MBAM IP-BLOCK 208.73.210.29 (Type: outgoing)

petunia · February 3, 2012

Yesterday MBAM blocked 9 consecutive connect attempts in a 31 second period to the above named IP. It appears that I may have some vermin to deal with. Per the instructions...

dds.txt

.

DDS (Ver_2011-08-26.01) - FAT32x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Run by Jay at 7:00:19 on 2012-02-03

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1218 [GMT -5:00]

.

AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Norton Security Suite *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

SVCHOST.EXE

C:\WINDOWS\System32\svchost.exe -k netsvcs

SVCHOST.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

SVCHOST.EXE

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

E:\Security\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\WINDOWS\system32\IProsetMonitor.exe

E:\Security\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Security\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe

C:\Utilities\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Security\UPHClean\uphclean.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Security\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe

C:\Internet\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.swiftvets.com/phpBB2/

BHO: AutorunsDisabled - No File

BHO: Ancestry Toolbar: {0e1230f8-ea50-42a9-983c-d22abc2eed3b} - c:\genealogy\ancestry toolbar\AncestryToolBar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {424b6ad1-785d-43e7-9c9b-ab96e77477d0} - EVoIpSessionCookie Class

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\security\norton security suite\engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\security\norton security suite\engine\5.1.0.29\ips\IPSBHO.DLL

BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboForm.dll

BHO: CDelHotkeys Object: {78875f5c-a685-4405-8dc5-d48dc65452b0} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

BHO: del.icio.us Toolbar Helper: {7aa07ae6-01ef-44ec-93ca-9d7cd41ccdb6} - c:\internet\del.icio.us\internet explorer buttons\dlcsIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboForm.dll

TB: del.icio.us: {981fe6a8-260c-4930-960f-c3bc82746cb0} - c:\internet\del.icio.us\internet explorer buttons\dlcsIE.dll

TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

TB: Ancestry Toolbar: {0e1230f8-ea50-42a9-983c-d22abc2eed3b} - c:\genealogy\ancestry toolbar\AncestryToolBar.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\security\norton security suite\engine\5.1.0.29\coIEPlg.dll

TB: {A58686ED-FC46-44C3-95C6-4A812AB776F1} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

uRun: [Clipboard Recorder] "c:\utilities\clipboard recorder\clipboard_recorder.exe" -startup

uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"

mRun: [systemTray] SysTray.Exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [Malwarebytes' Anti-Malware] "e:\security\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

StartupFolder: c:\docume~1\jay\startm~1\programs\startup\procexp.lnk - c:\security\processexplorer\procexp.exe

StartupFolder: c:\docume~1\jay\startm~1\programs\startup\shortc~1.lnk - c:\documents and settings\jay\my documents\my widgets\Christmas Clock.widget

uPolicies-system: EnableProfileQuota = 1 (0x1)

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: Save Page As PDF ... - file://c:\program files\nitro pdf\pdf download\nitroweb.htm

IE: Show RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD}

IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD}

IE: {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - c:\windows\web\tree.htm

IE: {c23dd370-cb79-11d2-898a-00c04f80a47f}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {FC09D8A3-C85A-11d2-92D0-0000F87A4A55}

IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboForm.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboForm.dll

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboForm.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

IE: {96538116-AB8C-4879-9F21-BD2BFE22A414} - {DC6169B9-3397-4D01-8639-07F1A34BAF99}

IE: {AD9E6088-E00B-42f9-9F0C-8480525D234E} - {FF5073C0-28A0-4223-9BDF-59FF020FE77C}

Trusted Zone: ancestry.com\www

Trusted Zone: byu.edu\contentdm.lib

Trusted Zone: c-span.org\www

Trusted Zone: chase.com\chaseonline

Trusted Zone: comcast.net\sz0081.wc.mail

Trusted Zone: fultonhistory.com\www

Trusted Zone: pga.com\www

Trusted Zone: powerlineblog.com\www

Trusted Zone: wowhead.com\ptr

Trusted Zone: wowhead.com\www

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{3FE52425-F1FC-4DDD-A893-4D18AB73EBD8} : DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{72AEE5DF-69B3-4708-A2B9-90423B0697D4} : DhcpNameServer = 68.87.64.150 68.87.75.198

Handler: AutorunsDisabled\skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\graphics\lizardtech\express view\expressview.dll

Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\graphics\lizardtech\express view\expressview.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

LSA: Notification Packages = :\windows\system32\srrst

mASetup: ^RNA - rundll rnasetup.dll,installoptionalcomponent rna

mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outloo~1\setup50.exe" /app:oe /caller:ie50 /user /install - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outloo~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outloo~1\setup50.exe" /app:wab /caller:ie50 /user /install - "c:\progra~1\outloo~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

mASetup: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - c:\windows\system32\updcrl.exe -e -u c:\windows\system\verisignpub1.crl

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jay\application data\mozilla\firefox\profiles\x73qkxd5.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.wowhead.com/profile=us.misha.muncy

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - plugin: c:\games\ign\download manager\npfpdlm.dll

FF - plugin: c:\internet\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\internet\mozilla firefox\plugins\npImgCtl.dll

FF - plugin: c:\internet\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\internet\mozilla firefox\plugins\npyaxmpb.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\realplayer\netscape6\nppl3260.dll

FF - plugin: c:\realplayer\netscape6\nprjplug.dll

FF - plugin: c:\realplayer\netscape6\nprpjplug.dll

.

