x]

    R3 pcouffin;VSO Software pcouffin;f:windowssystem32Driverspcouffin.sys [x]

    R3 TsUsbFlt;TsUsbFlt;f:windowssystem32driverstsusbflt.sys [x]

    R3 WatAdminSvc;Windows Activation Technologies Service;f:windowssystem32WatWatAdminSvc.exe [x]

    R3 WDC_SAM;WD SCSI Pass Thru driver;f:windowssystem32DRIVERSwdcsam.sys [x]

    S0 SmartDefragDriver;SmartDefragDriver;f:windowsSystem32DriversSmartDefragDriver.sys [x]

    S0 TfFsMon;TfFsMon;f:windowssystem32driversTfFsMon.sys [x]

    S0 TfSysMon;TfSysMon;f:windowssystem32driversTfSysMon.sys [x]

    S1 A2DDA;A2 Direct Disk Access Support Driver;f:program filesEmsisoft Anti-Malwarea2ddax86.sys [x]

    S1 anodlwf;ANOD Network Security Filter driver;f:windowssystem32DRIVERSanodlwf.sys [x]

    S1 cmdGuard;COMODO Internet Security Sandbox Driver;f:windowssystem32DRIVERScmdguard.sys [x]

    S1 cmdHlp;COMODO Internet Security Helper Driver;f:windowssystem32DRIVERScmdhlp.sys [x]

    S1 PSINKNC;PSINKNC;f:windowssystem32DRIVERSpsinknc.sys [x]

    S1 SASDIFSV;SASDIFSV;f:program filesSUPERAntiSpywareSASDIFSV.SYS [x]

    S1 SASKUTIL;SASKUTIL;f:program filesSUPERAntiSpywareSASKUTIL.SYS [x]

    S1 vwififlt;Virtual WiFi Filter Driver;f:windowssystem32DRIVERSvwififlt.sys [x]

    S2 !SASCORE;SAS Core Service;f:program filesSUPERAntiSpywareSASCORE.EXE [x]

    S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;f:program filesEmsisoft Anti-Malwarea2service.exe [x]

    S2 AdobeARMservice;Adobe Acrobat Update Service;f:program filesCommon FilesAdobeARM1.0armsvc.exe [x]

    S2 Credential Vault Host Control Service;Credential Vault Host Control Service;f:program filesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe [x]

    S2 Credential Vault Host Storage;Credential Vault Host Storage;f:program filesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe [x]

    S2 NanoServiceMain;Panda Cloud Antivirus Service;f:program filesPanda SecurityPanda Cloud AntivirusPSANHost.exe [x]

    S2 NAUpdate;Nero Update;f:program filesNeroUpdateNASvc.exe [x]

    S2 Nonbrand_WUS-N;Nonbrand_WUS-N Service;f:program filesKEEBOX150N Wireless UtilityANIWZCSdS.exe [x]

    S2 Nonbrand_WUS-N_WPS;Nonbrand_WUS-N_WPS Service;f:program filesKEEBOX150N Wireless UtilityANIWConnService.exe [x]

    S2 PSINAflt;PSINAflt;f:windowssystem32DRIVERSPSINAflt.sys [x]

    S2 PSINFile;PSINFile;f:windowssystem32DRIVERSPSINFile.sys [x]

    S2 PSINProc;PSINProc;f:windowssystem32DRIVERSPSINProc.sys [x]

    S2 PSINProt;PSINProt;f:windowssystem32DRIVERSPSINProt.sys [x]

    S2 Secunia PSI Agent;Secunia PSI Agent;f:program filesSecuniaPSIPSIA.exe [x]

    S2 Secunia Update Agent;Secunia Update Agent;f:program filesSecuniaPSIsua.exe [x]

    S2 ThreatFire;ThreatFire;f:program filesThreatFireTFService.exe service [x]

    S3 e1yexpress;Intel® Gigabit Network Connections Driver;f:windowssystem32DRIVERSe1y6232.sys [x]

    S3 PSI;PSI;f:windowssystem32DRIVERSpsi_mf.sys [x]

    S3 TfNetMon;TfNetMon;f:windowssystem32driversTfNetMon.sys [x]

    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;f:windowssystem32DRIVERSvwifimp.sys [x]

    .

