Jump to content

mjm1

Members
  • Posts

    17
  • Joined

  • Last visited

Posts posted by mjm1

  1. This is the firewall I use:

    http://www.softpedia...wall-Plus.shtml

    Give it a try.

    Do you have Malwarebytes Pro installed??

    MrC

    No, but after I get to the bottom of this firewall attack business, I will take a hard look at getting it. I am not happy with Symantec not catching anything, even after full scans. I do realize one can't catch everything -

    Seems Symantec firewall has a default rule blocking all of these oddball ports associated with these trojans. Will try to contact them about it.

    I'll take a look at your firewall as well. Thanks!

  2. OK, although I am thinking of dumping Symantec altogether because they didn't catch the trojans. Could also just be port scans or some such - haven't a clue, but if they are trojans reacting to some message my computer is putting out, it is probably just a matter of time before one slips through an unwatched port.

    Thanks for all you have done thus far, much appreciated!

  3. Report below. The firewall alerts are what tipped me off to an infection, which turned out to be (?) win32/Agent.SZW and Vondu. Firewall shows multiple inbound trojan ports being used, as mentioned above. Even after I got rid of the Agent and Vondu, I am still getting them every 5-6-7 hours. Thanks!

    MBRCheck, version 1.2.3

    © 2010, AD

    Command-line:

    Windows Version: Windows XP Professional

    Windows Information: Service Pack 3 (build 2600)

    Logical Drives Mask: 0x0001e07c

    Kernel Drivers (total 166):

    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

    0x806E5000 \WINDOWS\system32\hal.dll

    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL

    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll

    0xBA0A8000 pofy.sys

    0xB9F79000 ACPI.sys

    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

    0xB9F68000 pci.sys

    0xBA0B8000 isapnp.sys

    0xBA0C8000 ohci1394.sys

    0xBA0D8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS

    0xBA670000 pciide.sys

    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

    0xBA0E8000 MountMgr.sys

    0xB9F49000 ftdisk.sys

    0xBA5B0000 dmload.sys

    0xB9F23000 dmio.sys

    0xBA330000 PartMgr.sys

    0xBA0F8000 VolSnap.sys

    0xB9E36000 atapi.sys

    0xBA4BC000 SC247XF.sys

    0xB9E1E000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS

    0xBA108000 disk.sys

    0xBA118000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

    0xB9DD9000 fltmgr.sys

    0xB9DC7000 sr.sys

    0xBA128000 PxHelp20.sys

    0xB9DB0000 KSecDD.sys

    0xB9D23000 Ntfs.sys

    0xB9CF6000 NDIS.sys

    0xB9CDC000 Mup.sys

    0xBA1E8000 \SystemRoot\system32\DRIVERS\AmdK8.sys

    0xBA3A8000 \SystemRoot\system32\DRIVERS\aracpi.sys

    0xB9B46000 \SystemRoot\system32\DRIVERS\ati2mtag.sys

    0xB9B32000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

    0xBA3B0000 \SystemRoot\system32\DRIVERS\usbohci.sys

    0xB9B0E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

    0xBA3B8000 \SystemRoot\system32\DRIVERS\usbehci.sys

    0xBA1F8000 \SystemRoot\system32\DRIVERS\imapi.sys

    0xBA3C0000 \SystemRoot\System32\Drivers\ASAPIW2K.sys

    0xBA55C000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS

    0xBA208000 \SystemRoot\system32\DRIVERS\cdrom.sys

    0xBA218000 \SystemRoot\system32\DRIVERS\redbook.sys

    0xB9AEB000 \SystemRoot\system32\DRIVERS\ks.sys

    0xBA3C8000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

    0xB99CE000 \SystemRoot\system32\DRIVERS\AGRSM.sys

    0xBA5C2000 \SystemRoot\system32\DRIVERS\USBD.SYS

    0xBA3D0000 \SystemRoot\System32\Drivers\Modem.SYS

    0xB99AE000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys

    0xBA228000 \SystemRoot\system32\DRIVERS\nic1394.sys

    0xB95F1000 \SystemRoot\system32\drivers\ALCXWDM.SYS

    0xB95CD000 \SystemRoot\system32\drivers\portcls.sys

    0xBA248000 \SystemRoot\system32\drivers\drmk.sys

    0xB95B9000 \SystemRoot\system32\DRIVERS\parport.sys

    0xBA570000 \SystemRoot\system32\DRIVERS\arpolicy.sys

    0xBA6BE000 \SystemRoot\system32\DRIVERS\audstub.sys

    0xBA2A8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

    0xBA574000 \SystemRoot\system32\DRIVERS\ndistapi.sys

    0xB957A000 \SystemRoot\system32\DRIVERS\ndiswan.sys

    0xBA2B8000 \SystemRoot\system32\DRIVERS\raspppoe.sys

    0xBA2C8000 \SystemRoot\system32\DRIVERS\raspptp.sys

    0xBA3D8000 \SystemRoot\system32\DRIVERS\TDI.SYS

    0xB9569000 \SystemRoot\system32\DRIVERS\psched.sys

    0xBA2D8000 \SystemRoot\system32\DRIVERS\msgpc.sys

    0xBA3E0000 \SystemRoot\system32\DRIVERS\ptilink.sys

    0xBA3E8000 \SystemRoot\system32\DRIVERS\raspti.sys

    0xB94AE000 \SystemRoot\system32\DRIVERS\vna.sys

    0xB947E000 \SystemRoot\system32\DRIVERS\rdpdr.sys

    0xBA2F8000 \SystemRoot\system32\DRIVERS\termdd.sys

    0xBA3F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys

    0xBA3F8000 \SystemRoot\system32\DRIVERS\mouclass.sys

    0xBA5C4000 \SystemRoot\system32\DRIVERS\swenum.sys

    0xB9420000 \SystemRoot\system32\DRIVERS\update.sys

    0xBA594000 \SystemRoot\system32\DRIVERS\mssmbios.sys

    0xBA308000 \SystemRoot\System32\Drivers\NDProxy.SYS

    0xBA168000 \SystemRoot\system32\DRIVERS\usbhub.sys

    0xB5358000 \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys

    0xB5336000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

    0xB5322000 \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys

    0xBA420000 \SystemRoot\system32\DRIVERS\usbccgp.sys

    0xBA1A8000 \SystemRoot\system32\drivers\LVUSBSta.sys

    0xBA550000 \SystemRoot\system32\DRIVERS\usbscan.sys

    0xBA428000 \SystemRoot\system32\DRIVERS\usbprint.sys

    0xBA430000 \SystemRoot\system32\DRIVERS\HPZius12.sys

    0xBA438000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

    0xBA1B8000 \SystemRoot\system32\DRIVERS\HPZid412.sys

    0xB4B1E000 \SystemRoot\system32\DRIVERS\lvuvc.sys

    0xB4B03000 \SystemRoot\system32\DRIVERS\lvpopflt.sys

    0xBA1C8000 \SystemRoot\system32\drivers\usbaudio.sys

    0xB4AC3000 \SystemRoot\system32\DRIVERS\lvrs.sys

    0xBA554000 \SystemRoot\system32\DRIVERS\HPZipr12.sys

    0xBA5D4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

    0xBA788000 \SystemRoot\System32\Drivers\Null.SYS

    0xBA5D6000 \SystemRoot\System32\Drivers\Beep.SYS

    0xBA450000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

    0xBA458000 \SystemRoot\System32\drivers\vga.sys

    0xBA5EA000 \SystemRoot\System32\Drivers\mnmdd.SYS

    0xBA5EC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

    0xBA460000 \SystemRoot\System32\Drivers\Msfs.SYS

    0xBA468000 \SystemRoot\System32\Drivers\Npfs.SYS

    0xB9599000 \SystemRoot\system32\DRIVERS\rasacd.sys

    0xB49F0000 \SystemRoot\system32\DRIVERS\ipsec.sys

    0xB4997000 \SystemRoot\system32\DRIVERS\tcpip.sys

    0xB497F000 \??\C:\WINDOWS\system32\Drivers\NEOFLTR_710_19757.SYS

    0xB4959000 \SystemRoot\system32\DRIVERS\ipnat.sys

    0xBA258000 \SystemRoot\system32\DRIVERS\wanarp.sys

    0xB491E000 \SystemRoot\System32\Drivers\SYMTDI.SYS

    0xB9418000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS

    0xBA278000 \SystemRoot\system32\DRIVERS\arp1394.sys

    0xBA288000 \SystemRoot\System32\Drivers\SYMREDRV.SYS

    0xBA470000 \SystemRoot\System32\Drivers\SYMDNS.SYS

    0xB9410000 \SystemRoot\system32\DRIVERS\hidusb.sys

    0xBA298000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

    0xB9559000 \SystemRoot\System32\Drivers\SYMNDIS.SYS

    0xBA478000 \SystemRoot\system32\DRIVERS\arhidfltr.sys

    0xB48CD000 \SystemRoot\System32\Drivers\SYMFW.SYS

    0xB9408000 \SystemRoot\system32\DRIVERS\mouhid.sys

    0xB9549000 \SystemRoot\System32\Drivers\SYMIDS.SYS

    0xBA5F4000 \SystemRoot\system32\DRIVERS\armoucfltr.sys

    0xB4886000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20120223.001\symidsco.sys

    0xB9404000 \SystemRoot\system32\DRIVERS\kbdhid.sys

    0xBA5F8000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys

    0xB485E000 \SystemRoot\system32\DRIVERS\netbt.sys

    0xB483C000 \SystemRoot\System32\drivers\afd.sys

    0xB9539000 \SystemRoot\system32\DRIVERS\netbios.sys

    0xB47DA000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

    0xB47AF000 \SystemRoot\system32\DRIVERS\rdbss.sys

    0xB93FC000 \??\C:\WINDOWS\system32\drivers\pclepci.sys

    0xB473F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

    0xB9519000 \SystemRoot\System32\Drivers\Fips.SYS

    0xB46E1000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

    0xB46C3000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

    0xB4677000 \SystemRoot\System32\Drivers\Fastfat.SYS

    0xB465F000 \SystemRoot\System32\Drivers\dump_atapi.sys

    0xBA604000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

    0xBF800000 \SystemRoot\System32\win32k.sys

    0xB53B4000 \SystemRoot\System32\drivers\Dxapi.sys

    0xBA498000 \SystemRoot\System32\watchdog.sys

    0xBF000000 \SystemRoot\System32\drivers\dxg.sys

    0xBA7DA000 \SystemRoot\System32\drivers\dxgthk.sys

    0xBF012000 \SystemRoot\System32\ati2dvag.dll

    0xBF051000 \SystemRoot\System32\ati2cqag.dll

    0xBF08A000 \SystemRoot\System32\atikvmag.dll

    0xBF0BF000 \SystemRoot\System32\ati3duag.dll

    0xBF30C000 \SystemRoot\System32\ativvaxx.dll

    0xBF39F000 \SystemRoot\System32\ATMFD.DLL

    0xB2319000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys

    0xB24DF000 \SystemRoot\system32\DRIVERS\nwlnknb.sys

    0xB244B000 \SystemRoot\system32\DRIVERS\ndisuio.sys

    0xB250F000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys

    0xB1CC4000 \SystemRoot\system32\drivers\wdmaud.sys

    0xB1E81000 \SystemRoot\system32\drivers\sysaudio.sys

    0xB1977000 \SystemRoot\system32\DRIVERS\mrxdav.sys

    0xB1C9C000 \SystemRoot\System32\Drivers\Aspi32.SYS

    0xB1756000 \SystemRoot\System32\Drivers\HTTP.sys

    0xB16D6000 \SystemRoot\system32\DRIVERS\srv.sys

    0xBA4A8000 \SystemRoot\system32\Drivers\LVPr2Mon.sys

    0xB127E000 \SystemRoot\System32\Drivers\Cdfs.SYS

    0xB06CE000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120225.008\navex15.sys