---- FIREFOX POLICIES ----

FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

.

============= SERVICES / DRIVERS ===============

.

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-7-23 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-7-23 744568]

R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2007-12-15 3968]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120121.002\BHDrvx86.sys [2012-1-23 820344]

R1 is-FQ5L6drv;is-FQ5L6drv;c:\windows\system32\drivers\00642906.sys [2009-10-5 148496]

R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [2004-12-1 53760]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-7-23 136312]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-5-23 109728]

R2 MBAMService;MBAMService;e:\security\malwarebytes' anti-malware\mbamservice.exe [2012-1-1 652360]

R2 N360;Norton Security Suite;c:\security\norton security suite\engine\5.1.0.29\ccsvchst.exe [2011-7-23 130008]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-25 2255464]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-27 106104]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120202.002\IDSXpx86.sys [2012-2-2 356280]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-1 20464]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120202.033\NAVENG.SYS [2012-2-3 86136]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120202.033\NAVEX15.SYS [2012-2-3 1576312]

R3 PROCEXP150;PROCEXP150;\??\c:\windows\system32\drivers\procexp150.sys --> c:\windows\system32\drivers\PROCEXP150.SYS [?]

S1 MpKsl4b0c7a9b;MpKsl4b0c7a9b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8589944b-9549-4d3a-b2e1-62a0d48d465a}\mpksl4b0c7a9b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8589944b-9549-4d3a-b2e1-62a0d48d465a}\MpKsl4b0c7a9b.sys [?]

S1 MpKsl61deba23;MpKsl61deba23;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{39e53d2b-369d-47ae-b826-c2f3afc363bc}\mpksl61deba23.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{39e53d2b-369d-47ae-b826-c2f3afc363bc}\MpKsl61deba23.sys [?]

S1 MpKsl73df556a;MpKsl73df556a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b4287a02-1eea-41f2-8186-7fae4873e452}\mpksl73df556a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b4287a02-1eea-41f2-8186-7fae4873e452}\MpKsl73df556a.sys [?]

S1 MpKsl99889bc4;MpKsl99889bc4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7821b5b1-10b4-4e7a-809d-7fd680202418}\mpksl99889bc4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7821b5b1-10b4-4e7a-809d-7fd680202418}\MpKsl99889bc4.sys [?]

S1 MpKsla25a69b4;MpKsla25a69b4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{055f5ed9-c3c2-4399-b038-c48ce40b8935}\mpksla25a69b4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{055f5ed9-c3c2-4399-b038-c48ce40b8935}\MpKsla25a69b4.sys [?]

S1 MpKsla77bde3a;MpKsla77bde3a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e727d187-b2c3-4302-9291-c8c12115c666}\mpksla77bde3a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e727d187-b2c3-4302-9291-c8c12115c666}\MpKsla77bde3a.sys [?]

S1 MpKslbc7d6682;MpKslbc7d6682;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{75216e61-9198-4ece-9bb6-d781c9bd687e}\mpkslbc7d6682.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{75216e61-9198-4ece-9bb6-d781c9bd687e}\MpKslbc7d6682.sys [?]

S1 MpKslc0941759;MpKslc0941759;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{864b47fe-a5fc-4639-ac1b-877237006235}\mpkslc0941759.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{864b47fe-a5fc-4639-ac1b-877237006235}\MpKslc0941759.sys [?]

S1 MpKslc515c7cc;MpKslc515c7cc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a685741f-671d-4849-bb4e-e38f9be9b618}\mpkslc515c7cc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a685741f-671d-4849-bb4e-e38f9be9b618}\MpKslc515c7cc.sys [?]

S1 MpKsld0e94e31;MpKsld0e94e31;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b4287a02-1eea-41f2-8186-7fae4873e452}\mpksld0e94e31.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b4287a02-1eea-41f2-8186-7fae4873e452}\MpKsld0e94e31.sys [?]

S1 MpKsld6c0c05b;MpKsld6c0c05b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f09c0fa-3960-48c7-b969-4bb2fe2eb4ea}\mpksld6c0c05b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f09c0fa-3960-48c7-b969-4bb2fe2eb4ea}\MpKsld6c0c05b.sys [?]

S1 MpKsle077497e;MpKsle077497e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{601f5a18-16ea-4d70-9822-2fdba7e9a60d}\mpksle077497e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{601f5a18-16ea-4d70-9822-2fdba7e9a60d}\MpKsle077497e.sys [?]

S1 MpKsle649477e;MpKsle649477e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{055f5ed9-c3c2-4399-b038-c48ce40b8935}\mpksle649477e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{055f5ed9-c3c2-4399-b038-c48ce40b8935}\MpKsle649477e.sys [?]

