Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit.zeroaccess! infection that won't go away


  • This topic is locked This topic is locked
3 replies to this topic

#1 Sco-munkey

Sco-munkey

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 30 December 2013 - 12:40 PM

Mod Edit Moved to Malware Removal forum ~~ boopme

I have a machine that at least used to have the rootkit.zeroaccess! rootkit however that may have been cleaned and it's another rootkit that I'm fighting with.  
 
I've run ComboFix, TDSSKiller and RogueKiller and many others all without success.  I've run out of ideas which is why I've come to you guys.
 
Below is my latest COmboFix log:
ComboFix 13-12-29.01 - firm 12/30/2013  11:20:28.7.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3574.2579 [GMT -6:00]
Running from: c:\documents and settings\firm\Desktop\Cleanup\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-28 to 2013-12-30  )))))))))))))))))))))))))))))))
.
.
2013-12-30 15:23 . 2013-12-30 15:23 -------- d-----w- c:\program files\VS Revo Group
2013-12-30 15:15 . 2013-05-08 09:12 106088 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-12-30 15:15 . 2013-12-30 15:35 -------- d-----w- C:\_AcroTemp
2013-12-27 23:23 . 2013-12-27 23:23 -------- d-----w- C:\RkUnhooker
2013-12-27 18:46 . 2013-12-27 18:46 -------- d-----w- c:\program files\ESET
2013-12-27 18:33 . 2013-12-27 18:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-27 18:33 . 2013-04-04 20:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-27 18:13 . 2013-12-27 18:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2013-12-27 17:34 . 2013-12-27 18:33 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-27 16:43 . 2008-04-14 05:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2013-12-27 16:43 . 2008-04-14 05:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2013-12-27 16:00 . 2013-12-27 17:42 -------- d-----w- C:\TDSSKiller_Quarantine
2013-12-27 15:42 . 2013-12-27 17:01 -------- d-----w- C:\AdwCleaner
2013-12-27 15:41 . 2013-12-27 15:41 -------- d-----w- c:\documents and settings\firm\Application Data\VideoReDo-Plus
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-30 16:42 . 2012-06-05 14:31 0 ----a-w- c:\documents and settings\firm\Local Settings\Application Data\WavXMapDrive.bat
2013-12-27 17:32 . 2013-12-27 17:10 82944 ----a-w- c:\windows\system32\drivers\WudfRd.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 77568 ----a-w- c:\windows\system32\drivers\WudfPf.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 8832 ----a-w- c:\windows\system32\drivers\wmiacpi.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 4352 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 38528 ----a-w- c:\windows\system32\drivers\wpdusb.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 32208 ----a-w- c:\windows\system32\drivers\WGX.SYS.bak
2013-12-27 17:32 . 2013-12-27 17:10 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 12032 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 503008 ----a-w- c:\windows\system32\drivers\wdf01000.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 35040 ----a-w- c:\windows\system32\drivers\wdfldr.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 81664 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 5376 ----a-w- c:\windows\system32\drivers\viaide.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 34560 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 208824 ----a-w- c:\windows\system32\drivers\WavxDMgr.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 42240 ----a-w- c:\windows\system32\drivers\VIAAGP.SYS.bak
2013-12-27 17:32 . 2013-12-27 17:10 26368 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS.bak
2013-12-27 17:32 . 2013-12-27 17:10 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 20992 ----a-w- c:\windows\system32\drivers\vga.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 144128 ----a-w- c:\windows\system32\drivers\usbport.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 5376 ----a-w- c:\windows\system32\drivers\usbd.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 30336 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 66048 ----a-w- c:\windows\system32\drivers\udfs.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 384768 ----a-w- c:\windows\system32\drivers\update.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 36736 ----a-w- c:\windows\system32\drivers\ultra.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 4992 ----a-w- c:\windows\system32\drivers\toside.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 40840 ----a-w- c:\windows\system32\drivers\termdd.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 19072 ----a-w- c:\windows\system32\drivers\tdi.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 14976 ----a-w- c:\windows\system32\drivers\tape.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 32640 ----a-w- c:\windows\system32\drivers\symc8xx.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 30688 ----a-w- c:\windows\system32\drivers\sym_u3.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 28384 ----a-w- c:\windows\system32\drivers\sym_hi.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 16256 ----a-w- c:\windows\system32\drivers\symc810.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS.bak