    0xB068F000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120225.008\naveng.sys

    0xBA636000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS

    0xBA338000 \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys

    0xAFC71000 \??\c:\windows\system32\drivers\TrueSight.sys

    0xAFD60000 \SystemRoot\system32\DRIVERS\SCR3XX2K.sys

    0xAF815000 \SystemRoot\system32\drivers\kmixer.sys

    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 83):

    0 System Idle Process

    4 System

    848 C:\WINDOWS\system32\smss.exe

    912 csrss.exe

    956 C:\WINDOWS\system32\winlogon.exe

    1000 C:\WINDOWS\system32\services.exe

    1012 C:\WINDOWS\system32\lsass.exe

    1176 C:\WINDOWS\system32\ati2evxx.exe

    1192 C:\WINDOWS\system32\svchost.exe

    1252 svchost.exe

    1396 C:\WINDOWS\system32\svchost.exe

    1592 svchost.exe

    1712 svchost.exe

    1760 acevents.exe

    436 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    672 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    904 C:\WINDOWS\system32\ati2evxx.exe

    1376 C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

    1500 C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

    1576 C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    1668 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    1956 C:\WINDOWS\system32\spoolsv.exe

    2000 C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

    2040 scardsvr.exe

    276 svchost.exe

    320 C:\Program Files\LSI SoftModem\agrsmsvc.exe

    504 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    828 C:\WINDOWS\arservice.exe

    576 C:\Program Files\Bonjour\mDNSResponder.exe

    544 C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe

    584 C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

    1452 C:\WINDOWS\ehome\ehrecvr.exe

    720 C:\WINDOWS\ehome\ehSched.exe

    2228 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

    2300 C:\Program Files\Java\jre6\bin\jqs.exe

    2376 C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

    2572 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    2672 C:\Program Files\Common Files\Motive\McciCMService.exe

    2724 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    2756 C:\Program Files\Common Files\Microsoft Shared\Media Manager\AIRSVCU.EXE

    2916 C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

    2944 C:\WINDOWS\system32\svchost.exe

    2992 C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe

    3004 C:\WINDOWS\system32\svchost.exe

    3040 svchost.exe

    3052 C:\WINDOWS\system32\svchost.exe

    3232 C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe

    3468 C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

    3636 C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe

    3692 C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe

    3812 C:\WINDOWS\system32\wwSecure.exe

    3856 mcrdsvc.exe

    3952 C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe

    4044 C:\Program Files\Western Digital\WD SmartWare\WDFME.exe

    3436 C:\WINDOWS\system32\dllhost.exe

    1844 alg.exe

    648 C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe

    3132 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

    1276 C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    3488 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    3676 C:\WINDOWS\ehome\ehtray.exe

    464 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    2088 C:\hp\KBD\kbd.exe

    2440 C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

    2620 C:\WINDOWS\ehome\ehmsas.exe

    2924 C:\Program Files\ActivIdentity\ActivClient\acevents.exe

    2280 C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

    3348 C:\Program Files\Real\RealPlayer\Update\realsched.exe

    3864 C:\Program Files\Common Files\Java\Java Update\jusched.exe

    4260 C:\Program Files\iTunes\iTunesHelper.exe

    4300 C:\WINDOWS\system32\ctfmon.exe

    4484 C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe

    5160 C:\WINDOWS\system32\svchost.exe

    5836 C:\Program Files\iPod\bin\iPodService.exe

    432 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

    4252 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

    5272 C:\WINDOWS\ALCXMNTR.EXE

    2120 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    4768 C:\WINDOWS\system\hpsysdrv.exe

    5376 C:\WINDOWS\explorer.exe

    1948 C:\WINDOWS\system32\notepad.exe

    5224 C:\WINDOWS\system32\notepad.exe

    5988 C:\Documents and Settings\HP_Administrator\Desktop\Pictures For Mike\New Folder\New Folder\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`207b8000 (NTFS)

    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

    PhysicalDrive0 Model Number: WDCWD2500JS-60MHB1, Rev: 10.02E02

    Size Device Name MBR Status

    --------------------------------------------

    232 GB \\.\PhysicalDrive0 Legit MBR code detected

    SHA1: F75A10171F7488C11BA9A98CEC3D186D7A8D3972

    Done!

  4. Report below. My firewall shows an attack by "RAT" trojan at 10:53 AM today (EST). Hopefully that is the end of that. Can you tell me what causes this, and whether I should install a "clean" MBR after getting rid of the win32/Agent. SZW trojan? Please advise. Thanks.

    Malwarebytes Anti-Malware 1.60.1.1000

    www.malwarebytes.org

    Database version: v2012.02.29.03

    Windows XP Service Pack 3 x86 NTFS

    Internet Explorer 8.0.6001.18702

    HP_Administrator :: LORI_II [administrator]

    2/29/2012 1:05:42 PM

    mbam-log-2012-02-29 (13-05-42).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 205738

    Time elapsed: 20 minute(s), 36 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

  5. Seems my virsu scan didn't turn off in a timely manner - please advise whether you want me to run this again, and with another script -

    ComboFix 12-02-29.01 - HP_Administrator 02/29/2012 12:03:44.3.1 - x86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1214.497 [GMT -5:00]

    Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

    Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt

    AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

    FW: Symantec Client Firewall *Enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))

    .

    .

    2012-02-29 15:05 . 2012-02-29 15:07 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys

    2012-02-28 02:55 . 2012-02-28 02:55 -------- d-----w- c:\program files\ESET

    2012-02-27 22:14 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-02-27 22:14 . 2012-02-27 22:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2012-02-27 03:04 . 2012-02-27 03:05 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\NPE

    2012-02-27 03:04 . 2012-02-27 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

    2012-02-26 18:16 . 2012-02-26 19:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

    2012-02-26 18:16 . 2012-02-26 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

    2012-02-25 22:32 . 2012-02-25 22:32 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes

    2012-02-25 22:32 . 2012-02-25 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

    2012-02-16 00:09 . 2012-02-16 00:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Western_Digital

    2012-02-15 23:36 . 2012-02-15 23:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

    2012-02-15 23:34 . 2012-02-15 23:34 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

    2012-02-15 22:53 . 2012-02-15 23:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\MYPOINTS

    2012-02-15 22:51 . 2012-02-15 22:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\FCTB000060497

    2012-02-15 22:51 . 2012-02-15 22:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ConduitEngine

    2012-02-15 22:50 . 2012-02-15 22:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer

    2012-02-15 22:50 . 2012-02-15 22:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Western Digital

    2012-02-15 22:49 . 2012-02-15 22:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer

    2012-02-15 22:46 . 2012-02-15 22:46 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

    2012-02-15 20:56 . 2011-02-16 22:52 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys

    2012-02-15 19:31 . 2012-02-17 20:16 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Western_Digital

    2012-02-15 18:52 . 2012-02-15 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital

    2012-02-15 18:50 . 2012-02-15 20:55 -------- d-----w- c:\program files\Western Digital

    2012-02-15 18:50 . 2012-02-15 19:38 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Western Digital

    2012-02-14 21:34 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

    2012-02-14 21:34 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

    2012-02-09 15:31 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

    2012-02-09 15:31 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

    2012-02-09 15:29 . 2012-02-09 15:29 -------- d-----w- c:\program files\iPod

    2012-02-09 15:28 . 2012-02-09 15:31 -------- d-----w- c:\program files\iTunes

    2012-02-09 15:22 . 2012-02-09 15:22 -------- d-----w- c:\program files\Bonjour

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-01-12 16:53 . 2004-08-10 05:00 1859968 ----a-w- c:\windows\system32\win32k.sys

    2011-12-21 16:45 . 2011-12-21 16:46 723294 ----a-w- c:\windows\unins000.exe

    2011-12-17 19:46 . 2004-08-10 05:00 916992 ----a-w- c:\windows\system32\wininet.dll

    2011-12-17 19:46 . 2004-08-10 05:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

    2011-12-17 19:46 . 2004-08-10 05:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

    2011-12-16 12:22 . 2004-08-10 05:00 385024 ----a-w- c:\windows\system32\html.iec

    2008-06-04 12:51 . 2008-06-04 12:29 5553 ----a-w- c:\program files\Common Files\acbackupreg.reg

    2011-11-20 18:24 . 2011-06-10 16:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

    2004-08-10 05:00 94784 --sha-w- c:\windows\twain.dll

    2008-04-14 00:12 50688 --sha-w- c:\windows\twain_32.dll

    2008-04-14 00:12 57344 --sha-w- c:\windows\system32\msvcirt.dll

    2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll

    2010-12-20 17:32 551936 --sha-w- c:\windows\system32\oleaut32.dll

    2008-04-14 00:12 11776 --sha-w- c:\windows\system32\regsvr32.exe

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon1]

    @="{B976888E-DC7B-456C-A62F-44EA07ED231F}"

    [HKEY_CLASSES_ROOT\CLSID\{B976888E-DC7B-456C-A62F-44EA07ED231F}]

    2008-10-08 21:44 495616 ----a-w- c:\program files\Cox\Media Store and Share Backup Manager\VaultClientMenu.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon2]

    @="{E30CEB29-7F47-4d0e-B2E1-56A7FC25E97D}"

    [HKEY_CLASSES_ROOT\CLSID\{E30CEB29-7F47-4d0e-B2E1-56A7FC25E97D}]

    2008-10-08 21:44 491520 ----a-w- c:\program files\Cox\Media Store and Share Backup Manager\VaultClientIcon.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2007-03-14 125632]

    "PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]

    "ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2004-07-28 81920]

    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]

    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]

    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]

    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]

    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]

    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

    "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]

    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

    "acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]

    "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]

    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-10 273528]

    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

    .

    c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\

    hpqtra08.exe [2008-3-25 214360]

    .

    c:\documents and settings\All Users\Start Menu\Programs\Startup\

    WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 3983760]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]

    2009-06-03 20:14 113152 ----a-w- c:\program files\ActivIdentity\ActivClient\ackpbsc.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]

    2009-06-03 20:13 299520 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    @="Driver"

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]

    2001-08-27 15:52 45056 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]

    2008-06-10 20:18 785520 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

    2012-01-16 22:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

    2008-10-11 15:46 36864 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

    "iPodService"=3 (0x3)

    "hpqddsvc"=2 (0x2)

    "VaultClientSRV"=2 (0x2)

    "VaultClientUpgrade"=2 (0x2)

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

    "DisableMonitoring"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

    "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

    "c:\\Documents and Settings\\HP_Administrator\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=

    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\studio.exe"=

    "c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=

    "c:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=

    "c:\\Program Files\\Opera\\opera.exe"=

    "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=

    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

    "c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=

    "c:\\Program Files\\ASUS\\RT-N12 Wireless Router Utilities\\Discovery.exe"=

    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    "c:\\Program Files\\iTunes\\iTunes.exe"=

    .

    R0 SC247XF;SC247XF;c:\windows\system32\drivers\SC247XF.sys [9/13/2001 4:47 PM 14223]

    R1 NEOFLTR_710_19757;Juniper Networks TDI Filter Driver (NEOFLTR_710_19757);c:\windows\system32\drivers\NEOFLTR_710_19757.SYS [1/25/2012 3:54 PM 85064]

    R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [6/3/2009 3:16 PM 207400]

    R2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [9/26/2005 10:28 AM 258146]

    R2 MMIndexer;Media Manager Indexer;c:\program files\Common Files\Microsoft Shared\Media Manager\AIRSVCU.EXE [7/15/1997 136704]

    R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\x86\novacomd.exe [3/15/2011 3:35 PM 61440]

    R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [8/1/2011 10:11 AM 263056]

    R2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [8/1/2011 10:11 AM 1592208]

    R2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [8/1/2011 10:11 AM 1091984]

    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/10/2012 8:41 PM 106104]

    R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [1/6/2010 10:19 PM 57856]

    R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [9/26/2005 10:28 AM 108400]

    S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [7/8/2010 9:28 PM 149376]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]

    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/10/2010 1:29 PM 136176]

    S2 McciServiceHost;McciServiceHost;"c:\program files\Common Files\Motive\McciServiceHost.exe" --> c:\program files\Common Files\Motive\McciServiceHost.exe [?]

