I have access to an xp disk so yes.
combofix:
ComboFix 12-02-27.02 - Mark 02/28/2012 19:20:39.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3067.1944 [GMT -5:00]
Running from: d:\profiles\Mark\My Documents\Downloads\ComboFix.exe
AV: ISS Proventia 9.0.226.2212 *Enabled/Outdated* {137EA0D9-9C16-4D8D-AF04-E70936C88A36}
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ISS Proventia 9.0.226.2084 *Disabled* {967D7868-33AA-43E7-AC51-89F2A6FB873C}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))
.
.
2074-05-07 23:38 . 2006-11-22 01:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-02-22 07:07 . 2012-02-22 07:07 98992 ----a-w- c:\windows\system32\drivers\95999153.sys
2012-02-18 02:56 . 2012-02-18 03:10 -------- d-----w- c:\program files\FastCopy
2012-02-17 02:54 . 2012-02-17 02:54 -------- d-----w- d:\profiles\All Users\Application Data\Malwarebytes
2012-02-17 02:54 . 2012-02-17 02:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-17 02:54 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-17 02:44 . 2012-02-17 02:44 -------- d-----w- d:\profiles\Mark\Application Data\SUPERAntiSpyware.com
2012-02-17 02:42 . 2012-02-17 02:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-17 02:42 . 2012-02-17 02:42 -------- d-----w- d:\profiles\All Users\Application Data\SUPERAntiSpyware.com
2012-02-16 22:02 . 2012-02-16 22:02 98992 ----a-w- c:\windows\system32\drivers\95463149.sys
2012-02-16 22:02 . 2012-02-16 22:02 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-15 17:30 . 2012-02-15 17:30 -------- d-----w- d:\profiles\Mark\Application Data\Hardcore
2012-02-05 21:31 . 2011-12-11 04:58 973632 ----a-w- c:\windows\system32\nvdispco3220155.dll
2012-02-04 06:01 . 2012-02-04 06:01 -------- d-----w- c:\program files\SyncToy 2.1
2012-02-01 22:42 . 2012-02-01 22:42 -------- d-----w- d:\profiles\NetworkService.NT AUTHORITY.000\Application Data\Subversion
2012-02-01 21:02 . 2012-02-01 21:02 -------- d-----w- d:\profiles\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 20:38 . 2011-02-18 00:15 140496 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-23 20:38 . 2011-02-19 14:20 280736 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-02-23 20:38 . 2011-02-18 00:15 280736 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-02-19 14:20 . 2011-02-18 00:15 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-02-19 14:19 . 2011-02-18 00:15 280736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-02-19 07:16 . 2011-02-18 00:15 138056 ----a-w- d:\profiles\Mark\Application Data\PnkBstrK.sys
2012-02-19 07:15 . 2011-02-18 00:15 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2011-12-29 18:00 . 2010-08-05 05:15 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2011-12-21 18:14 . 2010-08-05 05:15 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-12-17 14:26 . 2011-10-20 19:14 141312 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-17 14:23 . 2011-06-06 16:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-11 04:58 . 2011-10-15 02:38 877376 ----a-w- c:\windows\system32\nvgenco3220103.dll
2011-12-11 04:58 . 2011-03-14 20:47 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-12-11 04:58 . 2011-03-14 20:47 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-12-11 04:58 . 2011-03-14 20:47 2811200 ----a-w- c:\windows\system32\nvcuvid.dll
2011-12-11 04:58 . 2011-03-14 20:47 2084672 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-12-11 04:58 . 2011-03-14 20:47 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-12-11 04:58 . 2008-06-25 11:22 4205056 ----a-w- c:\windows\system32\nv4_disp.dll
2011-12-11 04:58 . 2008-06-25 11:22 2335232 ----a-w- c:\windows\system32\nvapi.dll
2011-12-11 04:58 . 2008-06-25 11:22 16076800 ----a-w- c:\windows\system32\nvoglnt.dll
2011-12-11 04:58 . 2008-06-25 11:22 12836544 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-12-11 03:46 . 2011-10-15 02:40 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-12-11 03:46 . 2011-10-15 02:40 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-12-11 03:46 . 2011-10-15 02:40 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-12-11 03:46 . 2011-10-15 02:40 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-12-11 03:46 . 2011-10-15 02:40 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-12-11 03:46 . 2011-10-15 02:40 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-12-11 03:46 . 2011-10-15 02:40 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-12-11 03:46 . 