Jump to content

How to remove rootkit.win32.zero... blah blah blah attack


Recommended Posts

I have run combofix & tdss several times with no luck. Was finally able to get malware bytes to run...upon restart the symptoms came right back.

Symptoms are: website search redirects, not able to update windows security, small red heart with X in system-tray.

Where do i start now??

Link to post
Share on other sites

Here are the two logs...thank you so much for taking the time to help!

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7571

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/25/2011 9:55:26 PM

mbam-log-2011-08-25 (21-55-19).txt

Scan type: Quick scan

Objects scanned: 216336

Time elapsed: 15 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> No action taken.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Stuart at 22:45:36 on 2011-08-25

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.478 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE

C:\Program Files\BellSouth\Connection Manager\CManager.exe

svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\BROADJ~1\CLIENT~1\CFD.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\docume~1\stuart\startm~1\programs\startup\connec~1.lnk - c:\program files\bellsouth\connection manager\CManager.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: mswsock.dll

Trusted Zone: chase.com\chaseonline

Trusted Zone: intuit.com\community

Trusted Zone: netflix.com\www

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136693129484

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136693102593

DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab

DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} - hxxp://imlive.com/chatsource/ImlCID.cab

DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXCab.CAB

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{5D7AEC68-D793-4CA8-B8D8-83118B327313} : DhcpNameServer = 192.168.1.254

Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2005\HelpAsyncPluggableProtocol.dll

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2005\HelpAsyncPluggableProtocol.dll

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R2 SSIPDDP;SSIPDDP Parallel port device driver;c:\windows\system32\drivers\SSIPDDP.SYS [2008-7-2 55296]

R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2011-1-14 20504]

R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [2011-1-14 21528]

S1 MpKsl04bcd90e;MpKsl04bcd90e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0881af63-ab6d-4d45-99c7-19a6a4817a79}\mpksl04bcd90e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0881af63-ab6d-4d45-99c7-19a6a4817a79}\MpKsl04bcd90e.sys [?]

S1 MpKsl9bae9850;MpKsl9bae9850;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0881af63-ab6d-4d45-99c7-19a6a4817a79}\mpksl9bae9850.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0881af63-ab6d-4d45-99c7-19a6a4817a79}\MpKsl9bae9850.sys [?]

S2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1249792]

S2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb17 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]

S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2006-1-8 18864]

S3 RkHit;RkHit;\??\c:\windows\system32\drivers\rkhit.sys --> c:\windows\system32\drivers\RKHit.sys [?]

S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913d.sys [2008-1-16 29522]

S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-24 136176]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-24 136176]

S4 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-4-12 143872]

S4 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-2 204800]

S4 QuickBooksDB21;QuickBooksDB21;c:\progra~1\intuit\quickb~4\qbdbmgrn.exe -hvquickbooksdb21 --> c:\progra~1\intuit\quickb~4\QBDBMgrN.exe -hvQuickBooksDB21 [?]

.

=============== File Associations ===============

.

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2011-08-25 11:35:48 -------- d-s---w- C:\ComboFixReal3437C

2011-08-25 10:43:59 150392 ----a-w- c:\windows\junction.exe

2011-08-25 01:56:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-25 01:56:47 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-25 00:52:31 -------- d-----w- C:\ComboFixReal

2011-08-25 00:16:36 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-24 19:10:25 43408 --sha-w- c:\windows\system32\c_11426.nl_

2011-08-24 19:00:48 -------- d-sha-r- C:\cmdcons

2011-08-24 18:54:02 98816 ----a-w- c:\windows\sed.exe

2011-08-24 18:54:02 518144 ----a-w- c:\windows\SWREG.exe

2011-08-24 18:54:02 256000 ----a-w- c:\windows\PEV.exe

2011-08-24 18:54:02 208896 ----a-w- c:\windows\MBR.exe

2011-08-24 18:53:53 -------- d-----w- C:\Repair

2011-08-16 20:31:05 -------- d-----w- c:\documents and settings\stuart\application data\Malwarebytes

2011-08-16 20:30:53 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-08-16 20:30:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-15 01:04:18 -------- d--h--w- c:\windows\msdownld.tmp

2011-08-08 10:48:48 0 ----a-w- c:\documents and settings\all users\application data\qjpb.exe

2011-08-08 10:48:48 0 ----a-w- c:\documents and settings\all users\application data\qgja.exe

2011-08-08 10:48:48 0 ----a-w- c:\documents and settings\all users\application data\mogj.exe

2011-08-08 10:48:48 0 ----a-w- c:\documents and settings\all users\application data\cbxd.exe

.

==================== Find3M ====================

.

2011-08-25 10:36:56 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-25 01:52:13 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-08-25 00:40:59 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-08-24 19:52:08 64512 ----a-w- c:\windows\system32\drivers\serial.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-29 10:49:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 22:45:54.92 ===============

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Thanks for responding screen317...here are the two logs you have requested:

ComboFix 11-08-29.03 - Stuart 08/29/2011 19:49:49.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.474 [GMT -4:00]

Running from: c:\documents and settings\Stuart\Desktop\ComboFix.com

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\cbxd.exe

c:\documents and settings\All Users\Application Data\mogj.exe

c:\documents and settings\All Users\Application Data\qgja.exe

c:\documents and settings\All Users\Application Data\qjpb.exe

c:\documents and settings\Stuart\Recent\Thumbs.db

c:\documents and settings\Stuart\Templates\fybn.exe

c:\documents and settings\Stuart\Templates\gfbx.exe

c:\documents and settings\Stuart\Templates\ioeq.exe

c:\documents and settings\Stuart\Templates\qnif.exe

c:\windows\assembly\GAC_MSIL\desktop.ini

.

Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected

Restored copy from - c:\windows\system32\dllcache\wuauclt.exe

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{F1CB3817-1E0A-461E-8CB1-EEC1B7C1551B}\RP26\A0007365.lnk

.

c:\program files\HP\HPLaserJetService\HPLaserJetService.exe . . . is infected!!

.

c:\program files\iPod\bin\iPodService.exe . . . is infected!!

.

c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe . . . is infected!!

.

c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe . . . is infected!!

.

c:\windows\system32\nvsvc32.exe . . . is infected!!

