Author Topic: Kaspersky TDSS Killer detects file safeboot.sys (Read 52116 times)

hey101 · « **on:** February 26, 2012, 08:58:26 PM »

Hey I ran tdss killer the other day. My computer was running incredibly slow and taking forever for explorer to run. It happened all the time so I ran a skan with kaspersky and tdss killer. TDSS Killer found a locked file called safeboot.sys located at C:\WINDOWS\system32\drivers\SafeBoot.sys

I have no idea if that is a bad thing or not. If I try to remove it from tdss killer, after a reboot my computer bluescreens in normal mode and in safemode. The only way to fix it is by using the last known good configuration. Then it works fine but tdss killer will find it again.

Malwarebytes log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.26.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mark :: CA999-VXTK68-01 [administrator]

2/26/2012 11:39:20 AM
mbam-log-2012-02-26 (11-39-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 366012
Time elapsed: 18 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

hey101 · « **Reply #1 on:** February 26, 2012, 09:00:19 PM »

Superantispyware:
Fyi it detected many items belonging to an app i have been creating and working on for awhile. it was do to using a portable vb6 version. I switched to a licensed vb6 version but have not recompiled all of the items so they are detected. It is a false positive. If not then it was a long time ago and I have done nothing since then to them,

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/26/2012 at 07:08 PM

Application Version : 5.0.1144

Core Rules Database Version : 8279
Trace Rules Database Version: 6091

Scan type : Complete Scan
Total Scan Time : 06:51:04

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 796
Memory threats detected : 0
Registry items scanned : 42034
Registry threats detected : 0
File items scanned : 1270813
File threats detected : 147

Trojan.Agent/Gen-Alient
   D:\PROFILES\MARK\DESKTOP\DESKTOP\LIT\BETA DOWNLOAD\PROJECT1.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\LIT\PROJECT1.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\LIT\TEST\PROJECT1.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\LIT\TEST THEME\PROJECT1.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\LIT\WIPE REG AND FORMAT\PROJECT1.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\REGISTER-HWID\GENKEY\GENKEY.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\GUI\ADMIN PANEL5.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\GUI\ADMIN PANEL6.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\GUI\COMPLETE\ADMIN PANEL5.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\OFFICE_20020242310102006\SK07.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\PICTURE\PROJECT1.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\RECEIVING\PROJECT5.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\RECEIVING\PROJECT6.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\RECEIVING\PROJECT7.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\RECEIVING\PROJECT8.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\RECEIVING\PROJECT9.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\RIBBON_20020383512192006\SK07.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\REGISTER-HWID\GENKEY\GENKEY.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\GUI\ADMIN PANEL5.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\GUI\ADMIN PANEL6.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\GUI\COMPLETE\ADMIN PANEL5.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\OFFICE_20020242310102006\SK07.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\PICTURE\PROJECT1.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\RECEIVING\PROJECT5.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\RECEIVING\PROJECT6.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\RECEIVING\PROJECT7.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\RECEIVING\PROJECT8.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\RECEIVING\PROJECT9.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\RIBBON_20020383512192006\SK07.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\PARTY\DONT RUN.EXE2
   D:\PROFILES\MARK\DESKTOP\DESKTOP\PROJECT\FOLDER SECURE.EXE
   D:\PROFILES\VXTK68\DESKTOP\LIT\BETA DOWNLOAD\PROJECT1.EXE
   D:\PROFILES\VXTK68\DESKTOP\LIT\PROJECT1.EXE
   D:\PROFILES\VXTK68\DESKTOP\LIT\TEST\PROJECT1.EXE
   D:\PROFILES\VXTK68\DESKTOP\LIT\TEST THEME\PROJECT1.EXE
   D:\PROFILES\VXTK68\DESKTOP\LIT\WIPE REG AND FORMAT\PROJECT1.EXE
   D:\PROFILES\VXTK68\DESKTOP\PARTY\DONT RUN.EXE2
   D:\PROFILES\VXTK68\DESKTOP\REMOTE CMD.EXE

Trojan.IRCBot/Dropper-Gen
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\IDLE\IDLEDEMO.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\IDLE\IDLEDEMO.EXE

Trojan.Agent/Gen-Cryptor[Egun]
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\POP3\AX_POP3_COMPLETE\VBPPOP3TEST.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\POP3\AX_POP3_EXEC\VBPPOP3TEST.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\POP3\AX_POP3_TEST\VBPPOP3TEST.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\RECEIVING\PROJECT1.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\RECEIVING\PROJECT2.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\RECEIVING\PROJECT3.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\RECEIVING\PROJECT4.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\POP3\AX_POP3_COMPLETE\VBPPOP3TEST.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\POP3\AX_POP3_EXEC\VBPPOP3TEST.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\POP3\AX_POP3_TEST\VBPPOP3TEST.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\RECEIVING\PROJECT1.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\RECEIVING\PROJECT2.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\RECEIVING\PROJECT3.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\RECEIVING\PROJECT4.EXE
   D:\PROFILES\VXTK68\DESKTOP\LIT\WIPE REG AND FORMAT\DONT RUN UNDER ANY CIRCUMSTANCE.EXE
   D:\PROFILES\VXTK68\DESKTOP\LIT\WIPE REG AND FORMAT\DONT RUN UNDER ANY CIRCUMSTANCESDFSDFSDFSDF.EXE

Trojan.Agent/Gen-FraudPack
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\RECEIVING\APPS\BSOD.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\RECEIVING\APPS\CD CLOSE.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\RECEIVING\APPS\CD OPEN.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\RECEIVING\APPS\LOG OFF.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\RECEIVING\APPS\MONITOR OFF ON.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\RECEIVING\APPS\MONITOR ON.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\RECEIVING\APPS\SCREENSAVER.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\RECEIVING\APPS\BSOD.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\RECEIVING\APPS\CD CLOSE.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\RECEIVING\APPS\CD OPEN.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\RECEIVING\APPS\LOG OFF.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\RECEIVING\APPS\MONITOR OFF ON.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\RECEIVING\APPS\MONITOR ON.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\RECEIVING\APPS\SCREENSAVER.EXE

Trojan.Agent/Gen-FakeAlert
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\RECEIVING\APPS\MONITOR OFF.EXE
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\RECEIVING\APPS\MONITOR OFF.EXE

NotHarmful.Sysinternals Bluescreen Screen Saver
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL\SMS APP\RECEIVING\APPS\SYSINTERNALSBLUESCREEN.SCR
   D:\PROFILES\MARK\DESKTOP\DESKTOP\MAIL2\SMS APP\RECEIVING\APPS\SYSINTERNALSBLUESCREEN.SCR

Adware.Tracking Cookie
   www.burstnet.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .atdmt.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .atdmt.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .advertising.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .kaspersky.122.2o7.net [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   ad.yieldmanager.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .imrworldwide.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .imrworldwide.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .doubleclick.net [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .doubleclick.net [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   *Blocked Russian URL* [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   counter.cnw.cz [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   counter.cnw.cz [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .toplist.cz [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   counter.cnw.cz [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   s09.flagcounter.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .invitemedia.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .media6degrees.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .media6degrees.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .media6degrees.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .media6degrees.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .apmebf.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .mediaplex.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .mediaplex.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .collective-media.net [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .collective-media.net [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .collective-media.net [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .collective-media.net [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .collective-media.net [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .collective-media.net [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .invitemedia.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .yieldmanager.net [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   ad.yieldmanager.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   ad.yieldmanager.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   ad.yieldmanager.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   ad.yieldmanager.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .invitemedia.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .invitemedia.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .invitemedia.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .invitemedia.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .invitemedia.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .invitemedia.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   accounts.youtube.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   accounts.google.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   accounts.google.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .advertising.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .advertising.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .advertising.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .fastclick.net [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .specificclick.net [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .revsci.net [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .interclick.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .interclick.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .invitemedia.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .fastclick.net [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .tribalfusion.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   ad.yieldmanager.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   ad.yieldmanager.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .interclick.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .www.burstnet.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .burstnet.com [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .liveperson.net [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .liveperson.net [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   server.iad.liveperson.net [ D:\PROFILES\MARK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   D:\PROFILES\VXTK68\COOKIES\VXTK68@ATDMT[1].TXT [ /ATDMT ]
   D:\PROFILES\VXTK68\COOKIES\VXTK68@FASTCLICK[2].TXT [ /FASTCLICK ]
   D:\PROFILES\VXTK68\COOKIES\[email protected][1].TXT [ /MICROSOFTWLSEARCHCRM.112.2O7 ]
   D:\PROFILES\VXTK68\COOKIES\[email protected][2].TXT [ /WWW.CXTRACK ]

