Office attacked by trojans. Please help!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

mborg23

Thread Starter
Joined
Jan 11, 2013
Messages
1
I work at a small, independent company. We have 11 computers and a server with multiple drives where we store all of our work. Some of our comps run Windows 7, some run Vista and a couple run XP still. When we click on any of the drives, the folders all show up as "applications" and are all the same size. We also can't access them when this happens. In addition to those files being changed, there are new files that show up labeled porn, sexy, passwords, secret and a video file that is 0 kb and is labeled "x". We run AVG and spybot and neither turn up anything. We have followed the instructions from our IT guy and each time we think this virus is gone, it comes back a few minutes later.

On a couple of the computers AVG and MSE found and removed a few trojans (win32.muollo was one of them) but even after following those anti-virus programs' instructions, the files revert back to their messed up state within an hour.

FWIW, we are still working with our IT person but I am coming here in an effort to exhaust every option and get the business running again asap. Any help you all can offer would be much appreciated.

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:41:20 PM, on 1/11/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.0\ToolbarUpdater.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Multi-Tech Systems\FaxFinder Client Software\ff110client.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Whitney.SURETY\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAA0ADAAMgA3ADQAOAA3ADUALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEA"&"prod=90"&"ver=9.0.894
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: FaxFinder Client.lnk = C:\Program Files\Multi-Tech Systems\FaxFinder Client Software\ff110client.exe
O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
O4 - Global Startup: MaxCommunicator.lnk = C:\Program Files\AltiGen\MaxCommunicator\MaxCommunicator.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files\Amazon\Add to Wish List IE Extension\run.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (FormFlow Form Control) - https://bondline2.cnasurety.com/secure/Codebase/FormCtl.cab
O16 - DPF: {6800EDD7-9E5C-47A1-A075-9C0EBFF15AC2} - https://bondline2.cnasurety.com/secure/codebase/imagebmp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1357856250978
O16 - DPF: {8C63ACAC-BD5E-45C0-BE09-4D5387A8B9D2} - https://bondline2.cnasurety.com/secure/codebase/imagejpg.cab
O16 - DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} (ClientPlugin Object) - https://techinline.net/Client/TIClient.cab
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (FormFlowScriptObject Class) - https://bondline2.cnasurety.com/secure/codebase/scriptobject.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F4F6546F-FBA9-11D1-8AFB-080009ECFDC5} (FormFlow ListBox Control) - https://bondline2.cnasurety.com/secure/codebase/listbox.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = surety1.local
O17 - HKLM\Software\..\Telephony: DomainName = surety1.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = surety1.local
O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
O23 - Service: vToolbarUpdater14.0.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.0\ToolbarUpdater.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/WHITNE~1.SUR/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 14252 bytes