.

Infected copy of c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{F1CB3817-1E0A-461E-8CB1-EEC1B7C1551B}\RP9\A0002922.exe

.

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE . . . is infected!!

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{F1CB3817-1E0A-461E-8CB1-EEC1B7C1551B}\RP26\A0007365.lnk

Infected copy of c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{F1CB3817-1E0A-461E-8CB1-EEC1B7C1551B}\RP9\A0002922.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_RKHIT

-------\Service_1c113ea0

-------\Service_RkHit

.

.

((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-30 )))))))))))))))))))))))))))))))

.

.

2011-08-30 00:07 . 2011-08-30 00:07 -------- d-----w- c:\windows\LastGood

2011-08-25 10:43 . 2010-09-07 19:39 150392 ----a-w- c:\windows\junction.exe

2011-08-25 01:56 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-25 01:56 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-25 00:20 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-25 00:16 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-24 19:10 . 2011-08-25 10:37 43408 --sha-w- c:\windows\system32\c_11426.nl_

2011-08-24 18:53 . 2011-08-24 19:41 -------- d-----w- C:\Repair

2011-08-16 20:31 . 2011-08-16 20:31 -------- d-----w- c:\documents and settings\Stuart\Application Data\Malwarebytes

2011-08-16 20:30 . 2011-08-16 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-08-16 20:30 . 2011-08-25 01:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-15 01:04 . 2011-08-15 01:04 -------- d--h--w- c:\windows\msdownld.tmp

2011-08-08 15:18 . 2011-08-08 15:18 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS

2011-08-08 15:18 . 2011-08-08 15:18 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS

2011-08-08 15:18 . 2011-08-08 15:18 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS

2011-08-08 15:18 . 2011-08-08 15:18 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS

2011-08-08 15:18 . 2011-08-08 15:18 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS

2011-08-08 15:18 . 2011-08-08 15:18 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS

2011-08-08 15:18 . 2011-08-08 15:18 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS

2011-08-08 15:18 . 2011-08-08 15:18 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS

2011-08-08 15:18 . 2011-08-08 15:18 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS

2011-08-08 15:18 . 2011-08-08 15:18 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS

2011-08-08 15:18 . 2011-08-08 15:18 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS

2011-08-08 15:18 . 2011-08-08 15:18 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS

2011-08-08 15:17 . 2011-08-08 15:17 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS

2011-08-08 15:17 . 2011-08-08 15:17 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS

2011-08-08 15:17 . 2011-08-08 15:17 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS

2011-08-08 15:17 . 2011-08-08 15:17 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS

2011-08-08 15:17 . 2011-08-08 15:17 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS

2011-08-08 14:35 . 2011-08-08 14:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-08-08 13:46 . 2011-08-08 13:46 -------- d-sh--w- c:\documents and settings\QBDataServiceUser21\IETldCache

2011-08-08 12:15 . 2011-08-08 12:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-25 10:42 . 2011-08-25 10:42 79623 ----a-w- c:\windows\Junction.zip

2011-08-25 10:36 . 2004-08-12 13:55 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-25 00:40 . 2004-08-12 14:01 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-08-24 19:52 . 2004-08-12 14:04 64512 ----a-w- c:\windows\system32\drivers\serial.sys

2011-07-15 13:29 . 2004-08-12 14:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2004-08-12 14:01 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-29 10:49 . 2011-06-29 10:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-24 14:10 . 2006-01-08 01:14 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36 . 2004-08-12 13:59 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36 . 2004-08-12 13:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05 . 2004-08-12 13:57 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2011-06-20 17:44 293376 ----a-w- c:\windows\system32\SET34.tmp

2011-06-02 14:02 . 2004-08-12 14:09 1858944 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4583424]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-14 1527128]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

c:\documents and settings\Stuart\Start Menu\Programs\Startup\

Connection Manager.lnk - c:\program files\BellSouth\Connection Manager\CManager.exe [2006-1-7 4071547]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-6-30 5816664]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-7-6 1156968]

QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2011-7-6 1178984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]

2002-09-11 02:26 368706 ----a-w- c:\program files\BroadJump\Client Foundation\CFD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]

2003-06-18 06:00 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

2007-04-09 16:32 19456 ----a-w- c:\windows\system32\CtHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

2005-03-16 10:33 127037 ----a-w- c:\windows\system32\dla\tfswctrl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2001-08-23 11:24 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]

2008-01-08 21:20 451896 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2004-11-11 22:10 4583424 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"wlidsvc"=2 (0x2)

"SeaPort"=2 (0x2)

"Pml Driver"=3 (0x3)

"ose"=3 (0x3)

"nmservice"=2 (0x2)

"MsMpSvc"=2 (0x2)

"LinksysUpdater"=2 (0x2)

"iPod Service"=3 (0x3)

"idsvc"=3 (0x3)

"HTTPFilter"=3 (0x3)

"HP LaserJet Service"=2 (0x2)

"gupdatem"=3 (0x3)

"gupdate"=2 (0x2)

"Creative Service for CDROM Access"=2 (0x2)

"BBSvc"=3 (0x3)

"Apple Mobile Device"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Valusoft\\18 Wheels of Steel - Convoy\\convoy.exe"=

"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\wowd.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2011\\QBDBMgrN.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"67:UDP"= 67:UDP:DHCP Discovery Service

.

R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [6/30/2011 1:25 PM 1248256]

R2 SSIPDDP;SSIPDDP Parallel port device driver;c:\windows\system32\drivers\SSIPDDP.SYS [7/2/2008 9:57 PM 55296]

R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [1/14/2011 5:55 PM 20504]

R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [1/14/2011 5:55 PM 21528]

S1 MpKsl04bcd90e;MpKsl04bcd90e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0881AF63-AB6D-4D45-99C7-19A6A4817A79}\MpKsl04bcd90e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0881AF63-AB6D-4D45-99C7-19A6A4817A79}\MpKsl04bcd90e.sys [?]

S1 MpKsl9bae9850;MpKsl9bae9850;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0881AF63-AB6D-4D45-99C7-19A6A4817A79}\MpKsl9bae9850.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0881AF63-AB6D-4D45-99C7-19A6A4817A79}\MpKsl9bae9850.sys [?]