2013-12-27 17:32 . 2013-12-27 17:10 73472 ----a-w- c:\windows\system32\drivers\sr.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 6272 ----a-w- c:\windows\system32\drivers\splitter.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 49408 ----a-w- c:\windows\system32\drivers\stream.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 4352 ----a-w- c:\windows\system32\drivers\swenum.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 357888 ----a-w- c:\windows\system32\drivers\srv.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 19072 ----a-w- c:\windows\system32\drivers\sparrow.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 6784 ----a-w- c:\windows\system32\drivers\serscan.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 64512 ----a-w- c:\windows\system32\drivers\serial.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 40960 ----a-w- c:\windows\system32\drivers\SISAGP.SYS.bak
2013-12-27 17:32 . 2013-12-27 17:10 14592 ----a-w- c:\windows\system32\drivers\smclib.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 11392 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 10240 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 96384 ----a-w- c:\windows\system32\drivers\scsiport.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 15744 ----a-w- c:\windows\system32\drivers\serenum.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 5876736 ----a-w- c:\windows\system32\drivers\RtDHDAud.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 5888 ----a-w- c:\windows\system32\drivers\rootmdm.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 30592 ----a-w- c:\windows\system32\drivers\rndismp.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 34432 ----a-w- c:\windows\system32\drivers\rawwan.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 22784 ----a-w- c:\windows\system32\drivers\RimUsb.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 175744 ----a-w- c:\windows\system32\drivers\rdbss.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 16512 ----a-w- c:\windows\system32\drivers\raspti.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 51328 ----a-w- c:\windows\system32\drivers\rasl2tp.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 49024 ----a-w- c:\windows\system32\drivers\ql1280.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 48384 ----a-w- c:\windows\system32\drivers\raspptp.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 45312 ----a-w- c:\windows\system32\drivers\ql12160.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 40448 ----a-w- c:\windows\system32\drivers\ql1240.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 33152 ----a-w- c:\windows\system32\drivers\ql10wnt.sys.bak
2013-12-27 17:32 . 2013-12-27 17:10 69120 ----a-w- c:\windows\system32\drivers\psched.sys.bak
2010-07-15 16:45 . 2010-07-15 16:45 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-11 23:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-11 23:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTDCPL.EXE" [2009-08-26 2691072]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-05-18 145920]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-07-05 15872]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-01-07 140520]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-05 630784]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-11-08 65536]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-02-11 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-02-11 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files\Nuance\PDFViewerPlus\pdfpro5hook.exe" [2010-02-08 1369376]
"PDF5 Registry Controller"="c:\program files\Nuance\PDFViewerPlus\RegistryController.exe" [2010-02-08 62752]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-2-4 1155432]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe  /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2013-12-12 14:57 85832 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ   msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
-scheduler [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"vToolbarUpdater13.2.0"=2 (0x2)
"SeaPort"=2 (0x2)
"QBFCService"=3 (0x3)
"QBCFMonitorService"=2 (0x2)
"PDFProFiltSrvPP"=2 (0x2)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"GoogleDesktopManager-051210-111108"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AllAlertsDisabled"=dword:00000001
"TermService"=dword:00000001
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