2011-10-15 02:40 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-12-11 03:45 . 2011-10-15 02:40 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-12-11 03:45 . 2011-10-15 02:40 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-12-11 03:45 . 2011-10-15 02:40 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-12-11 03:45 . 2011-10-15 02:40 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-12-11 03:45 . 2011-10-15 02:40 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-12-11 03:45 . 2011-10-15 02:40 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-12-11 03:45 . 2011-10-15 02:40 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-12-11 03:45 . 2011-10-15 02:40 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-12-11 03:45 . 2011-10-15 02:40 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-12-11 03:45 . 2011-10-15 02:40 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-12-11 03:45 . 2011-10-15 02:40 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-12-11 03:45 . 2011-10-15 02:40 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-12-11 03:45 . 2011-10-15 02:40 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-12-11 03:45 . 2011-10-15 02:40 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-12-11 03:45 . 2011-10-15 02:40 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-12-11 03:45 . 2011-10-15 02:40 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-12-11 03:45 . 2011-10-15 02:40 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-12-11 03:45 . 2011-10-15 02:40 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-12-11 03:45 . 2011-10-15 02:40 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-12-11 03:45 . 2011-10-15 02:40 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-12-11 03:38 . 2011-10-15 02:40 112960 ----a-w- c:\windows\system32\nvmctray.dll
2011-12-11 03:38 . 2011-10-15 02:40 13900096 ----a-w- c:\windows\system32\nvcpl.dll
2011-12-11 03:38 . 2011-10-15 02:40 156480 ----a-w- c:\windows\system32\nvsvc32.exe
2011-12-11 03:38 . 2011-10-15 02:40 146752 ----a-w- c:\windows\system32\nvcolor.exe
2011-12-11 03:38 . 2011-10-15 02:40 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-12-11 03:38 . 2011-10-15 02:40 545088 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-12-21 07:24 . 2011-12-17 14:22 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-18 82224]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-08-07 354360]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-07-28 24848]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-17 49152]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-15 358936]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-12-11 1044480]
"QuickTime Task"="c:\program files\QUICKTIME\QTTASK.EXE" [2011-10-24 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-12-11 13900096]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-12-11 112960]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-09-07 1634112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-02-02 3900776]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LogonType"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"GreyMSIAds"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2009-06-03 20:14 113152 ----a-w- c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2009-06-03 20:13 299520 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2009-07-28 06:59 192784 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-287218729-725345543-1041786\Scripts\Logon\0\0]
"Script"=patch-2008-10.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-287218729-725345543-1041786\Scripts\Logon\1\0]
"Script"=w2kenroll.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-287218729-725345543-707520\Scripts\Logon\0\0]
"Script"=patch-2008-10.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-287218729-725345543-707520\Scripts\Logon\1\0]
"Script"=w2kenroll.cmd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\D:^Profiles^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=d:\profiles\All Users\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Profiles^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=d:\profiles\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Profiles^All Users^Start Menu^Programs^Startup^LapNetWizard.exe]
path=d:\profiles\All Users\Start Menu\Programs\Startup\LapNetWizard.exe
backup=c:\windows\pss\LapNetWizard.exeCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CSCAdvantage]