S2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]

S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [1/8/2006 3:47 PM 18864]

S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913d.sys [1/16/2008 6:46 PM 29522]

S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/24/2010 8:30 AM 136176]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/24/2010 8:30 AM 136176]

S4 HP LaserJet Service;HP LaserJet Service;"c:\program files\HP\HPLaserJetService\HPLaserJetService.exe" --> c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [?]

S4 LinksysUpdater;Linksys Updater;"c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "c:\program files\Linksys\Linksys Updater\conf\wrapper.conf" --> c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [?]

S4 QuickBooksDB21;QuickBooksDB21;c:\progra~1\Intuit\QUICKB~4\QBDBMgrN.exe -hvQuickBooksDB21 --> c:\progra~1\Intuit\QUICKB~4\QBDBMgrN.exe -hvQuickBooksDB21 [?]

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-29 c:\windows\Tasks\At1.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-04-13 16:10]

.

2011-08-29 c:\windows\Tasks\At2.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-04-13 16:10]

.

2011-08-29 c:\windows\Tasks\At3.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-04-13 16:10]

.

2011-08-29 c:\windows\Tasks\At4.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-04-13 16:10]

.

2011-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-24 12:30]

.

2011-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-24 12:30]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

Trusted Zone: chase.com\chaseonline

Trusted Zone: intuit.com\community

Trusted Zone: netflix.com\www

TCP: DhcpNameServer = 192.168.1.254

.

.

------- File Associations -------

.

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-67525187.sys

SafeBoot-69178964.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-29 20:10

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-776561741-1229272821-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-776561741-1229272821-682003330-1004\Software\SecuROM\License information*]

"datasecu"=hex:67,65,43,b2,33,53,aa,87,fc,8b,b4,c8,2e,88,4f,8b,99,e6,ed,31,d1,

17,f0,c0,dd,cf,be,c6,26,25,52,dd,56,26,a8,c1,be,89,38,18,d9,f4,6c,38,75,71,\

"rkeysecu"=hex:ed,6b,ac,e8,a9,b7,91,29,5a,85,bc,24,38,c3,b9,44

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(468)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\msiexec.exe

c:\windows\system32\wscntfy.exe

c:\progra~1\BROADJ~1\CLIENT~1\CFD.exe

c:\progra~1\COMMON~1\MICROS~1\DW\DW20.EXE

.

**************************************************************************

.

Completion time: 2011-08-29 20:14:55 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-30 00:14

ComboFix2.txt 2011-08-25 01:21

ComboFix3.txt 2011-08-24 19:41

.

Pre-Run: 15,314,792,448 bytes free

Post-Run: 15,358,689,280 bytes free

.

- - End Of File - - 9B2B00AF4C3565D1F3853B4A9165CC5A

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Stuart at 20:20:01 on 2011-08-29

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.499 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE

C:\Program Files\BellSouth\Connection Manager\CManager.exe

C:\PROGRA~1\BROADJ~1\CLIENT~1\CFD.exe

c:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\docume~1\stuart\startm~1\programs\startup\connec~1.lnk - c:\program files\bellsouth\connection manager\CManager.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: chase.com\chaseonline

Trusted Zone: intuit.com\community

Trusted Zone: netflix.com\www

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136693129484

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136693102593

DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab

DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} - hxxp://imlive.com/chatsource/ImlCID.cab

DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXCab.CAB

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{5D7AEC68-D793-4CA8-B8D8-83118B327313} : DhcpNameServer = 192.168.1.254

Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2005\HelpAsyncPluggableProtocol.dll

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2005\HelpAsyncPluggableProtocol.dll

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]

R2 SSIPDDP;SSIPDDP Parallel port device driver;c:\windows\system32\drivers\SSIPDDP.SYS [2008-7-2 55296]

R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2011-1-14 20504]

R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [2011-1-14 21528]

S1 MpKsl04bcd90e;MpKsl04bcd90e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0881af63-ab6d-4d45-99c7-19a6a4817a79}\mpksl04bcd90e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0881af63-ab6d-4d45-99c7-19a6a4817a79}\MpKsl04bcd90e.sys [?]

S1 MpKsl9bae9850;MpKsl9bae9850;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0881af63-ab6d-4d45-99c7-19a6a4817a79}\mpksl9bae9850.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0881af63-ab6d-4d45-99c7-19a6a4817a79}\MpKsl9bae9850.sys [?]

S2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb17 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]

S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2006-1-8 18864]

S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913d.sys [2008-1-16 29522]

S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-24 136176]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-24 136176]

S4 HP LaserJet Service;HP LaserJet Service;"c:\program files\hp\hplaserjetservice\hplaserjetservice.exe" --> c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [?]

S4 LinksysUpdater;Linksys Updater;"c:\program files\linksys\linksys updater\bin\linksysupdater.exe" -s "c:\program files\linksys\linksys updater\conf\wrapper.conf" --> c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [?]

S4 QuickBooksDB21;QuickBooksDB21;c:\progra~1\intuit\quickb~4\qbdbmgrn.exe -hvquickbooksdb21 --> c:\progra~1\intuit\quickb~4\QBDBMgrN.exe -hvQuickBooksDB21 [?]

.

=============== File Associations ===============

.

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2011-08-25 11:35:48 -------- d-----w- C:\ComboFixReal3437C

2011-08-25 10:43:59 150392 ----a-w- c:\windows\junction.exe

2011-08-25 01:56:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-25 01:56:47 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-25 00:52:31 -------- d-----w- C:\ComboFixReal

2011-08-25 00:20:04 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-25 00:16:36 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-24 19:10:25 43408 --sha-w- c:\windows\system32\c_11426.nl_

2011-08-24 19:00:48 -------- d-sha-r- C:\cmdcons

2011-08-24 18:54:02 98816 ----a-w- c:\windows\sed.exe

2011-08-24 18:54:02 518144 ----a-w- c:\windows\SWREG.exe

2011-08-24 18:54:02 256000 ----a-w- c:\windows\PEV.exe

2011-08-24 18:54:02 208896 ----a-w- c:\windows\MBR.exe

2011-08-24 18:53:53 -------- d-----w- C:\Repair

2011-08-16 20:31:05 -------- d-----w- c:\documents and settings\stuart\application data\Malwarebytes

2011-08-16 20:30:53 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-08-16 20:30:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-15 01:04:18 -------- d--h--w- c:\windows\msdownld.tmp

.