S1 MpKslfc90ca5f;MpKslfc90ca5f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{79fb53d8-544d-4c1b-b09a-0da2ede517bb}\mpkslfc90ca5f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{79fb53d8-544d-4c1b-b09a-0da2ede517bb}\MpKslfc90ca5f.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 MpKsl1e42cc9e;MpKsl1e42cc9e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a86436d7-7676-4fb8-90c7-f17ddda0c17c}\mpksl1e42cc9e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a86436d7-7676-4fb8-90c7-f17ddda0c17c}\MpKsl1e42cc9e.sys [?]

S3 aawservice;Lavasoft Ad-Aware Service;c:\security\lavasoft ad-aware\aawservice.exe [2008-5-12 611664]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 DCamUSBUVT;ICM532A;c:\windows\system32\drivers\usbuvt.sys [2007-1-24 95744]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]

S3 PortReporter;Port Reporter;c:\program files\portreporter\PortReporter.exe [2004-4-1 90183]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-2-6 27064]

S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\utilities\sisoftware\sisoftware sandra lite 2010.sp2\RpcAgentSrv.exe [2010-7-24 93848]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]

S4 vsdatant;vsdatant; [x]

.

=============== File Associations ===============

.

.txt=TextPad.txt

.

=============== Created Last 30 ================

.

2012-01-20 15:57:52 -------- d-sh--w- C:\FOUND.004

2012-01-04 12:41:34 -------- d-sh--w- C:\FOUND.003

.

==================== Find3M ====================

.

2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-07 23:46:40 230752 ----a-w- c:\windows\patchw32.dll

2011-11-25 21:57:20 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll

2011-11-15 12:01:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-08 13:13:22 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-11-08 13:13:22 348160 ----a-w- c:\windows\system32\msvcr71.dll

.

============= FINISH: 7:01:26.99 ===============

attatch.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 4/30/2003 3:33:30 PM

System Uptime: 2/3/2012 6:00:04 AM (1 hours ago)

.

Motherboard: Dell Computer Corporation | | Dimension 8100

Processor: Intel® Pentium® 4 CPU 2.60GHz | Microprocessor | 2570/100mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (FAT32) - 37 GiB total, 5.313 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 37 GiB total, 7.233 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP980: 1/20/2012 9:18:18 PM - System Checkpoint

RP981: 1/21/2012 10:17:24 PM - System Checkpoint

RP982: 1/23/2012 1:42:42 PM - System Checkpoint

RP983: 1/24/2012 5:54:12 PM - System Checkpoint

RP984: 1/25/2012 8:58:22 PM - System Checkpoint

RP985: 1/26/2012 1:02:39 AM - Software Distribution Service 3.0

RP986: 1/27/2012 3:49:40 PM - System Checkpoint

RP987: 1/28/2012 7:33:33 AM - Removed Safari

RP988: 1/28/2012 7:46:18 AM - Installed Safari

RP989: 1/29/2012 10:54:42 AM - System Checkpoint

RP990: 1/30/2012 3:18:04 PM - System Checkpoint

RP991: 1/31/2012 6:04:04 PM - System Checkpoint

RP992: 2/1/2012 8:19:37 PM - System Checkpoint

RP993: 2/2/2012 9:36:29 PM - System Checkpoint

.

==== Installed Programs ======================

.

1999 TurboTax Deluxe

2000 TurboTax Deluxe

2001 TurboTax Premier

Ad-Aware

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.1)

Amazon Kindle

Amazon MP3 Downloader 1.0.5

Ancestry Toolbar

Ancestry World Archives Project - Keying Tool

Anfy

Apple Application Support

Apple Software Update

ATnotes Version 8.0

AVG Anti-Rootkit Free

AXIS Media Control

AXIS Media Control Embedded

Backup Dell-Installed Programs

Belarc Advisor 8.1

BlogThis 1.1

Brother HL-2040

C-Dilla Licence Management System

Cablenut 4.08

Cakewalk Home Studio 9

CCleaner

CDBurnerXP

Celestia 1.3.2

Cisco Connect

ClearType Tuning Control Panel Applet

Clipboard Magic 4.01

Clipboard Recorder

Color Cop 5.4.3

Compatibility Pack for the 2007 Office system

Conexant HCF V90 56K RTAD Speakerphone PCI Modem (Uninstall)

Confidence Online for Web Applications

CPU Thermometer 1.0

CPUID CPU-Z 1.58

Critical Update for Windows Media Player 11 (KB959772)

CSE HTML Validator Lite v8.03

Curse Client

del.icio.us Buttons for Internet Explorer

Delicious Add-on for Internet Explorer

Dell Driver Download Manager

Dell ResourceCD

Dell Solution Center

DellTouch

Dimension 4 v4.3

Diversi-Tune

doPDF 7.2 printer

DropMyRights

EndItAll 2.0

erLT

EVEREST Home Edition v2.20

Family Tree Maker 2011

Family Tree Maker 2012

FamilySearch Indexing (www.familysearchindexing.org)