2005-06-09 19:41 111403 ----a-w- c:\program files\Help Desk\CSCADV.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CSCLogonInfo]
2006-12-12 21:28 127079 ----a-w- c:\windows\UsrLogon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2010-02-25 19:19 287800 ------w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ThreatFire"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"IviRegMgr"=2 (0x2)
"gusvc"=2 (0x2)
"gupdate1c9aca7f83fdf82"=2 (0x2)
"GoogleDesktopManager-110408-113106"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 DSFKSVCS;Kernel Services for DSF;c:\windows\system32\drivers\dsfksvcs.sys [2/8/2010 8:52 PM 479992]
R0 dsfroot;root enumerated bus driver;c:\windows\system32\drivers\dsfroot.sys [2/8/2010 8:52 PM 31608]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [7/29/2009 2:30 PM 109216]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [7/29/2009 2:30 PM 51408]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [7/29/2009 2:30 PM 12960]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 11:14 AM 24064]
R1 DhaHelper;DhaHelper;c:\windows\system32\drivers\dhahelper.sys [8/21/2010 11:38 AM 7168]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [3/4/2011 12:23 PM 11352]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [7/29/2009 2:30 PM 12528]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [6/3/2009 3:16 PM 207400]
R2 Apache2.2;Apache2.2;d:\xampp\apache\bin\httpd.exe [10/17/2010 7:32 PM 20549]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Bioscrypt [11/12/2008 8:09 PM 14336]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [4/27/2011 7:41 PM 57344]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [7/29/2009 11:43 AM 1201400]
R2 frameworkPostgreSQL;frameworkPostgreSQL;D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/bin/pg_ctl.exe runservice -N "frameworkPostgreSQL" -D "D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/data" --> D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/bin/pg_ctl.exe runservice -N frameworkPostgreSQL [?]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [8/7/2009 3:59 PM 45056]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [7/29/2009 2:28 PM 256544]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 12:07 PM 35088]
R2 OpenSSHd;OpenSSH Server;d:\program files\OpenSSH\bin\cygrunsrv.exe [4/18/2004 6:11 AM 36864]
R2 OxygenAudioDevMon;Oxygen Audio Device Monitor;c:\program files\M-Audio\Oxygen\AudioDevMon.exe [3/4/2010 7:35 AM 1632776]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [12/14/2011 6:59 AM 3027840]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [10/20/2011 1:43 PM 2058776]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [9/21/2010 2:59 AM 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [9/21/2010 1:42 AM 539184]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [6/12/2008 3:40 PM 482176]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2/20/2009 2:20 PM 227896]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [11/12/2008 8:10 PM 239760]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [11/12/2008 6:48 PM 44800]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [3/10/2011 5:34 PM 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 7:27 PM 19472]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2/20/2009 2:12 PM 47616]
R3 smrtdrv;SMART Technologies Inc. Mirror Driver;c:\windows\system32\drivers\smrtdrv.sys [4/22/2004 12:38 PM 2432]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [11/12/2008 8:09 PM 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate1c9aca7f83fdf82;Google Update Service (gupdate1c9aca7f83fdf82);c:\program files\Google\Update\GoogleUpdate.exe [3/24/2009 12:24 PM 133104]
S2 XAMPP;XAMPP Service;d:\xampp\service.exe [12/20/2007 9:01 PM 60928]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [11/21/2008 12:07 AM 113152]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2/18/2008 6:14 PM 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2/8/2008 2:00 PM 59648]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/24/2009 12:24 PM 133104]
S3 HackerDefenderDrv084;HackerDefenderDrv084;\??\d:\profiles\vxtk68\My Documents\Downloads\hxdef084\hxdefdrv.sys --> d:\profiles\vxtk68\My Documents\Downloads\hxdef084\hxdefdrv.sys [?]
S3 HRMACPI;DSF ACPI Redirection Module;c:\windows\system32\DRIVERS\HRMACPI.SYS --> c:\windows\system32\DRIVERS\HRMACPI.SYS [?]