==================== Find3M ====================

.

2011-08-25 10:36:56 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-25 00:40:59 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-08-24 19:52:08 64512 ----a-w- c:\windows\system32\drivers\serial.sys

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-29 10:49:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\SET34.tmp

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 20:20:21.00 ===============

Link to post
Share on other sites

Could not find the .exe files you requested to have scanned. So i took it upon myself to run the eset online scanner...it took a while but it cleared up alot of trouble. I will paste/copy all of the reports that i have generated. The problem seems to be fixed...unless you see anything else that needs further attention.

Here are several program logs:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7632

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/1/2011 5:17:43 PM

mbam-log-2011-09-01 (17-17-43).txt

Scan type: Quick scan

Objects scanned: 217650

Time elapsed: 16 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Stuart at 18:45:36 on 2011-09-01

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.499 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE

C:\Program Files\BellSouth\Connection Manager\CManager.exe

C:\PROGRA~1\BROADJ~1\CLIENT~1\CFD.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\docume~1\stuart\startm~1\programs\startup\connec~1.lnk - c:\program files\bellsouth\connection manager\CManager.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: chase.com\chaseonline

Trusted Zone: intuit.com\community

Trusted Zone: netflix.com\www

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136693129484

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136693102593

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab

DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} - hxxp://imlive.com/chatsource/ImlCID.cab

DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXCab.CAB

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{5D7AEC68-D793-4CA8-B8D8-83118B327313} : DhcpNameServer = 192.168.1.254

Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2005\HelpAsyncPluggableProtocol.dll

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2005\HelpAsyncPluggableProtocol.dll

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]

R2 SSIPDDP;SSIPDDP Parallel port device driver;c:\windows\system32\drivers\SSIPDDP.SYS [2008-7-2 55296]

R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2011-1-14 20504]

R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [2011-1-14 21528]

RUnknown 60162361;60162361; [x]

RUnknown 8149801drv;8149801drv; [x]

S1 MpKsl04bcd90e;MpKsl04bcd90e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0881af63-ab6d-4d45-99c7-19a6a4817a79}\mpksl04bcd90e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0881af63-ab6d-4d45-99c7-19a6a4817a79}\MpKsl04bcd90e.sys [?]

S1 MpKsl9bae9850;MpKsl9bae9850;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0881af63-ab6d-4d45-99c7-19a6a4817a79}\mpksl9bae9850.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0881af63-ab6d-4d45-99c7-19a6a4817a79}\MpKsl9bae9850.sys [?]

S2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb17 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]

S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2006-1-8 18864]

S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913d.sys [2008-1-16 29522]

S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-24 136176]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-24 136176]

S4 HP LaserJet Service;HP LaserJet Service;"c:\program files\hp\hplaserjetservice\hplaserjetservice.exe" --> c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [?]

S4 LinksysUpdater;Linksys Updater;"c:\program files\linksys\linksys updater\bin\linksysupdater.exe" -s "c:\program files\linksys\linksys updater\conf\wrapper.conf" --> c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [?]

S4 QuickBooksDB21;QuickBooksDB21;c:\progra~1\intuit\quickb~4\qbdbmgrn.exe -hvquickbooksdb21 --> c:\progra~1\intuit\quickb~4\QBDBMgrN.exe -hvQuickBooksDB21 [?]

.

=============== File Associations ===============

.

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2011-08-25 11:35:48 -------- d-----w- C:\ComboFixReal3437C

2011-08-25 10:43:59 150392 ----a-w- c:\windows\junction.exe

2011-08-25 01:56:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-25 01:56:47 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-25 00:52:31 -------- d-----w- C:\ComboFixReal

2011-08-25 00:20:04 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-25 00:16:36 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-24 19:00:48 -------- d-sha-r- C:\cmdcons

2011-08-24 18:54:02 98816 ----a-w- c:\windows\sed.exe

2011-08-24 18:54:02 518144 ----a-w- c:\windows\SWREG.exe

2011-08-24 18:54:02 256000 ----a-w- c:\windows\PEV.exe

2011-08-24 18:54:02 208896 ----a-w- c:\windows\MBR.exe

2011-08-24 18:53:53 -------- d-----w- C:\Repair

2011-08-16 20:31:05 -------- d-----w- c:\documents and settings\stuart\application data\Malwarebytes

2011-08-16 20:30:53 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-08-16 20:30:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-15 01:04:18 -------- d-----w- c:\windows\msdownld.tmp

.

==================== Find3M ====================

.

2011-08-25 10:36:56 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-25 00:40:59 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-08-24 19:52:08 64512 ----a-w- c:\windows\system32\drivers\serial.sys

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-29 10:49:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

.

============= FINISH: 18:46:48.10 ===============

2011/09/01 20:26:05.0296 1556 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57

2011/09/01 20:26:05.0765 1556 ================================================================================

2011/09/01 20:26:05.0765 1556 SystemInfo:

2011/09/01 20:26:05.0765 1556

2011/09/01 20:26:05.0765 1556 OS Version: 5.1.2600 ServicePack: 3.0

2011/09/01 20:26:05.0765 1556 Product type: Workstation

2011/09/01 20:26:05.0765 1556 ComputerName: BIGDELL

2011/09/01 20:26:05.0765 1556 UserName: Stuart

2011/09/01 20:26:05.0765 1556 Windows directory: C:\WINDOWS

2011/09/01 20:26:05.0765 1556 System windows directory: C:\WINDOWS

2011/09/01 20:26:05.0765 1556 Processor architecture: Intel x86

2011/09/01 20:26:05.0765 1556 Number of processors: 2

2011/09/01 20:26:05.0765 1556 Page size: 0x1000

2011/09/01 20:26:05.0765 1556 Boot type: Normal boot

2011/09/01 20:26:05.0765 1556 ================================================================================

2011/09/01 20:26:07.0437 1556 Initialize success

2011/09/01 20:26:15.0530 0228 ================================================================================

2011/09/01 20:26:15.0530 0228 Scan started

2011/09/01 20:26:15.0530 0228 Mode: Manual;

