Firewall blocking inbound traffic from "Trojans", but MBAM does find any

[mjm1]

Merged 3 post

Hi,

My firewall says I am being attacked by:

Portal of Doom

Master Paradise

Deep Throat

RAT

My firewall is symantic. My AV didn't find anything (up to date), nor did Spybot S+D. I am not experiencing any problems, aside from an extremely slow boot up. My firewall is just keeps going off on those ports associated with the above. Please advise. Thanks.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30

Run by HP_Administrator at 20:56:56 on 2012-02-27

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1214.342 [GMT -5:00]

.

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Client Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

svchost.exe

C:\Program Files\LSI SoftModem\agrsmsvc.exe

C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe

C:\program files\common files\installshield\updateservice\issch.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe

C:\WINDOWS\ARPWRMSG.EXE

C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\hpqtra08.exe

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe

C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe

C:\WINDOWS\system32\wwSecure.exe

c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe

C:\Program Files\Western Digital\WD SmartWare\WDFME.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page =

uSearch Bar =

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = 118.97.119.164:80

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm

mSearchAssistant =

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

BHO: Freecause Toolbar BHO: {614bda1f-9bef-4cd1-bde4-fa4804929b4a} - c:\program files\mypoints point finder\Toolbar.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: MYPOINTS: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:\progra~1\mypoints\mypoints.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: MYPOINTS: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:\progra~1\mypoints\mypoints.dll

TB: MyPoints Point Finder: {89a2510a-b4b6-4683-bec9-1b96700bc7f1} - c:\program files\mypoints point finder\Toolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [212B679BCC229656D917314ACDE51BAC2EEF83CD._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service

uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"

uRunOnce: [index Washer] c:\program files\webroot\washer\WashIdx.exe "HP_Administrator"

mRun: [vptray] c:\progra~1\symant~1\symant~2\VPTray.exe

mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"

mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"

mRun: [PCDrProfiler]

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdquic~1.lnk - c:\program files\western digital\wd smartware\WDDMStatus.exe

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Trusted Zone: $talisma_url$

Trusted Zone: turbotax.com

DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://support.cox.com/sdccommon/download/tgctlcm.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228247357375

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://io.dcma.mil/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

TCP: Interfaces\{FD46DAA1-DDF8-4A37-9641-AB347B20A235} : DhcpNameServer = 192.168.1.254

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - c:\program files\microsoft\outlook web access smime client\mimectl.dll

Notify: ackpbsc - c:\program files\actividentity\activclient\ackpbsc.dll

Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\frqeg8v4.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z136&form=ZGAADF&install_date=20111221&q=

FF - prefs.js: network.proxy.socks - 127.0.0.1

FF - prefs.js: network.proxy.socks_port - 9050

FF - prefs.js: network.proxy.type - 1

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SC247XF;SC247XF;c:\windows\system32\drivers\SC247XF.sys [2001-9-13 14223]

R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [2010-7-8 149376]

R1 NEOFLTR_710_19757;Juniper Networks TDI Filter Driver (NEOFLTR_710_19757);c:\windows\system32\drivers\NEOFLTR_710_19757.SYS [2012-1-25 85064]

R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2006-9-6 337592]

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2006-9-6 54968]

R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104]

R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2006-11-21 202344]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]

R2 cpextender;Check Point SSL Network Extender;c:\program files\checkpoint\ssl network extender\slimsvc.exe [2005-9-26 258146]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 MMIndexer;Media Manager Indexer;c:\program files\common files\microsoft shared\media manager\AIRSVCU.EXE [1997-7-15 136704]

R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacomd\x86\novacomd.exe [2011-3-15 61440]

R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2007-3-14 1816768]

R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\WDDMService.exe [2011-8-1 263056]

R2 WDFMEService;WDFMEService;c:\program files\western digital\wd smartware\WDFME.exe [2011-8-1 1592208]

R2 WDRulesService;WDRulesService;c:\program files\western digital\wd smartware\WDRulesEngine.exe [2011-8-1 1091984]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-10 106104]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120225.008\naveng.sys [2012-2-26 86136]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120225.008\navex15.sys [2012-2-26 1576312]

R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2010-1-6 57856]

R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2005-9-26 108400]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-10 136176]

S2 McciServiceHost;McciServiceHost;"c:\program files\common files\motive\mcciservicehost.exe" --> c:\program files\common files\motive\McciServiceHost.exe [?]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-5-29 18560]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-10 136176]

S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2011-5-29 33792]

S3 MSPANEL;AVC Panel Device;c:\windows\system32\drivers\mstapeo.sys [2004-3-29 49024]

S3 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2007-3-14 116416]

S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-9-30 1087680]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-2-15 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 VaultClientSRV;Media Store and Share Backup Manager Service;c:\program files\cox\media store and share backup manager\VaultClientSRV.exe [2008-10-8 981456]

S4 VaultClientUpgrade;Backup Manager Upgrade Service;c:\program files\cox\media store and share backup manager\VaultClientUpgrade.exe [2008-10-8 55760]

.

=============== Created Last 30 ================

.

2012-02-27 22:14:52 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-27 22:14:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-27 03:04:36 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\NPE

2012-02-27 03:04:36 -------- d-----w- c:\documents and settings\all users\application data\Norton

2012-02-26 18:16:26 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-02-26 18:16:26 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2012-02-25 22:32:14 -------- d-----w- c:\documents and settings\hp_administrator\application data\Malwarebytes

2012-02-25 22:32:00 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-02-15 20:56:20 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys

2012-02-15 19:31:06 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Western_Digital

2012-02-15 18:52:23 -------- d-----w- c:\documents and settings\all users\application data\Western Digital

2012-02-15 18:50:46 -------- d-----w- c:\program files\Western Digital

2012-02-15 18:50:04 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Western Digital

2012-02-14 21:34:55 3072 ------w- c:\windows\system32\iacenc.dll

2012-02-14 21:34:55 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

2012-02-09 15:31:49 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-02-09 15:31:49 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2012-02-09 15:29:22 -------- d-----w- c:\program files\iPod

2012-02-09 15:28:04 -------- d-----w- c:\program files\iTunes

2012-02-09 15:22:02 -------- d-----w- c:\program files\Bonjour

.

==================== Find3M ====================

.

2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys

2011-12-21 16:45:39 723294 ----a-w- c:\windows\unins000.exe

2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec

2008-06-04 12:51:36 5553 ----a-w- c:\program files\common files\acbackupreg.reg

2004-08-10 05:00:00 94784 --sha-w- c:\windows\twain.dll

2008-04-14 00:12:07 50688 --sha-w- c:\windows\twain_32.dll

2008-04-14 00:12:01 57344 --sha-w- c:\windows\system32\msvcirt.dll

2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll

2008-04-14 00:12:01 343040 --sha-w- c:\windows\system32\msvcrt.dll

2010-12-20 17:32:15 551936 --sha-w- c:\windows\system32\oleaut32.dll

2008-04-14 00:12:02 84992 --sha-w- c:\windows\system32\olepro32.dll

2008-04-14 00:12:32 11776 --sha-w- c:\windows\system32\regsvr32.exe

.

============= FINISH: 20:57:38.14 ===============

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 2/4/2006 7:49:54 PM

System Uptime: 2/27/2012 7:31:28 PM (1 hours ago)

.

Motherboard: MSI | | AMETHYST-M

Processor: AMD Athlon 64 Processor 3800+ | Socket 939 | 2387/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 224 GiB total, 84.115 GiB free.