Trojan.Agent/Gen
   D:\PROGRAM FILES\E-ON SOFTWARE\VUE 8.5 XSTREAM\PLUGINS\DISPLAY\V7OGLADAPTER.EON

NotAThreat.EICAR[TestFile]
   D:\PROGRAM FILES\RAPID7\FRAMEWORK\MSF3\DATA\.SVN\TEXT-BASE\EICAR.COM.SVN-BASE

Trojan.Agent/Gen-UsrMgr
   D:\PROGRAM FILES\RAPID7\FRAMEWORK\MSF3\DATA\CPUINFO\.SVN\TEXT-BASE\CPUINFO.EXE.SVN-BASE

Trojan.Agent/Gen-Farfli
   C:\PROGRAM FILES\WINRAR\ZIP.SFX

Trojan.Agent/Gen-Krpytik
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{15210BD2-C7F8-4EEB-8097-8D74A4DBE2E2}\RP706\A0371533.EXE

hey101 · « **Reply #2 on:** February 26, 2012, 09:00:47 PM »

dds.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.1
Run by Mark at 22:45:21 on 2012-02-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3067.1432 [GMT -5:00]
.
AV: ISS Proventia 9.0.226.2212 *Enabled/Outdated* {137EA0D9-9C16-4D8D-AF04-E70936C88A36}
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ISS Proventia 9.0.226.2084 *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\System32\svchost.exe -k Bioscrypt
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\agrsmsvc.exe
D:\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
D:\PROGRA~1\Rapid7\FRAMEW~1\POSTGR~1\bin\pg_ctl.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
D:\xampp\mysql\bin\mysqld.exe
D:\PROGRA~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\OpenSSH\bin\cygrunsrv.exe
C:\Program Files\M-Audio\Oxygen\AudioDevMon.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
D:\PROGRA~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
D:\Program Files\OpenSSH\usr\sbin\sshd.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
D:\PROGRA~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe
D:\PROGRA~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
D:\PROGRA~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
D:\PROGRA~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe
D:\Program Files\VMware\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
D:\xampp\apache\bin\httpd.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtblfs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRAM FILES\MICROSOFT LIFECAM\LIFEEXP.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = 192.168.2.106:8080
uInternet Settings,ProxyOverride = *.mot.com;*.gi.com;HELP-MOTOROLA.AMER.CSC.COM;SHSH-NXS01.AMER.CSC.COM;*.local;<local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - d:\program files\adobe\cs5\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: GetDislike: {3543619c-d563-43f7-95ea-4da7e1cc396a} - c:\program files\getdislike\ie\getdislike.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - d:\program files\adobe\cs5\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: Zend Studio: {95188727-288f-4581-a48d-eab3bd027314} - d:\progra~1\zend\zendst~1.0\toolbars\ZENDIE~1.DLL
TB: SynchronEyes: {8e1233b3-485a-4e51-b77e-9e075a68c588} - d:\program files\synchroneyes teacher 7.0\SEyesIeToolbar.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.Exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTASK.EXE" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
dRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe"
dRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: GreyMSIAds = 1 (0x1)
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
mPolicies-system: LogonType = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: Zend Studio - Debug current page - d:\program files\zend\zend studio - 8.0.0\toolbars\ZendIEToolbar.dll/DebugCurrent.html
IE: Zend Studio - Debug next page - d:\program files\zend\zend studio - 8.0.0\toolbars\ZendIEToolbar.dll/DebugNext.html
IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - d:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll
LSP: bmnet.dll
LSP: d:\program files\vmware\vsocklib.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1294847411937
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect114a.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://access.motorola.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://access.motorola.com/dana-cached/sc/JuniperSetupClient.cab
TCP: Interfaces\{96DA9AD1-B25D-4E60-9696-382225CFA6E7} : NameServer = 207.69.188.187,207.69.188.186
TCP: Interfaces\{DBA2BD3B-DD27-48D0-B1A8-D01EFD66A9B9} : NameServer = 207.69.188.187,207.69.188.186
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: ackpbsc - c:\program files\actividentity\activclient\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll
AppInit_DLLs: c:\progra~1\hewlet~1\iam\bin\APSHook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - "c:\program files\microsoft office communicator\MotIM-default.EXE" /s
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {BAFC1927-A731-4c34-829B-47EE05ADD199} - "c:\windows\regedit.exe" /s "c:\windows\mot-wmp9.reg"
mASetup: {C10BF3A1-3FEC-4a94-AAAF-9D6A4B522F63} - "c:\program files\winzip\wzusr90.exe" /NOICON /NOTRAY
mASetup: >{Z999999-999-9999-9999-MOT-LM_Console-2007} - "c:\ntutils\Remove_StandaloneConsole_2007.exe" /q
mASetup: >{Z99999999-999-9999-9999-CSC-IEPROXY} - c:\ntutils\ie_proxy_update\runpack.exe /reinstall /bypasschk
mASetup: >{Z99999999-999-9999-9999-MOT-2K3} - c:\windows\2k3_USR.EXE
Hosts: 13.13.13.13 playlist.com
Hosts: 13.13.13.13 www.playlist.com
Hosts: 13.13.13.13 cdn1-79.projectplaylist.com
Hosts: 13.13.13.13 www.cdn1-79.projectplaylist.com
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\profiles\mark\application data\mozilla\firefox\profiles\prtpgzvs.default\
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 DSFKSVCS;Kernel Services for DSF;c:\windows\system32\drivers\dsfksvcs.sys [2010-2-8 479992]
R0 dsfroot;root enumerated bus driver;c:\windows\system32\drivers\dsfroot.sys [2010-2-8 31608]
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2009-7-29 109216]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2009-7-29 51408]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2009-7-29 12960]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
R1 DhaHelper;DhaHelper;c:\windows\system32\drivers\dhahelper.sys [2010-8-21 7168]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-9-1 565552]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2009-7-29 12528]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
R2 Apache2.2;Apache2.2;d:\xampp\apache\bin\httpd.exe [2010-10-17 20549]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Bioscrypt [2008-11-12 14336]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2011-4-27 57344]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-7-29 1201400]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe [2011-4-24 202296]
R2 frameworkPostgreSQL;frameworkPostgreSQL;D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/bin/pg_ctl.exe runservice -N "frameworkPostgreSQL" -D "D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/data" --> D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/bin/pg_ctl.exe runservice -N frameworkPostgreSQL [?]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2009-8-7 45056]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2009-7-29 256544]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 OpenSSHd;OpenSSH Server;d:\program files\openssh\bin\cygrunsrv.exe [2004-4-18 36864]
R2 OxygenAudioDevMon;Oxygen Audio Device Monitor;c:\program files\m-audio\oxygen\AudioDevMon.exe [2010-3-4 1632776]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2011-12-14 3027840]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2011-10-20 2058776]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-9-21 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-9-21 539184]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-6-12 482176]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-2-20 227896]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-11-12 239760]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-11-12 44800]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-2-26 40776]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2009-2-20 47616]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-10-17 124648]
R3 smrtdrv;SMART Technologies Inc. Mirror Driver;c:\windows\system32\drivers\smrtdrv.sys [2004-4-22 2432]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-11-12 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9aca7f83fdf82;Google Update Service (gupdate1c9aca7f83fdf82);c:\program files\google\update\GoogleUpdate.exe [2009-3-24 133104]
S2 XAMPP;XAMPP Service;d:\xampp\service.exe [2007-12-20 60928]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2008-11-21 113152]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-2-18 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-2-8 59648]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-24 133104]
S3 HackerDefenderDrv084;HackerDefenderDrv084;\??\d:\profiles\vxtk68\my documents\downloads\hxdef084\hxdefdrv.sys --> d:\profiles\vxtk68\my documents\downloads\hxdef084\hxdefdrv.sys [?]
S3 HRMACPI;DSF ACPI Redirection Module;c:\windows\system32\drivers\hrmacpi.sys --> c:\windows\system32\drivers\HRMACPI.SYS [?]
S3 HRMCFGSPC;DSF General Configuration Space Redirection Module;c:\windows\system32\drivers\hrmcfgspc.sys [2010-2-8 92664]
S3 HRMINTS;DSF Interrupt Redirection Module;c:\windows\system32\drivers\hrmints.sys [2010-2-8 89976]
S3 HRMPORTS;DSF IO Port Redirection Module;c:\windows\system32\drivers\hrmports.sys [2010-2-8 103160]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2010-8-21 28160]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-7-22 42112]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-9-16 30576]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-6-10 18432]
S3 OXYGEN;Service for M-Audio Oxygen;c:\windows\system32\drivers\MAudioOxygen.sys [2011-1-12 112136]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S3 PL-40R;CASIO USB MIDI;c:\windows\system32\drivers\pl40rwdm.sys [2005-1-6 18048]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\porttalk.sys --> c:\windows\system32\drivers\PortTalk.sys [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-8 1112560]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-1-20 816672]
S3 SOFTHIDUSBK;USB HID Layer;c:\windows\system32\drivers\softhidusbk.sys --> c:\windows\system32\drivers\SOFTHIDUSBK.SYS [?]
S3 SOFTUSBK;Generic USB device;c:\windows\system32\drivers\softusbk.sys --> c:\windows\system32\drivers\SOFTUSBK.SYS [?]
S3 SOFTUSBTESTHUB;Generic USB Test Hub;c:\windows\system32\drivers\softusbtesthub.sys --> c:\windows\system32\drivers\SOFTUSBTESTHUB.SYS [?]
S3 SOFTWADP;Wireless adapter devices;c:\windows\system32\drivers\softwadp.sys --> c:\windows\system32\drivers\SOFTWADP.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2011-1-8 25088]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-11-12 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSOFTUSBK;Generic wireless USB device;c:\windows\system32\drivers\wsoftusbk.sys --> c:\windows\system32\drivers\WSOFTUSBK.SYS [?]
S4 AcuWVSSchedulerv6;Acunetix WVS Scheduler v6;c:\program files\acunetix\web vulnerability scanner 6\WVSScheduler.exe [2010-3-3 671368]
.
=============== Created Last 30 ================
.
2074-05-07 23:38:48   203576   ------w-   c:\program files\microsoft games\age of empires iii\autopatcher2.exe
2012-02-27 03:41:46   40776   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-22 07:07:29   98992   ----a-w-   c:\windows\system32\drivers\95999153.sys
2012-02-22 06:18:46   --------   d-sha-r-   C:\cmdcons
2012-02-22 06:15:38   98816   ----a-w-   c:\windows\sed.exe
2012-02-22 06:15:38   518144   ----a-w-   c:\windows\SWREG.exe
2012-02-22 06:15:38   256000   ----a-w-   c:\windows\PEV.exe
2012-02-22 06:15:38   208896   ----a-w-   c:\windows\MBR.exe
2012-02-18 02:56:58   --------   d-----w-   c:\program files\FastCopy
2012-02-17 02:54:17   --------   d-----w-   d:\profiles\all users\application data\Malwarebytes
2012-02-17 02:54:16   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-02-17 02:54:16   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-02-17 02:44:44   --------   d-----w-   d:\profiles\mark\application data\SUPERAntiSpyware.com
2012-02-17 02:42:16   --------   d-----w-   d:\profiles\all users\application data\SUPERAntiSpyware.com
2012-02-17 02:42:16   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-02-16 22:02:44   98992   ----a-w-   c:\windows\system32\drivers\95463149.sys
2012-02-16 22:02:44   --------   d-----w-   C:\TDSSKiller_Quarantine
2012-02-15 17:30:04   --------   d-----w-   d:\profiles\mark\application data\Hardcore
2012-02-05 21:31:22   973632   ----a-w-   c:\windows\system32\nvdispco3220155.dll
2012-02-04 06:01:15   --------   d-----w-   c:\program files\SyncToy 2.1
.
==================== Find3M ====================
.
2012-02-23 20:38:20   140496   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2012-02-23 20:38:15   280736   ----a-w-   c:\windows\system32\PnkBstrB.xtr
2012-02-23 20:38:15   280736   ----a-w-   c:\windows\system32\PnkBstrB.exe
2012-02-19 14:20:14   75136   ----a-w-   c:\windows\system32\PnkBstrA.exe
2012-02-19 14:19:55   280736   ----a-w-   c:\windows\system32\PnkBstrB.ex0
2012-02-19 07:16:06   138056   ----a-w-   d:\profiles\mark\application data\PnkBstrK.sys
2012-02-19 07:15:39   2434856   ----a-w-   c:\windows\system32\pbsvc_bc2.exe
2012-02-05 21:31:50   278420   ----a-w-   c:\windows\system32\nvdrsdb1.bin
2012-02-05 21:31:50   1   ----a-w-   c:\windows\system32\nvdrssel.bin
2012-02-05 21:31:48   278420   ----a-w-   c:\windows\system32\nvdrsdb0.bin
2011-12-29 18:00:00   79360   ----a-w-   c:\windows\system32\ff_vfw.dll
2011-12-21 18:14:02   151552   ----a-w-   c:\windows\system32\ac3acm.acm
2011-12-17 14:23:38   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-11 04:58:00   877376   ----a-w-   c:\windows\system32\nvgenco3220103.dll
2011-12-11 04:58:00   61440   ----a-w-   c:\windows\system32\OpenCL.dll
2011-12-11 04:58:00   5332992   ----a-w-   c:\windows\system32\nvcuda.dll
2011-12-11 04:58:00   4205056   ----a-w-   c:\windows\system32\nv4_disp.dll
2011-12-11 04:58:00   2811200   ----a-w-   c:\windows\system32\nvcuvid.dll
2011-12-11 04:58:00   2335232   ----a-w-   c:\windows\system32\nvapi.dll
2011-12-11 04:58:00   2084672   ----a-w-   c:\windows\system32\nvcuvenc.dll
2011-12-11 04:58:00   16076800   ----a-w-   c:\windows\system32\nvoglnt.dll
2011-12-11 04:58:00   13004800   ----a-w-   c:\windows\system32\nvcompiler.dll
2011-12-11 04:58:00   12836544   ----a-w-   c:\windows\system32\drivers\nv4_mini.sys
2011-12-11 03:46:08   249856   ----a-w-   c:\windows\system32\nvrseng.dll
2011-12-11 03:46:07   253952   ----a-w-   c:\windows\system32\nvrsth.dll
2011-12-11 03:46:03   282624   ----a-w-   c:\windows\system32\nvrsel.dll
2011-12-11 03:46:03   274432   ----a-w-   c:\windows\system32\nvrsesm.dll
2011-12-11 03:46:03   126976   ----a-w-   c:\windows\system32\nvrszht.dll
2011-12-11 03:46:00   331776   ----a-w-   c:\windows\system32\nvrshe.dll
2011-12-11 03:46:00   253952   ----a-w-   c:\windows\system32\nvrsda.dll
2011-12-11 03:46:00   249856   ----a-w-   c:\windows\system32\nvrsfi.dll
2011-12-11 03:38:59   112960   ----a-w-   c:\windows\system32\nvmctray.dll
2011-12-11 03:38:58   13900096   ----a-w-   c:\windows\system32\nvcpl.dll
2011-12-11 03:38:48   156480   ----a-w-   c:\windows\system32\nvsvc32.exe
2011-12-11 03:38:47   146752   ----a-w-   c:\windows\system32\nvcolor.exe
2011-12-11 03:38:46   54272   ----a-w-   c:\windows\system32\nvwddi.dll
2011-12-11 03:38:45   545088   ----a-w-   c:\windows\system32\easyupdatusapiu.dll
.
============= FINISH: 22:47:06.56 ===============