FamilySearch Indexing 3.7.7

FLV Player 2.0 (build 25)

FoneSync

Forté Agent

Forté Free Agent

FreeOCR 3.0

getPlus®_ocx

GiPo@MoveOnBoot 1.9.5

Glary Utilities 2.7.268

GoodSync

Google Earth Plug-in

Google Update Helper

Help and Support Customization

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HTML-Kit

HTML Slideshow Powertoy for Windows XP

ICM532

IGN Download Manager 2.3.2

Image Resizer Powertoy for Windows XP

ImageLab

ImageShack QuickLoad

ImageShack Toolbar for Internet Explorer

ImageShack Uploader 2.2.0

ImgBurn

Index.dat Suite

Insert Emoticon Plugin

Intel® Network Connections 16.2.49.0

Intel® Processor ID Utility

Internet Explorer (Enable DEP)

IrfanView (remove only)

ItsDeductible Express

JAlbum

Java Auto Updater

Java 6 Update 29

jlGui 3.0

jZip

ListZapper (PC Magazine)

Little Registry Cleaner

Living Album 2000

Lizardtech Express View Browser Plug-in

LizardTech GeoViewer

Logitech Audio Echo Cancellation Component

Logitech QuickCam

Logitech Video Enumerator

Logitech® Camera Driver

MailWasher Pro

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Baseline Security Analyzer 2.0.1

Microsoft Choice Guard

Microsoft Color Control Panel Applet for Windows XP

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Data Access Components KB870669

Microsoft IntelliPoint 8.2

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel Viewer 2003

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office SharePoint Designer 2007

Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)

Microsoft Office SharePoint Designer MUI (English) 2007

Microsoft Plus! Photo Story 2 LE

Microsoft PowerPoint Viewer 97

Microsoft Primary Interoperability Assemblies 2005

Microsoft Research AutoCollage 2008 version 1.1

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Word 2000 SR-1

Microsoft Works 2001 Setup Launcher

Microsoft Works 6.0

Microsoft Works Suite Add-in for Microsoft Word

Microsoft WSE 3.0

Microsoft WSE 3.0 Runtime

Microsoft Zoo Tycoon Card Flip Game

Modem Helper

Mozilla Firefox 10.0 (x86 en-US)

MSN Gaming Zone

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML4 Parser

MVision

Netmon

Norton Security Suite

NoteWhen

NoteWorthy Composer

NoteWorthy Composer 2 Viewer

NVIDIA Control Panel 280.26

NVIDIA Graphics Driver 280.26

NVIDIA Install Application

NVIDIA nView 135.94

NVIDIA nView Desktop Manager

NVIDIA Update 1.4.28

NVIDIA Update Components

Nvu 1.0

OLYMPUS CAMEDIA Master 2.5

Paint Shop Pro 7 Anniversary Edition

Palm VersaMail

Personal Ancestral File 5

Personal Ancestral File 5 Lessons

Personal Ancestral File Companion 5.2

picture-shark 1.0

Post-it® Software Notes Lite

PR-Parser

Professor Franklin

Quicken 2006

QuickTime

Registry First Aid

Revo Uninstaller Pro 2.5.1

RoboForm 7-7-0

Safari

SafeCast Shared Components

Sam Spade version 1.14

Samsung_MonSetup

ScreenPrint32 v3.5

Security Task Manager 1.6f

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

SES Driver

SharpReader 0.9.7.0

Shred version 2.0

SightSpeed

SiSoftware Sandra Lite 2010.SP2

SkyMap Pro 8

Skype Toolbars

Skype™ 4.2

Solution Center

Sound Blaster Live! Value

Spelling Dictionaries Support For Adobe Reader 9

Spybot - Search & Destroy

State CD Installer

Style Enhancer Micro 1.28

SWATH 1.8.3

System Requirements Lab for Intel

Table Editor

TaxCut 2002

TextPad 5

TextPad Lexicons

Trade Wars Game Server

TreeSize Free V2.5

TurboTax Deluxe 2002

TurboTax Deluxe 2003

TurboTax Deluxe 2007

TurboTax Deluxe Deduction Maximizer 2006

TurboTax ItsDeductible 2005

TurboTax ItsDeductible 2006

TurboTax Premier 2004

TurboTax Premier 2005

Tweak UI

TweakNow RegCleaner

Uniblue DriverScanner 2009

Uniblue RegistryBooster 2009

Uninstall FamilySearch Indexing

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 System (KB2539530)

Update for Windows Internet Explorer 8 (KB968220)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

User's Guides

User Profile Hive Cleanup Service

vanBasco's Karaoke Player

Wallpaper Changer for Windows XP

WebCyberCoach 3.2 Dell

WebFldrs XP

WexTech AnswerWorks

Winamp (remove only)

Windows 7 Upgrade Advisor

Windows Defender Signatures

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer Clean Up

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Communications Platform

Windows Live Essentials

Windows Live OneCare safety scanner

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows PowerShell 1.0

Windows Search 4.0

Windows XP Service Pack 3

Windows XP Video Screensaver Powertoy

WinJammer Shareware 3.0

WinPcap 4.0

WinZip

WM Recorder 11.3

Works Suite OS Pack

Works Synchronization

World of Warcraft

XML Paper Specification Shared Components Pack 1.0

Yahoo! Widgets

.