DDS log:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35
Run by Whitney at 12:43:20 on 2013-01-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1883 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.0\ToolbarUpdater.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Multi-Tech Systems\FaxFinder Client Software\ff110client.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAA0ADAAMgA3ADQAOAA3ADUALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEA"&"prod=90"&"ver=9.0.894
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\faxfin~1.lnk - c:\program files\multi-tech systems\faxfinder client software\ff110client.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\maxcom~1.lnk - c:\program files\altigen\maxcommunicator\MaxCommunicator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - c:\program files\amazon\add to wish list ie extension\run.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {11818680-FCF6-11D0-9808-0800092A4865} - hxxps://bondline2.cnasurety.com/secure/Codebase/FormCtl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6800EDD7-9E5C-47A1-A075-9C0EBFF15AC2} - hxxps://bondline2.cnasurety.com/secure/codebase/imagebmp.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357856250978
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {8C63ACAC-BD5E-45C0-BE09-4D5387A8B9D2} - hxxps://bondline2.cnasurety.com/secure/codebase/imagejpg.cab
DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} - hxxps://techinline.net/Client/TIClient.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} - hxxps://bondline2.cnasurety.com/secure/codebase/scriptobject.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F4F6546F-FBA9-11D1-8AFB-080009ECFDC5} - hxxps://bondline2.cnasurety.com/secure/codebase/listbox.cab
TCP: NameServer = 192.168.2.3 8.8.4.4
TCP: Interfaces\{F25E5007-DD8B-43EF-BF33-DBB3BFCEF478} : DHCPNameServer = 192.168.2.3 8.8.4.4
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\whitney.surety\application data\mozilla\firefox\profiles\9k56qnil.default\
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\13.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 31952]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2009-11-13 24064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 301920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2010-9-17 1248256]
R2 vToolbarUpdater14.0.0;vToolbarUpdater14.0.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.0.0\ToolbarUpdater.exe [2012-12-26 945480]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2009-11-13 176640]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-9 31576]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-29 167264]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]
.
=============== Created Last 30 ================
.
2013-01-10 22:43:39 -------- d--h--w- c:\windows\PIF
2013-01-10 22:35:52 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{82053887-3933-43e0-9923-78d6ac12fb2d}\mpengine.dll
2013-01-10 22:34:03 6812136 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-01-10 22:33:54 237072 ------w- c:\windows\system32\MpSigStub.exe
2013-01-10 22:30:41 -------- d-----w- c:\program files\Microsoft Security Client
2013-01-10 22:25:22 -------- d-----w- c:\windows\system32\winrm
2013-01-10 22:25:18 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2013-01-10 20:41:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-01-10 19:48:50 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2013-01-08 22:09:45 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-08 22:09:45 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-26 13:15:44 31576 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:20:36 1875456 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 12:43:56.22 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/11/2009 6:12:32 PM
System Uptime: 1/11/2013 11:53:29 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0T656F
Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz | CPU | 2593/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 39.149 GiB free.
D: is CDROM (CDFS)
I: is NetworkDisk (NTFS) - 930 GiB total, 610.992 GiB free.
K: is NetworkDisk (NTFS) - 930 GiB total, 610.992 GiB free.
N: is NetworkDisk (NTFS) - 930 GiB total, 610.992 GiB free.
P: is NetworkDisk (NTFS) - 930 GiB total, 610.992 GiB free.
S: is NetworkDisk (NTFS) - 930 GiB total, 610.992 GiB free.
T: is NetworkDisk (NTFS) - 930 GiB total, 610.992 GiB free.
U: is NetworkDisk (NTFS) - 930 GiB total, 610.992 GiB free.
W: is NetworkDisk (NTFS) - 930 GiB total, 610.992 GiB free.
Y: is NetworkDisk (NTFS) - 930 GiB total, 610.992 GiB free.
Z: is NetworkDisk (NTFS) - 930 GiB total, 610.992 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP550: 10/15/2012 8:54:28 AM - System Checkpoint
RP551: 10/16/2012 12:08:28 PM - System Checkpoint
RP552: 10/17/2012 4:33:42 PM - System Checkpoint
RP553: 10/19/2012 12:30:02 PM - System Checkpoint
RP554: 10/22/2012 11:48:13 AM - System Checkpoint
RP555: 10/25/2012 11:15:58 AM - System Checkpoint
RP556: 10/26/2012 11:53:09 AM - System Checkpoint