hey101 · « **Reply #3 on:** February 26, 2012, 09:01:18 PM »

attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/20/2009 2:00:41 PM
System Uptime: 2/26/2012 10:35:47 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 30E7
Processor: Intel Pentium III Xeon processor | Intel(R) Genuine processor | 2527/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 40 GiB total, 4.485 GiB free.
D: is FIXED (NTFS) - 193 GiB total, 5.659 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth LAN Access Server Driver
Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Manufacturer: Broadcom
Name: Bluetooth LAN Access Server Driver
PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Service: BTWDNDIS
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro L7500
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro L7500
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Eacfilt Miniport
Device ID: ROOT\NT_EACFILTMP\0010
Manufacturer: Nortel Networks
Name: Eacfilt Miniport #11
PNP Device ID: ROOT\NT_EACFILTMP\0010
Service: Eacfilt
.
Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro L7500
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Officejet Pro L7500
PNP Device ID: ROOT\PRINTER\0000
Service:
.
==== System Restore Points ===================
.
RP693: 2/5/2012 3:56:07 PM - System Checkpoint
RP694: 2/6/2012 4:42:22 PM - System Checkpoint
RP695: 2/7/2012 4:46:57 PM - System Checkpoint
RP696: 2/8/2012 5:46:53 PM - System Checkpoint
RP697: 2/9/2012 6:46:50 PM - System Checkpoint
RP698: 2/10/2012 7:46:57 PM - System Checkpoint
RP699: 2/14/2012 11:41:46 PM - System Checkpoint
RP700: 2/16/2012 3:16:31 PM - System Checkpoint
RP701: 2/17/2012 11:10:29 PM - System Checkpoint
RP702: 2/18/2012 11:09:46 PM - Removed Battlefield: Bad Company™ 2
RP703: 2/19/2012 12:05:01 AM - Removed Microsoft Visual C++ 2005 Redistributable - KB2467175
RP704: 2/19/2012 12:10:04 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP705: 2/19/2012 12:11:30 AM - Installed Battlefield Bad Company 2
RP706: 2/20/2012 6:14:04 PM - System Checkpoint
RP707: 2/21/2012 10:32:21 PM - System Checkpoint
RP708: 2/26/2012 12:42:30 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
µTorrent
3.4.0.9271.1
32 Bit HP CIO Components Installer
Acrobat.com
ActivClient x86
Active@ Boot Disk
Acunetix Web Vulnerability Scanner 6.5
Adobe Acrobat 9 Pro
Adobe Acrobat 9.5.0 - CPSID_83708
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe Creative Suite 5 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader Extended Language Support Font Pack
Adobe Reader X (10.1.2)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIO_Scan
Algebrator 5.0
Alien Skin Image Doctor 2
All To PDF
Amazon Kindle For PC v1.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AQtime 7 Standard for Embarcadero RAD Studio XE
ASIO4ALL
AT&T Communication Manager
Audacity 1.2.6
Audacity 1.3.14 (Unicode)
audiosamples
Auslogics Disk Defrag
AuthenTec Fingerprint System
AutoHotkey 1.0.91.03
AutomatedQA AQtime 7 Standard for Embarcadero RAD Studio
avstreamsamples
avstreamtools_ia64fre
avstreamtools_x64fre
avstreamtools_x86fre
Battlefield 2(TM)
Battlefield 2: Special Forces
Battlefield: Bad Company™ 2
BDE_ENT
Better File Rename 5.6
biometricsamples
biometrictools_x64fre
biometrictools_x86fre
bluetoothsamples
bluetoothtools_ia64fre
bluetoothtools_x64fre
bluetoothtools_x86fre
Bonjour
Boost Libraries for C++Builder XE
BPD_Scan
BufferChm
buildsamples
buildtools_ia64fre
buildtools_x64fre
buildtools_x86fre
bussamples
C7200
C7200_doccd
c7200_Help
Cain & Abel v4.9.40
CameraDrivers
cancelsample
CCleaner
Charles
Charles 3.6.3
Cheat Engine 5.6.1
Chilkat Crypt ActiveX
Chilkat Mail ActiveX
chkinftool_x86fre
CINEMA 4D 11.514
CodeSite Express 4.6.1
CollabNet Automatic Update 1.2
CollabNet Subversion Client 1.6.12
Command Prompt Here PowerToy
Compatibility Pack for the 2007 Office system
Component Checker
Connect
Copy
Course Vector .minerva
Credential Manager for HP ProtectTools
Crystal Reports for Visual Studio
CustomerResearchQFolder
DDS Thumbnail Viewer
debugfiles_win7
Debugging Tools for Windows (x86)
Deckadance
Destination Component
Device Simulation Framework 1.0.1
DeviceDiscovery
dfx_ia64fre
dfx_x64fre
dfx_x86fre
Digidesign M-Audio Keyboard Personality 8.0
displaysamples
DocProc
DocProcQFolder
Dotfuscator Software Services - Community Edition
Drive Encryption for HP ProtectTools
Driver Installer
Drumaxx
drvtools_ia64fre
drvtools_x64fre
drvtools_x86fre
DSF-KitSetup
dsfsamples
DX10
Edirol HQ Orchestral VSTi v1.03
Edison
Embarcadero Delphi and C++Builder XE Help System
Embarcadero RAD Studio XE
Enigma
eventsample
evntdrvsample
Eye Candy 4000
Facebook Devil
Fax
FFOLKES Unlocks123 mod v1.4.1
FileZilla Client 3.5.3
FinalBuilder 7.0.0.600 Embarcadero Edition
fireflysample
FL Studio 9
FlashDigger Plus
Free Internet Window Washer
G-Force
generalsamples
generaltools_ia64fre
generaltools_x64fre
generaltools_x86fre
GFM 1.04
Google Apps
Google Chrome
Google Earth
Google Photos Screensaver
Google Update Helper
Google Updater
Gtk+ Runtime Environment 2.12.9-2
HandBrake 0.9.5
Hardcore
headers
Hewlett-Packard ACLM.NET v1.1.0.0
hid_inputsamples
hidsampleinput
hidsamples
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Document Explorer 2008 (KB953196)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2455033)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB974176)
Hotfix for Windows XP (KB976098-v2)
HP 3D DriveGuard
HP Customer Participation Program 9.0
HP Drive Key Boot Utility
HP Imaging Device Functions 9.0
HP Integrated Module with Bluetooth wireless technology
HP JavaCard for HP ProtectTools
HP OCR Software 9.0
HP Officejet Pro All-In-One Series
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Product Assistant
HP Product Detection
HP ProtectTools Security Manager
HP ProtectTools Security Manager Suite
HP Quick Launch Buttons
HP Solution Center 9.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
iBackupBot for iTunes 3.0.12
ifssamples
IL Autogun
IL Download Manager
IL DrumSynth Live
IL Gross Beat
IL Harmless
IL Juice Pack
IL Ogun
IL Slicex
IL Vocodex
Image Comparer v3.7
imagingtools_ia64fre
imagingtools_x64fre
imagingtools_x86fre
ImgBurn
Index.dat Analyzer v2.5
infsample_ia64fre
infsample_x64fre
infsample_x86fre
installhelp
Intel(R) Management Engine Interface
Intel® Active Management Technology
InterVideo DVD Check
InterVideo Register Manager
InterVideo WinDVD
ioctlsample
iPhoneBrowser
irsamples
iTunes
iTunes Library Updater
J2SE Runtime Environment 5.0 Update 21
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 30
Java(TM) 7 Update 2
Java(TM) SE Development Kit 6 Update 22
Java(TM) SE Development Kit 7 Update 1
Java(TM) SE Development Kit 7 Update 2
JavaFX 2.0.2
JavaFX 2.0.2 SDK
JDownloader
Juniper Networks Network Connect 6.4.0
Juniper Networks Network Connect 6.5.0
K-Lite Codec Pack 8.1.0 (Full)
Kaspersky Anti-Virus 2012
kuler
LAME v3.98.2 for Audacity
libs_ia64fre
libs_x64fre
libs_x86fre
LightScribe System Software 1.14.17.1
M-Audio Oxygen Driver 1.3.0 (x86)
Mafia II DLC Jimmy's Vendetta
Mafia II DLC Joe's Adventures
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Mastering Effects Bundle 2 for Sound Forge Pro