==== Event Viewer Messages From Past Week ========

.

1/31/2012 10:09:43 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

1/28/2012 7:36:16 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The system cannot find the file specified.

1/28/2012 6:11:05 AM, error: Service Control Manager [7034] - The C-DillaCdaC11BA service terminated unexpectedly. It has done this 1 time(s).

1/28/2012 6:11:04 AM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).

1/28/2012 6:11:04 AM, error: Service Control Manager [7034] - The C-DillaSrv service terminated unexpectedly. It has done this 1 time(s).

1/28/2012 6:10:41 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

1/27/2012 6:51:31 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

1/27/2012 6:51:31 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Elise · February 4, 2012

Hello and :welcome:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Combofix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

petunia · February 4, 2012

Thanks very much for your assistance. I ran TDSSKiller and it found nothing. Here is the content of C:\Combofix.txt...

ComboFix 12-02-03.02 - Jay 02/04/2012 9:05.1.1 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1331 [GMT -5:00]

Running from: c:\documents and settings\Jay\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator\Application Data\3M

c:\documents and settings\Administrator\Application Data\3M\PSNotes\PSNData

c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt

c:\documents and settings\All Users\Application Data\Tarma Installer

c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\20110320073416.log

c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\_Default.tiz

c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\AxInterop.ImageEnXLibrary_1.9000.0.0_L_75236aeec3d51fd0_MSIL.tiz

c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\CFToolkit_4.1.0.0_a87e673e9ecb6e8e_MSIL.tiz

c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190241.tiz

c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190244.tiz

c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190312.tiz

c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\FreeOCR_2.1.0.8_L_075a6c69191ec1db_x86.tiz

c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.ImageLibrary_1.9000.0.0_L_8cdfa8b955dbb1c7_MSIL.tiz

c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.PDFAX0717_7.17.0.0_L_3d5fa783dbb69c0f_MSIL.tiz

c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.ico

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Jay\Application Data\3M

c:\documents and settings\Jay\Application Data\3M\PSNotes\PSNData

c:\documents and settings\Jay\Application Data\RoboFormDataHere.txt

c:\documents and settings\Jay\Application Data\Spycar

c:\documents and settings\Jay\GoToAssistDownloadHelper.exe

c:\documents and settings\Jay\Local Settings\Application Data\assembly\tmp

c:\documents and settings\Jay\WINDOWS

c:\windows\CDAC13BA.EXE

c:\windows\CDAC14BA.DLL

c:\windows\Downloaded Program Files\ODCTOOLS

c:\windows\system32\default_user_class.dat.LOG

c:\windows\system32\PowerToyReadme.htm

c:\windows\system32\SET102.tmp

c:\windows\system32\SETCD.tmp

c:\windows\system32\SETF2.tmp

c:\windows\system32\SETF4.tmp

c:\windows\system32\xpvss-readme.htm

.

c:\windows\system32\proquota.exe was missing

Restored copy from - c:\windows\system32\dllcache\proquota.exe

.

((((((((((((((((((((((((( Files Created from 2012-01-04 to 2012-02-04 )))))))))))))))))))))))))))))))

.

2012-02-04 14:19 . 2008-04-14 01:12 50176 ----a-w- c:\windows\system32\proquota.exe

2012-02-04 14:19 . 2008-04-14 01:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe

2012-01-20 15:57 . 2012-01-20 15:57 -------- d-----w- C:\FOUND.004

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 20:24 . 2012-01-01 14:26 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-07 23:46 . 2011-12-07 23:46 230752 ----a-w- c:\windows\patchw32.dll

2011-11-25 21:57 . 2004-09-01 20:19 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25 . 2004-09-01 20:19 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35 . 2004-09-01 20:19 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:21 . 2004-09-01 20:21 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-16 14:21 . 2004-09-01 20:19 152064 ----a-w- c:\windows\system32\schannel.dll

2011-11-15 12:01 . 2011-06-02 03:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-08 13:13 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-11-08 13:13 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Clipboard Recorder"="c:\utilities\Clipboard Recorder\clipboard_recorder.exe" [2007-07-09 1843200]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-01-22 107000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]

"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]

"Malwarebytes' Anti-Malware"="e:\security\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

.

c:\documents and settings\Jay\Start Menu\Programs\Startup\

procexp.lnk - c:\security\ProcessExplorer\procexp.exe [2011-12-2 4755768]

Shortcut to Christmas Clock.lnk - c:\documents and settings\Jay\My Documents\My Widgets\Christmas Clock.widget [2008-12-6 254488]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk

backup=c:\windows\pss\WDDMStatus.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