2011/09/01 20:26:15.0530 0228 ================================================================================

2011/09/01 20:26:16.0562 0228 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/09/01 20:26:16.0640 0228 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/09/01 20:26:16.0702 0228 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/09/01 20:26:16.0780 0228 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/09/01 20:26:17.0062 0228 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/09/01 20:26:17.0249 0228 Aspi32 (20d04091eba710f6988f710507d85868) C:\WINDOWS\system32\drivers\Aspi32.sys

2011/09/01 20:26:17.0296 0228 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/09/01 20:26:17.0343 0228 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/09/01 20:26:17.0437 0228 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/09/01 20:26:17.0499 0228 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/09/01 20:26:17.0577 0228 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/09/01 20:26:17.0640 0228 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/09/01 20:26:17.0734 0228 CamDrL (cba8bce5bf67a3c619d5ce540bed9cf7) C:\WINDOWS\system32\DRIVERS\Camdrl.sys

2011/09/01 20:26:17.0968 0228 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/09/01 20:26:18.0046 0228 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/09/01 20:26:18.0155 0228 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/09/01 20:26:18.0202 0228 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/09/01 20:26:18.0343 0228 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/09/01 20:26:18.0515 0228 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\WINDOWS\system32\COMMONFX.DLL

2011/09/01 20:26:18.0624 0228 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL

2011/09/01 20:26:18.0718 0228 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\WINDOWS\system32\drivers\ctac32k.sys

2011/09/01 20:26:18.0780 0228 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\WINDOWS\system32\drivers\ctaud2k.sys

2011/09/01 20:26:18.0874 0228 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\WINDOWS\system32\CTAUDFX.DLL

2011/09/01 20:26:18.0968 0228 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\WINDOWS\system32\drivers\ctdvda2k.sys

2011/09/01 20:26:19.0030 0228 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL

2011/09/01 20:26:19.0109 0228 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL

2011/09/01 20:26:19.0171 0228 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL

2011/09/01 20:26:19.0234 0228 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL

2011/09/01 20:26:19.0296 0228 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL

2011/09/01 20:26:19.0390 0228 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL

2011/09/01 20:26:19.0468 0228 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL

2011/09/01 20:26:19.0546 0228 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\WINDOWS\system32\drivers\ctprxy2k.sys

2011/09/01 20:26:19.0609 0228 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\WINDOWS\system32\CTSBLFX.DLL

2011/09/01 20:26:19.0655 0228 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\WINDOWS\system32\drivers\ctsfm2k.sys

2011/09/01 20:26:19.0812 0228 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/09/01 20:26:19.0937 0228 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/09/01 20:26:19.0999 0228 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/09/01 20:26:20.0062 0228 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/09/01 20:26:20.0140 0228 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/09/01 20:26:20.0202 0228 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

2011/09/01 20:26:20.0265 0228 Dot4 HPH09 (1ede0bb35d251b09e2a390bad7e59bf7) C:\WINDOWS\system32\DRIVERS\hphid409.sys

2011/09/01 20:26:20.0343 0228 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

2011/09/01 20:26:20.0437 0228 Dot4Print HPH09 (87b3599d0276e1716df978e2da910043) C:\WINDOWS\system32\DRIVERS\hphipr09.sys

2011/09/01 20:26:20.0499 0228 Dot4Storage HPH09 (7e1a9a3af48befc4e2d857245ef9d46b) C:\WINDOWS\system32\Drivers\hphs2k09.sys

2011/09/01 20:26:20.0562 0228 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys

2011/09/01 20:26:20.0624 0228 Dot4Usb HPH09 (2ab2c7ab0f4bb98e8d7f860d439bf25b) C:\WINDOWS\system32\drivers\hphius09.sys

2011/09/01 20:26:20.0749 0228 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/09/01 20:26:20.0812 0228 drvmcdb (24646242310499d75c6db4b32768a3b3) C:\WINDOWS\system32\drivers\drvmcdb.sys

2011/09/01 20:26:20.0890 0228 drvnddm (2ff629c1c443e25d0149b9dfb77e43a8) C:\WINDOWS\system32\drivers\drvnddm.sys

2011/09/01 20:26:20.0968 0228 emupia (2885f72d2daffd0329272f12e16d6579) C:\WINDOWS\system32\drivers\emupia2k.sys

2011/09/01 20:26:21.0015 0228 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/09/01 20:26:21.0077 0228 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/09/01 20:26:21.0171 0228 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/09/01 20:26:21.0202 0228 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/09/01 20:26:21.0249 0228 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/09/01 20:26:21.0312 0228 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/09/01 20:26:21.0359 0228 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/09/01 20:26:21.0390 0228 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

2011/09/01 20:26:21.0452 0228 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2011/09/01 20:26:21.0484 0228 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/09/01 20:26:21.0577 0228 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\WINDOWS\system32\drivers\ha10kx2k.sys

2011/09/01 20:26:21.0655 0228 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\WINDOWS\system32\drivers\hap16v2k.sys

2011/09/01 20:26:21.0734 0228 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys

2011/09/01 20:26:21.0827 0228 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/09/01 20:26:21.0921 0228 HPFXBULKLEDM (6f98a555acf3c1b68fcc1f50e0fd2091) C:\WINDOWS\system32\drivers\hppcbulkio.sys

2011/09/01 20:26:22.0015 0228 HPFXFAX (7f854bd9c113b4569ce6579ea3847a2a) C:\WINDOWS\system32\drivers\hppcfaxio.sys

2011/09/01 20:26:22.0124 0228 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/09/01 20:26:22.0265 0228 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/09/01 20:26:22.0343 0228 iastor (f26bfd48b1c314e0f23bf77acfa75940) C:\WINDOWS\system32\DRIVERS\iaStor.sys

2011/09/01 20:26:22.0405 0228 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/09/01 20:26:22.0499 0228 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/09/01 20:26:22.0577 0228 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/09/01 20:26:22.0640 0228 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/09/01 20:26:22.0702 0228 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/09/01 20:26:22.0765 0228 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/09/01 20:26:22.0812 0228 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/09/01 20:26:22.0874 0228 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/09/01 20:26:22.0937 0228 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/09/01 20:26:22.0984 0228 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/09/01 20:26:23.0030 0228 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/09/01 20:26:23.0077 0228 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/09/01 20:26:23.0140 0228 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/09/01 20:26:23.0327 0228 LVPrcMon (4fd5a6335fb4fc1f758088b2f90613fe) C:\WINDOWS\system32\drivers\LVPrcMon.sys