"c:\\Program Files\\Sharp\\Sharpdesk\\FTPServer.exe"=
"c:\\Documents and Settings\\firm\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management 
"3395:TCP"= 3395:TCP:RDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [10/25/2013 2:34 AM 108816]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C01044D\0191.105\x86\SymDS.sys [6/14/2012 9:34 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C01044D\0191.105\x86\SymEFA.sys [6/14/2012 9:34 AM 759416]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20131203.011\BHDrvx86.sys [12/2/2013 6:22 PM 1098968]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [12/11/2013 3:29 AM 340432]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [10/25/2013 2:34 AM 157264]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/25/2013 2:34 AM 230448]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C01044D\0191.105\x86\Ironx86.sys [6/14/2012 9:34 AM 137336]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [4/26/2010 6:21 AM 13336]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/29/2010 9:40 AM 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 3:40 PM 13624]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/25/2013 2:34 AM 1444120]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe [6/14/2012 9:33 AM 137208]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [4/26/2010 9:01 AM 166568]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/11/2013 2:36 AM 108120]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20131227.001\IDSXpx86.sys [12/29/2013 2:02 AM 382608]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [12/27/2013 11:34 AM 35144]
S3 C771BUS;CASIO C771 USB Composite Device Driver;c:\windows\system32\drivers\C771BUS.sys [6/28/2011 1:32 PM 57672]
S3 C771VSP;CASIO C771 USB Virtual Serial Port;c:\windows\system32\drivers\C771VSP.sys [6/28/2011 1:32 PM 168648]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [4/26/2010 9:01 AM 215040]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [3/16/2011 1:56 PM 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [3/16/2011 1:57 PM 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [3/16/2011 1:57 PM 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [3/16/2011 1:57 PM 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [3/16/2011 1:57 PM 25704]
S4 bolcanr;bolcanr;c:\windows\system32\drivers\rxgk.sys --> c:\windows\system32\drivers\rxgk.sys [?]
S4 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/20/2010 12:40 PM 30192]
S4 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S4 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S4 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
S4 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]
S4 NEC Usb3;NEC USB3 Service;c:\windows\System32\svchost.exe -k NECUsb3s [4/25/2008 10:16 AM 14336]
S4 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2/10/2010 10:30 PM 144672]
S4 rkhdrv40;Rootkit Unhooker Driver; [x]
S4 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NECUsb3s REG_MULTI_SZ   NEC Usb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
SABProcEnum
C-Dilla
cdmservice
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 20:39 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-16 17:31]
.
2013-12-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2013-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 16:08]
.
2013-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 16:08]
.
2013-12-30 c:\windows\Tasks\User_Feed_Synchronization-{15D1C73D-FFBF-4CE1-B0C3-77557EDE0E7B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
2013-12-30 c:\windows\Tasks\User_Feed_Synchronization-{B08C7A4C-762E-4996-A4DB-D4F856641334}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Append to existing PDF file - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Create PDF file - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
TCP: Interfaces\{3FCFC6F9-7CAC-4E68-B83E-7AE4960C352D}: NameServer = 10.10.10.1,8.8.8.8
FF - ProfilePath - c:\documents and settings\firm\Application Data\Mozilla\Firefox\Profiles\ttv5amty.default\
FF - prefs.js: browser.startup.homepage - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-30 11:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\Smc.exe\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrueSight]
"ImagePath"="\??\"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(876)
c:\windows\system32\wvauth.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(4152)
c:\windows\system32\WININET.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-12-30  11:34:00
ComboFix-quarantined-files.txt  2013-12-30 17:33
ComboFix2.txt  2013-12-30 16:03
ComboFix3.txt  2013-12-27 18:23
ComboFix4.txt  2013-12-27 18:10
ComboFix5.txt  2013-12-30 17:16
.
Pre-Run: 244,495,392,768 bytes free
Post-Run: 244,476,157,952 bytes free
.
- - End Of File - - 56327ECE2B532B3302A57984EF872D79
 