"NvCplDaemon"=RUNDLL32.EXE c:\windows\DRIVERS\NVCPL.DLL,NvStartup

"nwiz"=nwiz.exe /install

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\System32\\dpvsetup.exe"=

"c:\\HTML\\Nvu\\nvu.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Internet\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\System32\\fxsclnt.exe"=

"c:\\Program Files\\Java\\JRE6\\BIN\\javaw.exe"=

"c:\\Utilities\\SiSoftware\\SiSoftware Sandra Lite 2010.SP2\\RpcAgentSrv.exe"=

"c:\\Utilities\\SiSoftware\\SiSoftware Sandra Lite 2010.SP2\\WNt500x86\\RpcSandraSrv.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0501000.01D\symds.sys [7/23/2011 3:12 PM 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0501000.01D\symefa.sys [7/23/2011 3:12 PM 744568]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx86.sys [1/23/2012 7:58 PM 820344]

R1 is-FQ5L6drv;is-FQ5L6drv;c:\windows\SYSTEM32\DRIVERS\00642906.sys [10/5/2009 4:49 PM 148496]

R1 SSHDRV76;SSHDRV76;c:\windows\SYSTEM32\DRIVERS\SSHDRV76.sys [12/1/2004 7:59 PM 53760]

R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0501000.01D\ironx86.sys [7/23/2011 3:12 PM 136312]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\SYSTEM32\IPROSetMonitor.exe [5/23/2011 5:03 PM 109728]

R2 MBAMService;MBAMService;e:\security\Malwarebytes' Anti-Malware\mbamservice.exe [1/1/2012 9:26 AM 652360]

R2 N360;Norton Security Suite;c:\security\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [7/23/2011 3:12 PM 130008]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [8/25/2011 5:26 PM 2255464]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2011 6:53 AM 106104]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120203.002\IDSXpx86.sys [2/3/2012 5:46 PM 356280]

R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [1/1/2012 9:26 AM 20464]

R3 PROCEXP150;PROCEXP150;\??\c:\windows\system32\Drivers\PROCEXP150.SYS --> c:\windows\system32\Drivers\PROCEXP150.SYS [?]

S1 MpKsl4b0c7a9b;MpKsl4b0c7a9b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8589944B-9549-4D3A-B2E1-62A0D48D465A}\MpKsl4b0c7a9b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8589944B-9549-4D3A-B2E1-62A0D48D465A}\MpKsl4b0c7a9b.sys [?]

S1 MpKsl61deba23;MpKsl61deba23;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{39E53D2B-369D-47AE-B826-C2F3AFC363BC}\MpKsl61deba23.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{39E53D2B-369D-47AE-B826-C2F3AFC363BC}\MpKsl61deba23.sys [?]

S1 MpKsl73df556a;MpKsl73df556a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B4287A02-1EEA-41F2-8186-7FAE4873E452}\MpKsl73df556a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B4287A02-1EEA-41F2-8186-7FAE4873E452}\MpKsl73df556a.sys [?]

S1 MpKsl99889bc4;MpKsl99889bc4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7821B5B1-10B4-4E7A-809D-7FD680202418}\MpKsl99889bc4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7821B5B1-10B4-4E7A-809D-7FD680202418}\MpKsl99889bc4.sys [?]

S1 MpKsla25a69b4;MpKsla25a69b4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{055F5ED9-C3C2-4399-B038-C48CE40B8935}\MpKsla25a69b4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{055F5ED9-C3C2-4399-B038-C48CE40B8935}\MpKsla25a69b4.sys [?]

S1 MpKsla77bde3a;MpKsla77bde3a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E727D187-B2C3-4302-9291-C8C12115C666}\MpKsla77bde3a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E727D187-B2C3-4302-9291-C8C12115C666}\MpKsla77bde3a.sys [?]

S1 MpKslbc7d6682;MpKslbc7d6682;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{75216E61-9198-4ECE-9BB6-D781C9BD687E}\MpKslbc7d6682.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{75216E61-9198-4ECE-9BB6-D781C9BD687E}\MpKslbc7d6682.sys [?]

S1 MpKslc0941759;MpKslc0941759;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{864B47FE-A5FC-4639-AC1B-877237006235}\MpKslc0941759.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{864B47FE-A5FC-4639-AC1B-877237006235}\MpKslc0941759.sys [?]

S1 MpKslc515c7cc;MpKslc515c7cc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A685741F-671D-4849-BB4E-E38F9BE9B618}\MpKslc515c7cc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A685741F-671D-4849-BB4E-E38F9BE9B618}\MpKslc515c7cc.sys [?]

S1 MpKsld0e94e31;MpKsld0e94e31;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B4287A02-1EEA-41F2-8186-7FAE4873E452}\MpKsld0e94e31.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B4287A02-1EEA-41F2-8186-7FAE4873E452}\MpKsld0e94e31.sys [?]

S1 MpKsld6c0c05b;MpKsld6c0c05b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F09C0FA-3960-48C7-B969-4BB2FE2EB4EA}\MpKsld6c0c05b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F09C0FA-3960-48C7-B969-4BB2FE2EB4EA}\MpKsld6c0c05b.sys [?]