2011/09/01 20:26:23.0562 0228 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/09/01 20:26:23.0640 0228 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/09/01 20:26:23.0687 0228 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/09/01 20:26:23.0734 0228 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/09/01 20:26:23.0796 0228 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/09/01 20:26:23.0968 0228 mr7910 (6aa46f9896d3c9e5a00e01bb416c707b) C:\WINDOWS\system32\DRIVERS\mr7910.sys

2011/09/01 20:26:24.0202 0228 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/09/01 20:26:24.0280 0228 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/09/01 20:26:24.0327 0228 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/09/01 20:26:24.0390 0228 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/09/01 20:26:24.0452 0228 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/09/01 20:26:24.0515 0228 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/09/01 20:26:24.0593 0228 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/09/01 20:26:24.0624 0228 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/09/01 20:26:24.0687 0228 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/09/01 20:26:24.0749 0228 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/09/01 20:26:24.0812 0228 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/09/01 20:26:24.0890 0228 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/09/01 20:26:24.0952 0228 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/09/01 20:26:25.0015 0228 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/09/01 20:26:25.0046 0228 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/09/01 20:26:25.0093 0228 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/09/01 20:26:25.0155 0228 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/09/01 20:26:25.0202 0228 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/09/01 20:26:25.0265 0228 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/09/01 20:26:25.0312 0228 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/09/01 20:26:25.0437 0228 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/09/01 20:26:25.0515 0228 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/09/01 20:26:25.0655 0228 nv (aaa6daac20c08fda35498515ad6c69c3) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/09/01 20:26:25.0749 0228 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/09/01 20:26:25.0812 0228 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/09/01 20:26:25.0905 0228 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/09/01 20:26:25.0999 0228 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS

2011/09/01 20:26:26.0093 0228 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\WINDOWS\system32\drivers\ctoss2k.sys

2011/09/01 20:26:26.0155 0228 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys

2011/09/01 20:26:26.0218 0228 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/09/01 20:26:26.0249 0228 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/09/01 20:26:26.0327 0228 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/09/01 20:26:26.0374 0228 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/09/01 20:26:26.0452 0228 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

2011/09/01 20:26:26.0515 0228 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/09/01 20:26:26.0905 0228 PfModNT (6dabb70783ef470492adb7b9a6e60bf3) C:\WINDOWS\system32\drivers\PfModNT.sys

2011/09/01 20:26:27.0046 0228 pnarp (363127808e41ea960c39ed9f6412c0ce) C:\WINDOWS\system32\DRIVERS\pnarp.sys

2011/09/01 20:26:27.0124 0228 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/09/01 20:26:27.0171 0228 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/09/01 20:26:27.0249 0228 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/09/01 20:26:27.0312 0228 purendis (c0cdb9f7ce42c3487f0bea409bf5d153) C:\WINDOWS\system32\DRIVERS\purendis.sys

2011/09/01 20:26:27.0577 0228 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/09/01 20:26:27.0655 0228 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/09/01 20:26:27.0702 0228 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/09/01 20:26:27.0734 0228 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/09/01 20:26:27.0780 0228 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/09/01 20:26:27.0827 0228 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/09/01 20:26:27.0905 0228 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/09/01 20:26:27.0968 0228 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/09/01 20:26:28.0030 0228 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2011/09/01 20:26:28.0140 0228 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/09/01 20:26:28.0249 0228 Sentinel (95a26d5d8ceda33377af627dafc2796f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS

2011/09/01 20:26:28.0280 0228 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/09/01 20:26:28.0312 0228 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/09/01 20:26:28.0374 0228 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/09/01 20:26:28.0484 0228 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/09/01 20:26:28.0562 0228 Sntnlusb (8d4a96868ae13c3cf8425b383b59d802) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS

2011/09/01 20:26:28.0655 0228 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/09/01 20:26:28.0718 0228 SQTECH913D (c48495c76a551c1acc0e5ffab0958476) C:\WINDOWS\system32\Drivers\Capt913D.sys

2011/09/01 20:26:28.0780 0228 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/09/01 20:26:28.0827 0228 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/09/01 20:26:28.0921 0228 sscdbhk5 (1cbd1b58a32de97899f5290b05f856db) C:\WINDOWS\system32\drivers\sscdbhk5.sys

2011/09/01 20:26:28.0999 0228 SSIPDDP (ed1ecb73ce38c2c0be3e2452cff0110c) C:\WINDOWS\system32\DRIVERS\SSIPDDP.SYS

2011/09/01 20:26:29.0046 0228 ssrtln (7fb07ac152d7a87e66204860002bd9a4) C:\WINDOWS\system32\drivers\ssrtln.sys

2011/09/01 20:26:29.0109 0228 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/09/01 20:26:29.0155 0228 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/09/01 20:26:29.0202 0228 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/09/01 20:26:29.0405 0228 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/09/01 20:26:29.0499 0228 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/09/01 20:26:29.0562 0228 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/09/01 20:26:29.0609 0228 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/09/01 20:26:29.0671 0228 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/09/01 20:26:29.0749 0228 tfsnboio (c89daabdff5bd984181f45adf6ddb24a) C:\WINDOWS\system32\dla\tfsnboio.sys

2011/09/01 20:26:29.0780 0228 tfsncofs (f093906c27fc9c59bd03d84807266107) C:\WINDOWS\system32\dla\tfsncofs.sys

2011/09/01 20:26:29.0843 0228 tfsndrct (9294575cdad17d1dadfcd98a2ca26e7a) C:\WINDOWS\system32\dla\tfsndrct.sys

2011/09/01 20:26:29.0921 0228 tfsndres (cdcc394cbaac183f9bdebf6d2f97c5c6) C:\WINDOWS\system32\dla\tfsndres.sys

2011/09/01 20:26:29.0968 0228 tfsnifs (0a6c7c989dd76bb8989fd958ac5601d0) C:\WINDOWS\system32\dla\tfsnifs.sys