MaX Compression Client
Maximus
Messenger MUI Package
MessengerDiscovery 2.5.105
MessengerDiscovery 3.1.167
Metasploit Framework
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Document Explorer 2008
Microsoft Help Viewer 1.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft LifeCam
Microsoft Mathematics
Microsoft National Language Support Downlevel APIs
Microsoft Office Communicator 2005
Microsoft Office Communicator 2005 MUI Pack
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Visio Viewer 2003 (English)
Microsoft Organization Chart 2.0
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Sync Framework Runtime v1.0 SP1 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Office Developer Tools (x86)
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Visual Studio Macro Tools
Microsoft Windows Driver Kit 7.1.0.7600
Microsoft Windows Driver Kit Documentation 7600.091201
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mobipocket Creator 4.2
modemtools
Morphine
MOT-ENG-SetImageBranding-1.0-GBL-R1
MOT-ENG-SymantecDelTemp-1.0-GBL-R1
Mozilla Firefox 9.0.1 (x86 en-US)
Mozilla Thunderbird (3.1.2)
Mozilla Thunderbird 9.0.1 (x86 en-US)
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
NetDeviceManager
networklibraries_ia64fre
networklibraries_x64fre
networklibraries_x86fre
networksamples
Nmap 5.51
No-IP DUC
Noise Reduction Plug-in 2.0i
Notation Player 2.6
Notepad++
NPE File Analyzer 1.1.2.1
NVIDIA Control Panel 276.42
NVIDIA Graphics Driver 276.42
NVIDIA Install Application
NVIDIA nView 136.02
NVIDIA nView Desktop Manager
NVIDIA Photoshop Plug-ins
NVIDIA PhysX
oacr_x86fre
OfficeRecovery 2010 Ultimate 10.0.15500.1 Demo License
offreg_ia64fre
offreg_x64fre
offreg_x86fre
Online Bible 12.07.07
OpenSSH for Windows (remove only)
PanoStandAlone
Paros 3.2.13
pcidrvsample
PDF Settings CS4
PDF Settings CS5
pfd_ia64fre
pfd_x64fre
pfd_x86fre
Photoshop Camera Raw
Pixel Bender Toolkit
Plato DVD Ripper Professional 10.06.01
pnpportssample
pnptools_ia64fre
pnptools_x64fre
pnptools_x86fre
PoiZone
portiosample
powermanagement_ia64fre
powermanagement_x64fre
powermanagement_x86fre
Preset Manager 2.0
printsamples
printtools_ia64fre
printtools_x64fre
printtools_x86fre
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
PS330
PS380
PSPrinters08
PSSWCORE
PSTAPlugin
PunkBuster Services
PxMergeModule
Python 2.7.2
QLBCASL
QuickTime
RAD Video Tools
Raize Components 5.5.1
RapidShare Manager 2
Rave Reports 9.0.0 BE
readme
Recover Keys
reFX Nexus 1.3.7
RICOH R5C853 Media Driver Ver.1.02.00.09
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Business
Roxio Creator Business v10
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD
Sakura
Sandbox
Sandboxie 3.50
Sawer
Scan
sdv
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2251489)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
sensorsamples
Service Pack 2 for SQL Server 2008 (KB2285068)
setupsamples
setuptools_ia64fre
setuptools_x64fre
setuptools_x86fre
Shockwave
SHOUTcast DNAS (remove only)
sideshowsamples
SimSynth
SMART Product Update
smartcardsamples
SMS Advanced Client
SolutionCenter
Sonic CinePlayer Decoder Pack
Sony CD Architect 5.2
Sothink SWF Decompiler
Sothink SWF Quicker
Sound Forge Pro 10.0
SoundMAX
Sql Server Customer Experience Improvement Program
Status
Steam
storagesamples
streammediasamples
Suite Shared Configuration CS4
SUPERAntiSpyware
SWF Defender
swtuner
Synaptics Pointing Device Driver
SynchronEyes Teacher 7.0
SyncToy 2.1 (x86)
System Requirements Lab
System Requirements Lab CYRI
System Requirements Lab for Intel
Sytrus
TeamViewer 7
TI Flash Studio
TiEmu 3.03 No Gdb
TiLP2 1.14
Time Zone Data Update Tool for Microsoft Office Outlook
TimeLeft
toastermetadatapackagesample
toastersample
Toolbox
toolindex
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
tools_ia64fre
tools_x64fre
tools_x86fre
Total Video Converter 3.71 100812
Toxic Biohazard
tracingtool_ia64fre
tracingtool_x64fre
tracingtool_x86fre
TrayApp
Tweak UI
umdfsamples
Unload
UnloadSupport
Unlocker 1.9.0
Unreal Tournament 3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
usbsamples
Vegas Pro 10.0
VideoToolkit01
Virtual DJ - Atomix Productions
VirtualLab Client 6.0.5
vistalibs_ia64fre
vistalibs_x64fre
vistalibs_x86fre
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.1.11
VMware Workstation
Vue 8.5 xStream 32bit
wcoinstallers
wdftools_ia64fre
wdftools_x64fre
wdftools_x86fre
wdtfbinaries_ia64fre
wdtfbinaries_x64fre
wdtfbinaries_x86fre
Web Deployment Tool
WebcamMax
WebFldrs XP
WebReg
Website Ripper Copier
WhiteCap
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/21/2008 8.0.26.12)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Server 2003 Administration Tools Pack
Windows XP Service Pack 3
WinHTTrack Website Copier 3.44-1
WinPatrol
WinPcap 4.1.2
WinRAR 4.10 (32-bit)
WinSCP 4.3.6
WinZip
Wireshark 1.4.3
wmisamples
wnetlibs_ia64fre
wnetlibs_x64fre
wnetlibs_x86fre
wpdsamples
wpdtools_ia64fre
wpdtools_x64fre
wpdtools_x86fre
wsdtool_ia64fre
wsdtool_x64fre
wsdtool_x86fre
wxplibs_x86fre
XAMPP 1.7.4
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
Yahoo! Software Update
Zend Optimizer
Zend Studio 8.0.0
.
==== Event Viewer Messages From Past Week ========
.
2/26/2012 8:17:32 AM, error: Dhcp [1002] - The IP address lease 192.168.2.102 for the Network Card with network address 00216A1024B0 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
2/26/2012 12:11:04 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf812576, parameter3 a6ec6878, parameter4 00000000.
2/26/2012 10:24:30 PM, error: PlugPlayManager [12] - The device 'Communications Port (COM1)' (ACPI\PNP0501\5&230c8cd&0) disappeared from the system without first being prepared for removal.
2/22/2012 12:10:35 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TfFsMon TfSysMon TosIde ultra viaagp ViaIde
2/22/2012 12:09:39 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
2/22/2012 12:09:39 AM, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
2/22/2012 12:09:20 AM, error: Dhcp [1002] - The IP address lease 192.168.2.101 for the Network Card with network address 00216A1024B0 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
2/22/2012 10:47:24 PM, error: Dhcp [1002] - The IP address lease 192.168.2.101 for the Network Card with network address 00216A1024B0 has been denied by the DHCP server 101.101.34.1 (The DHCP Server sent a DHCPNACK message).
2/22/2012 1:36:03 AM, error: PlugPlayManager [11] - The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.
2/22/2012 1:20:52 AM, error: Service Control Manager [7034] - The OpenSSH Server service terminated unexpectedly. It has done this 1 time(s).
2/21/2012 4:54:38 PM, error: Dhcp [1002] - The IP address lease 192.168.2.115 for the Network Card with network address 00216A1024B0 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
2/19/2012 9:03:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
2/19/2012 12:03:52 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
2/19/2012 10:06:20 AM, error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error 1 (0x1).
2/19/2012 10:06:19 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the HPSLPSVC service.
.
==== End Of File ===========================