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2012-07-23 f:windowsTasksAdobe Flash Player Updater.job

    - f:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-04-04 02:21]

    .

    2012-07-23 f:windowsTasksGoogleUpdateTaskMachineCore.job

    - f:program filesGoogleUpdateGoogleUpdate.exe [2010-09-30 14:10]

    .

    2012-07-22 f:windowsTasksGoogleUpdateTaskMachineUA.job

    - f:program filesGoogleUpdateGoogleUpdate.exe [2010-09-30 14:10]

    .

    2012-07-22 f:windowsTasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001Core.job

    - f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe [2010-09-30 04:50]

    .

    2012-07-23 f:windowsTasksGoogleUpdateTaskUserS-1-5-21-3547660631-2530300967-2076403988-1001UA.job

    - f:usersTTArmstrongAppDataLocalGoogleUpdateGoogleUpdate.exe [2010-09-30 04:50]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.com/

    IE: E&xport to Microsoft Excel - f:progra~1MICROS~2Office14EXCEL.EXE/3000

    IE: Se&nd to OneNote - f:progra~1MICROS~2Office14ONBttnIE.dll/105

    TCP: DhcpNameServer = 192.168.254.254

    .

    - - - - ORPHANS REMOVED - - - -

    .

    URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

    MSConfigStartUp-MSC - f:program filesMicrosoft Security Clientmsseces.exe

    MSConfigStartUp-Nero Serial KeyGen - (no file)

    .

    .

    .

    [HKEY_LOCAL_MACHINEsystemControlSet003servicesThreatFire]

    "AlternateImagePath"=""

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_LOCAL_MACHINEsystemControlSet003ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINEsystemControlSet003ControlPCWSecurity]

    @Denied: (Full) (Everyone)

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    .

    - - - - - - - > 'winlogon.exe'(904)

    f:program filesThreatFireTFWAH.dll

    .

    - - - - - - - > 'lsass.exe'(688)

    f:windowssystem32guard32.dll

    f:program filesThreatFireTFWAH.dll

    .

    - - - - - - - > 'Explorer.exe'(4044)

    f:windowssystem32guard32.dll

    f:program filesThreatFireTfWah.dll

    f:progra~1MICROS~2Office14GROOVEEX.DLL

    f:windowsSystem32gameux.dll

    f:windowssystem32MsftEdit.dll

    f:windowssystem32authui.dll

    f:windowssystem32msutb.dll

    f:windowssystem32prnfldr.dll

    f:windowssystem32dxp.dll

    f:windowsSystem32netshell.dll

    f:windowssystem32PortableDeviceTypes.dll

    f:windowsSystem32QUtil.dll

    f:windowsSystem32srchadmin.dll

    f:windowssystem32wwanapi.dll

    f:windowsSystem32QAgent.dll

    f:windowssystem32imapi2.dll

    .

    ------------------------ Other Running Processes ------------------------

    .

    f:windowssystem32nvvsvc.exe

    f:windowssystem32WUDFHost.exe

    f:windowssystem32nvvsvc.exe

    f:program filesThreatFireTFService.exe

    f:windowssystem32taskhost.exe

    f:windowssystem32conhost.exe

    f:program filesSpywareGuardsgbhp.exe

    .

    **************************************************************************

    .

    Completion time: 2012-07-22 20:26:41 - machine was rebooted

    ComboFix-quarantined-files.txt 2012-07-23 00:26

    .

    Pre-Run: 11,211,698,176 bytes free

    Post-Run: 10,949,455,872 bytes free

    .

    - - End Of File - - 059893AB569B0923BCD10F60BF72D018

×
×
  • Create New...