D: is FIXED (FAT32) - 8 GiB total, 1.114 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is Removable

N: is Removable

O: is Removable

P: is Removable

Q: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1231: 1/28/2012 10:44:51 AM - System Checkpoint

RP1232: 1/29/2012 10:56:31 AM - System Checkpoint

RP1233: 1/30/2012 5:33:52 PM - System Checkpoint

RP1234: 1/31/2012 5:56:28 PM - System Checkpoint

RP1235: 2/1/2012 5:57:33 PM - System Checkpoint

RP1236: 2/2/2012 6:56:27 PM - System Checkpoint

RP1237: 2/3/2012 7:48:55 PM - System Checkpoint

RP1238: 2/4/2012 8:21:34 PM - System Checkpoint

RP1239: 2/5/2012 8:30:36 PM - System Checkpoint

RP1240: 2/6/2012 10:44:58 PM - System Checkpoint

RP1241: 2/7/2012 11:09:53 PM - System Checkpoint

RP1242: 2/8/2012 11:29:21 PM - System Checkpoint

RP1243: 2/9/2012 10:07:39 AM - Removed iTunes

RP1244: 2/9/2012 10:27:27 AM - Installed iTunes

RP1245: 2/10/2012 11:19:13 AM - System Checkpoint

RP1246: 2/11/2012 11:22:41 AM - System Checkpoint

RP1247: 2/12/2012 12:43:44 PM - System Checkpoint

RP1248: 2/13/2012 1:03:10 PM - System Checkpoint

RP1249: 2/14/2012 2:08:58 PM - System Checkpoint

RP1250: 2/15/2012 3:00:20 AM - Software Distribution Service 3.0

RP1251: 2/15/2012 3:24:15 PM - Installed WD Software Upgrader

RP1252: 2/16/2012 3:46:24 PM - System Checkpoint

RP1253: 2/17/2012 4:39:48 PM - System Checkpoint

RP1254: 2/18/2012 5:33:12 PM - System Checkpoint

RP1255: 2/19/2012 6:26:35 PM - System Checkpoint

RP1256: 2/20/2012 7:35:39 PM - System Checkpoint

RP1257: 2/21/2012 8:39:12 PM - System Checkpoint

RP1258: 2/22/2012 9:09:54 PM - System Checkpoint

RP1259: 2/23/2012 10:05:36 PM - System Checkpoint

RP1260: 2/24/2012 10:59:13 PM - System Checkpoint

RP1261: 2/25/2012 10:59:33 PM - System Checkpoint

RP1262: 2/26/2012 11:31:34 PM - System Checkpoint

.

==== Installed Programs ======================

.

.

32 Bit HP CIO Components Installer

Acrobat.com

ActivClient CAC x86

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop Elements 2.0

Adobe Reader X (10.1.2)

Adobe® Photoshop® Album Starter Edition 3.2

Agere Systems PCI-SV92PP Soft Modem

AIO_Scan

Amazon MP3 Downloader 1.0.10

Amazon Unbox Video

AnswerWorks 4.0 Runtime - English

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASUS RT-N12 Wireless Router Utilities

ATI Control Panel

ATI Display Driver

att.net Internet Mail

AutoUpdate

Bonjour

BufferChm

C4200

C4200_doccd

c4200_Help

CameraDrivers

CCleaner

Check Point SSL Network Extender

Compatibility Pack for the 2007 Office system

Copy

Coupon Printer for Windows

cp_LightScribeConfig

cp_LightScribePlugin

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

Critical Update for Windows Media Player 11 (KB959772)

CustomerResearchQFolder

Destination Component

Device Installer x86

DeviceDiscovery

DeviceManagementQFolder

DiscAPI (Studio 10)

DivX

DocProc

DocProcQFolder

DVDSmith Movie Backup 1.0.5

Enhanced Multimedia Keyboard Solution

eSupportQFolder

Family Tree Maker 2005

First Step Guide

Garmin City Navigator North America NT 2010.20

Garmin Communicator Plugin

Garmin POI Loader

Garmin USB Drivers

GdiplusUpgrade

Google Toolbar for Internet Explorer

Google Update Helper

GTK2-Runtime

H&R Block Basic + Efile 2009

Handbrake 0.9.4

Hardwood Spades

High Definition Audio Driver Package - KB888111

Hotfix 2050 for SQL Server 2000 ENU (KB948110)

Hotfix 2055 for SQL Server 2000 ENU (KB960082)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Format 11 SDK (KB939209)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Boot Optimizer

HP Customer Participation Program 9.0

HP Deskjet Printer Preload

HP DigitalMedia Archive

HP Imaging Device Functions 9.0

HP OCR Software 9.0

HP Photo Imaging Software

HP Photo Printing Software

HP PhotoSmart Scanning Software

HP Photosmart All-In-One Software 9.0

HP Photosmart Cameras 5.0

HP Photosmart Essential 2.01

HP Photosmart Essential2.01

HP Play [beta]

HP Product Assistant

HP Product Detection

HP Solution Center 9.0

HP Update

HPDiagnosticAlert

HPProductAssistant

HpSdpAppCoreApp

HPSSupply

ImageMixer VCD2

InterActual Player

InterVideo WinDVD Player

IrfanView (remove only)

iTunes

Java Auto Updater

Java 6 Update 30

JumpStart Advanced School Time

Juniper Networks Cache Cleaner 6.5.0

Juniper Networks Host Checker

Juniper Networks Secure Application Manager

Juniper Networks, Inc. Setup Client

Juniper Terminal Services Client

K-Lite Codec Pack 6.8.0 (Standard)

LeapFrog Connect

LeapFrog LeapPad Explorer Plugin

LeapFrog My Pals Plugin

LeapFrog Tag Plugin

Lexia Reading

LightScribe 1.4.52.1

LiveUpdate 3.1 (Symantec Corporation)

Logitech Desktop Messenger

Logitech Legacy USB Camera Driver Package

Logitech QuickCam Driver Package

Logitech Vid HD

Logitech Webcam Software

LSI PCI-SV92PP Soft Modem

Macromedia Flash Player

Malwarebytes Anti-Malware version 1.60.1.1000

MarketResearch

MasterSplitter Program

Math Games

Media Store and Share Backup Manager

Microsoft .NET Framework 1.0 Hotfix (KB2572066)

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Away Mode

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Media Manager 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office XP Media Content

Microsoft Office XP Professional

Microsoft Outlook Web Access S/MIME (2007)

Microsoft SQL Server Desktop Engine (PINNACLESYS)

Microsoft User-Mode Driver Framework Feature Pack 1.7

Microsoft Visual C++ 2005 Redistributable

Microsoft WinUsb 1.0

MobileMe Control Panel

Mozilla Firefox 8.0 (x86 en-US)

Mozilla Thunderbird (6.0)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee autoProducer unPlugged 1.2

MyPoints Point Finder

MyPoints Toolbar

MyPoints Toolbar 2.0

Novacomd

Octoshape add-in for Adobe Flash Player

OLYMPUS CAMEDIA Master 2.5

OpenMG AAC Add-on Module 1.0.00

OpenMG Limited Patch 4.5-06-05-12-01

OpenMG Secure Module 4.5.01

Paint and Create

PC-Doctor 5 for Windows

PC Inspector File Recovery

Pdf995 (installed by H&R Block)

PdfEdit995 (installed by H&R Block)

Picture Package Music Transfer

Pinnacle Instant DVD Recorder

Pinnacle MediaServer

PS_AIO_ProductContext

PS_AIO_Software

PS_AIO_Software_min

PSSWCORE

Quicken 2010

QuickTime

RAPID (Studio 10)

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Savings Bond Wizard

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Shop for HP Supplies

Skype Click to Call

Skype™ 5.5

SmartSound Quicktracks Plugin

SolutionCenter

Sonic Express Labeler

Sonic MyDVD Plus

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

SonicStage 4.0

Sony Picture Utility

Sony USB Driver

Status

Studio 10

Studio 10 Bonus DVD

Symantec Client Security

Symantec Technical Support Web Controls

TaxACT 2010

TaxACT 2011 - 1040 Edition

TaxCut Basic + Efile 2008

Toolbox

TrayApp

TurboTax 2008

TurboTax 2008 WinPerFedFormset

TurboTax 2008 WinPerProgramHelp

TurboTax 2008 WinPerReleaseEngine

TurboTax 2008 WinPerTaxSupport

TurboTax 2008 WinPerUserEducation

TurboTax 2008 wrapper

TurboTax Basic 2006

TurboTax Basic 2007

TurboTax ItsDeductible 2006

UnloadSupport

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Windows Internet Explorer 8 (KB971180)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Media Player 10 (KB910393)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB953356)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

Updates from HP (remove only)

USB 2.0 Switch Utility Software

Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)

Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)

Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)

VideoToolkit01

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WD SmartWare

WD Software Upgrader

WebFldrs XP

WebReg

WexTech AnswerWorks

Window Washer

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)

Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer Clean Up

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live OneCare safety scanner

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Media Center Edition 2005 KB925766

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

WinX DVD Copy Pro 2.2.0

WinX DVD Ripper Platinum 6.0.2

WinX HD Video Converter Deluxe 3.10.3

X-Lite 3.0

.

==== Event Viewer Messages From Past Week ========

.

2/27/2012 7:41:01 PM, error: Service Control Manager [7022] - The Pinnacle Systems Media Service service hung on starting.

2/27/2012 7:39:42 PM, error: Service Control Manager [7024] - The Symantec SPBBCSvc service terminated with service-specific error 4294967295 (0xFFFFFFFF).