SuperDave · « **Reply #4 on:** February 27, 2012, 01:32:26 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Safeboot is a legitimate file.
The DDS log shows you have two AV's on your computer; ISS Proventia 9.0.226.2212 Enabled/Outdated and Kaspersky Anti-Virus Disabled/Updated. Just be sure that you only have one AV enabled at any time and make sure it's kept up-to-date.
The log also shows that you only have 4.48Gb of free space on your harddrive. Windows requires at least 15% (6Gb)free space to operate properly. You should at look at ways of freeing up more space on that drive.

P2P - I see you have P2P software installed on your machine. (µTorrent) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
****************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*********************************************************
Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
***************************************************************
Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

c:\windows\system32\drivers\95999153.sys
c:\windows\system32\drivers\95463149.sys

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

hey101 · « **Reply #5 on:** February 27, 2012, 08:44:48 PM »

Hey Can you help me uninstall the iss proventia antivirus? Its not in add or remove programs or anywhere that i can find.

I updated java like you said

Here is the otl log

========== OTL ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.33.2 log created on 02272012_222559

I also uninstalled utorrent as I have never used it.

and here are the links to the scans

http://virusscan.jotti.org/en/scanresult/46ab85f7edabc54fe2133a5d41a7135a35636558
http://virusscan.jotti.org/en/scanresult/313cacb13a03d1968e6c2b129bf7750a7212f79b

hey101 · « **Reply #6 on:** February 27, 2012, 09:16:20 PM »

Also just an fyi. My computer blue screened a couple minutes ago with a win32k.sys error.

SuperDave · « **Reply #7 on:** February 28, 2012, 12:13:09 PM »

Download BlueScreenView to your desktop.
BlueScreenView
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply.
*********************************************************************
Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

hey101 · « **Reply #8 on:** February 28, 2012, 03:57:21 PM »

Combofix says that iss proventia is active. How can I uninstall iss proventia since I do not want it? and do yu want me to continue the scan regardless or what?

here is the blue screen view log file:

==================================================
Dump File : Mini022712-01.dmp
Crash Time : 2/27/2012 11:08:04 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf812576
Parameter 3 : 0x8d39d878
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+12576
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+12576
Stack Address 1 : win32k.sys+1193f
Stack Address 2 : win32k.sys+1cbae
Stack Address 3 : win32k.sys+99ba9
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini022712-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini022612-01.dmp
Crash Time : 2/26/2012 12:02:22 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf812576
Parameter 3 : 0xa6ec6878
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+12576
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+12576
Stack Address 1 : win32k.sys+1193f
Stack Address 2 : win32k.sys+1cbae
Stack Address 3 : win32k.sys+99ba9
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini022612-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

SuperDave · « **Reply #9 on:** February 28, 2012, 04:59:08 PM »

Quote

Combofix says that iss proventia is active. How can I uninstall iss proventia since I do not want it? and do yu want me to continue the scan regardless or what?