    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [5/29/2011 1:56 PM 18560]

    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/10/2010 1:29 PM 136176]

    S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [5/29/2011 1:53 PM 33792]

    S3 MSPANEL;AVC Panel Device;c:\windows\system32\drivers\mstapeo.sys [3/29/2004 1:26 AM 49024]

    S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [3/14/2007 6:48 PM 116416]

    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2/15/2012 3:56 PM 11520]

    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

    S4 VaultClientSRV;Media Store and Share Backup Manager Service;c:\program files\Cox\Media Store and Share Backup Manager\VaultClientSRV.exe [10/8/2008 4:45 PM 981456]

    S4 VaultClientUpgrade;Backup Manager Upgrade Service;c:\program files\Cox\Media Store and Share Backup Manager\VaultClientUpgrade.exe [10/8/2008 4:45 PM 55760]

    .

    --- Other Services/Drivers In Memory ---

    .

    *NewlyCreated* - TRUESIGHT

    *Deregistered* - TrueSight

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2012-02-29 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

    .

    2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 18:29]

    .

    2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 18:29]

    .

    2012-02-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-640800275-3246585749-3817686294-1008.job

    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]

    .

    2012-02-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-640800275-3246585749-3817686294-1008.job

    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]

    .

    2012-02-29 c:\windows\Tasks\User_Feed_Synchronization-{D5FE06CA-FC11-44AE-9267-AE6C7025BC83}.job

    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.com/

    uInternet Connection Wizard,ShellNext = iexplore

    uInternet Settings,ProxyOverride = *.local

    uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm

    Trusted Zone: $talisma_url$

    Trusted Zone: turbotax.com

    TCP: DhcpNameServer = 192.168.1.254

    DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab

    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\frqeg8v4.default\

    FF - prefs.js: browser.search.selectedEngine - Ask.com

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z136&form=ZGAADF&install_date=20111221&q=

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2012-02-29 12:18

    Windows 5.1.2600 Service Pack 3 NTFS

    .

    scanning hidden processes ...

    .

    scanning hidden autostart entries ...

    .

    scanning hidden files ...

    .

    scan completed successfully

    hidden files: 0

    .

    **************************************************************************

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_USERS\S-1-5-21-640800275-3246585749-3817686294-1008\Software\Microsoft\SystemCertificates\AddressBook*]

    @Allowed: (Read) (RestrictedCode)

    @Allowed: (Read) (RestrictedCode)

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    .

    - - - - - - - > 'winlogon.exe'(956)

    c:\program files\ActivIdentity\ActivClient\ackpbsc.dll

    c:\program files\ActivIdentity\ActivClient\aclog.dll

    c:\program files\ActivIdentity\ActivClient\accrypto.dll

    c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll

    c:\program files\ActivIdentity\ActivClient\acevtsub.dll

    c:\program files\ActivIdentity\ActivClient\asphat32.dll

    c:\program files\ActivIdentity\ActivClient\acerrmes.dll

    c:\program files\ActivIdentity\ActivClient\aiwinext.dll

    c:\program files\ActivIdentity\ActivClient\aspcom.dll

    c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll

    c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll

    c:\windows\system32\Ati2evxx.dll

    c:\program files\ActivIdentity\ActivClient\acunlock.dll

    c:\program files\ActivIdentity\ActivClient\aipingui.dll

    c:\program files\ActivIdentity\ActivClient\aicext.dll

    c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll

    c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll

    c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll

    c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll

    c:\program files\ActivIdentity\ActivClient\accsp.dll

    c:\program files\ActivIdentity\ActivClient\Resources\accsprc.dll

    c:\program files\ActivIdentity\ActivClient\acjscrfs.dll

    c:\program files\Common Files\ActivIdentity\ac.sharedstoreps.dll

    c:\program files\ActivIdentity\ActivClient\acjvscv2.dll

    c:\program files\ActivIdentity\ActivClient\Resources\acjsc2rc.dll

    .

    - - - - - - - > 'explorer.exe'(5376)

    c:\windows\system32\WININET.dll

    c:\program files\Cox\Media Store and Share Backup Manager\VaultClientMenu.dll

    c:\program files\Cox\Media Store and Share Backup Manager\LIBEXPAT.dll

    c:\program files\Cox\Media Store and Share Backup Manager\VaultClientIcon.dll

    c:\windows\system32\ieframe.dll

    c:\windows\system32\webcheck.dll

    c:\windows\system32\WPDShServiceObj.dll

    c:\windows\system32\PortableDeviceTypes.dll

    c:\windows\system32\PortableDeviceApi.dll

    .

    Completion time: 2012-02-29 12:24:09

    ComboFix-quarantined-files.txt 2012-02-29 17:24

    ComboFix2.txt 2012-02-29 16:31

    ComboFix3.txt 2012-02-29 14:58

    .

    Pre-Run: 90,046,509,056 bytes free

    Post-Run: 90,019,422,208 bytes free

    .

    - - End Of File - - D5E4B18CC1C09A0AE7155131C984D6A5

  6. No reboot required. I deleted a couple of dlls manually before I saw your reply. CF report follows:

    ComboFix 12-02-29.01 - HP_Administrator 02/29/2012 11:07:12.2.1 - x86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1214.247 [GMT -5:00]

    Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

    Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt

    AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

    FW: Symantec Client Firewall *Enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\progra~1\mypoints\mypoints.dll

    c:\program files\mozilla firefox\plugins\NPcol400.dll

    c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

    c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))

    .

    .

    2012-02-29 15:05 . 2012-02-29 15:07 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys

    2012-02-28 02:55 . 2012-02-28 02:55 -------- d-----w- c:\program files\ESET

    2012-02-27 22:14 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-02-27 22:14 . 2012-02-27 22:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2012-02-27 03:04 . 2012-02-27 03:05 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\NPE

    2012-02-27 03:04 . 2012-02-27 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

    2012-02-26 18:16 . 2012-02-26 19:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

    2012-02-26 18:16 . 2012-02-26 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

    2012-02-25 22:32 . 2012-02-25 22:32 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes

    2012-02-25 22:32 . 2012-02-25 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

    2012-02-16 00:09 . 2012-02-16 00:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Western_Digital

    2012-02-15 23:36 . 2012-02-15 23:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

    2012-02-15 23:34 . 2012-02-15 23:34 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

    2012-02-15 22:53 . 2012-02-15 23:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\MYPOINTS

    2012-02-15 22:51 . 2012-02-15 22:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\FCTB000060497

    2012-02-15 22:51 . 2012-02-15 22:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ConduitEngine

    2012-02-15 22:50 . 2012-02-15 22:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer

    2012-02-15 22:50 . 2012-02-15 22:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Western Digital

    2012-02-15 22:49 . 2012-02-15 22:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer

    2012-02-15 22:46 . 2012-02-15 22:46 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

    2012-02-15 20:56 . 2011-02-16 22:52 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys

    2012-02-15 19:31 . 2012-02-17 20:16 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Western_Digital

    2012-02-15 18:52 . 2012-02-15 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital

    2012-02-15 18:50 . 2012-02-15 20:55 -------- d-----w- c:\program files\Western Digital

    2012-02-15 18:50 . 2012-02-15 19:38 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Western Digital

    2012-02-14 21:34 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

    2012-02-14 21:34 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

    2012-02-09 15:31 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

    2012-02-09 15:31 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

    2012-02-09 15:29 . 2012-02-09 15:29 -------- d-----w- c:\program files\iPod

    2012-02-09 15:28 . 2012-02-09 15:31 -------- d-----w- c:\program files\iTunes

    2012-02-09 15:22 . 2012-02-09 15:22 -------- d-----w- c:\program files\Bonjour

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-01-12 16:53 . 2004-08-10 05:00 1859968 ----a-w- c:\windows\system32\win32k.sys

    2011-12-21 16:45 . 2011-12-21 16:46 723294 ----a-w- c:\windows\unins000.exe

    2011-12-17 19:46 . 2004-08-10 05:00 916992 ----a-w- c:\windows\system32\wininet.dll

    2011-12-17 19:46 . 2004-08-10 05:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

    2011-12-17 19:46 . 2004-08-10 05:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

    2011-12-16 12:22 . 2004-08-10 05:00 385024 ----a-w- c:\windows\system32\html.iec

    2008-06-04 12:51 . 2008-06-04 12:29 5553 ----a-w- c:\program files\Common Files\acbackupreg.reg

    2011-11-20 18:24 . 2011-06-10 16:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

    2004-08-10 05:00 94784 --sha-w- c:\windows\twain.dll

    2008-04-14 00:12 50688 --sha-w- c:\windows\twain_32.dll

    2008-04-14 00:12 57344 --sha-w- c:\windows\system32\msvcirt.dll

    2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll

    2010-12-20 17:32 551936 --sha-w- c:\windows\system32\oleaut32.dll

    2008-04-14 00:12 11776 --sha-w- c:\windows\system32\regsvr32.exe

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon1]

    @="{B976888E-DC7B-456C-A62F-44EA07ED231F}"

    [HKEY_CLASSES_ROOT\CLSID\{B976888E-DC7B-456C-A62F-44EA07ED231F}]

    2008-10-08 21:44 495616 ----a-w- c:\program files\Cox\Media Store and Share Backup Manager\VaultClientMenu.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon2]

    @="{E30CEB29-7F47-4d0e-B2E1-56A7FC25E97D}"

    [HKEY_CLASSES_ROOT\CLSID\{E30CEB29-7F47-4d0e-B2E1-56A7FC25E97D}]

    2008-10-08 21:44 491520 ----a-w- c:\program files\Cox\Media Store and Share Backup Manager\VaultClientIcon.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2007-03-14 125632]

    "PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]

    "ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2004-07-28 81920]

    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]

    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]

    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]

    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]

    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]

    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

    "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]

    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

    "acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]

    "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]

    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-10 273528]

    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

    .

    c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\

    hpqtra08.exe [2008-3-25 214360]

    .

    c:\documents and settings\All Users\Start Menu\Programs\Startup\

    WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 3983760]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]

    2009-06-03 20:14 113152 ----a-w- c:\program files\ActivIdentity\ActivClient\ackpbsc.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]

    2009-06-03 20:13 299520 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    @="Driver"

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]

    2001-08-27 15:52 45056 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]

    2008-06-10 20:18 785520 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

    2012-01-16 22:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

    2008-10-11 15:46 36864 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

    "iPodService"=3 (0x3)

    "hpqddsvc"=2 (0x2)

    "VaultClientSRV"=2 (0x2)

    "VaultClientUpgrade"=2 (0x2)

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

    "DisableMonitoring"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

    "c:\\Program Files\\MyPoints Toolbar 2.0\\TroubleShooter.exe"=

    "c:\\Program Files\\MyPoints Toolbar 2.0\\ToolbarUpdate.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

    "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

    "c:\\Documents and Settings\\HP_Administrator\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=

    "c:\\Program Files\\MyPoints Point Finder\\TroubleShooter.exe"=

    "c:\\Program Files\\MyPoints Point Finder\\ToolbarUpdate.exe"=

    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\studio.exe"=

    "c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=

    "c:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=

    "c:\\Program Files\\Opera\\opera.exe"=

    "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=

    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

    "c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=

    "c:\\Program Files\\ASUS\\RT-N12 Wireless Router Utilities\\Discovery.exe"=

    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    "c:\\Program Files\\iTunes\\iTunes.exe"=

    .

