Active hacking attempts on my computer.

[my.computer]

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Computer at 18:15:34 on 2011-07-20
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1162 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Computer\Desktop\dds.com
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\computer\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\computer\appdata\roaming\mozilla\firefox\profiles\24mz2ulb.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-6-22 53816]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsle9659b4b;MpKsle9659b4b;c:\programdata\microsoft\microsoft antimalware\definition updates\{90b60bd4-cc40-48b6-b5bb-3570d355deb5}\MpKsle9659b4b.sys [2011-7-20 28752]
R1 RapportCerberus_26762;RapportCerberus_26762;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\26762\RapportCerberus_26762.sys [2011-6-13 57144]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-6-22 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-6-22 158904]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-19 366640]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-6-22 870200]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-4-29 1153368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-29 22712]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 qic157;qic157;c:\windows\system32\drivers\qic157.sys [2009-7-13 8192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-29 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-29 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-29 1343400]
.
=============== Created Last 30 ================
.
2011-07-21 00:55:39 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{90b60bd4-cc40-48b6-b5bb-3570d355deb5}\MpKsle9659b4b.sys
2011-07-21 00:55:10 7074640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{90b60bd4-cc40-48b6-b5bb-3570d355deb5}\mpengine.dll
2011-07-21 00:42:28 -------- d-----w- c:\users\computer\appdata\local\Adobe
2011-07-20 18:36:34 -------- d-sh--w- C:\$RECYCLE.BIN
2011-07-20 17:51:21 98816 ----a-w- c:\windows\sed.exe
2011-07-20 17:51:21 518144 ----a-w- c:\windows\SWREG.exe
2011-07-20 17:51:21 256000 ----a-w- c:\windows\PEV.exe
2011-07-20 17:51:21 208896 ----a-w- c:\windows\MBR.exe
2011-07-20 17:51:11 -------- d-----w- C:\Combo-Fix
2011-07-20 17:15:15 -------- d-----w- c:\users\computer\appdata\local\Apple
2011-07-20 17:14:44 -------- d-----w- c:\users\computer\appdata\local\Apple Computer
2011-07-20 02:22:45 -------- d-----w- c:\program files\ESET
2011-07-19 17:31:27 -------- d-----w- c:\program files\iPod
2011-07-19 17:31:26 -------- d-----w- c:\program files\iTunes
2011-07-16 00:26:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-07-16 00:26:05 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-07-16 00:26:05 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-07-16 00:26:04 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-07-16 00:26:04 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-07-16 00:26:03 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-16 00:21:41 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-07-02 04:26:47 -------- d-----w- c:\windows\system32\appmgmt
2011-06-29 15:53:41 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
2011-06-29 15:53:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-29 15:53:06 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-29 15:53:03 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-29 15:49:46 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 15:49:42 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-29 15:49:37 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-29 15:49:34 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-29 15:49:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-29 15:49:01 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-27 23:50:13 -------- d-----w- c:\users\computer\appdata\local\Diagnostics
2011-06-23 01:01:26 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-19 02:00:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-14 06:30:30 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-05-14 06:23:24 271872 ----a-w- c:\windows\system32\conhost.exe
2011-05-04 11:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 04:34:43 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-03 16:08:00 4756216 ----a-w- c:\windows\system32\GameMon.des
2011-04-30 03:15:43 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-29 02:46:33 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:46:15 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:46:10 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:17:36 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 02:17:28 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-27 02:17:22 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 04:31:30 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:18:03 338944 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 18:17:05.39 ===============

More Details: Another program Called raport has reported many incidents of key-logging, Blocked cookie access belonging to the Trusteer Rapport program. Along with blocked IP adresses as shown :


"The following IP addresses were tagged as suspicious. When you access a protected website, Rapport checks the IP address against a list of known good addresses for this website. If the address is not found in the list, Rapport replaces it with a known good address for the website. There is no action you need to take."
Jul 20 2011 17:54 IP address 96.6.62.196 doesn't match Santander UK
Jul 20 2011 17:41 IP address 96.6.62.196 doesn't match Santander UK
Jul 20 2011 17:41 IP address 96.6.62.196 doesn't match Santander UK
Jul 19 2011 21:09 IP address 96.6.62.196 doesn't match Santander UK
Jul 15 2011 17:20 IP address 96.6.62.196 doesn't match Santander UK


It has also demonstrated this attempts to screen capture.

Jul 20 2011 17:42 AcroRd32.exe is permanently blocked from capturing sensitive data
Jul 19 2011 16:06 dwm.exe is permanently blocked from capturing sensitive data
Jul 19 2011 10:15 dwm.exe is permanently blocked from capturing sensitive data
Jul 15 2011 09:47 dwm.exe is permanently blocked from capturing sensitive data
Jul 14 2011 21:35 AcroRd32.exe is permanently blocked from capturing sensitive data

I have Malware Anit-Malware Bytes, Spybot S&D, And an updated Microsoft security essentials, all showing no threats. I have downloaded an EsetOnline scanner but haven't scanned it recently.

I do have a disk image of the system from when it was almost-new.