2/27/2012 7:39:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Intuit Update Service service to connect.

2/27/2012 7:39:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.

2/27/2012 7:39:42 PM, error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/27/2012 7:39:42 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/27/2012 7:12:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

2/27/2012 6:11:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service WDRulesService with arguments "" in order to run the server: {C004E60F-2D62-4BE1-98C4-C39A8046B6BB}

2/27/2012 6:08:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

2/27/2012 6:08:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 eeCtrl Fips ftsata2 iaStor IntelIde IPSec MRxSmb NEOFLTR_710_19757 NetBIOS NetBT ohci1394 PCLEPCI RasAcd Rdbss SAVRT SAVRTPEL SPBBCDrv SYMTDI Tcpip tffsport ViaIde

2/27/2012 6:08:09 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

2/27/2012 6:08:09 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/27/2012 6:08:09 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/27/2012 6:08:09 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

2/27/2012 6:08:09 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/27/2012 6:08:09 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/27/2012 6:07:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

2/27/2012 6:07:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2/26/2012 2:25:21 PM, error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).

2/26/2012 2:20:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2

2/25/2012 6:02:12 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service hpqddsvc with arguments "" in order to run the server: {2C82180E-8C3C-4A1B-BEB1-B9140713E701}

2/25/2012 6:01:40 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.

2/25/2012 6:01:40 PM, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/25/2012 6:01:39 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

2/25/2012 5:58:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 iaStor IntelIde tffsport ViaIde

2/25/2012 5:57:47 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The system cannot find the file specified.

2/25/2012 5:57:47 PM, error: Service Control Manager [7000] - The McciServiceHost service failed to start due to the following error: The system cannot find the file specified.

2/25/2012 5:55:44 PM, error: ati2mtag [52225] - CPLIB :: Open Session - Failed to load the library

2/22/2012 5:11:02 PM, error: SCardSvr [520] - Smart Card Resource Manager received unrecognized handle from PnP event DBT_DEVICEQUERYREMOVE/dbch_handle

.

==== End Of File ===========================

Forgot to say that MBAM did find 2 "trojans", but apparently not the ones listed. Sorry, but I didn't keep the log. After restart, I ran it again and got the below. My firewall is still being attacked. Thanks.

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.27.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

HP_Administrator :: LORI_II [administrator]

2/27/2012 5:38:06 PM

mbam-log-2012-02-27 (17-38-06).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 206472

Time elapsed: 10 minute(s), 53 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

I ran ESET, and it found and deleted a variant of Win32./Agent.szw, out of a tempIMG folder and system restore. Was thaty the problem, and is it fixed? Do I do a reboot? Now I have a "bla" trojan/UDP attacking my firewall, in addition to the others. Please help. Thanks.

Edited February 28, 2012 by Maurice Naggar
merged 2 posts

[mjm1]

^{I found the log from the first MBAM scan - can't copy and paste it because the computer is offline, but MBAM removed 2 Trojan. Vondu. Thanks.}

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

[mjm1]

Thanks. Report below. I ran another ESET scan last night, as well as a full MBAM scan last night, and both found nothing. My firewall still reports MasterParadise, DeepThroat and RAT attacks every 6-7 hours. Maybe a clean MBR is needed, after removing the Agent.SZW? TIA.

RogueKiller V7.2.0 [02/27/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: HP_Administrator [Admin rights]

Mode: Scan -- Date: 02/29/2012 08:55:25

¤¤¤ Bad processes: 2 ¤¤¤

[sUSP PATH] arpwrmsg.exe -- C:\WINDOWS\ARPWRMSG.EXE -> KILLED [TermProc]

[sUSP PATH] JuniperSetupClient.exe -- C:\Documents and Settings\HP_Administrator\Application Data\Juniper Networks\Setup Client\JuniperSetupClient.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤

[RANDOMNAME] HKLM\[...]\Run : PinnacleDriverCheck (C:\WINDOWS\system32\\PSDrvCheck.exe) -> FOUND

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (118.97.119.164:80) -> FOUND

[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND

[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500JS-60MHB1 +++++

--- User ---

[MBR] b978857295c648f7c9e038708e5ddfe0

[bSP] 8a7884da59e414827f91c43dcf324e78 : Toshiba tatooed MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 8711 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 17841600 | Size: 229753 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: HP Photosmart C4280 USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

This proxy is present:

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (118.97.119.164:80) -> FOUND

It's from "Proxy Country is Indonesia"

Did you set it?

If not....please run RogueKiller gain > click scan > then ProxyFix

----------------------------

Then please do this:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

[mjm1]

That proxy is in my IE, and I do believe I put it there a long time ago, and have not used it since - should I take it out and rerun Rogue?

[MrCharlie]

I would, you can always restore it, just look in the RK_Quarantine that was created in the same folder as RogueKiller. Double click on the reg file to restore it.

MrC

[mjm1]

CF Report -

ComboFix 12-02-29.01 - HP_Administrator 02/29/2012 9:33.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1214.515 [GMT -5:00]

Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Client Firewall *Enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\HP_Administrator\Application Data\HPSU_48BitScanUpdate.log

c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\frqeg8v4.default\searchplugins\bing-zugo.xml

c:\documents and settings\HP_Administrator\WINDOWS

c:\windows\bwUnin-7.2.0.157-8876480SL.exe

c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe

c:\windows\kb913800.exe

c:\windows\system32\AutoRun.inf

c:\windows\system32\BSTIEPrintCtl1.dll

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\GroupPolicy\User\Scripts\scripts.ini

D:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))

.

.

2012-02-28 02:55 . 2012-02-28 02:55 -------- d-----w- c:\program files\ESET

2012-02-27 22:14 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-27 22:14 . 2012-02-27 22:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-27 03:04 . 2012-02-27 03:05 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\NPE

2012-02-27 03:04 . 2012-02-27 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2012-02-26 18:16 . 2012-02-26 19:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-02-26 18:16 . 2012-02-26 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2012-02-25 22:32 . 2012-02-25 22:32 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes

2012-02-25 22:32 . 2012-02-25 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-02-16 00:09 . 2012-02-16 00:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Western_Digital

2012-02-15 23:36 . 2012-02-15 23:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2012-02-15 23:34 . 2012-02-15 23:34 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2012-02-15 22:53 . 2012-02-15 23:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\MYPOINTS

2012-02-15 22:51 . 2012-02-15 22:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\FCTB000060497

2012-02-15 22:51 . 2012-02-15 22:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ConduitEngine

2012-02-15 22:50 . 2012-02-15 22:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer

2012-02-15 22:50 . 2012-02-15 22:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Western Digital

2012-02-15 22:49 . 2012-02-15 22:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer

2012-02-15 22:46 . 2012-02-15 22:46 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2012-02-15 20:56 . 2011-02-16 22:52 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys

2012-02-15 19:31 . 2012-02-17 20:16 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Western_Digital

2012-02-15 18:52 . 2012-02-15 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital

2012-02-15 18:50 . 2012-02-15 20:55 -------- d-----w- c:\program files\Western Digital

2012-02-15 18:50 . 2012-02-15 19:38 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Western Digital

2012-02-14 21:34 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2012-02-14 21:34 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

2012-02-09 15:31 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-02-09 15:31 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2012-02-09 15:29 . 2012-02-09 15:29 -------- d-----w- c:\program files\iPod

2012-02-09 15:28 . 2012-02-09 15:31 -------- d-----w- c:\program files\iTunes

2012-02-09 15:22 . 2012-02-09 15:22 -------- d-----w- c:\program files\Bonjour

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-12 16:53 . 2004-08-10 05:00 1859968 ----a-w- c:\windows\system32\win32k.sys

2011-12-21 16:45 . 2011-12-21 16:46 723294 ----a-w- c:\windows\unins000.exe

2011-12-17 19:46 . 2004-08-10 05:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46 . 2004-08-10 05:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-17 19:46 . 2004-08-10 05:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:22 . 2004-08-10 05:00 385024 ----a-w- c:\windows\system32\html.iec

2008-06-04 12:51 . 2008-06-04 12:29 5553 ----a-w- c:\program files\Common Files\acbackupreg.reg

2011-11-20 18:24 . 2011-06-10 16:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2004-08-10 05:00 94784 --sha-w- c:\windows\twain.dll

2008-04-14 00:12 50688 --sha-w- c:\windows\twain_32.dll

2008-04-14 00:12 57344 --sha-w- c:\windows\system32\msvcirt.dll

2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll

2008-04-14 00:12 343040 --sha-w- c:\windows\system32\msvcrt.dll

2010-12-20 17:32 551936 --sha-w- c:\windows\system32\oleaut32.dll

2008-04-14 00:12 84992 --sha-w- c:\windows\system32\olepro32.dll

2008-04-14 00:12 11776 --sha-w- c:\windows\system32\regsvr32.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]

2010-06-20 02:50 1547776 ----a-w- c:\program files\MyPoints Point Finder\Toolbar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-CEC4-75A487FD6484}]

2008-11-23 21:59 1909248 ----a-w- c:\progra~1\mypoints\mypoints.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= "c:\progra~1\mypoints\mypoints.dll" [2008-11-23 1909248]

"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Point Finder\Toolbar.dll" [2010-06-20 1547776]

.