S3 HRMCFGSPC;DSF General Configuration Space Redirection Module;c:\windows\system32\drivers\hrmcfgspc.sys [2/8/2010 8:52 PM 92664]
S3 HRMINTS;DSF Interrupt Redirection Module;c:\windows\system32\drivers\hrmints.sys [2/8/2010 8:52 PM 89976]
S3 HRMPORTS;DSF IO Port Redirection Module;c:\windows\system32\drivers\hrmports.sys [2/8/2010 8:53 PM 103160]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [8/21/2010 11:38 AM 28160]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [7/22/2009 6:59 PM 42112]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [9/16/2010 8:29 PM 30576]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [6/10/2011 10:20 AM 18432]
S3 OXYGEN;Service for M-Audio Oxygen;c:\windows\system32\drivers\MAudioOxygen.sys [1/12/2011 1:40 PM 112136]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S3 PL-40R;CASIO USB MIDI;c:\windows\system32\drivers\pl40rwdm.sys [1/6/2005 5:10 AM 18048]
S3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys --> c:\windows\system32\Drivers\PortTalk.sys [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/8/2008 8:12 AM 1112560]
S3 SOFTHIDUSBK;USB HID Layer;c:\windows\system32\DRIVERS\SOFTHIDUSBK.SYS --> c:\windows\system32\DRIVERS\SOFTHIDUSBK.SYS [?]
S3 SOFTUSBK;Generic USB device;c:\windows\system32\DRIVERS\SOFTUSBK.SYS --> c:\windows\system32\DRIVERS\SOFTUSBK.SYS [?]
S3 SOFTUSBTESTHUB;Generic USB Test Hub;c:\windows\system32\DRIVERS\SOFTUSBTESTHUB.SYS --> c:\windows\system32\DRIVERS\SOFTUSBTESTHUB.SYS [?]
S3 SOFTWADP;Wireless adapter devices;c:\windows\system32\DRIVERS\SOFTWADP.SYS --> c:\windows\system32\DRIVERS\SOFTWADP.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [1/8/2011 4:17 PM 25088]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [11/12/2008 8:09 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 WSOFTUSBK;Generic wireless USB device;c:\windows\system32\DRIVERS\WSOFTUSBK.SYS --> c:\windows\system32\DRIVERS\WSOFTUSBK.SYS [?]
S4 AcuWVSSchedulerv6;Acunetix WVS Scheduler v6;c:\program files\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe [3/3/2010 10:22 AM 671368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
Cognizance REG_MULTI_SZ ASBroker
Bioscrypt REG_MULTI_SZ ASChannel
HPService REG_MULTI_SZ HPSLPSVC
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}]
2006-10-07 03:28 121541 ----a-w- c:\program files\Microsoft Office Communicator\MotIM-default.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 16:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BAFC1927-A731-4c34-829B-47EE05ADD199}]
2008-04-14 10:42 146432 ------w- c:\windows\regedit.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C10BF3A1-3FEC-4a94-AAAF-9D6A4B522F63}]
2005-08-12 17:18 121799 ----a-w- c:\program files\WinZip\wzusr90.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-22 c:\windows\Tasks\AdobeAAMUpdater-1.0-CA999-VXTK68-01-Mark.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-02-17 08:44]
.
2012-02-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-02-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-26 03:21]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 17:24]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 17:24]
.
2012-02-29 c:\windows\Tasks\msfupdate.job
- d:\program files\Rapid7\framework\msfupdate.bat [2011-05-25 21:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = 192.168.2.106:8080
uInternet Settings,ProxyOverride = *.mot.com;*.gi.com;HELP-MOTOROLA.AMER.CSC.COM;SHSH-NXS01.AMER.CSC.COM;*.local;<local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: Zend Studio - Debug current page - d:\program files\Zend\Zend Studio - 8.0.0\toolbars\ZendIEToolbar.dll/DebugCurrent.html
IE: Zend Studio - Debug next page - d:\program files\Zend\Zend Studio - 8.0.0\toolbars\ZendIEToolbar.dll/DebugNext.html
LSP: bmnet.dll
LSP: d:\program files\VMware\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{DBA2BD3B-DD27-48D0-B1A8-D01EFD66A9B9}: NameServer = 207.69.188.187,207.69.188.186
FF - ProfilePath - d:\profiles\Mark\Application Data\Mozilla\Firefox\Profiles\prtpgzvs.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2012-02-28 19:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.netWindows 5.1.2600 Disk: ST925042 rev.HP14 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0xF713C864
IoDeviceObjectType -> ParseProcedure -> 0xf7ae5160
\Device\Harddisk0\DR0 -> ParseProcedure -> 0xf7ae5160
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\frameworkPostgreSQL]
"ImagePath"="D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"frameworkPostgreSQL\" -D \"D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/data\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DSFKSVCS\MofImagePath]
.