S1 MpKsle077497e;MpKsle077497e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{601F5A18-16EA-4D70-9822-2FDBA7E9A60D}\MpKsle077497e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{601F5A18-16EA-4D70-9822-2FDBA7E9A60D}\MpKsle077497e.sys [?]

S1 MpKsle649477e;MpKsle649477e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{055F5ED9-C3C2-4399-B038-C48CE40B8935}\MpKsle649477e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{055F5ED9-C3C2-4399-B038-C48CE40B8935}\MpKsle649477e.sys [?]

S1 MpKslfc90ca5f;MpKslfc90ca5f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79FB53D8-544D-4C1B-B09A-0DA2EDE517BB}\MpKslfc90ca5f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79FB53D8-544D-4C1B-B09A-0DA2EDE517BB}\MpKslfc90ca5f.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 MpKsl1e42cc9e;MpKsl1e42cc9e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A86436D7-7676-4FB8-90C7-F17DDDA0C17C}\MpKsl1e42cc9e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A86436D7-7676-4FB8-90C7-F17DDDA0C17C}\MpKsl1e42cc9e.sys [?]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]

S3 DCamUSBUVT;ICM532A;c:\windows\SYSTEM32\DRIVERS\usbuvt.sys [1/24/2007 3:48 AM 95744]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [1/25/2007 1:31 PM 42000]

S3 PortReporter;Port Reporter;c:\program files\PortReporter\PortReporter.exe [4/1/2004 12:48 AM 90183]

S3 Revoflt;Revoflt;c:\windows\SYSTEM32\DRIVERS\revoflt.sys [2/6/2011 8:58 AM 27064]

S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\utilities\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [7/24/2010 7:25 PM 93848]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - uphcleanhlp

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

2008-04-14 01:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

2008-04-14 01:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

2008-04-14 01:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

2008-04-14 01:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]

2001-03-23 21:17 7168 ------w- c:\windows\SYSTEM32\updcrl.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-13 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 20:56]

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = about:blank

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Save Page As PDF ... - file://c:\program files\Nitro PDF\PDF Download\nitroweb.htm

IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {{438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - c:\windows\web\tree.htm

IE: {{FC09D8A3-C85A-11d2-92D0-0000F87A4A55}

Trusted Zone: ancestry.com\www

Trusted Zone: byu.edu\contentdm.lib

Trusted Zone: c-span.org\www

Trusted Zone: chase.com\chaseonline

Trusted Zone: comcast.net\sz0081.wc.mail

Trusted Zone: fultonhistory.com\www

Trusted Zone: pga.com\www

Trusted Zone: powerlineblog.com\www

Trusted Zone: wowhead.com\ptr

Trusted Zone: wowhead.com\www

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

DPF: DirectAnimation Java Classes

DPF: Microsoft XML Parser for Java

DPF: {2566E4F3-A47B-11D4-9B5D-0010A4F2D6BF} - hxxp://www.quicken.com/qw2001/qcominst.cab

DPF: {A97608DD-6999-11D5-9C8C-0010A4F2D6BF} - hxxp://www.quicken.com/qw2001/qcominst.cab

DPF: {CFFE5E18-79B9-431C-8CE2-AE55A16E7C09} - hxxp://www.lpa-homes.org/iclook/LPA_Applications/newlook.cab

FF - ProfilePath - c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\x73qkxd5.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.wowhead.com/profile=us.misha.muncy

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

.

------- File Associations -------

.

.txt=TextPad.txt

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Visible - (no file)

Toolbar-Welcome - (no file)

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

Notify-AtiExtEvent - (no file)

SafeBoot-mcmscsvc

SafeBoot-MCODS

HKLM_ActiveSetup-RNA - rundll rnasetup.dll

AddRemove-Amazon MP3 Downloader - c:\audio\Amazon\MP3 Downloader\Uninstall.exe

AddRemove-CdaC13Ba - c:\windows\CDAC13BA.EXE

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

AddRemove-{108A39BF-4ED1-4293-B11A-06BD521FB8F7} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{108A3~1\Setup.exe

AddRemove-{656A8811-95E1-4BD2-B692-8202DDBA15D5}_is1 - e:\utilities\CPU Thermometer\CPU Thermometer\unins000.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-04 09:24

Windows 5.1.2600 Service Pack 3 FAT NTAPI

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\N360]

"ImagePath"="\"c:\security\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\security\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vsdatant]

"ImagePath"=""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\TP*]

"DisplayName"="?\13?\13"

"DeviceDesc"="?\13?\13"

"ProviderName"=""

"MFG"="???\\"

"ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\?\13\\DriverFiles\\.INF"

"DeviceInstanceIds"=multi:"09236.inf\00"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(5436)

c:\windows\system32\WININET.dll

c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll

c:\utilities\Clipboard Recorder\cbhelper.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

c:\windows\System32\drivers\CDAC11BA.EXE

c:\windows\system32\DRIVERS\CDANTSRV.EXE

c:\windows\System32\CTsvcCDA.exe

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

c:\utilities\CDBurnerXP\NMSAccessU.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\RunDLL32.exe

c:\security\UPHClean\uphclean.exe

c:\windows\system32\devldr32.exe

c:\windows\system32\fxssvc.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\Yahoo!\Widgets\YahooWidgets.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2012-02-04 09:30:39 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-04 14:30

.