    R0 SC247XF;SC247XF;c:\windows\system32\drivers\SC247XF.sys [9/13/2001 4:47 PM 14223]

    R1 NEOFLTR_710_19757;Juniper Networks TDI Filter Driver (NEOFLTR_710_19757);c:\windows\system32\drivers\NEOFLTR_710_19757.SYS [1/25/2012 3:54 PM 85064]

    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/10/2012 8:41 PM 106104]

    R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [1/6/2010 10:19 PM 57856]

    R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [9/26/2005 10:28 AM 108400]

    S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [7/8/2010 9:28 PM 149376]

    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [5/29/2011 1:56 PM 18560]

    S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [5/29/2011 1:53 PM 33792]

    S3 MSPANEL;AVC Panel Device;c:\windows\system32\drivers\mstapeo.sys [3/29/2004 1:26 AM 49024]

    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2/15/2012 3:56 PM 11520]

    .

    --- Other Services/Drivers In Memory ---

    .

    *NewlyCreated* - TRUESIGHT

    *Deregistered* - TrueSight

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2012-02-29 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

    .

    2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 18:29]

    .

    2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 18:29]

    .

    2012-02-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-640800275-3246585749-3817686294-1008.job

    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]

    .

    2012-02-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-640800275-3246585749-3817686294-1008.job

    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]

    .

    2012-02-29 c:\windows\Tasks\User_Feed_Synchronization-{D5FE06CA-FC11-44AE-9267-AE6C7025BC83}.job

    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.com/

    uInternet Connection Wizard,ShellNext = iexplore

    uInternet Settings,ProxyOverride = *.local

    uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm

    Trusted Zone: $talisma_url$

    Trusted Zone: turbotax.com

    TCP: DhcpNameServer = 192.168.1.254

    DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab

    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\frqeg8v4.default\

    FF - prefs.js: browser.search.selectedEngine - Ask.com

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z136&form=ZGAADF&install_date=20111221&q=

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2012-02-29 11:25

    Windows 5.1.2600 Service Pack 3 NTFS

    .

    scanning hidden processes ...

    .

    scanning hidden autostart entries ...

    .

    scanning hidden files ...

    .

    scan completed successfully

    hidden files: 0

    .

    **************************************************************************

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_USERS\S-1-5-21-640800275-3246585749-3817686294-1008\Software\Microsoft\SystemCertificates\AddressBook*]

    @Allowed: (Read) (RestrictedCode)

    @Allowed: (Read) (RestrictedCode)

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    .

    - - - - - - - > 'winlogon.exe'(956)

    c:\program files\ActivIdentity\ActivClient\ackpbsc.dll

    c:\program files\ActivIdentity\ActivClient\aclog.dll

    c:\program files\ActivIdentity\ActivClient\accrypto.dll

    c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll

    c:\program files\ActivIdentity\ActivClient\acevtsub.dll

    c:\program files\ActivIdentity\ActivClient\asphat32.dll

    c:\program files\ActivIdentity\ActivClient\acerrmes.dll

    c:\program files\ActivIdentity\ActivClient\aiwinext.dll

    c:\program files\ActivIdentity\ActivClient\aspcom.dll

    c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll

    c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll

    c:\windows\system32\Ati2evxx.dll

    c:\program files\ActivIdentity\ActivClient\acunlock.dll

    c:\program files\ActivIdentity\ActivClient\aipingui.dll

    c:\program files\ActivIdentity\ActivClient\aicext.dll

    c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll

    c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll

    c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll

    c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll

    c:\program files\ActivIdentity\ActivClient\accsp.dll

    c:\program files\ActivIdentity\ActivClient\Resources\accsprc.dll

    c:\program files\ActivIdentity\ActivClient\acjscrfs.dll

    c:\program files\Common Files\ActivIdentity\ac.sharedstoreps.dll

    c:\program files\ActivIdentity\ActivClient\acjvscv2.dll

    c:\program files\ActivIdentity\ActivClient\Resources\acjsc2rc.dll

    .

    Completion time: 2012-02-29 11:31:22

    ComboFix-quarantined-files.txt 2012-02-29 16:31

    ComboFix2.txt 2012-02-29 14:58

    .

    Pre-Run: 90,045,423,616 bytes free

    Post-Run: 90,037,608,448 bytes free

    .

    - - End Of File - - EC8B7919502938D666F189A290878F69

  7. CF Report -

    ComboFix 12-02-29.01 - HP_Administrator 02/29/2012 9:33.1.1 - x86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1214.515 [GMT -5:00]

    Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

    AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

    FW: Symantec Client Firewall *Enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\documents and settings\Administrator\WINDOWS

    c:\documents and settings\Default User\WINDOWS

    c:\documents and settings\HP_Administrator\Application Data\HPSU_48BitScanUpdate.log

    c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\frqeg8v4.default\searchplugins\bing-zugo.xml

    c:\documents and settings\HP_Administrator\WINDOWS

    c:\windows\bwUnin-7.2.0.157-8876480SL.exe

    c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe

    c:\windows\kb913800.exe

    c:\windows\system32\AutoRun.inf

    c:\windows\system32\BSTIEPrintCtl1.dll

    c:\windows\system32\config\systemprofile\WINDOWS

    c:\windows\system32\drivers\etc\hosts.ics

    c:\windows\system32\GroupPolicy\User\Scripts\scripts.ini

    D:\Autorun.inf

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))

    .

    .

    2012-02-28 02:55 . 2012-02-28 02:55 -------- d-----w- c:\program files\ESET

    2012-02-27 22:14 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-02-27 22:14 . 2012-02-27 22:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2012-02-27 03:04 . 2012-02-27 03:05 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\NPE

    2012-02-27 03:04 . 2012-02-27 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

    2012-02-26 18:16 . 2012-02-26 19:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

    2012-02-26 18:16 . 2012-02-26 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

    2012-02-25 22:32 . 2012-02-25 22:32 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes

    2012-02-25 22:32 . 2012-02-25 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

    2012-02-16 00:09 . 2012-02-16 00:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Western_Digital

    2012-02-15 23:36 . 2012-02-15 23:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

    2012-02-15 23:34 . 2012-02-15 23:34 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

    2012-02-15 22:53 . 2012-02-15 23:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\MYPOINTS

    2012-02-15 22:51 . 2012-02-15 22:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\FCTB000060497

    2012-02-15 22:51 . 2012-02-15 22:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ConduitEngine

    2012-02-15 22:50 . 2012-02-15 22:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer

    2012-02-15 22:50 . 2012-02-15 22:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Western Digital

    2012-02-15 22:49 . 2012-02-15 22:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer

    2012-02-15 22:46 . 2012-02-15 22:46 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

    2012-02-15 20:56 . 2011-02-16 22:52 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys

    2012-02-15 19:31 . 2012-02-17 20:16 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Western_Digital

    2012-02-15 18:52 . 2012-02-15 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital

    2012-02-15 18:50 . 2012-02-15 20:55 -------- d-----w- c:\program files\Western Digital

    2012-02-15 18:50 . 2012-02-15 19:38 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Western Digital

    2012-02-14 21:34 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

    2012-02-14 21:34 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

    2012-02-09 15:31 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

    2012-02-09 15:31 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

    2012-02-09 15:29 . 2012-02-09 15:29 -------- d-----w- c:\program files\iPod

    2012-02-09 15:28 . 2012-02-09 15:31 -------- d-----w- c:\program files\iTunes

    2012-02-09 15:22 . 2012-02-09 15:22 -------- d-----w- c:\program files\Bonjour

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-01-12 16:53 . 2004-08-10 05:00 1859968 ----a-w- c:\windows\system32\win32k.sys

    2011-12-21 16:45 . 2011-12-21 16:46 723294 ----a-w- c:\windows\unins000.exe

    2011-12-17 19:46 . 2004-08-10 05:00 916992 ----a-w- c:\windows\system32\wininet.dll

    2011-12-17 19:46 . 2004-08-10 05:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

    2011-12-17 19:46 . 2004-08-10 05:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

    2011-12-16 12:22 . 2004-08-10 05:00 385024 ----a-w- c:\windows\system32\html.iec

    2008-06-04 12:51 . 2008-06-04 12:29 5553 ----a-w- c:\program files\Common Files\acbackupreg.reg

    2011-11-20 18:24 . 2011-06-10 16:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

    2004-08-10 05:00 94784 --sha-w- c:\windows\twain.dll

    2008-04-14 00:12 50688 --sha-w- c:\windows\twain_32.dll

    2008-04-14 00:12 57344 --sha-w- c:\windows\system32\msvcirt.dll

    2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll

    2008-04-14 00:12 343040 --sha-w- c:\windows\system32\msvcrt.dll

    2010-12-20 17:32 551936 --sha-w- c:\windows\system32\oleaut32.dll

    2008-04-14 00:12 84992 --sha-w- c:\windows\system32\olepro32.dll

    2008-04-14 00:12 11776 --sha-w- c:\windows\system32\regsvr32.exe

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

    2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

    .

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]

    2010-06-20 02:50 1547776 ----a-w- c:\program files\MyPoints Point Finder\Toolbar.dll

    .

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-CEC4-75A487FD6484}]

    2008-11-23 21:59 1909248 ----a-w- c:\progra~1\mypoints\mypoints.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{A057A204-BACC-4D26-CEC4-75A487FD6484}"= "c:\progra~1\mypoints\mypoints.dll" [2008-11-23 1909248]

    "{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Point Finder\Toolbar.dll" [2010-06-20 1547776]

    .

    [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]

    [HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

    .

    [HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]

    [HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]

    [HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]

    [HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]

    .

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

    "{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Point Finder\Toolbar.dll" [2010-06-20 1547776]

    .

    [HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]

    [HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]

    [HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]

    [HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon1]

    @="{B976888E-DC7B-456C-A62F-44EA07ED231F}"

    [HKEY_CLASSES_ROOT\CLSID\{B976888E-DC7B-456C-A62F-44EA07ED231F}]

    2008-10-08 21:44 495616 ----a-w- c:\program files\Cox\Media Store and Share Backup Manager\VaultClientMenu.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon2]

    @="{E30CEB29-7F47-4d0e-B2E1-56A7FC25E97D}"

    [HKEY_CLASSES_ROOT\CLSID\{E30CEB29-7F47-4d0e-B2E1-56A7FC25E97D}]

    2008-10-08 21:44 491520 ----a-w- c:\program files\Cox\Media Store and Share Backup Manager\VaultClientIcon.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2007-03-14 125632]

    "PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]

    "ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2004-07-28 81920]

    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]

    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]

    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]

    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]

    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]

    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

    "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]

    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

    "acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]

    "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]

    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-10 273528]

    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

    .

    c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\

    hpqtra08.exe [2008-3-25 214360]

    .

    c:\documents and settings\All Users\Start Menu\Programs\Startup\

    WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 3983760]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]

    2009-06-03 20:14 113152 ----a-w- c:\program files\ActivIdentity\ActivClient\ackpbsc.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]

    2009-06-03 20:13 299520 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    @="Driver"

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]

    2001-08-27 15:52 45056 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]

    2008-06-10 20:18 785520 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

    2012-01-16 22:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

    2008-10-11 15:46 36864 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

    "iPodService"=3 (0x3)

    "hpqddsvc"=2 (0x2)

    "VaultClientSRV"=2 (0x2)

    "VaultClientUpgrade"=2 (0x2)

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

    "DisableMonitoring"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

    "c:\\Program Files\\MyPoints Toolbar 2.0\\TroubleShooter.exe"=

    "c:\\Program Files\\MyPoints Toolbar 2.0\\ToolbarUpdate.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

    "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

    "c:\\Documents and Settings\\HP_Administrator\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=

    "c:\\Program Files\\MyPoints Point Finder\\TroubleShooter.exe"=

    "c:\\Program Files\\MyPoints Point Finder\\ToolbarUpdate.exe"=

    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\studio.exe"=

    "c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=

    "c:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=

    "c:\\Program Files\\Opera\\opera.exe"=

    "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=

    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

    "c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=

    "c:\\Program Files\\ASUS\\RT-N12 Wireless Router Utilities\\Discovery.exe"=

    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    "c:\\Program Files\\iTunes\\iTunes.exe"=

    .