Yes, please run ComboFix and I'll remove ISS Proventia after I see the log.
BTW, do you have your XP disk?

hey101 · « **Reply #10 on:** February 28, 2012, 06:02:22 PM »

I have access to an xp disk so yes.

combofix:

ComboFix 12-02-27.02 - Mark 02/28/2012 19:20:39.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3067.1944 [GMT -5:00]
Running from: d:\profiles\Mark\My Documents\Downloads\ComboFix.exe
AV: ISS Proventia 9.0.226.2212 *Enabled/Outdated* {137EA0D9-9C16-4D8D-AF04-E70936C88A36}
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ISS Proventia 9.0.226.2084 *Disabled* {967D7868-33AA-43E7-AC51-89F2A6FB873C}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))
.
.
2074-05-07 23:38 . 2006-11-22 01:48   203576   ------w-   c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-02-22 07:07 . 2012-02-22 07:07   98992   ----a-w-   c:\windows\system32\drivers\95999153.sys
2012-02-18 02:56 . 2012-02-18 03:10   --------   d-----w-   c:\program files\FastCopy
2012-02-17 02:54 . 2012-02-17 02:54   --------   d-----w-   d:\profiles\All Users\Application Data\Malwarebytes
2012-02-17 02:54 . 2012-02-17 02:54   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-02-17 02:54 . 2011-12-10 20:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-02-17 02:44 . 2012-02-17 02:44   --------   d-----w-   d:\profiles\Mark\Application Data\SUPERAntiSpyware.com
2012-02-17 02:42 . 2012-02-17 02:46   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-02-17 02:42 . 2012-02-17 02:42   --------   d-----w-   d:\profiles\All Users\Application Data\SUPERAntiSpyware.com
2012-02-16 22:02 . 2012-02-16 22:02   98992   ----a-w-   c:\windows\system32\drivers\95463149.sys
2012-02-16 22:02 . 2012-02-16 22:02   --------   d-----w-   C:\TDSSKiller_Quarantine
2012-02-15 17:30 . 2012-02-15 17:30   --------   d-----w-   d:\profiles\Mark\Application Data\Hardcore
2012-02-05 21:31 . 2011-12-11 04:58   973632   ----a-w-   c:\windows\system32\nvdispco3220155.dll
2012-02-04 06:01 . 2012-02-04 06:01   --------   d-----w-   c:\program files\SyncToy 2.1
2012-02-01 22:42 . 2012-02-01 22:42   --------   d-----w-   d:\profiles\NetworkService.NT AUTHORITY.000\Application Data\Subversion
2012-02-01 21:02 . 2012-02-01 21:02   --------   d-----w-   d:\profiles\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 20:38 . 2011-02-18 00:15   140496   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2012-02-23 20:38 . 2011-02-19 14:20   280736   ----a-w-   c:\windows\system32\PnkBstrB.xtr
2012-02-23 20:38 . 2011-02-18 00:15   280736   ----a-w-   c:\windows\system32\PnkBstrB.exe
2012-02-19 14:20 . 2011-02-18 00:15   75136   ----a-w-   c:\windows\system32\PnkBstrA.exe
2012-02-19 14:19 . 2011-02-18 00:15   280736   ----a-w-   c:\windows\system32\PnkBstrB.ex0
2012-02-19 07:16 . 2011-02-18 00:15   138056   ----a-w-   d:\profiles\Mark\Application Data\PnkBstrK.sys
2012-02-19 07:15 . 2011-02-18 00:15   2434856   ----a-w-   c:\windows\system32\pbsvc_bc2.exe
2011-12-29 18:00 . 2010-08-05 05:15   79360   ----a-w-   c:\windows\system32\ff_vfw.dll
2011-12-21 18:14 . 2010-08-05 05:15   151552   ----a-w-   c:\windows\system32\ac3acm.acm
2011-12-17 14:26 . 2011-10-20 19:14   141312   ----a-w-   c:\windows\system32\javacpl.cpl
2011-12-17 14:23 . 2011-06-06 16:01   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-11 04:58 . 2011-10-15 02:38   877376   ----a-w-   c:\windows\system32\nvgenco3220103.dll
2011-12-11 04:58 . 2011-03-14 20:47   61440   ----a-w-   c:\windows\system32\OpenCL.dll
2011-12-11 04:58 . 2011-03-14 20:47   5332992   ----a-w-   c:\windows\system32\nvcuda.dll
2011-12-11 04:58 . 2011-03-14 20:47   2811200   ----a-w-   c:\windows\system32\nvcuvid.dll
2011-12-11 04:58 . 2011-03-14 20:47   2084672   ----a-w-   c:\windows\system32\nvcuvenc.dll
2011-12-11 04:58 . 2011-03-14 20:47   13004800   ----a-w-   c:\windows\system32\nvcompiler.dll
2011-12-11 04:58 . 2008-06-25 11:22   4205056   ----a-w-   c:\windows\system32\nv4_disp.dll
2011-12-11 04:58 . 2008-06-25 11:22   2335232   ----a-w-   c:\windows\system32\nvapi.dll
2011-12-11 04:58 . 2008-06-25 11:22   16076800   ----a-w-   c:\windows\system32\nvoglnt.dll
2011-12-11 04:58 . 2008-06-25 11:22   12836544   ----a-w-   c:\windows\system32\drivers\nv4_mini.sys
2011-12-11 03:46 . 2011-10-15 02:40   249856   ----a-w-   c:\windows\system32\nvrseng.dll
2011-12-11 03:46 . 2011-10-15 02:40   253952   ----a-w-   c:\windows\system32\nvrsth.dll
2011-12-11 03:46 . 2011-10-15 02:40   282624   ----a-w-   c:\windows\system32\nvrsel.dll
2011-12-11 03:46 . 2011-10-15 02:40   274432   ----a-w-   c:\windows\system32\nvrsesm.dll
2011-12-11 03:46 . 2011-10-15 02:40   126976   ----a-w-   c:\windows\system32\nvrszht.dll
2011-12-11 03:46 . 2011-10-15 02:40   331776   ----a-w-   c:\windows\system32\nvrshe.dll
2011-12-11 03:46 . 2011-10-15 02:40   253952   ----a-w-   c:\windows\system32\nvrsda.dll
2011-12-11 03:46 . 2011-10-15 02:40   249856   ----a-w-   c:\windows\system32\nvrsfi.dll
2011-12-11 03:45 . 2011-10-15 02:40   274432   ----a-w-   c:\windows\system32\nvrsnl.dll
2011-12-11 03:45 . 2011-10-15 02:40   286720   ----a-w-   c:\windows\system32\nvrsfr.dll
2011-12-11 03:45 . 2011-10-15 02:40   270336   ----a-w-   c:\windows\system32\nvrsru.dll
2011-12-11 03:45 . 2011-10-15 02:40   262144   ----a-w-   c:\windows\system32\nvrshu.dll
2011-12-11 03:45 . 2011-10-15 02:40   229376   ----a-w-   c:\windows\system32\nvrszhc.dll
2011-12-11 03:45 . 2011-10-15 02:40   258048   ----a-w-   c:\windows\system32\nvrssl.dll
2011-12-11 03:45 . 2011-10-15 02:40   258048   ----a-w-   c:\windows\system32\nvrstr.dll
2011-12-11 03:45 . 2011-10-15 02:40   282624   ----a-w-   c:\windows\system32\nvrses.dll
2011-12-11 03:45 . 2011-10-15 02:40   278528   ----a-w-   c:\windows\system32\nvrsde.dll
2011-12-11 03:45 . 2011-10-15 02:40   266240   ----a-w-   c:\windows\system32\nvrsko.dll
2011-12-11 03:45 . 2011-10-15 02:40   253952   ----a-w-   c:\windows\system32\nvrssv.dll
2011-12-11 03:45 . 2011-10-15 02:40   249856   ----a-w-   c:\windows\system32\nvrscs.dll
2011-12-11 03:45 . 2011-10-15 02:40   335872   ----a-w-   c:\windows\system32\nvrsar.dll
2011-12-11 03:45 . 2011-10-15 02:40   258048   ----a-w-   c:\windows\system32\nvrssk.dll
2011-12-11 03:45 . 2011-10-15 02:40   270336   ----a-w-   c:\windows\system32\nvrsptb.dll
2011-12-11 03:45 . 2011-10-15 02:40   253952   ----a-w-   c:\windows\system32\nvrsno.dll
2011-12-11 03:45 . 2011-10-15 02:40   274432   ----a-w-   c:\windows\system32\nvrspt.dll
2011-12-11 03:45 . 2011-10-15 02:40   282624   ----a-w-   c:\windows\system32\nvrsit.dll
2011-12-11 03:45 . 2011-10-15 02:40   258048   ----a-w-   c:\windows\system32\nvrspl.dll
2011-12-11 03:45 . 2011-10-15 02:40   270336   ----a-w-   c:\windows\system32\nvrsja.dll
2011-12-11 03:38 . 2011-10-15 02:40   112960   ----a-w-   c:\windows\system32\nvmctray.dll
2011-12-11 03:38 . 2011-10-15 02:40   13900096   ----a-w-   c:\windows\system32\nvcpl.dll
2011-12-11 03:38 . 2011-10-15 02:40   156480   ----a-w-   c:\windows\system32\nvsvc32.exe
2011-12-11 03:38 . 2011-10-15 02:40   146752   ----a-w-   c:\windows\system32\nvcolor.exe
2011-12-11 03:38 . 2011-10-15 02:40   54272   ----a-w-   c:\windows\system32\nvwddi.dll
2011-12-11 03:38 . 2011-10-15 02:40   545088   ----a-w-   c:\windows\system32\easyupdatusapiu.dll
2011-12-21 07:24 . 2011-12-17 14:22   121816   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-18 82224]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-08-07 354360]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-07-28 24848]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-17 49152]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-15 358936]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-12-11 1044480]
"QuickTime Task"="c:\program files\QUICKTIME\QTTASK.EXE" [2011-10-24 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-12-11 13900096]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-12-11 112960]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-09-07 1634112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-02-02 3900776]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LogonType"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"GreyMSIAds"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2009-06-03 20:14   113152   ----a-w-   c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2009-06-03 20:13   299520   ----a-w-   c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2009-07-28 06:59   192784   ----a-w-   c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-287218729-725345543-1041786\Scripts\Logon\0\0]
"Script"=patch-2008-10.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-287218729-725345543-1041786\Scripts\Logon\1\0]
"Script"=w2kenroll.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-287218729-725345543-707520\Scripts\Logon\0\0]
"Script"=patch-2008-10.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-287218729-725345543-707520\Scripts\Logon\1\0]
"Script"=w2kenroll.cmd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\D:^Profiles^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=d:\profiles\All Users\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Profiles^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=d:\profiles\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Profiles^All Users^Start Menu^Programs^Startup^LapNetWizard.exe]
path=d:\profiles\All Users\Start Menu\Programs\Startup\LapNetWizard.exe
backup=c:\windows\pss\LapNetWizard.exeCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CSCAdvantage]
2005-06-09 19:41   111403   ----a-w-   c:\program files\Help Desk\CSCADV.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CSCLogonInfo]
2006-12-12 21:28   127079   ----a-w-   c:\windows\UsrLogon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42   1695232   ----a-w-   c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2010-02-25 19:19   287800   ------w-   c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ThreatFire"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"IviRegMgr"=2 (0x2)
"gusvc"=2 (0x2)
"gupdate1c9aca7f83fdf82"=2 (0x2)
"GoogleDesktopManager-110408-113106"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 DSFKSVCS;Kernel Services for DSF;c:\windows\system32\drivers\dsfksvcs.sys [2/8/2010 8:52 PM 479992]
R0 dsfroot;root enumerated bus driver;c:\windows\system32\drivers\dsfroot.sys [2/8/2010 8:52 PM 31608]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [7/29/2009 2:30 PM 109216]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [7/29/2009 2:30 PM 51408]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [7/29/2009 2:30 PM 12960]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 11:14 AM 24064]
R1 DhaHelper;DhaHelper;c:\windows\system32\drivers\dhahelper.sys [8/21/2010 11:38 AM 7168]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [3/4/2011 12:23 PM 11352]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [7/29/2009 2:30 PM 12528]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [6/3/2009 3:16 PM 207400]
R2 Apache2.2;Apache2.2;d:\xampp\apache\bin\httpd.exe [10/17/2010 7:32 PM 20549]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Bioscrypt [11/12/2008 8:09 PM 14336]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [4/27/2011 7:41 PM 57344]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [7/29/2009 11:43 AM 1201400]