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]

[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

.

[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]

[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]

[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]

[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Point Finder\Toolbar.dll" [2010-06-20 1547776]

.

[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]

[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]

[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]

[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon1]

@="{B976888E-DC7B-456C-A62F-44EA07ED231F}"

[HKEY_CLASSES_ROOT\CLSID\{B976888E-DC7B-456C-A62F-44EA07ED231F}]

2008-10-08 21:44 495616 ----a-w- c:\program files\Cox\Media Store and Share Backup Manager\VaultClientMenu.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon2]

@="{E30CEB29-7F47-4d0e-B2E1-56A7FC25E97D}"

[HKEY_CLASSES_ROOT\CLSID\{E30CEB29-7F47-4d0e-B2E1-56A7FC25E97D}]

2008-10-08 21:44 491520 ----a-w- c:\program files\Cox\Media Store and Share Backup Manager\VaultClientIcon.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2007-03-14 125632]

"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]

"ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2004-07-28 81920]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]

"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-10 273528]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

.

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\

hpqtra08.exe [2008-3-25 214360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 3983760]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]

2009-06-03 20:14 113152 ----a-w- c:\program files\ActivIdentity\ActivClient\ackpbsc.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]

2009-06-03 20:13 299520 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]

2001-08-27 15:52 45056 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]

2008-06-10 20:18 785520 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-01-16 22:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

2008-10-11 15:46 36864 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iPodService"=3 (0x3)

"hpqddsvc"=2 (0x2)

"VaultClientSRV"=2 (0x2)

"VaultClientUpgrade"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\MyPoints Toolbar 2.0\\TroubleShooter.exe"=

"c:\\Program Files\\MyPoints Toolbar 2.0\\ToolbarUpdate.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Documents and Settings\\HP_Administrator\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=

"c:\\Program Files\\MyPoints Point Finder\\TroubleShooter.exe"=

"c:\\Program Files\\MyPoints Point Finder\\ToolbarUpdate.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\studio.exe"=

"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=

"c:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=

"c:\\Program Files\\ASUS\\RT-N12 Wireless Router Utilities\\Discovery.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 SC247XF;SC247XF;c:\windows\system32\drivers\SC247XF.sys [9/13/2001 4:47 PM 14223]

R1 NEOFLTR_710_19757;Juniper Networks TDI Filter Driver (NEOFLTR_710_19757);c:\windows\system32\drivers\NEOFLTR_710_19757.SYS [1/25/2012 3:54 PM 85064]

R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [6/3/2009 3:16 PM 207400]

R2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [9/26/2005 10:28 AM 258146]

R2 MMIndexer;Media Manager Indexer;c:\program files\Common Files\Microsoft Shared\Media Manager\AIRSVCU.EXE [7/15/1997 136704]

R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\x86\novacomd.exe [3/15/2011 3:35 PM 61440]

R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [8/1/2011 10:11 AM 263056]

R2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [8/1/2011 10:11 AM 1592208]

R2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [8/1/2011 10:11 AM 1091984]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/10/2012 8:41 PM 106104]

R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [9/26/2005 10:28 AM 108400]

S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [7/8/2010 9:28 PM 149376]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/10/2010 1:29 PM 136176]

S2 McciServiceHost;McciServiceHost;"c:\program files\Common Files\Motive\McciServiceHost.exe" --> c:\program files\Common Files\Motive\McciServiceHost.exe [?]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [5/29/2011 1:56 PM 18560]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/10/2010 1:29 PM 136176]

S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [5/29/2011 1:53 PM 33792]

S3 MSPANEL;AVC Panel Device;c:\windows\system32\drivers\mstapeo.sys [3/29/2004 1:26 AM 49024]

S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [3/14/2007 6:48 PM 116416]

S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [1/6/2010 10:19 PM 57856]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2/15/2012 3:56 PM 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

S4 VaultClientSRV;Media Store and Share Backup Manager Service;c:\program files\Cox\Media Store and Share Backup Manager\VaultClientSRV.exe [10/8/2008 4:45 PM 981456]

S4 VaultClientUpgrade;Backup Manager Upgrade Service;c:\program files\Cox\Media Store and Share Backup Manager\VaultClientUpgrade.exe [10/8/2008 4:45 PM 55760]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - TRUESIGHT

*Deregistered* - TrueSight

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 18:29]

.

2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 18:29]

.

2012-02-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-640800275-3246585749-3817686294-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]

.

2012-02-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-640800275-3246585749-3817686294-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]

.

2012-02-29 c:\windows\Tasks\User_Feed_Synchronization-{D5FE06CA-FC11-44AE-9267-AE6C7025BC83}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = 118.97.119.164:80

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm

Trusted Zone: $talisma_url$

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 192.168.1.254

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab

FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\frqeg8v4.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z136&form=ZGAADF&install_date=20111221&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-212B679BCC229656D917314ACDE51BAC2EEF83CD._service_run - c:\program files\Google\Chrome\Application\chrome.exe

HKCU-Run-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe

HKLM-Run-PCDrProfiler - (no file)

AddRemove-LSI Soft Modem - c:\windows\agrsmdel

AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-29 09:49

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-640800275-3246585749-3817686294-1008\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(956)

c:\program files\ActivIdentity\ActivClient\ackpbsc.dll

c:\program files\ActivIdentity\ActivClient\aclog.dll

c:\program files\ActivIdentity\ActivClient\accrypto.dll

c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll

c:\program files\ActivIdentity\ActivClient\acevtsub.dll

c:\program files\ActivIdentity\ActivClient\asphat32.dll

c:\program files\ActivIdentity\ActivClient\acerrmes.dll

c:\program files\ActivIdentity\ActivClient\aiwinext.dll

c:\program files\ActivIdentity\ActivClient\aspcom.dll

c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll

c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll

c:\windows\system32\Ati2evxx.dll

c:\program files\ActivIdentity\ActivClient\acunlock.dll

c:\program files\ActivIdentity\ActivClient\aipingui.dll

c:\program files\ActivIdentity\ActivClient\aicext.dll

c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll

c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll

c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll

c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll

c:\program files\ActivIdentity\ActivClient\accsp.dll

c:\program files\ActivIdentity\ActivClient\Resources\accsprc.dll

c:\program files\ActivIdentity\ActivClient\acjscrfs.dll

c:\program files\Common Files\ActivIdentity\ac.sharedstoreps.dll

c:\program files\ActivIdentity\ActivClient\acjvscv2.dll

c:\program files\ActivIdentity\ActivClient\Resources\acjsc2rc.dll

.

Completion time: 2012-02-29 09:58:32

ComboFix-quarantined-files.txt 2012-02-29 14:58

.

Pre-Run: 89,913,860,096 bytes free

Post-Run: 90,026,016,768 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=3

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

.

- - End Of File - - B6A8063C6E345E05E9B0D47535ED85BC

[mjm1]

Sorry,I ran CF before I did a restore from RK quarantine folder, and now RK stops midway - please advise. Thanks.

[MrCharlie]

Sorry,I ran CF before I did a restore from RK quarantine folder, and now RK stops midway - please advise. Thanks.

What did you want to restore?? MrC

[mjm1]

Nothing - was just reading your comment above. I got rid of the proxy number, and tried to rerun RK. Guess it doen't matter? -

[MrCharlie]

You have a lot of tool bars and junk on the system that's not advisable to have on the system.

Some examples below:

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

BHO: Freecause Toolbar BHO: {614bda1f-9bef-4cd1-bde4-fa4804929b4a} - c:\program files\mypoints point finder\Toolbar.dll

BHO: MYPOINTS: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:\progra~1\mypoints\mypoints.dll

TB: MYPOINTS: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:\progra~1\mypoints\mypoints.dll

TB: MyPoints Point Finder: {89a2510a-b4b6-4683-bec9-1b96700bc7f1} - c:\program files\mypoints point finder\Toolbar.dll

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

http://www.systemloo..._Local_DLL.html

http://www.systemloo...oolbar_dll.html

http://www.systemloo...oolbar_dll.html

http://www.systemloo...876480_dll.html

Let me know......MrC

[mjm1]

I can get rid of this junk - do I do it manually now, and do a run of something else?