And HiJackThis:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:34:51 AM, on 12/30/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
 
FIREFOX: 3.6.13 (en-US)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\Smc.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\RTDCPL.EXE
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDFViewerPlus\pdfpro5hook.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\firm\Desktop\Cleanup\HijackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\bin\IPS\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTDCPL.EXE
O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDFViewerPlus\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDFViewerPlus\RegistryController.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with PDF Viewer Plus - res://C:\Program Files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://204.196.151.247/oysterlease1/acgm/acgm.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dlf.local
O17 - HKLM\Software\..\Telephony: DomainName = dlf.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FCFC6F9-7CAC-4E68-B83E-7AE4960C352D}: NameServer = 10.10.10.1,8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dlf.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{3FCFC6F9-7CAC-4E68-B83E-7AE4960C352D}: NameServer = 10.10.10.1,8.8.8.8
O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\snac.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)
 
--
End of file - 13033 bytes


Edited by boopme, 30 December 2013 - 01:04 PM.


BC AdBot (Login to Remove)

 


#2 Sco-munkey

Sco-munkey
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 30 December 2013 - 01:21 PM

I'm currently running through a scan with the eSet AV and thus far it's found 9 infected files...

 

Here is the DDS log and the DDS Attach log:

 

DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by firm at 12:14:02 on 2013-12-30
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3574.2547 [GMT -6:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\Smc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTDCPL.EXE
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDFViewerPlus\pdfpro5hook.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdfviewerplus\bin\PlusIEContextMenu.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.1101.401.105\bin\ips\IPSBHO.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Nuance PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RTHDCPL] RTDCPL.EXE
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe  startup
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdfviewerplus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdfviewerplus\RegistryController.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Append to existing PDF file - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Create PDF file - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - c:\program files\nuance\pdfviewerplus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://204.196.151.247/oysterlease1/acgm/acgm.cab
TCP: Interfaces\{3FCFC6F9-7CAC-4E68-B83E-7AE4960C352D} : NameServer = 10.10.10.1,8.8.8.8
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages =  msv1_0 wvauth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\firm\application data\mozilla\firefox\profiles\ttv5amty.default\
FF - prefs.js: browser.startup.homepage - true
FF - component: c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1101.401.105\data\ipsffplgn\components\IPSFFPl.dll
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-10-25 108816]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c01044d\0191.105\x86\SymDS.sys [2012-6-14 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c01044d\0191.105\x86\SymEFA.sys [2012-6-14 759416]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1101.401.105\data\definitions\bashdefs\20131203.011\BHDrvx86.sys [2013-12-2 1098968]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_59849.sys [2013-12-11 340432]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-10-25 157264]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-10-25 230448]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c01044d\0191.105\x86\Ironx86.sys [2012-6-14 137336]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-4-26 13336]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-29 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-2-17 47640]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-10-25 1444120]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.1101.401.105\bin\ccSvcHst.exe [2012-6-14 137208]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-4-26 166568]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-12-11 108120]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1101.401.105\data\definitions\ipsdefs\20131227.001\IDSXpx86.sys [2013-12-29 382608]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-12-27 35144]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1101.401.105\data\definitions\virusdefs\20131229.021\NAVENG.SYS [2013-12-30 93272]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1101.401.105\data\definitions\virusdefs\20131229.021\NAVEX15.SYS [2013-12-30 1612376]
S3 C771BUS;CASIO C771 USB Composite Device Driver;c:\windows\system32\drivers\C771BUS.sys [2011-6-28 57672]
S3 C771VSP;CASIO C771 USB Virtual Serial Port;c:\windows\system32\drivers\C771VSP.sys [2011-6-28 168648]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-4-26 215040]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-3-16 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-3-16 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-3-16 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-3-16 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-3-16 25704]
S4 bolcanr;bolcanr;c:\windows\system32\drivers\rxgk.sys --> c:\windows\system32\drivers\rxgk.sys [?]
S4 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys --> c:\windows\system32\drivers\motfilt.sys [?]
S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-5-20 30192]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S4 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S4 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\motousbnet.sys --> c:\windows\system32\drivers\Motousbnet.sys [?]
S4 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?]
S4 NEC Usb3;NEC USB3 Service;c:\windows\system32\svchost.exe -k NECUsb3s [2008-4-25 14336]
S4 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-2-10 144672]
S4 rkhdrv40;Rootkit Unhooker Driver; [x]
S4 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
.
=============== Created Last 30 ================
.
2013-12-30 15:23:56 -------- d-----w- c:\program files\VS Revo Group
2013-12-30 15:15:55 106088 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2013-12-30 15:15:37 -------- d-----w- C:\_AcroTemp
2013-12-27 23:23:31 -------- d-----w- C:\RkUnhooker
2013-12-27 18:46:18 -------- d-----w- c:\program files\ESET
2013-12-27 18:33:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-27 18:33:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-27 17:34:06 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-27 16:43:01 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2013-12-27 16:43:01 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2013-12-27 16:14:56 -------- d-sha-r- C:\cmdcons
2013-12-27 16:11:14 98816 ----a-w- c:\windows\sed.exe
2013-12-27 16:11:14 256000 ----a-w- c:\windows\PEV.exe
2013-12-27 16:11:14 208896 ----a-w- c:\windows\MBR.exe
2013-12-27 16:00:46 -------- d-----w- C:\TDSSKiller_Quarantine
2013-12-27 15:42:55 -------- d-----w- C:\AdwCleaner
2013-12-27 15:41:54 -------- d-----w- c:\documents and settings\firm\application data\VideoReDo-Plus
.
==================== Find3M  ====================
.
2013-12-12 14:57:32 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-12-12 14:57:32 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2013-12-12 14:57:31 85832 ----a-w- c:\windows\system32\LMIinit.dll
2013-12-12 14:57:31 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-12-11 17:31:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 17:31:24 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-31 14:18:42 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-10-31 14:18:40 85832 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec
2013-10-25 08:34:18 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 12:16:14.53 ===============
 