R2 frameworkPostgreSQL;frameworkPostgreSQL;D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/bin/pg_ctl.exe runservice -N "frameworkPostgreSQL" -D "D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/data" --> D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/bin/pg_ctl.exe runservice -N frameworkPostgreSQL [?]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [8/7/2009 3:59 PM 45056]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [7/29/2009 2:28 PM 256544]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 12:07 PM 35088]
R2 OpenSSHd;OpenSSH Server;d:\program files\OpenSSH\bin\cygrunsrv.exe [4/18/2004 6:11 AM 36864]
R2 OxygenAudioDevMon;Oxygen Audio Device Monitor;c:\program files\M-Audio\Oxygen\AudioDevMon.exe [3/4/2010 7:35 AM 1632776]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [12/14/2011 6:59 AM 3027840]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [10/20/2011 1:43 PM 2058776]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [9/21/2010 2:59 AM 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [9/21/2010 1:42 AM 539184]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [6/12/2008 3:40 PM 482176]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2/20/2009 2:20 PM 227896]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [11/12/2008 8:10 PM 239760]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [11/12/2008 6:48 PM 44800]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [3/10/2011 5:34 PM 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 7:27 PM 19472]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2/20/2009 2:12 PM 47616]
R3 smrtdrv;SMART Technologies Inc. Mirror Driver;c:\windows\system32\drivers\smrtdrv.sys [4/22/2004 12:38 PM 2432]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [11/12/2008 8:09 PM 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate1c9aca7f83fdf82;Google Update Service (gupdate1c9aca7f83fdf82);c:\program files\Google\Update\GoogleUpdate.exe [3/24/2009 12:24 PM 133104]
S2 XAMPP;XAMPP Service;d:\xampp\service.exe [12/20/2007 9:01 PM 60928]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [11/21/2008 12:07 AM 113152]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2/18/2008 6:14 PM 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2/8/2008 2:00 PM 59648]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/24/2009 12:24 PM 133104]
S3 HackerDefenderDrv084;HackerDefenderDrv084;\??\d:\profiles\vxtk68\My Documents\Downloads\hxdef084\hxdefdrv.sys --> d:\profiles\vxtk68\My Documents\Downloads\hxdef084\hxdefdrv.sys [?]
S3 HRMACPI;DSF ACPI Redirection Module;c:\windows\system32\DRIVERS\HRMACPI.SYS --> c:\windows\system32\DRIVERS\HRMACPI.SYS [?]
S3 HRMCFGSPC;DSF General Configuration Space Redirection Module;c:\windows\system32\drivers\hrmcfgspc.sys [2/8/2010 8:52 PM 92664]
S3 HRMINTS;DSF Interrupt Redirection Module;c:\windows\system32\drivers\hrmints.sys [2/8/2010 8:52 PM 89976]
S3 HRMPORTS;DSF IO Port Redirection Module;c:\windows\system32\drivers\hrmports.sys [2/8/2010 8:53 PM 103160]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [8/21/2010 11:38 AM 28160]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [7/22/2009 6:59 PM 42112]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [9/16/2010 8:29 PM 30576]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [6/10/2011 10:20 AM 18432]
S3 OXYGEN;Service for M-Audio Oxygen;c:\windows\system32\drivers\MAudioOxygen.sys [1/12/2011 1:40 PM 112136]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S3 PL-40R;CASIO USB MIDI;c:\windows\system32\drivers\pl40rwdm.sys [1/6/2005 5:10 AM 18048]
S3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys --> c:\windows\system32\Drivers\PortTalk.sys [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/8/2008 8:12 AM 1112560]
S3 SOFTHIDUSBK;USB HID Layer;c:\windows\system32\DRIVERS\SOFTHIDUSBK.SYS --> c:\windows\system32\DRIVERS\SOFTHIDUSBK.SYS [?]
S3 SOFTUSBK;Generic USB device;c:\windows\system32\DRIVERS\SOFTUSBK.SYS --> c:\windows\system32\DRIVERS\SOFTUSBK.SYS [?]
S3 SOFTUSBTESTHUB;Generic USB Test Hub;c:\windows\system32\DRIVERS\SOFTUSBTESTHUB.SYS --> c:\windows\system32\DRIVERS\SOFTUSBTESTHUB.SYS [?]
S3 SOFTWADP;Wireless adapter devices;c:\windows\system32\DRIVERS\SOFTWADP.SYS --> c:\windows\system32\DRIVERS\SOFTWADP.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [1/8/2011 4:17 PM 25088]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [11/12/2008 8:09 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 WSOFTUSBK;Generic wireless USB device;c:\windows\system32\DRIVERS\WSOFTUSBK.SYS --> c:\windows\system32\DRIVERS\WSOFTUSBK.SYS [?]
S4 AcuWVSSchedulerv6;Acunetix WVS Scheduler v6;c:\program files\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe [3/3/2010 10:22 AM 671368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
getPlusHelper   REG_MULTI_SZ     getPlusHelper
Cognizance   REG_MULTI_SZ     ASBroker
Bioscrypt   REG_MULTI_SZ     ASChannel
HPService   REG_MULTI_SZ     HPSLPSVC
WINRM   REG_MULTI_SZ     WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}]
2006-10-07 03:28   121541   ----a-w-   c:\program files\Microsoft Office Communicator\MotIM-default.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 16:14   451872   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BAFC1927-A731-4c34-829B-47EE05ADD199}]
2008-04-14 10:42   146432   ------w-   c:\windows\regedit.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C10BF3A1-3FEC-4a94-AAAF-9D6A4B522F63}]
2005-08-12 17:18   121799   ----a-w-   c:\program files\WinZip\wzusr90.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-22 c:\windows\Tasks\AdobeAAMUpdater-1.0-CA999-VXTK68-01-Mark.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-02-17 08:44]
.
2012-02-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-02-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-26 03:21]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 17:24]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 17:24]
.
2012-02-29 c:\windows\Tasks\msfupdate.job
- d:\program files\Rapid7\framework\msfupdate.bat [2011-05-25 21:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = 192.168.2.106:8080
uInternet Settings,ProxyOverride = *.mot.com;*.gi.com;HELP-MOTOROLA.AMER.CSC.COM;SHSH-NXS01.AMER.CSC.COM;*.local;<local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: Zend Studio - Debug current page - d:\program files\Zend\Zend Studio - 8.0.0\toolbars\ZendIEToolbar.dll/DebugCurrent.html
IE: Zend Studio - Debug next page - d:\program files\Zend\Zend Studio - 8.0.0\toolbars\ZendIEToolbar.dll/DebugNext.html
LSP: bmnet.dll
LSP: d:\program files\VMware\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{DBA2BD3B-DD27-48D0-B1A8-D01EFD66A9B9}: NameServer = 207.69.188.187,207.69.188.186
FF - ProfilePath - d:\profiles\Mark\Application Data\Mozilla\Firefox\Profiles\prtpgzvs.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-28 19:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST925042 rev.HP14 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0xF713C864
IoDeviceObjectType -> ParseProcedure -> 0xf7ae5160
\Device\Harddisk0\DR0 -> ParseProcedure -> 0xf7ae5160
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\frameworkPostgreSQL]
"ImagePath"="D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"frameworkPostgreSQL\" -D \"D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/data\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DSFKSVCS\MofImagePath]
.
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\frameworkPostgreSQL]
"ImagePath"="D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"frameworkPostgreSQL\" -D \"D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/data\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WINIO]
"ImagePath"="pý\12"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2757104239-1278071424-1195812985-1009\Software\SecuROM\License information*]
"datasecu"=hex:f1,9b,19,c7,4b,80,1a,89,34,46,79,92,96,d5,d1,3d,ed,80,b6,b7,42,
e9,95,cb,73,19,c7,2b,30,51,1c,35,d5,62,04,fa,fd,92,b8,1e,4e,e3,44,10,c1,eb,\
"rkeysecu"=hex:a9,83,1a,d3,5a,1a,8b,17,08,e8,e0,21,0e,a4,7d,15
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1540)
c:\program files\Hewlett-Packard\IAM\bin\ocgina.dll
c:\program files\Hewlett-Packard\IAM\bin\itmsg.dll
c:\program files\Hewlett-Packard\IAM\bin\brand.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTStrings.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll
c:\windows\system32\msi.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHstServs.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\BIOSDomain.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTPluginLib.dll
c:\program files\Hewlett-Packard\IAM\bin\ItTal.dll
c:\program files\Hewlett-Packard\IAM\bin\ItReports.DLL
c:\program files\Hewlett-Packard\IAM\Bin\AsChnl.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
c:\program files\ActivIdentity\ActivClient\aclog.dll
c:\program files\ActivIdentity\ActivClient\accrypto.dll
c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItDac.DLL
c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.dll
c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASBioATFSS.dll
c:\windows\system32\bmnet.dll
c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll
c:\windows\system32\xenroll.dll
c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\program files\ActivIdentity\ActivClient\aipingui.dll
c:\program files\ActivIdentity\ActivClient\acevtsub.dll
c:\program files\ActivIdentity\ActivClient\asphat32.dll
c:\program files\ActivIdentity\ActivClient\acerrmes.dll
c:\program files\ActivIdentity\ActivClient\aiwinext.dll
c:\program files\ActivIdentity\ActivClient\aspcom.dll
c:\program files\ActivIdentity\ActivClient\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItAPS.dll
c:\program files\Hewlett-Packard\IAM\Bin\APSHook.dll
.
- - - - - - - > 'Explorer.exe'(4540)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\Unlocker\UnlockerHook.dll
c:\program files\Hewlett-Packard\IAM\Bin\APSHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\BigFix Enterprise\BES Client\BESClient.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
d:\progra~1\Rapid7\FRAMEW~1\POSTGR~1\bin\pg_ctl.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
d:\xampp\mysql\bin\mysqld.exe
d:\progra~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
d:\progra~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe
d:\program files\OpenSSH\usr\sbin\sshd.exe
c:\windows\system32\vmnat.exe
d:\progra~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe
d:\progra~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe
c:\windows\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
d:\progra~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe
d:\progra~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\CCM\CcmExec.exe
d:\program files\VMware\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\program files\BigFix Enterprise\BES Client\BESClientUI.exe
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\MICROS~3\rapimgr.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtblfs.exe
c:\program files\MICROSOFT LIFECAM\LIFEEXP.EXE
.
**************************************************************************
.
Completion time: 2012-02-28 20:01:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-29 01:01
ComboFix2.txt 2012-02-22 07:43
.
Pre-Run: 5,664,325,632 bytes free
Post-Run: 6,553,899,008 bytes free
.
- - End Of File - - 6332520305AE3AB00B24D2A830694524