[MrCharlie]

We can use ComboFix:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

DDS::

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

BHO: Freecause Toolbar BHO: {614bda1f-9bef-4cd1-bde4-fa4804929b4a} - c:\program files\mypoints point finder\Toolbar.dll

BHO: MYPOINTS: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:\progra~1\mypoints\mypoints.dll

TB: MYPOINTS: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:\progra~1\mypoints\mypoints.dll

TB: MyPoints Point Finder: {89a2510a-b4b6-4683-bec9-1b96700bc7f1} - c:\program files\mypoints point finder\Toolbar.dll

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Firefox::

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

[mjm1]

No reboot required. I deleted a couple of dlls manually before I saw your reply. CF report follows:

ComboFix 12-02-29.01 - HP_Administrator 02/29/2012 11:07:12.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1214.247 [GMT -5:00]

Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt

AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Client Firewall *Enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\progra~1\mypoints\mypoints.dll

c:\program files\mozilla firefox\plugins\NPcol400.dll

c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))

.

.

2012-02-29 15:05 . 2012-02-29 15:07 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2012-02-28 02:55 . 2012-02-28 02:55 -------- d-----w- c:\program files\ESET

2012-02-27 22:14 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-27 22:14 . 2012-02-27 22:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-27 03:04 . 2012-02-27 03:05 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\NPE

2012-02-27 03:04 . 2012-02-27 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2012-02-26 18:16 . 2012-02-26 19:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-02-26 18:16 . 2012-02-26 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2012-02-25 22:32 . 2012-02-25 22:32 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes

2012-02-25 22:32 . 2012-02-25 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-02-16 00:09 . 2012-02-16 00:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Western_Digital

2012-02-15 23:36 . 2012-02-15 23:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2012-02-15 23:34 . 2012-02-15 23:34 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2012-02-15 22:53 . 2012-02-15 23:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\MYPOINTS

2012-02-15 22:51 . 2012-02-15 22:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\FCTB000060497

2012-02-15 22:51 . 2012-02-15 22:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ConduitEngine

2012-02-15 22:50 . 2012-02-15 22:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer

2012-02-15 22:50 . 2012-02-15 22:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Western Digital

2012-02-15 22:49 . 2012-02-15 22:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer

2012-02-15 22:46 . 2012-02-15 22:46 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2012-02-15 20:56 . 2011-02-16 22:52 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys

2012-02-15 19:31 . 2012-02-17 20:16 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Western_Digital

2012-02-15 18:52 . 2012-02-15 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital

2012-02-15 18:50 . 2012-02-15 20:55 -------- d-----w- c:\program files\Western Digital

2012-02-15 18:50 . 2012-02-15 19:38 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Western Digital

2012-02-14 21:34 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2012-02-14 21:34 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

2012-02-09 15:31 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-02-09 15:31 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2012-02-09 15:29 . 2012-02-09 15:29 -------- d-----w- c:\program files\iPod

2012-02-09 15:28 . 2012-02-09 15:31 -------- d-----w- c:\program files\iTunes

2012-02-09 15:22 . 2012-02-09 15:22 -------- d-----w- c:\program files\Bonjour

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-12 16:53 . 2004-08-10 05:00 1859968 ----a-w- c:\windows\system32\win32k.sys

2011-12-21 16:45 . 2011-12-21 16:46 723294 ----a-w- c:\windows\unins000.exe

2011-12-17 19:46 . 2004-08-10 05:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46 . 2004-08-10 05:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-17 19:46 . 2004-08-10 05:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:22 . 2004-08-10 05:00 385024 ----a-w- c:\windows\system32\html.iec

2008-06-04 12:51 . 2008-06-04 12:29 5553 ----a-w- c:\program files\Common Files\acbackupreg.reg

2011-11-20 18:24 . 2011-06-10 16:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2004-08-10 05:00 94784 --sha-w- c:\windows\twain.dll

2008-04-14 00:12 50688 --sha-w- c:\windows\twain_32.dll

2008-04-14 00:12 57344 --sha-w- c:\windows\system32\msvcirt.dll

2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll

2010-12-20 17:32 551936 --sha-w- c:\windows\system32\oleaut32.dll

2008-04-14 00:12 11776 --sha-w- c:\windows\system32\regsvr32.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon1]

@="{B976888E-DC7B-456C-A62F-44EA07ED231F}"

[HKEY_CLASSES_ROOT\CLSID\{B976888E-DC7B-456C-A62F-44EA07ED231F}]

2008-10-08 21:44 495616 ----a-w- c:\program files\Cox\Media Store and Share Backup Manager\VaultClientMenu.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon2]

@="{E30CEB29-7F47-4d0e-B2E1-56A7FC25E97D}"

[HKEY_CLASSES_ROOT\CLSID\{E30CEB29-7F47-4d0e-B2E1-56A7FC25E97D}]

2008-10-08 21:44 491520 ----a-w- c:\program files\Cox\Media Store and Share Backup Manager\VaultClientIcon.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2007-03-14 125632]

"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]

"ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2004-07-28 81920]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]

"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-10 273528]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

.

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\

hpqtra08.exe [2008-3-25 214360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 3983760]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]

2009-06-03 20:14 113152 ----a-w- c:\program files\ActivIdentity\ActivClient\ackpbsc.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]

2009-06-03 20:13 299520 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]

2001-08-27 15:52 45056 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]

2008-06-10 20:18 785520 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-01-16 22:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

2008-10-11 15:46 36864 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iPodService"=3 (0x3)

"hpqddsvc"=2 (0x2)

"VaultClientSRV"=2 (0x2)

"VaultClientUpgrade"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\MyPoints Toolbar 2.0\\TroubleShooter.exe"=

"c:\\Program Files\\MyPoints Toolbar 2.0\\ToolbarUpdate.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Documents and Settings\\HP_Administrator\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=

"c:\\Program Files\\MyPoints Point Finder\\TroubleShooter.exe"=

"c:\\Program Files\\MyPoints Point Finder\\ToolbarUpdate.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\studio.exe"=

"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=

"c:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=

"c:\\Program Files\\ASUS\\RT-N12 Wireless Router Utilities\\Discovery.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 SC247XF;SC247XF;c:\windows\system32\drivers\SC247XF.sys [9/13/2001 4:47 PM 14223]

R1 NEOFLTR_710_19757;Juniper Networks TDI Filter Driver (NEOFLTR_710_19757);c:\windows\system32\drivers\NEOFLTR_710_19757.SYS [1/25/2012 3:54 PM 85064]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/10/2012 8:41 PM 106104]

R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [1/6/2010 10:19 PM 57856]

R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [9/26/2005 10:28 AM 108400]

S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [7/8/2010 9:28 PM 149376]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [5/29/2011 1:56 PM 18560]

S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [5/29/2011 1:53 PM 33792]

S3 MSPANEL;AVC Panel Device;c:\windows\system32\drivers\mstapeo.sys [3/29/2004 1:26 AM 49024]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2/15/2012 3:56 PM 11520]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - TRUESIGHT

*Deregistered* - TrueSight

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 18:29]

.

2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 18:29]

.

2012-02-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-640800275-3246585749-3817686294-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]

.

2012-02-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-640800275-3246585749-3817686294-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]

.

2012-02-29 c:\windows\Tasks\User_Feed_Synchronization-{D5FE06CA-FC11-44AE-9267-AE6C7025BC83}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm

Trusted Zone: $talisma_url$

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 192.168.1.254

DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab

FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\frqeg8v4.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z136&form=ZGAADF&install_date=20111221&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-29 11:25

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-640800275-3246585749-3817686294-1008\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(956)

c:\program files\ActivIdentity\ActivClient\ackpbsc.dll

c:\program files\ActivIdentity\ActivClient\aclog.dll

c:\program files\ActivIdentity\ActivClient\accrypto.dll

c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll

c:\program files\ActivIdentity\ActivClient\acevtsub.dll

c:\program files\ActivIdentity\ActivClient\asphat32.dll

c:\program files\ActivIdentity\ActivClient\acerrmes.dll

c:\program files\ActivIdentity\ActivClient\aiwinext.dll

c:\program files\ActivIdentity\ActivClient\aspcom.dll

c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll

c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll

c:\windows\system32\Ati2evxx.dll

c:\program files\ActivIdentity\ActivClient\acunlock.dll

c:\program files\ActivIdentity\ActivClient\aipingui.dll

c:\program files\ActivIdentity\ActivClient\aicext.dll

c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll

c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll

c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll

c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll

c:\program files\ActivIdentity\ActivClient\accsp.dll

c:\program files\ActivIdentity\ActivClient\Resources\accsprc.dll

c:\program files\ActivIdentity\ActivClient\acjscrfs.dll

c:\program files\Common Files\ActivIdentity\ac.sharedstoreps.dll

c:\program files\ActivIdentity\ActivClient\acjvscv2.dll

c:\program files\ActivIdentity\ActivClient\Resources\acjsc2rc.dll

.