Pre-Run: 5,849,989,120 bytes free

Post-Run: 5,974,818,816 bytes free

.

- - End Of File - - 56E1217A92633A68606D816357965F17

Elise · February 4, 2012

Hi, do you still have IP blocks after the combofix run?

Please launch also MBAM, update it, run a full scan and post me the resulting log.

petunia · February 4, 2012

Hi, do you still have IP blocks after the combofix run?

Having just run combofix and owing to the relative infrequency of the connect attempts (I did have just one more caught by MBAM after my initial post), I think the jury may still be out on whether or not the culprit has been cleansed from my system.

Please launch also MBAM, update it, run a full scan and post me the resulting log.

OK. Looks clean.

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.04.03

Windows XP Service Pack 3 x86 FAT32

Internet Explorer 8.0.6001.18702

Jay :: DELL8100 [administrator]

Protection: Enabled

2/4/2012 11:24:58 AM

mbam-log-2012-02-04 (11-24-58).txt

Scan type: Full scan

Scan options disabled: P2P

Objects scanned: 333917

Time elapsed: 2 hour(s), 19 minute(s), 14 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Elise · February 4, 2012

Okay, in that case just keep monitoring it and let me know if/when they come back.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Download the latest version of Java Runtime Environment (JRE) Version 7u2.
Look for "JDK 7u2 (JDK or JRE).
Click the "Download JRE" button at the right.
Read the License Agreement, and then check the box that says: "Accept License Agreement".
- Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
[*]Save it to your desktop
[*]Close any programs you may have running - especially your web browser.
[*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
[*]Reboot your computer once all Java components are removed.
[*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
2. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
3. Double click on the
  icon on your desktop.
4. Check "YES, I accept the Terms of Use."
5. Click the Start button.
6. Accept any security warnings from your browser.
7. Under scan settings, check "Scan Archives" and "Remove found threats"
8. Click Advanced settings and select the following:
  - Scan potentially unwanted applications
  - Scan for potentially unsafe applications
  - Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

petunia · February 4, 2012

Okay, in that case just keep monitoring it and let me know if/when they come back.

I will be monitoring for that fersure.

Select "Windows x86 Offline" and click on jre-7-windows-i586.exe

I assume you mean jre-7u2-windows-i586.exe.

petunia · February 4, 2012

The ESET window is alerting to the fact that another A/V program (Norton 360) is running and "may affect the performance and quality of the scan". Should I disable Norton before commencing the scan? Thanks.

Elise · February 4, 2012

Yes, temporarily disable it during the scan.

petunia · February 4, 2012

Here's the result of the ESET scan (with a caveat). While the program was running, I hit ESC (or alt-ESC) to redisplay the scan screen and noted that the program had "deleted - quarantined" a file. I also noted that there was a note to the effect that the program had been terminated by user (or something to that effect)....so I ran it again and this time returned to what appeared to be a completion screen with no options offered. Anyway, here's the result...

C:\WINDOWS\Installer\70eb6.msi a variant of Win32/HiddenStart.A application deleted - quarantined

petunia · February 4, 2012

P.S. Perhaps they've modified the program since your last visit, but "list threats" was not an option...only "export file" or "copy to clipboard".

Elise · February 5, 2012

Thank you for lett ing me know about ESET, I'll adapt that in my instructions.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean

Please do the following to remove the remaining programs from your PC:

Delete the tools used during the disinfection:
- Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:

Install and update the following programs regularly:
- an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
  A comprehensive tutorial and a list of possible firewalls can be found here.
- an AntiVirus Software
  It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
- an Anti-Spyware program
  Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
  SUPERAntiSpyware is another good scanner with high detection and removal rates.
  Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
- Spyware Blaster
  A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Miekies' prevention suggestions
So How did I get infected?
Microsoft - 'Security at home'
Calendar of Updates: See which updates have been released.
How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
osalt: Find (free) open source alternatives to known commercial software.

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

petunia · February 5, 2012

Thanks very much for all your assistance and for the followup instructions on removing Combofix.

I'm somewhat concerned that the ESET-identified file (Dell associated as my google searching seems to indicate) may have a track record of false-positives (not that I'll miss it anyway) and that (perhaps in ignorance) nothing else appears to have been identified as a culprit...but I'll hopefully not see connects to that IP again.

Elise · February 5, 2012

You are most welcome! Glad to hear everything is okay.

I will request this topic to be closed. In case the IP block returns and this topic is closed, feel free to send me a PM.

LDTate · February 5, 2012

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

MBAM IP-BLOCK 208.73.210.29 (Type: outgoing)

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information