    R0 SC247XF;SC247XF;c:\windows\system32\drivers\SC247XF.sys [9/13/2001 4:47 PM 14223]

    R1 NEOFLTR_710_19757;Juniper Networks TDI Filter Driver (NEOFLTR_710_19757);c:\windows\system32\drivers\NEOFLTR_710_19757.SYS [1/25/2012 3:54 PM 85064]

    R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [6/3/2009 3:16 PM 207400]

    R2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [9/26/2005 10:28 AM 258146]

    R2 MMIndexer;Media Manager Indexer;c:\program files\Common Files\Microsoft Shared\Media Manager\AIRSVCU.EXE [7/15/1997 136704]

    R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\x86\novacomd.exe [3/15/2011 3:35 PM 61440]

    R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [8/1/2011 10:11 AM 263056]

    R2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [8/1/2011 10:11 AM 1592208]

    R2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [8/1/2011 10:11 AM 1091984]

    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/10/2012 8:41 PM 106104]

    R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [9/26/2005 10:28 AM 108400]

    S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [7/8/2010 9:28 PM 149376]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]

    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/10/2010 1:29 PM 136176]

    S2 McciServiceHost;McciServiceHost;"c:\program files\Common Files\Motive\McciServiceHost.exe" --> c:\program files\Common Files\Motive\McciServiceHost.exe [?]

    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [5/29/2011 1:56 PM 18560]

    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/10/2010 1:29 PM 136176]

    S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [5/29/2011 1:53 PM 33792]

    S3 MSPANEL;AVC Panel Device;c:\windows\system32\drivers\mstapeo.sys [3/29/2004 1:26 AM 49024]

    S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [3/14/2007 6:48 PM 116416]

    S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [1/6/2010 10:19 PM 57856]

    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2/15/2012 3:56 PM 11520]

    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

    S4 VaultClientSRV;Media Store and Share Backup Manager Service;c:\program files\Cox\Media Store and Share Backup Manager\VaultClientSRV.exe [10/8/2008 4:45 PM 981456]

    S4 VaultClientUpgrade;Backup Manager Upgrade Service;c:\program files\Cox\Media Store and Share Backup Manager\VaultClientUpgrade.exe [10/8/2008 4:45 PM 55760]

    .

    --- Other Services/Drivers In Memory ---

    .

    *NewlyCreated* - TRUESIGHT

    *Deregistered* - TrueSight

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2012-02-29 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

    .

    2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 18:29]

    .

    2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 18:29]

    .

    2012-02-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-640800275-3246585749-3817686294-1008.job

    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]

    .

    2012-02-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-640800275-3246585749-3817686294-1008.job

    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]

    .

    2012-02-29 c:\windows\Tasks\User_Feed_Synchronization-{D5FE06CA-FC11-44AE-9267-AE6C7025BC83}.job

    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.com/

    uInternet Connection Wizard,ShellNext = iexplore

    uInternet Settings,ProxyServer = 118.97.119.164:80

    uInternet Settings,ProxyOverride = *.local

    uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm

    Trusted Zone: $talisma_url$

    Trusted Zone: turbotax.com

    TCP: DhcpNameServer = 192.168.1.254

    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

    DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab

    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\frqeg8v4.default\

    FF - prefs.js: browser.search.selectedEngine - Ask.com

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z136&form=ZGAADF&install_date=20111221&q=

    .

    - - - - ORPHANS REMOVED - - - -

    .

    Toolbar-Locked - (no file)

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

    HKCU-Run-212B679BCC229656D917314ACDE51BAC2EEF83CD._service_run - c:\program files\Google\Chrome\Application\chrome.exe

    HKCU-Run-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe

    HKLM-Run-PCDrProfiler - (no file)

    AddRemove-LSI Soft Modem - c:\windows\agrsmdel

    AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

    .

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2012-02-29 09:49

    Windows 5.1.2600 Service Pack 3 NTFS

    .

    scanning hidden processes ...

    .

    scanning hidden autostart entries ...

    .

    scanning hidden files ...

    .

    scan completed successfully

    hidden files: 0

    .

    **************************************************************************

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_USERS\S-1-5-21-640800275-3246585749-3817686294-1008\Software\Microsoft\SystemCertificates\AddressBook*]

    @Allowed: (Read) (RestrictedCode)

    @Allowed: (Read) (RestrictedCode)

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    .

    - - - - - - - > 'winlogon.exe'(956)

    c:\program files\ActivIdentity\ActivClient\ackpbsc.dll

    c:\program files\ActivIdentity\ActivClient\aclog.dll

    c:\program files\ActivIdentity\ActivClient\accrypto.dll

    c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll

    c:\program files\ActivIdentity\ActivClient\acevtsub.dll

    c:\program files\ActivIdentity\ActivClient\asphat32.dll

    c:\program files\ActivIdentity\ActivClient\acerrmes.dll

    c:\program files\ActivIdentity\ActivClient\aiwinext.dll

    c:\program files\ActivIdentity\ActivClient\aspcom.dll

    c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll

    c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll

    c:\windows\system32\Ati2evxx.dll

    c:\program files\ActivIdentity\ActivClient\acunlock.dll

    c:\program files\ActivIdentity\ActivClient\aipingui.dll

    c:\program files\ActivIdentity\ActivClient\aicext.dll

    c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll

    c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll

    c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll

    c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll

    c:\program files\ActivIdentity\ActivClient\accsp.dll

    c:\program files\ActivIdentity\ActivClient\Resources\accsprc.dll

    c:\program files\ActivIdentity\ActivClient\acjscrfs.dll

    c:\program files\Common Files\ActivIdentity\ac.sharedstoreps.dll

    c:\program files\ActivIdentity\ActivClient\acjvscv2.dll

    c:\program files\ActivIdentity\ActivClient\Resources\acjsc2rc.dll

    .

    Completion time: 2012-02-29 09:58:32

    ComboFix-quarantined-files.txt 2012-02-29 14:58

    .

    Pre-Run: 89,913,860,096 bytes free

    Post-Run: 90,026,016,768 bytes free

    .

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

    [boot loader]

    timeout=3

    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

    [operating systems]

    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    .

    - - End Of File - - B6A8063C6E345E05E9B0D47535ED85BC

  8. Thanks. Report below. I ran another ESET scan last night, as well as a full MBAM scan last night, and both found nothing. My firewall still reports MasterParadise, DeepThroat and RAT attacks every 6-7 hours. Maybe a clean MBR is needed, after removing the Agent.SZW? TIA.

    RogueKiller V7.2.0 [02/27/2012] by Tigzy

    mail: tigzyRK<at>gmail<dot>com

    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

    Started in : Normal mode

    User: HP_Administrator [Admin rights]

    Mode: Scan -- Date: 02/29/2012 08:55:25

    ¤¤¤ Bad processes: 2 ¤¤¤

    [sUSP PATH] arpwrmsg.exe -- C:\WINDOWS\ARPWRMSG.EXE -> KILLED [TermProc]

    [sUSP PATH] JuniperSetupClient.exe -- C:\Documents and Settings\HP_Administrator\Application Data\Juniper Networks\Setup Client\JuniperSetupClient.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 5 ¤¤¤

    [RANDOMNAME] HKLM\[...]\Run : PinnacleDriverCheck (C:\WINDOWS\system32\\PSDrvCheck.exe) -> FOUND

    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (118.97.119.164:80) -> FOUND

    [HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND

    [HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND

    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD2500JS-60MHB1 +++++

    --- User ---

    [MBR] b978857295c648f7c9e038708e5ddfe0

    [bSP] 8a7884da59e414827f91c43dcf324e78 : Toshiba tatooed MBR Code

    Partition table:

    0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 8711 Mo

    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 17841600 | Size: 229753 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    +++++ PhysicalDrive1: HP Photosmart C4280 USB Device +++++

    Error reading User MBR!

    User = LL1 ... OK!

    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>

    RKreport[1].txt

  9. Merged 3 post

    Hi,

    My firewall says I am being attacked by:

    Portal of Doom

    Master Paradise

    Deep Throat

    RAT

    My firewall is symantic. My AV didn't find anything (up to date), nor did Spybot S+D. I am not experiencing any problems, aside from an extremely slow boot up. My firewall is just keeps going off on those ports associated with the above. Please advise. Thanks.

    DDS (Ver_2011-08-26.01) - NTFSx86

    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30

    Run by HP_Administrator at 20:56:56 on 2012-02-27

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1214.342 [GMT -5:00]

    .

    AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

    FW: Symantec Client Firewall *Enabled*

    .

    ============== Running Processes ===============

    .

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost -k DcomLaunch

    svchost.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs

    svchost.exe

    svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

    C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

    svchost.exe

    C:\Program Files\LSI SoftModem\agrsmsvc.exe

    C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe

    C:\program files\common files\installshield\updateservice\issch.exe

    C:\WINDOWS\arservice.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    C:\WINDOWS\ehome\ehtray.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe

    C:\WINDOWS\ARPWRMSG.EXE

    C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

    C:\HP\KBD\KBD.EXE

    C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

    C:\WINDOWS\eHome\ehRecvr.exe

    C:\WINDOWS\eHome\ehSched.exe

    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

    C:\Program Files\ActivIdentity\ActivClient\acevents.exe

    C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

    C:\program files\real\realplayer\update\realsched.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe

    C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\hpqtra08.exe

    C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

    C:\Program Files\Common Files\Motive\McciCMService.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe

    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

    C:\WINDOWS\System32\svchost.exe -k HPZ12

    C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe

    C:\WINDOWS\System32\svchost.exe -k HPZ12

    svchost.exe

    C:\WINDOWS\system32\svchost.exe -k imgsvc

    C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe

    C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

    C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe

    C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe

    C:\WINDOWS\system32\wwSecure.exe

    c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe

    C:\Program Files\Western Digital\WD SmartWare\WDFME.exe

    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\system32\dllhost.exe

    C:\WINDOWS\eHome\ehmsas.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uSearch Page =

    uSearch Bar =

    uStart Page = hxxp://www.google.com/

    uInternet Connection Wizard,ShellNext = iexplore

    uInternet Settings,ProxyServer = 118.97.119.164:80

    uInternet Settings,ProxyOverride = *.local

    uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm

    mSearchAssistant =

    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

    BHO: Freecause Toolbar BHO: {614bda1f-9bef-4cd1-bde4-fa4804929b4a} - c:\program files\mypoints point finder\Toolbar.dll

    BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

    BHO: MYPOINTS: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:\progra~1\mypoints\mypoints.dll

    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    TB: MYPOINTS: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:\progra~1\mypoints\mypoints.dll

    TB: MyPoints Point Finder: {89a2510a-b4b6-4683-bec9-1b96700bc7f1} - c:\program files\mypoints point finder\Toolbar.dll

    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

    TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File

    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

    {555d4d79-4bd2-4094-a395-cfc534424a05}

    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

    uRun: [212B679BCC229656D917314ACDE51BAC2EEF83CD._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service

    uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"

    uRunOnce: [index Washer] c:\program files\webroot\washer\WashIdx.exe "HP_Administrator"

    mRun: [vptray] c:\progra~1\symant~1\symant~2\VPTray.exe

    mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe

    mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

    mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

    mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

    mRun: [ehTray] c:\windows\ehome\ehtray.exe

    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

    mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE

    mRun: [KBD] c:\hp\kbd\KBD.EXE

    mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

    mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"

    mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"

    mRun: [PCDrProfiler]