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\frameworkPostgreSQL]
"ImagePath"="D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"frameworkPostgreSQL\" -D \"D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/data\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WINIO]
"ImagePath"="pý\12"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2757104239-1278071424-1195812985-1009\Software\SecuROM\License information*]
"datasecu"=hex:f1,9b,19,c7,4b,80,1a,89,34,46,79,92,96,d5,d1,3d,ed,80,b6,b7,42,
e9,95,cb,73,19,c7,2b,30,51,1c,35,d5,62,04,fa,fd,92,b8,1e,4e,e3,44,10,c1,eb,\
"rkeysecu"=hex:a9,83,1a,d3,5a,1a,8b,17,08,e8,e0,21,0e,a4,7d,15
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1540)
c:\program files\Hewlett-Packard\IAM\bin\ocgina.dll
c:\program files\Hewlett-Packard\IAM\bin\itmsg.dll
c:\program files\Hewlett-Packard\IAM\bin\brand.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTStrings.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll
c:\windows\system32\msi.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHstServs.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\BIOSDomain.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTPluginLib.dll
c:\program files\Hewlett-Packard\IAM\bin\ItTal.dll
c:\program files\Hewlett-Packard\IAM\bin\ItReports.DLL
c:\program files\Hewlett-Packard\IAM\Bin\AsChnl.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
c:\program files\ActivIdentity\ActivClient\aclog.dll
c:\program files\ActivIdentity\ActivClient\accrypto.dll
c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItDac.DLL
c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.dll
c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASBioATFSS.dll
c:\windows\system32\bmnet.dll
c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll
c:\windows\system32\xenroll.dll
c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\program files\ActivIdentity\ActivClient\aipingui.dll
c:\program files\ActivIdentity\ActivClient\acevtsub.dll
c:\program files\ActivIdentity\ActivClient\asphat32.dll
c:\program files\ActivIdentity\ActivClient\acerrmes.dll
c:\program files\ActivIdentity\ActivClient\aiwinext.dll
c:\program files\ActivIdentity\ActivClient\aspcom.dll
c:\program files\ActivIdentity\ActivClient\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItAPS.dll
c:\program files\Hewlett-Packard\IAM\Bin\APSHook.dll
.
- - - - - - - > 'Explorer.exe'(4540)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\Unlocker\UnlockerHook.dll
c:\program files\Hewlett-Packard\IAM\Bin\APSHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\BigFix Enterprise\BES Client\BESClient.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
d:\progra~1\Rapid7\FRAMEW~1\POSTGR~1\bin\pg_ctl.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
d:\xampp\mysql\bin\mysqld.exe
d:\progra~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
d:\progra~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe
d:\program files\OpenSSH\usr\sbin\sshd.exe
c:\windows\system32\vmnat.exe
d:\progra~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe
d:\progra~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe
c:\windows\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
d:\progra~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe
d:\progra~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\CCM\CcmExec.exe
d:\program files\VMware\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\program files\BigFix Enterprise\BES Client\BESClientUI.exe
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\MICROS~3\rapimgr.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\profiles\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtblfs.exe
c:\program files\MICROSOFT LIFECAM\LIFEEXP.EXE
.
**************************************************************************
.
Completion time: 2012-02-28 20:01:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-29 01:01
ComboFix2.txt 2012-02-22 07:43
.
Pre-Run: 5,664,325,632 bytes free
Post-Run: 6,553,899,008 bytes free
.
- - End Of File - - 6332520305AE3AB00B24D2A830694524