 

Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/13/2010 7:07:25 PM
System Uptime: 12/30/2013 10:41:15 AM (2 hours ago)
.
Motherboard: Dell Inc. |  | 0D441T
Processor: Intel® Core™ i5 CPU         650  @ 3.20GHz | CPU | 1181/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 296 GiB total, 227.678 GiB free.
D: is FIXED (FAT32) - 2 GiB total, 1.905 GiB free.
E: is CDROM ()
F: is Removable
T: is NetworkDisk (NTFS) - 882 GiB total, 653.728 GiB free.
Y: is NetworkDisk (NTFS) - 882 GiB total, 653.728 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1265: 9/25/2013 5:11:29 PM - System Checkpoint
RP1266: 9/26/2013 6:44:11 PM - System Checkpoint
RP1267: 9/27/2013 8:44:10 PM - System Checkpoint
RP1268: 9/28/2013 10:44:08 PM - System Checkpoint
RP1269: 9/30/2013 12:44:05 AM - System Checkpoint
RP1270: 10/1/2013 12:48:34 AM - System Checkpoint
RP1271: 10/2/2013 12:53:03 AM - System Checkpoint
RP1272: 10/3/2013 12:57:31 AM - System Checkpoint
RP1273: 10/4/2013 2:57:31 AM - System Checkpoint
RP1274: 10/5/2013 3:01:58 AM - System Checkpoint
RP1275: 10/6/2013 3:06:27 AM - System Checkpoint
RP1276: 10/7/2013 5:06:25 AM - System Checkpoint
RP1277: 10/8/2013 7:06:22 AM - System Checkpoint
RP1278: 10/9/2013 9:06:20 AM - System Checkpoint
RP1279: 10/10/2013 3:00:27 AM - Software Distribution Service 3.0
RP1280: 10/11/2013 4:11:38 AM - System Checkpoint
RP1281: 10/12/2013 5:42:52 AM - System Checkpoint
RP1282: 10/13/2013 3:00:15 AM - Software Distribution Service 3.0
RP1283: 10/14/2013 3:44:09 AM - System Checkpoint
RP1284: 10/15/2013 4:13:17 AM - System Checkpoint
RP1285: 10/16/2013 6:12:37 AM - System Checkpoint
RP1286: 10/17/2013 7:48:33 AM - System Checkpoint
RP1287: 10/18/2013 7:53:01 AM - System Checkpoint
RP1288: 10/19/2013 8:29:04 AM - System Checkpoint
RP1289: 10/20/2013 9:57:28 AM - System Checkpoint
RP1290: 10/21/2013 10:24:27 AM - System Checkpoint
RP1291: 10/22/2013 11:57:24 AM - System Checkpoint
RP1292: 10/23/2013 2:10:56 PM - System Checkpoint
RP1293: 10/24/2013 4:01:50 PM - System Checkpoint
RP1294: 10/25/2013 5:01:13 PM - System Checkpoint
RP1295: 10/26/2013 6:46:52 PM - System Checkpoint
RP1296: 10/27/2013 8:46:50 PM - System Checkpoint
RP1297: 10/28/2013 10:46:49 PM - System Checkpoint
RP1298: 10/29/2013 10:51:18 PM - System Checkpoint
RP1299: 10/31/2013 12:39:35 AM - System Checkpoint
RP1300: 10/31/2013 9:21:33 AM - Printer Driver LogMeIn Printer Driver Installed
RP1301: 11/1/2013 10:19:12 AM - System Checkpoint
RP1302: 11/2/2013 10:44:03 AM - System Checkpoint
RP1303: 11/3/2013 11:44:03 AM - System Checkpoint
RP1304: 11/4/2013 11:45:10 AM - System Checkpoint
RP1305: 11/5/2013 12:18:47 PM - System Checkpoint
RP1306: 11/6/2013 12:37:51 PM - System Checkpoint
RP1307: 11/7/2013 1:55:53 PM - System Checkpoint
RP1308: 11/8/2013 4:06:14 PM - System Checkpoint
RP1309: 11/9/2013 6:00:24 PM - System Checkpoint
RP1310: 11/10/2013 8:00:23 PM - System Checkpoint
RP1311: 11/11/2013 8:36:25 PM - System Checkpoint
RP1312: 11/12/2013 10:00:20 PM - System Checkpoint
RP1313: 11/13/2013 10:04:51 PM - System Checkpoint
RP1314: 11/14/2013 3:00:28 AM - Software Distribution Service 3.0
RP1315: 11/15/2013 11:52:06 AM - System Checkpoint
RP1316: 11/16/2013 12:52:07 PM - System Checkpoint
RP1317: 11/17/2013 2:52:06 PM - System Checkpoint
RP1318: 11/18/2013 3:25:57 PM - System Checkpoint
RP1319: 11/19/2013 4:52:04 PM - System Checkpoint
RP1320: 11/20/2013 3:00:18 AM - Software Distribution Service 3.0
RP1321: 11/21/2013 3:00:17 AM - Software Distribution Service 3.0
RP1322: 11/22/2013 4:52:02 AM - System Checkpoint
RP1323: 11/23/2013 6:52:02 AM - System Checkpoint
RP1324: 11/24/2013 8:52:02 AM - System Checkpoint
RP1325: 11/25/2013 11:58:26 AM - System Checkpoint
RP1326: 11/26/2013 12:52:02 PM - System Checkpoint
RP1327: 11/27/2013 12:56:34 PM - System Checkpoint
RP1328: 11/28/2013 1:01:03 PM - System Checkpoint
RP1329: 11/29/2013 3:01:17 PM - System Checkpoint
RP1330: 11/30/2013 5:01:02 PM - System Checkpoint