    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

    mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

    StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\hpqtra08.exe

    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdquic~1.lnk - c:\program files\western digital\wd smartware\WDDMStatus.exe

    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

    Trusted Zone: $talisma_url$

    Trusted Zone: turbotax.com

    DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab

    DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://support.cox.com/sdccommon/download/tgctlcm.cab

    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab

    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228247357375

    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://io.dcma.mil/dana-cached/sc/JuniperSetupClient.cab

    TCP: DhcpNameServer = 192.168.1.254

    TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

    TCP: Interfaces\{FD46DAA1-DDF8-4A37-9641-AB347B20A235} : DhcpNameServer = 192.168.1.254

    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

    Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - c:\program files\microsoft\outlook web access smime client\mimectl.dll

    Notify: ackpbsc - c:\program files\actividentity\activclient\ackpbsc.dll

    Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll

    Notify: AtiExtEvent - Ati2evxx.dll

    Notify: NavLogon - c:\windows\system32\NavLogon.dll

    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\frqeg8v4.default\

    FF - prefs.js: browser.search.selectedEngine - Ask.com

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z136&form=ZGAADF&install_date=20111221&q=

    FF - prefs.js: network.proxy.socks - 127.0.0.1

    FF - prefs.js: network.proxy.socks_port - 9050

    FF - prefs.js: network.proxy.type - 1

    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

    FF - plugin: c:\program files\common files\motive\npMotive.dll

    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 SC247XF;SC247XF;c:\windows\system32\drivers\SC247XF.sys [2001-9-13 14223]

    R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [2010-7-8 149376]

    R1 NEOFLTR_710_19757;Juniper Networks TDI Filter Driver (NEOFLTR_710_19757);c:\windows\system32\drivers\NEOFLTR_710_19757.SYS [2012-1-25 85064]

    R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2006-9-6 337592]

    R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2006-9-6 54968]

    R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]

    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104]

    R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2006-11-21 202344]

    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]

    R2 cpextender;Check Point SSL Network Extender;c:\program files\checkpoint\ssl network extender\slimsvc.exe [2005-9-26 258146]

    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

    R2 MMIndexer;Media Manager Indexer;c:\program files\common files\microsoft shared\media manager\AIRSVCU.EXE [1997-7-15 136704]

    R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacomd\x86\novacomd.exe [2011-3-15 61440]

    R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2007-3-14 1816768]

    R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\WDDMService.exe [2011-8-1 263056]

    R2 WDFMEService;WDFMEService;c:\program files\western digital\wd smartware\WDFME.exe [2011-8-1 1592208]

    R2 WDRulesService;WDRulesService;c:\program files\western digital\wd smartware\WDRulesEngine.exe [2011-8-1 1091984]

    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-10 106104]

    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120225.008\naveng.sys [2012-2-26 86136]

    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120225.008\navex15.sys [2012-2-26 1576312]

    R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2010-1-6 57856]

    R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2005-9-26 108400]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-10 136176]

    S2 McciServiceHost;McciServiceHost;"c:\program files\common files\motive\mcciservicehost.exe" --> c:\program files\common files\motive\McciServiceHost.exe [?]

    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-5-29 18560]

    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-10 136176]

    S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2011-5-29 33792]

    S3 MSPANEL;AVC Panel Device;c:\windows\system32\drivers\mstapeo.sys [2004-3-29 49024]

    S3 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2007-3-14 116416]

    S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-9-30 1087680]

    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-2-15 11520]

    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    S4 VaultClientSRV;Media Store and Share Backup Manager Service;c:\program files\cox\media store and share backup manager\VaultClientSRV.exe [2008-10-8 981456]

    S4 VaultClientUpgrade;Backup Manager Upgrade Service;c:\program files\cox\media store and share backup manager\VaultClientUpgrade.exe [2008-10-8 55760]

    .

    =============== Created Last 30 ================

    .

    2012-02-27 22:14:52 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-02-27 22:14:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2012-02-27 03:04:36 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\NPE

    2012-02-27 03:04:36 -------- d-----w- c:\documents and settings\all users\application data\Norton

    2012-02-26 18:16:26 -------- d-----w- c:\program files\Spybot - Search & Destroy

    2012-02-26 18:16:26 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

    2012-02-25 22:32:14 -------- d-----w- c:\documents and settings\hp_administrator\application data\Malwarebytes

    2012-02-25 22:32:00 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

    2012-02-15 20:56:20 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys

    2012-02-15 19:31:06 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Western_Digital

    2012-02-15 18:52:23 -------- d-----w- c:\documents and settings\all users\application data\Western Digital

    2012-02-15 18:50:46 -------- d-----w- c:\program files\Western Digital

    2012-02-15 18:50:04 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Western Digital

    2012-02-14 21:34:55 3072 ------w- c:\windows\system32\iacenc.dll

    2012-02-14 21:34:55 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

    2012-02-09 15:31:49 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

    2012-02-09 15:31:49 107368 ----a-w- c:\windows\system32\GEARAspi.dll

    2012-02-09 15:29:22 -------- d-----w- c:\program files\iPod

    2012-02-09 15:28:04 -------- d-----w- c:\program files\iTunes

    2012-02-09 15:22:02 -------- d-----w- c:\program files\Bonjour

    .

    ==================== Find3M ====================

    .

    2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys

    2011-12-21 16:45:39 723294 ----a-w- c:\windows\unins000.exe

    2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll

    2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll

    2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

    2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec

    2008-06-04 12:51:36 5553 ----a-w- c:\program files\common files\acbackupreg.reg

    2004-08-10 05:00:00 94784 --sha-w- c:\windows\twain.dll

    2008-04-14 00:12:07 50688 --sha-w- c:\windows\twain_32.dll

    2008-04-14 00:12:01 57344 --sha-w- c:\windows\system32\msvcirt.dll

    2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll

    2008-04-14 00:12:01 343040 --sha-w- c:\windows\system32\msvcrt.dll

    2010-12-20 17:32:15 551936 --sha-w- c:\windows\system32\oleaut32.dll

    2008-04-14 00:12:02 84992 --sha-w- c:\windows\system32\olepro32.dll

    2008-04-14 00:12:32 11776 --sha-w- c:\windows\system32\regsvr32.exe

    .

    ============= FINISH: 20:57:38.14 ===============

    DDS (Ver_2011-08-26.01)

    .

    Microsoft Windows XP Professional

    Boot Device: \Device\HarddiskVolume2

    Install Date: 2/4/2006 7:49:54 PM

    System Uptime: 2/27/2012 7:31:28 PM (1 hours ago)

    .

    Motherboard: MSI | | AMETHYST-M

    Processor: AMD Athlon 64 Processor 3800+ | Socket 939 | 2387/200mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 224 GiB total, 84.115 GiB free.

    D: is FIXED (FAT32) - 8 GiB total, 1.114 GiB free.

    E: is CDROM ()

    F: is CDROM ()

    G: is Removable

    N: is Removable

    O: is Removable

    P: is Removable

    Q: is Removable

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP1231: 1/28/2012 10:44:51 AM - System Checkpoint

    RP1232: 1/29/2012 10:56:31 AM - System Checkpoint

    RP1233: 1/30/2012 5:33:52 PM - System Checkpoint

    RP1234: 1/31/2012 5:56:28 PM - System Checkpoint

    RP1235: 2/1/2012 5:57:33 PM - System Checkpoint

    RP1236: 2/2/2012 6:56:27 PM - System Checkpoint

    RP1237: 2/3/2012 7:48:55 PM - System Checkpoint

    RP1238: 2/4/2012 8:21:34 PM - System Checkpoint

    RP1239: 2/5/2012 8:30:36 PM - System Checkpoint

    RP1240: 2/6/2012 10:44:58 PM - System Checkpoint

    RP1241: 2/7/2012 11:09:53 PM - System Checkpoint

    RP1242: 2/8/2012 11:29:21 PM - System Checkpoint

    RP1243: 2/9/2012 10:07:39 AM - Removed iTunes

    RP1244: 2/9/2012 10:27:27 AM - Installed iTunes

    RP1245: 2/10/2012 11:19:13 AM - System Checkpoint

    RP1246: 2/11/2012 11:22:41 AM - System Checkpoint

    RP1247: 2/12/2012 12:43:44 PM - System Checkpoint

    RP1248: 2/13/2012 1:03:10 PM - System Checkpoint

    RP1249: 2/14/2012 2:08:58 PM - System Checkpoint

    RP1250: 2/15/2012 3:00:20 AM - Software Distribution Service 3.0

    RP1251: 2/15/2012 3:24:15 PM - Installed WD Software Upgrader

    RP1252: 2/16/2012 3:46:24 PM - System Checkpoint

    RP1253: 2/17/2012 4:39:48 PM - System Checkpoint

    RP1254: 2/18/2012 5:33:12 PM - System Checkpoint

    RP1255: 2/19/2012 6:26:35 PM - System Checkpoint

    RP1256: 2/20/2012 7:35:39 PM - System Checkpoint

    RP1257: 2/21/2012 8:39:12 PM - System Checkpoint

    RP1258: 2/22/2012 9:09:54 PM - System Checkpoint

    RP1259: 2/23/2012 10:05:36 PM - System Checkpoint

    RP1260: 2/24/2012 10:59:13 PM - System Checkpoint

    RP1261: 2/25/2012 10:59:33 PM - System Checkpoint

    RP1262: 2/26/2012 11:31:34 PM - System Checkpoint

    .

    ==== Installed Programs ======================

    .

    .

    32 Bit HP CIO Components Installer

    Acrobat.com

    ActivClient CAC x86

    Adobe AIR

    Adobe Flash Player 10 ActiveX

    Adobe Flash Player 10 Plugin

    Adobe Photoshop Elements 2.0

    Adobe Reader X (10.1.2)

    Adobe® Photoshop® Album Starter Edition 3.2

    Agere Systems PCI-SV92PP Soft Modem

    AIO_Scan

    Amazon MP3 Downloader 1.0.10

    Amazon Unbox Video

    AnswerWorks 4.0 Runtime - English

    AnswerWorks 5.0 English Runtime

    Apple Application Support

    Apple Mobile Device Support

    Apple Software Update

    ASUS RT-N12 Wireless Router Utilities

    ATI Control Panel

    ATI Display Driver

    att.net Internet Mail

    AutoUpdate

    Bonjour

    BufferChm

    C4200

    C4200_doccd

    c4200_Help

    CameraDrivers

    CCleaner

    Check Point SSL Network Extender

    Compatibility Pack for the 2007 Office system

    Copy

    Coupon Printer for Windows

    cp_LightScribeConfig

    cp_LightScribePlugin

    CP_Package_Variety1

    CP_Package_Variety2

    CP_Package_Variety3

    Critical Update for Windows Media Player 11 (KB959772)

    CustomerResearchQFolder

    Destination Component

    Device Installer x86

    DeviceDiscovery

    DeviceManagementQFolder

    DiscAPI (Studio 10)

    DivX

    DocProc

    DocProcQFolder

    DVDSmith Movie Backup 1.0.5

    Enhanced Multimedia Keyboard Solution

    eSupportQFolder

    Family Tree Maker 2005

    First Step Guide

    Garmin City Navigator North America NT 2010.20

    Garmin Communicator Plugin

    Garmin POI Loader

    Garmin USB Drivers

    GdiplusUpgrade

    Google Toolbar for Internet Explorer

    Google Update Helper

    GTK2-Runtime

    H&R Block Basic + Efile 2009

    Handbrake 0.9.4

    Hardwood Spades

    High Definition Audio Driver Package - KB888111

    Hotfix 2050 for SQL Server 2000 ENU (KB948110)

    Hotfix 2055 for SQL Server 2000 ENU (KB960082)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

    Hotfix for Windows Internet Explorer 7 (KB947864)

    Hotfix for Windows Media Format 11 SDK (KB929399)