2011/09/01 20:26:29.0999 0228 tfsnopio (92a17c0d73500f9b9c3028da9e4cdba6) C:\WINDOWS\system32\dla\tfsnopio.sys

2011/09/01 20:26:30.0046 0228 tfsnpool (15ab1a2bb2b35eb1dcda39405114afc6) C:\WINDOWS\system32\dla\tfsnpool.sys

2011/09/01 20:26:30.0093 0228 tfsnudf (370d2779668bf3b8d14f34356c41ab9c) C:\WINDOWS\system32\dla\tfsnudf.sys

2011/09/01 20:26:30.0155 0228 tfsnudfa (4564799868c4bcdf28c8efc6d4c48c4b) C:\WINDOWS\system32\dla\tfsnudfa.sys

2011/09/01 20:26:30.0296 0228 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/09/01 20:26:30.0437 0228 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/09/01 20:26:30.0546 0228 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/09/01 20:26:30.0609 0228 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/09/01 20:26:30.0671 0228 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys

2011/09/01 20:26:30.0734 0228 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/09/01 20:26:30.0796 0228 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys

2011/09/01 20:26:30.0874 0228 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/09/01 20:26:30.0952 0228 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/09/01 20:26:30.0999 0228 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys

2011/09/01 20:26:31.0046 0228 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/09/01 20:26:31.0109 0228 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/09/01 20:26:31.0171 0228 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/09/01 20:26:31.0202 0228 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/09/01 20:26:31.0265 0228 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/09/01 20:26:31.0390 0228 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/09/01 20:26:31.0468 0228 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/09/01 20:26:31.0593 0228 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/09/01 20:26:31.0749 0228 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys

2011/09/01 20:26:31.0843 0228 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/09/01 20:26:31.0937 0228 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/09/01 20:26:31.0999 0228 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/09/01 20:26:32.0218 0228 Boot (0x1200) (70615bd5e1af3fa1459be11b66567399) \Device\Harddisk0\DR0\Partition0

2011/09/01 20:26:32.0234 0228 ================================================================================

2011/09/01 20:26:32.0234 0228 Scan finished

2011/09/01 20:26:32.0234 0228 ================================================================================

2011/09/01 20:26:32.0249 3468 Detected object count: 0

2011/09/01 20:26:32.0249 3468 Actual detected object count: 0

ComboFix 11-09-01.03 - Stuart 09/01/2011 20:03:59.4.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.487 [GMT -4:00]

Running from: c:\documents and settings\Stuart\Desktop\ComboFixReal.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((( Files Created from 2011-08-02 to 2011-09-02 )))))))))))))))))))))))))))))))

.

.

2011-09-01 18:28 . 2011-09-01 19:05 -------- d-----w- c:\windows\LastGood

2011-08-25 10:43 . 2010-09-07 19:39 150392 ----a-w- c:\windows\junction.exe

2011-08-25 01:56 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-25 01:56 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-25 00:52 . 2011-08-25 01:21 -------- d-----w- C:\ComboFixReal

2011-08-25 00:20 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-25 00:16 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-24 18:53 . 2011-08-24 19:41 -------- d-----w- C:\Repair

2011-08-16 20:31 . 2011-08-16 20:31 -------- d-----w- c:\documents and settings\Stuart\Application Data\Malwarebytes

2011-08-16 20:30 . 2011-08-16 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-08-16 20:30 . 2011-08-25 01:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-15 01:04 . 2011-08-15 01:04 -------- d-----w- c:\windows\msdownld.tmp

2011-08-08 15:18 . 2011-08-08 15:18 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS

2011-08-08 15:18 . 2011-08-08 15:18 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS

2011-08-08 15:18 . 2011-08-08 15:18 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS

2011-08-08 15:18 . 2011-08-08 15:18 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS

2011-08-08 15:18 . 2011-08-08 15:18 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS

2011-08-08 15:18 . 2011-08-08 15:18 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS

2011-08-08 15:18 . 2011-08-08 15:18 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS

2011-08-08 15:18 . 2011-08-08 15:18 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS

2011-08-08 15:18 . 2011-08-08 15:18 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS

2011-08-08 15:18 . 2011-08-08 15:18 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS

2011-08-08 15:18 . 2011-08-08 15:18 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS

2011-08-08 15:18 . 2011-08-08 15:18 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS

2011-08-08 15:17 . 2011-08-08 15:17 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS

2011-08-08 15:17 . 2011-08-08 15:17 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS

2011-08-08 15:17 . 2011-08-08 15:17 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS

2011-08-08 15:17 . 2011-08-08 15:17 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS

2011-08-08 15:17 . 2011-08-08 15:17 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS

2011-08-08 14:35 . 2011-08-08 14:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-08-08 13:46 . 2011-08-08 13:46 -------- d-sh--w- c:\documents and settings\QBDataServiceUser21\IETldCache

2011-08-08 12:15 . 2011-08-08 12:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-25 10:42 . 2011-08-25 10:42 79623 ----a-w- c:\windows\Junction.zip

2011-08-25 10:36 . 2004-08-12 13:55 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-25 00:40 . 2004-08-12 14:01 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-08-24 19:52 . 2004-08-12 14:04 64512 ----a-w- c:\windows\system32\drivers\serial.sys

2011-07-15 13:29 . 2004-08-12 14:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2004-08-12 14:01 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-29 10:49 . 2011-06-29 10:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-24 14:10 . 2006-01-08 01:14 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36 . 2004-08-12 13:59 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36 . 2004-08-12 13:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05 . 2004-08-12 13:57 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2004-08-12 14:09 293376 ----a-w- c:\windows\system32\winsrv.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4583424]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-14 1527128]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

c:\documents and settings\Stuart\Start Menu\Programs\Startup\

Connection Manager.lnk - c:\program files\BellSouth\Connection Manager\CManager.exe [2006-1-7 4071547]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-6-30 5816664]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-7-6 1156968]

QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2011-7-6 1178984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]

2002-09-11 02:26 368706 ----a-w- c:\program files\BroadJump\Client Foundation\CFD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]