SuperDave · « **Reply #11 on:** February 29, 2012, 11:56:07 AM »

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

SecCenter::
137EA0D9-9C16-4D8D-AF04-E70936C88A36
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
I don't need to see the log from this script

This should remove AV: ISS Proventia
****************************************************

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply

hey101 · « **Reply #12 on:** February 29, 2012, 03:46:21 PM »

Combofix still says that iss proventia exists on the computer even after running that and rebooting.
I am just about to run the asMBR file and ill post the results when that finishes.

hey101 · « **Reply #13 on:** February 29, 2012, 05:15:24 PM »

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-29 19:12:13
-----------------------------
19:12:13.046 OS Version: Windows 5.1.2600 Service Pack 3
19:12:13.046 Number of processors: 2 586 0x1706
19:12:13.046 ComputerName: CA999-VXTK68-01 UserName: Mark
19:12:13.812 Initialze error 0
19:12:34.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:12:34.953 Disk 0 Vendor: ST925042 HP14 Size: 238475MB BusType: 3
19:12:35.000 Disk 0 MBR read successfully
19:12:35.000 Disk 0 MBR scan
19:12:35.000 Disk 0 Windows VISTA default MBR code
19:12:35.078 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 40962 MB offset 63
19:12:35.093 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 197510 MB offset 83891430
19:12:35.093 Disk 0 scanning sectors +488392065
19:12:35.156 Disk 0 scanning C:\WINDOWS\system32\drivers
19:12:35.156 Service scanning
19:12:35.953 Modules scanning
19:12:36.046 Disk 0 trace - called modules:
19:12:36.046 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys iaStor.sys
19:12:36.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8bec2030]
19:12:36.046 3 CLASSPNP.SYS[f7557fd7] -> nt!IofCallDriver -> [0x8beecc58]
19:12:36.046 5 hpdskflt.sys[f77805ae] -> nt!IofCallDriver -> \Device\000000ea[0x8be922e0]
19:12:36.046 7 ACPI.sys[f72af620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8be90028]
19:12:36.046 Scan finished successfully
19:13:06.843 Disk 0 MBR has been saved successfully to "D:\Profiles\Mark\My Documents\Downloads\MBR.dat"
19:13:06.859 The log file has been saved successfully to "D:\Profiles\Mark\My Documents\Downloads\aswMBR.txt"

SuperDave · « **Reply #14 on:** February 29, 2012, 05:36:39 PM »

Quote

Combofix still says that iss proventia exists on the computer even after running that and rebooting.

I only removed the AV. The firewall is still there. I wasn't sure if you wanted it removed.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Computer Hope Forum

News:

Author Topic: Kaspersky TDSS Killer detects file safeboot.sys (Read 52116 times)

hey101

Kaspersky TDSS Killer detects file safeboot.sys

hey101

Re: Kaspersky TDSS Killer detects file safeboot.sys

hey101

Re: Kaspersky TDSS Killer detects file safeboot.sys

hey101

Re: Kaspersky TDSS Killer detects file safeboot.sys

SuperDave

Re: Kaspersky TDSS Killer detects file safeboot.sys

hey101

Re: Kaspersky TDSS Killer detects file safeboot.sys

hey101

Re: Kaspersky TDSS Killer detects file safeboot.sys

SuperDave

Re: Kaspersky TDSS Killer detects file safeboot.sys

hey101

Re: Kaspersky TDSS Killer detects file safeboot.sys

SuperDave

Re: Kaspersky TDSS Killer detects file safeboot.sys

hey101

Re: Kaspersky TDSS Killer detects file safeboot.sys

SuperDave

Re: Kaspersky TDSS Killer detects file safeboot.sys

hey101

Re: Kaspersky TDSS Killer detects file safeboot.sys

hey101

Re: Kaspersky TDSS Killer detects file safeboot.sys

SuperDave

Re: Kaspersky TDSS Killer detects file safeboot.sys