    Hotfix for Windows Media Format 11 SDK (KB939209)

    Hotfix for Windows Media Player 10 (KB903157)

    Hotfix for Windows Media Player 11 (KB939683)

    Hotfix for Windows XP (KB2158563)

    Hotfix for Windows XP (KB2443685)

    Hotfix for Windows XP (KB2570791)

    Hotfix for Windows XP (KB2633952)

    Hotfix for Windows XP (KB952287)

    Hotfix for Windows XP (KB954550-v5)

    Hotfix for Windows XP (KB961118)

    Hotfix for Windows XP (KB970653-v3)

    Hotfix for Windows XP (KB976098-v2)

    Hotfix for Windows XP (KB979306)

    Hotfix for Windows XP (KB981793)

    HP Boot Optimizer

    HP Customer Participation Program 9.0

    HP Deskjet Printer Preload

    HP DigitalMedia Archive

    HP Imaging Device Functions 9.0

    HP OCR Software 9.0

    HP Photo Imaging Software

    HP Photo Printing Software

    HP PhotoSmart Scanning Software

    HP Photosmart All-In-One Software 9.0

    HP Photosmart Cameras 5.0

    HP Photosmart Essential 2.01

    HP Photosmart Essential2.01

    HP Play [beta]

    HP Product Assistant

    HP Product Detection

    HP Solution Center 9.0

    HP Update

    HPDiagnosticAlert

    HPProductAssistant

    HpSdpAppCoreApp

    HPSSupply

    ImageMixer VCD2

    InterActual Player

    InterVideo WinDVD Player

    IrfanView (remove only)

    iTunes

    Java Auto Updater

    Java 6 Update 30

    JumpStart Advanced School Time

    Juniper Networks Cache Cleaner 6.5.0

    Juniper Networks Host Checker

    Juniper Networks Secure Application Manager

    Juniper Networks, Inc. Setup Client

    Juniper Terminal Services Client

    K-Lite Codec Pack 6.8.0 (Standard)

    LeapFrog Connect

    LeapFrog LeapPad Explorer Plugin

    LeapFrog My Pals Plugin

    LeapFrog Tag Plugin

    Lexia Reading

    LightScribe 1.4.52.1

    LiveUpdate 3.1 (Symantec Corporation)

    Logitech Desktop Messenger

    Logitech Legacy USB Camera Driver Package

    Logitech QuickCam Driver Package

    Logitech Vid HD

    Logitech Webcam Software

    LSI PCI-SV92PP Soft Modem

    Macromedia Flash Player

    Malwarebytes Anti-Malware version 1.60.1.1000

    MarketResearch

    MasterSplitter Program

    Math Games

    Media Store and Share Backup Manager

    Microsoft .NET Framework 1.0 Hotfix (KB2572066)

    Microsoft .NET Framework 1.0 Hotfix (KB953295)

    Microsoft .NET Framework 1.0 Hotfix (KB979904)

    Microsoft .NET Framework 1.1

    Microsoft .NET Framework 1.1 Security Update (KB2656353)

    Microsoft .NET Framework 1.1 Security Update (KB979906)

    Microsoft .NET Framework 2.0 Service Pack 2

    Microsoft .NET Framework 3.0 Service Pack 2

    Microsoft .NET Framework 3.5 SP1

    Microsoft .NET Framework 4 Client Profile

    Microsoft .NET Framework 4 Extended

    Microsoft Away Mode

    Microsoft Compression Client Pack 1.0 for Windows XP

    Microsoft Internationalized Domain Names Mitigation APIs

    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

    Microsoft Media Manager 1.5

    Microsoft National Language Support Downlevel APIs

    Microsoft Office XP Media Content

    Microsoft Office XP Professional

    Microsoft Outlook Web Access S/MIME (2007)

    Microsoft SQL Server Desktop Engine (PINNACLESYS)

    Microsoft User-Mode Driver Framework Feature Pack 1.7

    Microsoft Visual C++ 2005 Redistributable

    Microsoft WinUsb 1.0

    MobileMe Control Panel

    Mozilla Firefox 8.0 (x86 en-US)

    Mozilla Thunderbird (6.0)

    MSXML 4.0 SP2 (KB927978)

    MSXML 4.0 SP2 (KB936181)

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    muvee autoProducer unPlugged 1.2

    MyPoints Point Finder

    MyPoints Toolbar

    MyPoints Toolbar 2.0

    Novacomd

    Octoshape add-in for Adobe Flash Player

    OLYMPUS CAMEDIA Master 2.5

    OpenMG AAC Add-on Module 1.0.00

    OpenMG Limited Patch 4.5-06-05-12-01

    OpenMG Secure Module 4.5.01

    Paint and Create

    PC-Doctor 5 for Windows

    PC Inspector File Recovery

    Pdf995 (installed by H&R Block)

    PdfEdit995 (installed by H&R Block)

    Picture Package Music Transfer

    Pinnacle Instant DVD Recorder

    Pinnacle MediaServer

    PS_AIO_ProductContext

    PS_AIO_Software

    PS_AIO_Software_min

    PSSWCORE

    Quicken 2010

    QuickTime

    RAPID (Studio 10)

    RealNetworks - Microsoft Visual C++ 2008 Runtime

    RealPlayer

    RealUpgrade 1.1

    Savings Bond Wizard

    Scan

    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

    Security Update for Microsoft Windows (KB2564958)

    Security Update for Step By Step Interactive Training (KB898458)

    Security Update for Step By Step Interactive Training (KB923723)

    Security Update for Windows Internet Explorer 7 (KB928090)

    Security Update for Windows Internet Explorer 7 (KB929969)

    Security Update for Windows Internet Explorer 7 (KB931768)

    Security Update for Windows Internet Explorer 7 (KB933566)

    Security Update for Windows Internet Explorer 7 (KB937143)

    Security Update for Windows Internet Explorer 7 (KB938127)

    Security Update for Windows Internet Explorer 7 (KB939653)

    Security Update for Windows Internet Explorer 7 (KB942615)

    Security Update for Windows Internet Explorer 7 (KB944533)

    Security Update for Windows Internet Explorer 7 (KB950759)

    Security Update for Windows Internet Explorer 7 (KB953838)

    Security Update for Windows Internet Explorer 7 (KB956390)

    Security Update for Windows Internet Explorer 7 (KB958215)

    Security Update for Windows Internet Explorer 7 (KB960714)

    Security Update for Windows Internet Explorer 7 (KB961260)

    Security Update for Windows Internet Explorer 7 (KB963027)

    Security Update for Windows Internet Explorer 8 (KB2183461)

    Security Update for Windows Internet Explorer 8 (KB2360131)

    Security Update for Windows Internet Explorer 8 (KB2416400)

    Security Update for Windows Internet Explorer 8 (KB2482017)

    Security Update for Windows Internet Explorer 8 (KB2497640)

    Security Update for Windows Internet Explorer 8 (KB2510531)

    Security Update for Windows Internet Explorer 8 (KB2530548)

    Security Update for Windows Internet Explorer 8 (KB2544521)

    Security Update for Windows Internet Explorer 8 (KB2559049)

    Security Update for Windows Internet Explorer 8 (KB2586448)

    Security Update for Windows Internet Explorer 8 (KB2618444)

    Security Update for Windows Internet Explorer 8 (KB2647516)

    Security Update for Windows Internet Explorer 8 (KB969897)

    Security Update for Windows Internet Explorer 8 (KB971961)

    Security Update for Windows Internet Explorer 8 (KB972260)

    Security Update for Windows Internet Explorer 8 (KB974455)

    Security Update for Windows Internet Explorer 8 (KB976325)

    Security Update for Windows Internet Explorer 8 (KB978207)

    Security Update for Windows Internet Explorer 8 (KB981332)

    Security Update for Windows Internet Explorer 8 (KB982381)

    Security Update for Windows Media Player (KB2378111)

    Security Update for Windows Media Player (KB952069)

    Security Update for Windows Media Player (KB954155)

    Security Update for Windows Media Player (KB968816)

    Security Update for Windows Media Player (KB973540)

    Security Update for Windows Media Player (KB975558)

    Security Update for Windows Media Player (KB978695)

    Security Update for Windows Media Player 10 (KB911565)

    Security Update for Windows Media Player 10 (KB917734)

    Security Update for Windows Media Player 11 (KB936782)

    Security Update for Windows Media Player 11 (KB954154)

    Security Update for Windows Media Player 6.4 (KB925398)

    Security Update for Windows XP (KB2079403)

    Security Update for Windows XP (KB2115168)

    Security Update for Windows XP (KB2121546)

    Security Update for Windows XP (KB2160329)

    Security Update for Windows XP (KB2229593)

    Security Update for Windows XP (KB2259922)

    Security Update for Windows XP (KB2279986)

    Security Update for Windows XP (KB2286198)

    Security Update for Windows XP (KB2296011)

    Security Update for Windows XP (KB2296199)

    Security Update for Windows XP (KB2347290)

    Security Update for Windows XP (KB2360937)

    Security Update for Windows XP (KB2387149)

    Security Update for Windows XP (KB2393802)

    Security Update for Windows XP (KB2412687)

    Security Update for Windows XP (KB2419632)

    Security Update for Windows XP (KB2423089)

    Security Update for Windows XP (KB2436673)

    Security Update for Windows XP (KB2440591)

    Security Update for Windows XP (KB2443105)

    Security Update for Windows XP (KB2476490)

    Security Update for Windows XP (KB2476687)

    Security Update for Windows XP (KB2478960)

    Security Update for Windows XP (KB2478971)

    Security Update for Windows XP (KB2479628)

    Security Update for Windows XP (KB2481109)

    Security Update for Windows XP (KB2483185)

    Security Update for Windows XP (KB2485376)

    Security Update for Windows XP (KB2485663)

    Security Update for Windows XP (KB2491683)

    Security Update for Windows XP (KB2503658)

    Security Update for Windows XP (KB2503665)

    Security Update for Windows XP (KB2506212)

    Security Update for Windows XP (KB2506223)

    Security Update for Windows XP (KB2507618)

    Security Update for Windows XP (KB2507938)

    Security Update for Windows XP (KB2508272)

    Security Update for Windows XP (KB2508429)

    Security Update for Windows XP (KB2509553)

    Security Update for Windows XP (KB2511455)

    Security Update for Windows XP (KB2524375)

    Security Update for Windows XP (KB2535512)

    Security Update for Windows XP (KB2536276-v2)

    Security Update for Windows XP (KB2536276)

    Security Update for Windows XP (KB2544893-v2)

    Security Update for Windows XP (KB2544893)

    Security Update for Windows XP (KB2555917)

    Security Update for Windows XP (KB2562937)

    Security Update for Windows XP (KB2566454)

    Security Update for Windows XP (KB2567053)

    Security Update for Windows XP (KB2567680)

    Security Update for Windows XP (KB2570222)

    Security Update for Windows XP (KB2570947)

    Security Update for Windows XP (KB2584146)

    Security Update for Windows XP (KB2585542)

    Security Update for Windows XP (KB2592799)

    Security Update for Windows XP (KB2598479)

    Security Update for Windows XP (KB2603381)

    Security Update for Windows XP (KB2618451)

    Security Update for Windows XP (KB2620712)

    Security Update for Windows XP (KB2624667)

    Security Update for Windows XP (KB2631813)

    Security Update for Windows XP (KB2633171)

    Security Update for Windows XP (KB2639417)

    Security Update for Windows XP (KB2646524)

    Security Update for Windows XP (KB2660465)

    Security Update for Windows XP (KB2661637)

    Security Update for Windows XP (KB923561)

    Security Update for Windows XP (KB923689)

    Security Update for Windows XP (KB938464)

    Security Update for Windows XP (KB941569)

    Security Update for Windows XP (KB946648)

    Security Update for Windows XP (KB950760)

    Security Update for Windows XP (KB950762)