RP1331: 12/1/2013 7:01:02 PM - System Checkpoint
RP1332: 12/2/2013 9:01:00 PM - System Checkpoint
RP1333: 12/3/2013 11:01:00 PM - System Checkpoint
RP1334: 12/4/2013 11:05:29 PM - System Checkpoint
RP1335: 12/6/2013 1:05:29 AM - System Checkpoint
RP1336: 12/7/2013 1:09:58 AM - System Checkpoint
RP1337: 12/8/2013 3:09:57 AM - System Checkpoint
RP1338: 12/9/2013 5:09:57 AM - System Checkpoint
RP1339: 12/10/2013 7:09:56 AM - System Checkpoint
RP1340: 12/11/2013 3:00:21 AM - Software Distribution Service 3.0
RP1341: 12/11/2013 3:27:18 AM - Installed Rapport
RP1342: 12/12/2013 3:49:48 AM - System Checkpoint
RP1343: 12/12/2013 8:58:08 AM - Printer Driver LogMeIn Printer Driver Installed
RP1344: 12/13/2013 3:00:14 AM - Software Distribution Service 3.0
RP1345: 12/16/2013 11:36:21 AM - System Checkpoint
RP1346: 12/18/2013 8:52:37 AM - System Checkpoint
RP1347: 12/19/2013 8:59:02 AM - System Checkpoint
RP1348: 12/20/2013 10:09:58 AM - System Checkpoint
RP1349: 12/23/2013 9:04:14 AM - System Checkpoint
RP1350: 12/27/2013 8:52:01 AM - System Checkpoint
RP1351: 12/27/2013 9:35:59 AM - Removed Ask Toolbar.
RP1352: 12/27/2013 9:39:26 AM - Removed Reader 2.0.
RP1353: 12/30/2013 9:24:35 AM - Revo Uninstaller's restore point - Java™ 6 Update 29
RP1354: 12/30/2013 9:24:50 AM - Removed Java™ 6 Update 17
RP1355: 12/30/2013 9:27:55 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Acrobat 9 Pro
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
AMD APP SDK Runtime
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
ATI Catalyst Install Manager
ATI Display Driver
BioAPI Framework
Brother MFL-Pro Suite
C771 USB Driver V1.0.11.0
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Core FTP LE
DCP32MMWrapper
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Backup and Recovery Manager
Dell Control Point
Dell ControlPoint Security Manager
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
DesignPro 5
Document Manager Lite
Dropbox
E-Transcript Bundle Viewer
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
ESET Online Scanner v3
Frost Digital Deposits Add-on
Gemalto
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
ImgBurn
Intel® Network Connections 14.8.43.0
Intel® Rapid Storage Technology
Java Auto Updater
join.me
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
MFCLOC
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Access 2010 Runtime Service Pack 1 (SP1)
Microsoft Access Runtime 2010
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access Runtime 2010
Microsoft Office Access Runtime MUI (English) 2010
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ Run Time  Lib Setup
Microsoft Visual Studio 2005 Tools for Office Runtime
MotoHelper MergeModules
Mozilla Firefox (3.6.13)
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6.0 Parser
Nikon Message Center 2
NTRU TCG Software Stack
Nuance PaperPort 12
Nuance PDF Viewer Plus
OGA Notifier 2.0.0048.0
PaperPort Image Printer
Picture Control Utility
PowerDVD DX
Preboot Manager
Private Information Manager
QuickBooks
QuickBooks Premier: Professional Services Edition 2010
QuickTime
Rapport
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Rootkit Unhooker Uninstall
Samsung ML-3050 Series PS
Scansoft PDF Professional
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2817670) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition 
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813347)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Wizards
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Sharpdesk
Shipping Assistant 3.8
Skins
Snapshot Viewer
SO32MMWrapper
ST Microelectronics TPM Driver Installer
Symantec Endpoint Protection
Texas PJC - General Negligence 2010
TrialWorks
Trusted Drive Manager
Trusteer Endpoint Protection
tsp patch
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB951978)
Update for Windows XP (KB978207)
UPEK TouchChip Fingerprint Reader
Wave Infrastructure Installer
Wave Support Software
WebFldrs XP