Completion time: 2012-02-29 11:31:22

ComboFix-quarantined-files.txt 2012-02-29 16:31

ComboFix2.txt 2012-02-29 14:58

.

Pre-Run: 90,045,423,616 bytes free

Post-Run: 90,037,608,448 bytes free

.

- - End Of File - - EC8B7919502938D666F189A290878F69

[MrCharlie]

A little more to do:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=-

"c:\\Program Files\\MyPoints Toolbar 2.0\\TroubleShooter.exe"=-

"c:\\Program Files\\MyPoints Toolbar 2.0\\ToolbarUpdate.exe"=-

"c:\\Program Files\\MyPoints Point Finder\\TroubleShooter.exe"=-

"c:\\Program Files\\MyPoints Point Finder\\ToolbarUpdate.exe"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

[mjm1]

Seems my virsu scan didn't turn off in a timely manner - please advise whether you want me to run this again, and with another script -

ComboFix 12-02-29.01 - HP_Administrator 02/29/2012 12:03:44.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1214.497 [GMT -5:00]

Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Client Firewall *Enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

.

.

((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))

.

.

2012-02-29 15:05 . 2012-02-29 15:07 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2012-02-28 02:55 . 2012-02-28 02:55 -------- d-----w- c:\program files\ESET

2012-02-27 22:14 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-27 22:14 . 2012-02-27 22:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-27 03:04 . 2012-02-27 03:05 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\NPE

2012-02-27 03:04 . 2012-02-27 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2012-02-26 18:16 . 2012-02-26 19:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-02-26 18:16 . 2012-02-26 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2012-02-25 22:32 . 2012-02-25 22:32 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes

2012-02-25 22:32 . 2012-02-25 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-02-16 00:09 . 2012-02-16 00:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Western_Digital

2012-02-15 23:36 . 2012-02-15 23:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2012-02-15 23:34 . 2012-02-15 23:34 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2012-02-15 22:53 . 2012-02-15 23:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\MYPOINTS

2012-02-15 22:51 . 2012-02-15 22:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\FCTB000060497

2012-02-15 22:51 . 2012-02-15 22:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ConduitEngine

2012-02-15 22:50 . 2012-02-15 22:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer

2012-02-15 22:50 . 2012-02-15 22:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Western Digital

2012-02-15 22:49 . 2012-02-15 22:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer

2012-02-15 22:46 . 2012-02-15 22:46 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2012-02-15 20:56 . 2011-02-16 22:52 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys

2012-02-15 19:31 . 2012-02-17 20:16 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Western_Digital

2012-02-15 18:52 . 2012-02-15 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital

2012-02-15 18:50 . 2012-02-15 20:55 -------- d-----w- c:\program files\Western Digital

2012-02-15 18:50 . 2012-02-15 19:38 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Western Digital

2012-02-14 21:34 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2012-02-14 21:34 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

2012-02-09 15:31 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-02-09 15:31 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2012-02-09 15:29 . 2012-02-09 15:29 -------- d-----w- c:\program files\iPod

2012-02-09 15:28 . 2012-02-09 15:31 -------- d-----w- c:\program files\iTunes

2012-02-09 15:22 . 2012-02-09 15:22 -------- d-----w- c:\program files\Bonjour

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-12 16:53 . 2004-08-10 05:00 1859968 ----a-w- c:\windows\system32\win32k.sys

2011-12-21 16:45 . 2011-12-21 16:46 723294 ----a-w- c:\windows\unins000.exe

2011-12-17 19:46 . 2004-08-10 05:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46 . 2004-08-10 05:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-17 19:46 . 2004-08-10 05:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:22 . 2004-08-10 05:00 385024 ----a-w- c:\windows\system32\html.iec

2008-06-04 12:51 . 2008-06-04 12:29 5553 ----a-w- c:\program files\Common Files\acbackupreg.reg

2011-11-20 18:24 . 2011-06-10 16:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2004-08-10 05:00 94784 --sha-w- c:\windows\twain.dll

2008-04-14 00:12 50688 --sha-w- c:\windows\twain_32.dll

2008-04-14 00:12 57344 --sha-w- c:\windows\system32\msvcirt.dll

2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll

2010-12-20 17:32 551936 --sha-w- c:\windows\system32\oleaut32.dll

2008-04-14 00:12 11776 --sha-w- c:\windows\system32\regsvr32.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon1]

@="{B976888E-DC7B-456C-A62F-44EA07ED231F}"

[HKEY_CLASSES_ROOT\CLSID\{B976888E-DC7B-456C-A62F-44EA07ED231F}]

2008-10-08 21:44 495616 ----a-w- c:\program files\Cox\Media Store and Share Backup Manager\VaultClientMenu.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon2]

@="{E30CEB29-7F47-4d0e-B2E1-56A7FC25E97D}"

[HKEY_CLASSES_ROOT\CLSID\{E30CEB29-7F47-4d0e-B2E1-56A7FC25E97D}]

2008-10-08 21:44 491520 ----a-w- c:\program files\Cox\Media Store and Share Backup Manager\VaultClientIcon.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2007-03-14 125632]

"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]

"ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2004-07-28 81920]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]

"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-10 273528]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

.

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\

hpqtra08.exe [2008-3-25 214360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 3983760]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]

2009-06-03 20:14 113152 ----a-w- c:\program files\ActivIdentity\ActivClient\ackpbsc.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]

2009-06-03 20:13 299520 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]

2001-08-27 15:52 45056 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]

2008-06-10 20:18 785520 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-01-16 22:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

2008-10-11 15:46 36864 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iPodService"=3 (0x3)

"hpqddsvc"=2 (0x2)

"VaultClientSRV"=2 (0x2)

"VaultClientUpgrade"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Documents and Settings\\HP_Administrator\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\studio.exe"=

"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=

"c:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=

"c:\\Program Files\\ASUS\\RT-N12 Wireless Router Utilities\\Discovery.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 SC247XF;SC247XF;c:\windows\system32\drivers\SC247XF.sys [9/13/2001 4:47 PM 14223]

R1 NEOFLTR_710_19757;Juniper Networks TDI Filter Driver (NEOFLTR_710_19757);c:\windows\system32\drivers\NEOFLTR_710_19757.SYS [1/25/2012 3:54 PM 85064]

R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [6/3/2009 3:16 PM 207400]

R2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [9/26/2005 10:28 AM 258146]

R2 MMIndexer;Media Manager Indexer;c:\program files\Common Files\Microsoft Shared\Media Manager\AIRSVCU.EXE [7/15/1997 136704]

R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\x86\novacomd.exe [3/15/2011 3:35 PM 61440]

R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [8/1/2011 10:11 AM 263056]

R2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [8/1/2011 10:11 AM 1592208]

R2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [8/1/2011 10:11 AM 1091984]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/10/2012 8:41 PM 106104]

R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [1/6/2010 10:19 PM 57856]

R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [9/26/2005 10:28 AM 108400]

S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [7/8/2010 9:28 PM 149376]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/10/2010 1:29 PM 136176]

S2 McciServiceHost;McciServiceHost;"c:\program files\Common Files\Motive\McciServiceHost.exe" --> c:\program files\Common Files\Motive\McciServiceHost.exe [?]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [5/29/2011 1:56 PM 18560]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/10/2010 1:29 PM 136176]

S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [5/29/2011 1:53 PM 33792]

S3 MSPANEL;AVC Panel Device;c:\windows\system32\drivers\mstapeo.sys [3/29/2004 1:26 AM 49024]

S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [3/14/2007 6:48 PM 116416]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2/15/2012 3:56 PM 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

S4 VaultClientSRV;Media Store and Share Backup Manager Service;c:\program files\Cox\Media Store and Share Backup Manager\VaultClientSRV.exe [10/8/2008 4:45 PM 981456]

S4 VaultClientUpgrade;Backup Manager Upgrade Service;c:\program files\Cox\Media Store and Share Backup Manager\VaultClientUpgrade.exe [10/8/2008 4:45 PM 55760]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - TRUESIGHT

*Deregistered* - TrueSight

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 18:29]

.