    Security Update for Windows XP (KB950974)

    Security Update for Windows XP (KB951066)

    Security Update for Windows XP (KB951376-v2)

    Security Update for Windows XP (KB951376)

    Security Update for Windows XP (KB951698)

    Security Update for Windows XP (KB951748)

    Security Update for Windows XP (KB952004)

    Security Update for Windows XP (KB952954)

    Security Update for Windows XP (KB953839)

    Security Update for Windows XP (KB954211)

    Security Update for Windows XP (KB954459)

    Security Update for Windows XP (KB954600)

    Security Update for Windows XP (KB955069)

    Security Update for Windows XP (KB956391)

    Security Update for Windows XP (KB956572)

    Security Update for Windows XP (KB956744)

    Security Update for Windows XP (KB956802)

    Security Update for Windows XP (KB956803)

    Security Update for Windows XP (KB956841)

    Security Update for Windows XP (KB956844)

    Security Update for Windows XP (KB957095)

    Security Update for Windows XP (KB957097)

    Security Update for Windows XP (KB958644)

    Security Update for Windows XP (KB958687)

    Security Update for Windows XP (KB958690)

    Security Update for Windows XP (KB958869)

    Security Update for Windows XP (KB959426)

    Security Update for Windows XP (KB960225)

    Security Update for Windows XP (KB960715)

    Security Update for Windows XP (KB960803)

    Security Update for Windows XP (KB960859)

    Security Update for Windows XP (KB961371)

    Security Update for Windows XP (KB961373)

    Security Update for Windows XP (KB961501)

    Security Update for Windows XP (KB968537)

    Security Update for Windows XP (KB969059)

    Security Update for Windows XP (KB969898)

    Security Update for Windows XP (KB969947)

    Security Update for Windows XP (KB970238)

    Security Update for Windows XP (KB970430)

    Security Update for Windows XP (KB971468)

    Security Update for Windows XP (KB971486)

    Security Update for Windows XP (KB971557)

    Security Update for Windows XP (KB971633)

    Security Update for Windows XP (KB971657)

    Security Update for Windows XP (KB972270)

    Security Update for Windows XP (KB973346)

    Security Update for Windows XP (KB973354)

    Security Update for Windows XP (KB973507)

    Security Update for Windows XP (KB973525)

    Security Update for Windows XP (KB973869)

    Security Update for Windows XP (KB973904)

    Security Update for Windows XP (KB974112)

    Security Update for Windows XP (KB974318)

    Security Update for Windows XP (KB974392)

    Security Update for Windows XP (KB974571)

    Security Update for Windows XP (KB975025)

    Security Update for Windows XP (KB975467)

    Security Update for Windows XP (KB975560)

    Security Update for Windows XP (KB975561)

    Security Update for Windows XP (KB975562)

    Security Update for Windows XP (KB975713)

    Security Update for Windows XP (KB977165)

    Security Update for Windows XP (KB977816)

    Security Update for Windows XP (KB977914)

    Security Update for Windows XP (KB978037)

    Security Update for Windows XP (KB978251)

    Security Update for Windows XP (KB978262)

    Security Update for Windows XP (KB978338)

    Security Update for Windows XP (KB978542)

    Security Update for Windows XP (KB978601)

    Security Update for Windows XP (KB978706)

    Security Update for Windows XP (KB979309)

    Security Update for Windows XP (KB979482)

    Security Update for Windows XP (KB979559)

    Security Update for Windows XP (KB979683)

    Security Update for Windows XP (KB979687)

    Security Update for Windows XP (KB980195)

    Security Update for Windows XP (KB980218)

    Security Update for Windows XP (KB980232)

    Security Update for Windows XP (KB980436)

    Security Update for Windows XP (KB981322)

    Security Update for Windows XP (KB981852)

    Security Update for Windows XP (KB981957)

    Security Update for Windows XP (KB981997)

    Security Update for Windows XP (KB982132)

    Security Update for Windows XP (KB982214)

    Security Update for Windows XP (KB982665)

    Security Update for Windows XP (KB982802)

    Shop for HP Supplies

    Skype Click to Call

    Skype™ 5.5

    SmartSound Quicktracks Plugin

    SolutionCenter

    Sonic Express Labeler

    Sonic MyDVD Plus

    Sonic RecordNow Audio

    Sonic RecordNow Copy

    Sonic RecordNow Data

    Sonic Update Manager

    SonicStage 4.0

    Sony Picture Utility

    Sony USB Driver

    Status

    Studio 10

    Studio 10 Bonus DVD

    Symantec Client Security

    Symantec Technical Support Web Controls

    TaxACT 2010

    TaxACT 2011 - 1040 Edition

    TaxCut Basic + Efile 2008

    Toolbox

    TrayApp

    TurboTax 2008

    TurboTax 2008 WinPerFedFormset

    TurboTax 2008 WinPerProgramHelp

    TurboTax 2008 WinPerReleaseEngine

    TurboTax 2008 WinPerTaxSupport

    TurboTax 2008 WinPerUserEducation

    TurboTax 2008 wrapper

    TurboTax Basic 2006

    TurboTax Basic 2007

    TurboTax ItsDeductible 2006

    UnloadSupport

    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

    Update for Windows Internet Explorer 8 (KB971180)

    Update for Windows Internet Explorer 8 (KB976662)

    Update for Windows Internet Explorer 8 (KB976749)

    Update for Windows Internet Explorer 8 (KB980182)

    Update for Windows Media Player 10 (KB910393)

    Update for Windows Media Player 10 (KB913800)

    Update for Windows Media Player 10 (KB926251)

    Update for Windows XP (KB2141007)

    Update for Windows XP (KB2345886)

    Update for Windows XP (KB2467659)

    Update for Windows XP (KB2541763)

    Update for Windows XP (KB2607712)

    Update for Windows XP (KB2616676)

    Update for Windows XP (KB2641690)

    Update for Windows XP (KB951072-v2)

    Update for Windows XP (KB951978)

    Update for Windows XP (KB953356)

    Update for Windows XP (KB955759)

    Update for Windows XP (KB955839)

    Update for Windows XP (KB967715)

    Update for Windows XP (KB968389)

    Update for Windows XP (KB971029)

    Update for Windows XP (KB971737)

    Update for Windows XP (KB973687)

    Update for Windows XP (KB973815)

    Update Rollup 2 for Windows XP Media Center Edition 2005

    Updates from HP (remove only)

    USB 2.0 Switch Utility Software

    Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)

    Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)

    Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)

    VideoToolkit01

    Visual C++ 2008 x86 Runtime - (v9.0.30729)

    Visual C++ 2008 x86 Runtime - v9.0.30729.01

    WD SmartWare

    WD Software Upgrader

    WebFldrs XP

    WebReg

    WexTech AnswerWorks

    Window Washer

    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)

    Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)

    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

    Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)

    Windows Genuine Advantage Notifications (KB905474)

    Windows Genuine Advantage Validation Tool (KB892130)

    Windows Installer Clean Up

    Windows Internet Explorer 7

    Windows Internet Explorer 8

    Windows Live OneCare safety scanner

    Windows Media Format 11 runtime

    Windows Media Player 11

    Windows XP Media Center Edition 2005 KB2502898

    Windows XP Media Center Edition 2005 KB2619340

    Windows XP Media Center Edition 2005 KB2628259

    Windows XP Media Center Edition 2005 KB925766

    Windows XP Media Center Edition 2005 KB973768

    Windows XP Service Pack 3

    WinX DVD Copy Pro 2.2.0

    WinX DVD Ripper Platinum 6.0.2

    WinX HD Video Converter Deluxe 3.10.3

    X-Lite 3.0

    .

    ==== Event Viewer Messages From Past Week ========

    .

    2/27/2012 7:41:01 PM, error: Service Control Manager [7022] - The Pinnacle Systems Media Service service hung on starting.

    2/27/2012 7:39:42 PM, error: Service Control Manager [7024] - The Symantec SPBBCSvc service terminated with service-specific error 4294967295 (0xFFFFFFFF).

    2/27/2012 7:39:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Intuit Update Service service to connect.

    2/27/2012 7:39:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.

    2/27/2012 7:39:42 PM, error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    2/27/2012 7:39:42 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    2/27/2012 7:12:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

    2/27/2012 6:11:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service WDRulesService with arguments "" in order to run the server: {C004E60F-2D62-4BE1-98C4-C39A8046B6BB}

    2/27/2012 6:08:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    2/27/2012 6:08:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 eeCtrl Fips ftsata2 iaStor IntelIde IPSec MRxSmb NEOFLTR_710_19757 NetBIOS NetBT ohci1394 PCLEPCI RasAcd Rdbss SAVRT SAVRTPEL SPBBCDrv SYMTDI Tcpip tffsport ViaIde

    2/27/2012 6:08:09 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

    2/27/2012 6:08:09 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

    2/27/2012 6:08:09 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

    2/27/2012 6:08:09 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

    2/27/2012 6:08:09 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

    2/27/2012 6:08:09 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

    2/27/2012 6:07:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    2/27/2012 6:07:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    2/26/2012 2:25:21 PM, error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).

    2/26/2012 2:20:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2

    2/25/2012 6:02:12 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service hpqddsvc with arguments "" in order to run the server: {2C82180E-8C3C-4A1B-BEB1-B9140713E701}

    2/25/2012 6:01:40 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.

    2/25/2012 6:01:40 PM, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    2/25/2012 6:01:39 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

    2/25/2012 5:58:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 iaStor IntelIde tffsport ViaIde

    2/25/2012 5:57:47 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The system cannot find the file specified.

    2/25/2012 5:57:47 PM, error: Service Control Manager [7000] - The McciServiceHost service failed to start due to the following error: The system cannot find the file specified.

    2/25/2012 5:55:44 PM, error: ati2mtag [52225] - CPLIB :: Open Session - Failed to load the library

    2/22/2012 5:11:02 PM, error: SCardSvr [520] - Smart Card Resource Manager received unrecognized handle from PnP event DBT_DEVICEQUERYREMOVE/dbch_handle

    .

    ==== End Of File ===========================

    Forgot to say that MBAM did find 2 "trojans", but apparently not the ones listed. Sorry, but I didn't keep the log. After restart, I ran it again and got the below. My firewall is still being attacked. Thanks.

    Malwarebytes Anti-Malware 1.60.1.1000

    www.malwarebytes.org

    Database version: v2012.02.27.06

    Windows XP Service Pack 3 x86 NTFS

    Internet Explorer 8.0.6001.18702

    HP_Administrator :: LORI_II [administrator]

    2/27/2012 5:38:06 PM

    mbam-log-2012-02-27 (17-38-06).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 206472

    Time elapsed: 10 minute(s), 53 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

    I ran ESET, and it found and deleted a variant of Win32./Agent.szw, out of a tempIMG folder and system restore. Was thaty the problem, and is it fixed? Do I do a reboot? Now I have a "bla" trojan/UDP attacking my firewall, in addition to the others. Please help. Thanks.

  10. Hi,

    I am a newbie, fwiw. Last week, my symantic firewall started warning me that the following trojans were trying to get through:

    Master of Paradise port 3129

    Portal of Doom port 3700

    Deep Throat port 2148

    RAT port 2989

    I ran MBAW, and although it said it found 2 trojans (but didn't identify them) and removed them, I am still getting attacked by the above (or the ports are being attacked). Before I ran MBAM, I ran my updated Symantic AV, and it found nothing. I also ran Spybot and even the new MS MRT, but nothing was found.

    Any ideas as to what to do next? I am going to go into safe mode and blow out all my temp files manually later. There is also another profile on my comp, so will do the same there. Is it possible this other profile is responsible for these attacks, in that the trojans reside there? It is my wife's computer, and neither of us use the other profile, or haven't in years.

    We are not in the habit of going to suspicious sites, or running unscanned executables. The whole thing is bizarre. Thanks in advance.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.