Windows Driver Package - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5)
Windows Driver Package - STMicroelectronics (stmtpm) System  (05/24/2007 1.00.04.15)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
WinZip 14.5
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
12/30/2013 9:14:54 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
12/30/2013 9:14:54 AM, error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/30/2013 9:14:54 AM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/30/2013 10:42:00 AM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.
12/27/2013 9:52:04 AM, error: System Error [1003]  - Error code 000000c2, parameter1 00000007, parameter2 00000cd4, parameter3 45544e49, parameter4 e8322008.
12/27/2013 8:38:07 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
12/27/2013 12:32:32 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  BHDrvx86 eeCtrl Fips intelppm RapportKELL SRTSP SRTSPX SymIRON SYMTDI
12/27/2013 12:14:16 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD BHDrvx86 eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RapportKELL RasAcd Rdbss SRTSP SRTSPX SymIRON SYMTDI Tcpip WS2IFSL
12/27/2013 12:14:16 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
12/27/2013 12:14:16 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
12/27/2013 12:14:16 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
12/27/2013 12:14:16 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
12/27/2013 12:13:14 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/27/2013 12:13:11 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/27/2013 12:13:08 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/27/2013 11:04:27 AM, error: Service Control Manager [7023]  - The SQLAgent$MICROSOFTBCM service terminated with the following error:  The specified module could not be found.
12/27/2013 11:04:27 AM, error: Service Control Manager [7023]  - The Network Security service terminated with the following error:  The specified module could not be found.
12/27/2013 11:04:27 AM, error: Service Control Manager [7023]  - The NEC USB3 Service service terminated with the following error:  The specified module could not be found.
12/27/2013 11:04:27 AM, error: Service Control Manager [7023]  - The Hclinetd service terminated with the following error:  The specified procedure could not be found.
12/27/2013 11:04:27 AM, error: Service Control Manager [7023]  - The Cidaemon service terminated with the following error:  The specified module could not be found.
12/27/2013 11:04:02 AM, error: NETLOGON [5719]  - No Domain Controller is available for domain DLF due to the following:  There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
12/27/2013 11:01:07 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
12/27/2013 10:50:29 AM, error: Service Control Manager [7000]  - The SSPORT service failed to start due to the following error:  The system cannot find the file specified.
12/27/2013 10:50:17 AM, error: Print [33]  - The PrintQueue Container could not be found because the DNS Domain name could not be retrieved.  Error: 54b
12/27/2013 10:46:21 AM, error: PlugPlayManager [11]  - The device Root\LEGACY_NPF\0000 disappeared from the system without first being prepared for removal.
12/27/2013 10:02:14 AM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.
12/23/2013 9:39:43 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
12/23/2013 9:30:07 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service gupdatem with arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}
.
==== End Of File ===========================

Edited by Sco-munkey, 30 December 2013 - 01:29 PM.


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:19 PM

Posted 04 January 2014 - 12:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/519062 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:19 PM

Posted 09 January 2014 - 12:50 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users