2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 18:29]

.

2012-02-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-640800275-3246585749-3817686294-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]

.

2012-02-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-640800275-3246585749-3817686294-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]

.

2012-02-29 c:\windows\Tasks\User_Feed_Synchronization-{D5FE06CA-FC11-44AE-9267-AE6C7025BC83}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm

Trusted Zone: $talisma_url$

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 192.168.1.254

DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab

FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\frqeg8v4.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z136&form=ZGAADF&install_date=20111221&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-29 12:18

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-640800275-3246585749-3817686294-1008\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(956)

c:\program files\ActivIdentity\ActivClient\ackpbsc.dll

c:\program files\ActivIdentity\ActivClient\aclog.dll

c:\program files\ActivIdentity\ActivClient\accrypto.dll

c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll

c:\program files\ActivIdentity\ActivClient\acevtsub.dll

c:\program files\ActivIdentity\ActivClient\asphat32.dll

c:\program files\ActivIdentity\ActivClient\acerrmes.dll

c:\program files\ActivIdentity\ActivClient\aiwinext.dll

c:\program files\ActivIdentity\ActivClient\aspcom.dll

c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll

c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll

c:\windows\system32\Ati2evxx.dll

c:\program files\ActivIdentity\ActivClient\acunlock.dll

c:\program files\ActivIdentity\ActivClient\aipingui.dll

c:\program files\ActivIdentity\ActivClient\aicext.dll

c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll

c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll

c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll

c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll

c:\program files\ActivIdentity\ActivClient\accsp.dll

c:\program files\ActivIdentity\ActivClient\Resources\accsprc.dll

c:\program files\ActivIdentity\ActivClient\acjscrfs.dll

c:\program files\Common Files\ActivIdentity\ac.sharedstoreps.dll

c:\program files\ActivIdentity\ActivClient\acjvscv2.dll

c:\program files\ActivIdentity\ActivClient\Resources\acjsc2rc.dll

.

- - - - - - - > 'explorer.exe'(5376)

c:\windows\system32\WININET.dll

c:\program files\Cox\Media Store and Share Backup Manager\VaultClientMenu.dll

c:\program files\Cox\Media Store and Share Backup Manager\LIBEXPAT.dll

c:\program files\Cox\Media Store and Share Backup Manager\VaultClientIcon.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-02-29 12:24:09

ComboFix-quarantined-files.txt 2012-02-29 17:24

ComboFix2.txt 2012-02-29 16:31

ComboFix3.txt 2012-02-29 14:58

.

Pre-Run: 90,046,509,056 bytes free

Post-Run: 90,019,422,208 bytes free

.

- - End Of File - - D5E4B18CC1C09A0AE7155131C984D6A5

[MrCharlie]

Looks Good

Please Update and run a Quick Scan with MBAM, post the report.

Please let me know how it is, MrC

[mjm1]

Report below. My firewall shows an attack by "RAT" trojan at 10:53 AM today (EST). Hopefully that is the end of that. Can you tell me what causes this, and whether I should install a "clean" MBR after getting rid of the win32/Agent. SZW trojan? Please advise. Thanks.

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.29.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

HP_Administrator :: LORI_II [administrator]

2/29/2012 1:05:42 PM

mbam-log-2012-02-29 (13-05-42).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205738

Time elapsed: 20 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[MrCharlie]

My firewall shows an attack by "RAT" trojan at 10:53 AM today (EST). Hopefully that is the end of that. Can you tell me what causes this, and whether I should install a "clean" MBR after getting rid of the win32/Agent. SZW trojan? Please advise. Thanks.

This is incoming??? correct?

I really don't see anything wrong with your MBR, but we can re-check it with a couple of programs:

Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.

It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

MrC

[mjm1]

Yes, log entry below (I redacted IP). I'll run the check now.

Details: Rule "Default Block Rat Trojan horse" blocked (LORI_II(redacted),2989).

Inbound UDP packet.

Local address,service is (localhost,2989).

Remote address,service is (LORI_II(redacted),2989).

Process name is "N/A".

[mjm1]

Report below. The firewall alerts are what tipped me off to an infection, which turned out to be (?) win32/Agent.SZW and Vondu. Firewall shows multiple inbound trojan ports being used, as mentioned above. Even after I got rid of the Agent and Vondu, I am still getting them every 5-6-7 hours. Thanks!

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0001e07c

Kernel Drivers (total 166):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E5000 \WINDOWS\system32\hal.dll

0xBA5A8000 \WINDOWS\system32\KDCOM.DLL

0xBA4B8000 \WINDOWS\system32\BOOTVID.dll

0xBA0A8000 pofy.sys

0xB9F79000 ACPI.sys

0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xB9F68000 pci.sys

0xBA0B8000 isapnp.sys

0xBA0C8000 ohci1394.sys

0xBA0D8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS

0xBA670000 pciide.sys

0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xBA0E8000 MountMgr.sys

0xB9F49000 ftdisk.sys

0xBA5B0000 dmload.sys

0xB9F23000 dmio.sys

0xBA330000 PartMgr.sys

0xBA0F8000 VolSnap.sys

0xB9E36000 atapi.sys

0xBA4BC000 SC247XF.sys

0xB9E1E000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS

0xBA108000 disk.sys

0xBA118000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xB9DD9000 fltmgr.sys

0xB9DC7000 sr.sys

0xBA128000 PxHelp20.sys

0xB9DB0000 KSecDD.sys

0xB9D23000 Ntfs.sys

0xB9CF6000 NDIS.sys

0xB9CDC000 Mup.sys

0xBA1E8000 \SystemRoot\system32\DRIVERS\AmdK8.sys

0xBA3A8000 \SystemRoot\system32\DRIVERS\aracpi.sys

0xB9B46000 \SystemRoot\system32\DRIVERS\ati2mtag.sys

0xB9B32000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xBA3B0000 \SystemRoot\system32\DRIVERS\usbohci.sys

0xB9B0E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xBA3B8000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xBA1F8000 \SystemRoot\system32\DRIVERS\imapi.sys

0xBA3C0000 \SystemRoot\System32\Drivers\ASAPIW2K.sys

0xBA55C000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS

0xBA208000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xBA218000 \SystemRoot\system32\DRIVERS\redbook.sys

0xB9AEB000 \SystemRoot\system32\DRIVERS\ks.sys

0xBA3C8000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

0xB99CE000 \SystemRoot\system32\DRIVERS\AGRSM.sys

0xBA5C2000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xBA3D0000 \SystemRoot\System32\Drivers\Modem.SYS

0xB99AE000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys

0xBA228000 \SystemRoot\system32\DRIVERS\nic1394.sys

0xB95F1000 \SystemRoot\system32\drivers\ALCXWDM.SYS

0xB95CD000 \SystemRoot\system32\drivers\portcls.sys

0xBA248000 \SystemRoot\system32\drivers\drmk.sys

0xB95B9000 \SystemRoot\system32\DRIVERS\parport.sys

0xBA570000 \SystemRoot\system32\DRIVERS\arpolicy.sys

0xBA6BE000 \SystemRoot\system32\DRIVERS\audstub.sys

0xBA2A8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xBA574000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB957A000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xBA2B8000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xBA2C8000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xBA3D8000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xB9569000 \SystemRoot\system32\DRIVERS\psched.sys

0xBA2D8000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xBA3E0000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xBA3E8000 \SystemRoot\system32\DRIVERS\raspti.sys

0xB94AE000 \SystemRoot\system32\DRIVERS\vna.sys

0xB947E000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0xBA2F8000 \SystemRoot\system32\DRIVERS\termdd.sys

0xBA3F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xBA3F8000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xBA5C4000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB9420000 \SystemRoot\system32\DRIVERS\update.sys

0xBA594000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xBA308000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xBA168000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xB5358000 \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys

0xB5336000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

0xB5322000 \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys

0xBA420000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xBA1A8000 \SystemRoot\system32\drivers\LVUSBSta.sys

0xBA550000 \SystemRoot\system32\DRIVERS\usbscan.sys

0xBA428000 \SystemRoot\system32\DRIVERS\usbprint.sys

0xBA430000 \SystemRoot\system32\DRIVERS\HPZius12.sys

0xBA438000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xBA1B8000 \SystemRoot\system32\DRIVERS\HPZid412.sys