RP557: 11/1/2012 1:04:00 PM - System Checkpoint
RP558: 11/6/2012 12:39:17 PM - System Checkpoint
RP559: 11/7/2012 1:12:21 PM - System Checkpoint
RP560: 11/9/2012 12:39:30 PM - System Checkpoint
RP561: 11/12/2012 12:58:20 PM - System Checkpoint
RP562: 11/14/2012 8:33:22 AM - System Checkpoint
RP563: 11/15/2012 12:04:01 PM - System Checkpoint
RP564: 11/15/2012 4:19:27 PM - Software Distribution Service 3.0
RP565: 11/19/2012 8:24:50 AM - System Checkpoint
RP566: 11/20/2012 8:43:44 AM - System Checkpoint
RP567: 11/28/2012 10:19:35 AM - System Checkpoint
RP568: 11/29/2012 11:25:26 AM - System Checkpoint
RP569: 12/11/2012 1:24:36 PM - System Checkpoint
RP570: 12/12/2012 1:25:41 PM - System Checkpoint
RP571: 12/13/2012 2:36:00 PM - System Checkpoint
RP572: 12/14/2012 3:25:36 PM - System Checkpoint
RP573: 12/16/2012 4:44:01 AM - System Checkpoint
RP574: 12/17/2012 5:25:29 AM - System Checkpoint
RP575: 12/18/2012 5:41:04 AM - System Checkpoint
RP576: 12/19/2012 6:24:44 AM - System Checkpoint
RP577: 12/20/2012 7:23:45 AM - System Checkpoint
RP578: 12/21/2012 12:01:44 PM - System Checkpoint
RP579: 12/22/2012 12:21:17 PM - System Checkpoint
RP580: 12/23/2012 1:20:38 PM - System Checkpoint
RP581: 12/24/2012 4:44:08 PM - System Checkpoint
RP582: 12/26/2012 2:42:33 AM - System Checkpoint
RP583: 12/27/2012 2:56:39 AM - System Checkpoint
RP584: 12/28/2012 3:56:00 AM - System Checkpoint
RP585: 12/29/2012 4:55:04 AM - System Checkpoint
RP586: 12/30/2012 4:55:28 AM - System Checkpoint
RP587: 12/31/2012 7:19:25 AM - System Checkpoint
RP588: 1/1/2013 7:54:10 AM - System Checkpoint
RP589: 1/2/2013 9:42:27 AM - System Checkpoint
RP590: 1/3/2013 11:57:29 AM - System Checkpoint
RP591: 1/4/2013 12:31:28 PM - System Checkpoint
RP592: 1/5/2013 1:15:21 PM - System Checkpoint
RP593: 1/6/2013 4:44:16 PM - System Checkpoint
RP594: 1/7/2013 4:47:56 PM - System Checkpoint
RP595: 1/8/2013 4:48:38 PM - System Checkpoint
RP596: 1/9/2013 5:48:28 PM - System Checkpoint
RP597: 1/10/2013 1:40:41 PM - Software Distribution Service 3.0
RP598: 1/10/2013 2:25:02 PM - Software Distribution Service 3.0
RP599: 1/10/2013 2:33:54 PM - Software Distribution Service 3.0
RP600: 1/10/2013 2:35:42 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat 9 Pro
Adobe Acrobat 9.5.2 - CPSID_83708
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
Adobe Shockwave Player 11.6
AltiGenJLIB
Amazon Add to Wish List IE Extension 1.1
AVG 2012
AVG Security Toolbar
Bond-Pro
Broadcom Management Programs
Dell Backup and Recovery Manager
eFax Messenger
FaxFinder Client Software
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB968764)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 35
Junk Mail filter update
MaxCommunicator 6.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Personal Folders Backup
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Unified Communications Client API SDK
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB927977)
Norton Security Scan
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OutlookAccessAddInSetup
QuickBooks
QuickBooks Pro 2011
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
swMSM
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
1/9/2013 3:12:30 AM, error: NETLOGON [5719] - No Domain Controller is available for domain SURETY due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
1/8/2013 11:57:00 AM, error: NETLOGON [5719] - No Domain Controller is available for domain SURETY due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
1/10/2013 3:44:36 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Vobfus.NM&threatid=2147678606 Name: Worm:Win32/Vobfus.NM ID: 2147678606 Severity: Severe Category: Worm Path: file:_K:\Porn.exe;file:_\\POWEREDGE\Contract\1 - Contract Account Rate Sheet.exe;file:_\\POWEREDGE\Contract\12-22-11 Merchants POA.exe;file:_\\POWEREDGE\Contract\80154 syblon co 1 4.28.10.exe;file:_\\POWEREDGE\Contract\8a sba q&a.exe;file:_\\POWEREDGE\Contract\8a.exe;file:_\\POWEREDGE\Contract\A-Fee List.exe;file:_\\POWEREDGE\Contract\all is well letter job already started.exe;file:_\\POWEREDGE\Contract\bear data.exe;file:_\\POWEREDGE\Contract\bid log template.exe;file:_\\POWEREDGE\Contract\bor - HCC.exe;file:_\\POWEREDGE\Contract\bor.exe;file:_\\POWEREDGE\Contract\Burnett Guide without burnett marketing.exe;file:_\\POWEREDGE\Contract\Burnett Guide.exe;file:_\\POWEREDGE\Contract\Burnett sample statment no cover letter.exe;file:_\\POWEREDGE\Contract\Burnett sample statment.exe;file:_\\POWEREDGE\Contract\CAPITAL RETENTION.exe;file:_\\POWEREDGE\Contract\CC authorization.exe;file:_\\POWEREDGE\Contract\Civil Codes for the Bonds we write.exe;file:_\\POWEREDGE\Contract\cna bor.exe;file:_\\POWEREDGE\Contract\Collate Detection Origin: Network share Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\WINDOWS\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.141.3637.0, AS: 1.141.3637.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9002.0, NIS: 0.0.0.0
1/10/2013 1:56:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgtp
.
==== End Of File ===========================



GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-11 12:49:32
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD083GJ rev.1AC01117 74.51GB
Running: lpxrzgmk.exe; Driver: C:\DOCUME~1\WHITNE~1.SUR\LOCALS~1\Temp\pwlyqpow.sys


---- System - GMER 2.0 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xB6116004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xB61160D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB6115D76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB6115E1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB6115EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB6115F56]

---- Kernel code sections - GMER 2.0 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8FE6360, 0x37399D, 0xE8000020]
? C:\DOCUME~1\WHITNE~1.SUR\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 2.0 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[1176] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, AC, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, AF, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, AC, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, AD, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90FDC6
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, AE, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, AD, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, AE, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90FE37
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, AC, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90FF65
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, AD, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, AE, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, AF, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 84, B8, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 87, B8, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 84, B8, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 85, B8, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B918E9E
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 86, B8, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 85, B8, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 86, B8, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B918F0F
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 84, B8, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91903D
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 85, B8, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 86, B8, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 87, B8, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 90, 1B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 93, 1B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 90, 1B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 91, 1B, 00] {TEST AL, 0x91; SBB EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F1AA
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 92, 1B, 00] {TEST AL, 0x92; SBB EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 91, 1B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 92, 1B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F21B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 90, 1B, 00] {TEST AL, 0x90; SBB EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F349
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 91, 1B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 92, 1B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 93, 1B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe[2296] kernel32.dll!CreateThread + 1A 7C810721 4 Bytes CALL 0358A939 C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C8, 3E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, CB, 3E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C8, 3E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C9, 3E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9114E2
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, CA, 3E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C9, 3E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, CA, 3E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B911553
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C8, 3E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B911681
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C9, 3E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, CA, 3E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, CB, 3E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 94, 37, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 97, 37, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 94, 37, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 95, 37, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B910DAE
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 96, 37, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 95, 37, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 96, 37, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B910E1F
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 94, 37, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B910F4D
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 95, 37, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 96, 37, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 97, 37, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C4, FB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, C7, FB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C4, FB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C5, FB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91D1DE
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, C6, FB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C5, FB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, C6, FB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91D24F
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C4, FB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91D37D
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C5, FB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, C6, FB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, C7, FB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 98, 94, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 9B, 94, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 98, 94, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 99, 94, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B916AB2
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 9A, 94, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 99, 94, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 9A, 94, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B916B23
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 98, 94, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916C51
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 99, 94, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 9A, 94, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 9B, 94, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- User IAT/EAT - GMER 2.0 ----

IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1264] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 003D0010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1912] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00CF0010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2100] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00320010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2916] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00690010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3212] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 003E0010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3912] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 01120010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4016] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00AA0010

---- EOF - GMER 2.0 ----
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,253
I'm sorry but we can't work malware on company computers. Please refer to the following sticky post at the top of this forum:

http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

where it stipulates:
IMPORTANT NOTE REGARDING CORPORATE/COMPANY OWNED COMPUTERS

Please do not request assistance for corporate/company owned computers. Many changes/deletions are made during the clean up process, some of which may involve uninstalling programs, deleting folders/files, changing settings and/or removing policies etc. As we have no way of knowing for sure if these are actually needed for company operations, malware issues in these cases should be handled by your own IT Departments in order to avoid any undesirable results.
If your IT department cannot fix it then it's best to call in a professional to take care of it for you. Therefore I'm closing this thread.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top