2003-06-18 06:00 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

2007-04-09 16:32 19456 ----a-w- c:\windows\system32\CtHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

2005-03-16 10:33 127037 ----a-w- c:\windows\system32\dla\tfswctrl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2001-08-23 11:24 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]

2008-01-08 21:20 451896 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2004-11-11 22:10 4583424 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"wlidsvc"=2 (0x2)

"SeaPort"=2 (0x2)

"Pml Driver"=3 (0x3)

"ose"=3 (0x3)

"nmservice"=2 (0x2)

"MsMpSvc"=2 (0x2)

"LinksysUpdater"=2 (0x2)

"iPod Service"=3 (0x3)

"idsvc"=3 (0x3)

"HTTPFilter"=3 (0x3)

"HP LaserJet Service"=2 (0x2)

"gupdatem"=3 (0x3)

"gupdate"=2 (0x2)

"Creative Service for CDROM Access"=2 (0x2)

"BBSvc"=3 (0x3)

"Apple Mobile Device"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Valusoft\\18 Wheels of Steel - Convoy\\convoy.exe"=

"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\wowd.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2011\\QBDBMgrN.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"67:UDP"= 67:UDP:DHCP Discovery Service

.

R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [6/30/2011 1:25 PM 1248256]

R2 SSIPDDP;SSIPDDP Parallel port device driver;c:\windows\system32\drivers\SSIPDDP.SYS [7/2/2008 9:57 PM 55296]

R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [1/14/2011 5:55 PM 20504]

R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [1/14/2011 5:55 PM 21528]

S1 MpKsl04bcd90e;MpKsl04bcd90e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0881AF63-AB6D-4D45-99C7-19A6A4817A79}\MpKsl04bcd90e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0881AF63-AB6D-4D45-99C7-19A6A4817A79}\MpKsl04bcd90e.sys [?]

S1 MpKsl9bae9850;MpKsl9bae9850;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0881AF63-AB6D-4D45-99C7-19A6A4817A79}\MpKsl9bae9850.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0881AF63-AB6D-4D45-99C7-19A6A4817A79}\MpKsl9bae9850.sys [?]

S2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]

S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [1/8/2006 3:47 PM 18864]

S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913d.sys [1/16/2008 6:46 PM 29522]

S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/24/2010 8:30 AM 136176]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/24/2010 8:30 AM 136176]

S4 HP LaserJet Service;HP LaserJet Service;"c:\program files\HP\HPLaserJetService\HPLaserJetService.exe" --> c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [?]

S4 LinksysUpdater;Linksys Updater;"c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "c:\program files\Linksys\Linksys Updater\conf\wrapper.conf" --> c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [?]

S4 QuickBooksDB21;QuickBooksDB21;c:\progra~1\Intuit\QUICKB~4\QBDBMgrN.exe -hvQuickBooksDB21 --> c:\progra~1\Intuit\QUICKB~4\QBDBMgrN.exe -hvQuickBooksDB21 [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 60162361

*NewlyCreated* - 8149801DRV

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-01 c:\windows\Tasks\At1.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-04-13 16:10]

.

2011-09-01 c:\windows\Tasks\At2.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-04-13 16:10]

.

2011-09-01 c:\windows\Tasks\At3.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-04-13 16:10]

.

2011-09-01 c:\windows\Tasks\At4.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-04-13 16:10]

.

2011-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-24 12:30]

.

2011-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-24 12:30]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

Trusted Zone: chase.com\chaseonline

Trusted Zone: intuit.com\community

Trusted Zone: netflix.com\www

TCP: DhcpNameServer = 192.168.1.254

.

.

------- File Associations -------

.

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-01 20:14

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-776561741-1229272821-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-776561741-1229272821-682003330-1004\Software\SecuROM\License information*]

"datasecu"=hex:4a,e6,93,48,f9,5e,1d,b0,9a,1b,36,3c,56,85,6a,c7,6c,f2,c6,6f,e6,

ec,67,f4,41,47,eb,fa,00,59,03,ad,3e,38,93,e1,d2,2e,a4,41,62,d4,a7,46,a0,aa,\

"rkeysecu"=hex:ed,6b,ac,e8,a9,b7,91,29,5a,85,bc,24,38,c3,b9,44

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3800)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-09-01 20:18:21

ComboFix-quarantined-files.txt 2011-09-02 00:18

ComboFix2.txt 2011-08-30 00:14

ComboFix3.txt 2011-08-25 01:21

ComboFix4.txt 2011-08-24 19:41

.

Pre-Run: 14,708,895,744 bytes free

Post-Run: 14,717,935,616 bytes free

.

- - End Of File - - 7326FD2023B69B444DB03048405F2D1F

Link to post
Share on other sites

Here is a ESET log that it produced last night:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=8207188d795c234da14a21d45f465341

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-09-02 04:54:34

# local_time=2011-09-02 12:54:34 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=119429

# found=0

# cleaned=0

# scan_time=7537

esets_scanner_update returned -1 esets_gle=1

esets_scanner_update returned -1 esets_gle=41217

esets_scanner_update returned -1 esets_gle=41217

esets_scanner_update returned -1 esets_gle=41217

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=8207188d795c234da14a21d45f465341

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-09-05 01:52:49

# local_time=2011-09-05 09:52:49 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=11198

# found=0

# cleaned=0

# scan_time=635

esets_scanner_update returned -1 esets_gle=41217

esets_scanner_update returned -1 esets_gle=41217

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=8207188d795c234da14a21d45f465341

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-09-05 11:32:31

# local_time=2011-09-05 07:32:31 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=118462

# found=0

# cleaned=0

# scan_time=6854

Link to post
Share on other sites

Here is output from your SecurityCheck program:

Results of screen317's Security Check version 0.99.18

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Norton 360

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 27

Adobe Flash Player

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

``````````End of Log````````````

If i am reading it correctly...i see a reference to Norton 360...which i have removed/canceled and should no longer be in use. I assume you will suggest some better/more economical solutions for prohibiting any further intrusions.

Thank for all of your assistance Screen317.

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Norton360

Restart your computer.

Run Norton's removal tool from here.

After running it, reboot once more.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

Microsoft Security Essentials (what I use)

AntiVir

avast!.

Reboot after installing one.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

  • Staff

Great!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.