0xB4B1E000 \SystemRoot\system32\DRIVERS\lvuvc.sys

0xB4B03000 \SystemRoot\system32\DRIVERS\lvpopflt.sys

0xBA1C8000 \SystemRoot\system32\drivers\usbaudio.sys

0xB4AC3000 \SystemRoot\system32\DRIVERS\lvrs.sys

0xBA554000 \SystemRoot\system32\DRIVERS\HPZipr12.sys

0xBA5D4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xBA788000 \SystemRoot\System32\Drivers\Null.SYS

0xBA5D6000 \SystemRoot\System32\Drivers\Beep.SYS

0xBA450000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xBA458000 \SystemRoot\System32\drivers\vga.sys

0xBA5EA000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xBA5EC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xBA460000 \SystemRoot\System32\Drivers\Msfs.SYS

0xBA468000 \SystemRoot\System32\Drivers\Npfs.SYS

0xB9599000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xB49F0000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xB4997000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xB497F000 \??\C:\WINDOWS\system32\Drivers\NEOFLTR_710_19757.SYS

0xB4959000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xBA258000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xB491E000 \SystemRoot\System32\Drivers\SYMTDI.SYS

0xB9418000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS

0xBA278000 \SystemRoot\system32\DRIVERS\arp1394.sys

0xBA288000 \SystemRoot\System32\Drivers\SYMREDRV.SYS

0xBA470000 \SystemRoot\System32\Drivers\SYMDNS.SYS

0xB9410000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xBA298000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xB9559000 \SystemRoot\System32\Drivers\SYMNDIS.SYS

0xBA478000 \SystemRoot\system32\DRIVERS\arhidfltr.sys

0xB48CD000 \SystemRoot\System32\Drivers\SYMFW.SYS

0xB9408000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xB9549000 \SystemRoot\System32\Drivers\SYMIDS.SYS

0xBA5F4000 \SystemRoot\system32\DRIVERS\armoucfltr.sys

0xB4886000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20120223.001\symidsco.sys

0xB9404000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0xBA5F8000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys

0xB485E000 \SystemRoot\system32\DRIVERS\netbt.sys

0xB483C000 \SystemRoot\System32\drivers\afd.sys

0xB9539000 \SystemRoot\system32\DRIVERS\netbios.sys

0xB47DA000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

0xB47AF000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xB93FC000 \??\C:\WINDOWS\system32\drivers\pclepci.sys

0xB473F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xB9519000 \SystemRoot\System32\Drivers\Fips.SYS

0xB46E1000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

0xB46C3000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

0xB4677000 \SystemRoot\System32\Drivers\Fastfat.SYS

0xB465F000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xBA604000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xB53B4000 \SystemRoot\System32\drivers\Dxapi.sys

0xBA498000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xBA7DA000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\ati2dvag.dll

0xBF051000 \SystemRoot\System32\ati2cqag.dll

0xBF08A000 \SystemRoot\System32\atikvmag.dll

0xBF0BF000 \SystemRoot\System32\ati3duag.dll

0xBF30C000 \SystemRoot\System32\ativvaxx.dll

0xBF39F000 \SystemRoot\System32\ATMFD.DLL

0xB2319000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys

0xB24DF000 \SystemRoot\system32\DRIVERS\nwlnknb.sys

0xB244B000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xB250F000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys

0xB1CC4000 \SystemRoot\system32\drivers\wdmaud.sys

0xB1E81000 \SystemRoot\system32\drivers\sysaudio.sys

0xB1977000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xB1C9C000 \SystemRoot\System32\Drivers\Aspi32.SYS

0xB1756000 \SystemRoot\System32\Drivers\HTTP.sys

0xB16D6000 \SystemRoot\system32\DRIVERS\srv.sys

0xBA4A8000 \SystemRoot\system32\Drivers\LVPr2Mon.sys

0xB127E000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xB06CE000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120225.008\navex15.sys

0xB068F000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120225.008\naveng.sys

0xBA636000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS

0xBA338000 \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys

0xAFC71000 \??\c:\windows\system32\drivers\TrueSight.sys

0xAFD60000 \SystemRoot\system32\DRIVERS\SCR3XX2K.sys

0xAF815000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 83):

0 System Idle Process

4 System

848 C:\WINDOWS\system32\smss.exe

912 csrss.exe

956 C:\WINDOWS\system32\winlogon.exe

1000 C:\WINDOWS\system32\services.exe

1012 C:\WINDOWS\system32\lsass.exe

1176 C:\WINDOWS\system32\ati2evxx.exe

1192 C:\WINDOWS\system32\svchost.exe

1252 svchost.exe

1396 C:\WINDOWS\system32\svchost.exe

1592 svchost.exe

1712 svchost.exe

1760 acevents.exe

436 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

672 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

904 C:\WINDOWS\system32\ati2evxx.exe

1376 C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

1500 C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

1576 C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

1668 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

1956 C:\WINDOWS\system32\spoolsv.exe

2000 C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

2040 scardsvr.exe

276 svchost.exe

320 C:\Program Files\LSI SoftModem\agrsmsvc.exe

504 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

828 C:\WINDOWS\arservice.exe

576 C:\Program Files\Bonjour\mDNSResponder.exe

544 C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe

584 C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

1452 C:\WINDOWS\ehome\ehrecvr.exe

720 C:\WINDOWS\ehome\ehSched.exe

2228 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

2300 C:\Program Files\Java\jre6\bin\jqs.exe

2376 C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

2572 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

2672 C:\Program Files\Common Files\Motive\McciCMService.exe

2724 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

2756 C:\Program Files\Common Files\Microsoft Shared\Media Manager\AIRSVCU.EXE

2916 C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

2944 C:\WINDOWS\system32\svchost.exe

2992 C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe

3004 C:\WINDOWS\system32\svchost.exe

3040 svchost.exe

3052 C:\WINDOWS\system32\svchost.exe

3232 C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe

3468 C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

3636 C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe

3692 C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe

3812 C:\WINDOWS\system32\wwSecure.exe

3856 mcrdsvc.exe

3952 C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe

4044 C:\Program Files\Western Digital\WD SmartWare\WDFME.exe

3436 C:\WINDOWS\system32\dllhost.exe

1844 alg.exe

648 C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe

3132 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

1276 C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

3488 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

3676 C:\WINDOWS\ehome\ehtray.exe

464 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

2088 C:\hp\KBD\kbd.exe

2440 C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

2620 C:\WINDOWS\ehome\ehmsas.exe

2924 C:\Program Files\ActivIdentity\ActivClient\acevents.exe

2280 C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

3348 C:\Program Files\Real\RealPlayer\Update\realsched.exe

3864 C:\Program Files\Common Files\Java\Java Update\jusched.exe

4260 C:\Program Files\iTunes\iTunesHelper.exe

4300 C:\WINDOWS\system32\ctfmon.exe

4484 C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe

5160 C:\WINDOWS\system32\svchost.exe

5836 C:\Program Files\iPod\bin\iPodService.exe

432 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

4252 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

5272 C:\WINDOWS\ALCXMNTR.EXE

2120 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

4768 C:\WINDOWS\system\hpsysdrv.exe

5376 C:\WINDOWS\explorer.exe

1948 C:\WINDOWS\system32\notepad.exe

5224 C:\WINDOWS\system32\notepad.exe

5988 C:\Documents and Settings\HP_Administrator\Desktop\Pictures For Mike\New Folder\New Folder\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`207b8000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: WDCWD2500JS-60MHB1, Rev: 10.02E02

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Legit MBR code detected

SHA1: F75A10171F7488C11BA9A98CEC3D186D7A8D3972

Done!

[MrCharlie]

The scan is clean.

I'm not familiar with rules for your firewall, but it appears to be doing its job.

There's nothing you can do about incoming attacks.

I suggest you go to symantics website for more info on its rules and what they mean.

Let me know....MrC

[mjm1]

OK, although I am thinking of dumping Symantec altogether because they didn't catch the trojans. Could also just be port scans or some such - haven't a clue, but if they are trojans reacting to some message my computer is putting out, it is probably just a matter of time before one slips through an unwatched port.

Thanks for all you have done thus far, much appreciated!

[MrCharlie]

This is the firewall I use:

http://www.softpedia.com/get/Security/Firewall/PC-Tools-Firewall-Plus.shtml

Give it a try.

Do you have Malwarebytes Pro installed??

MrC