1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Office attacked by trojans. Please help!

Discussion in 'Virus & Other Malware Removal' started by mborg23, Jan 11, 2013.

Thread Status:
Not open for further replies.
  1. mborg23

    mborg23 Thread Starter

    Joined:
    Jan 11, 2013
    Messages:
    1
    I work at a small, independent company. We have 11 computers and a server with multiple drives where we store all of our work. Some of our comps run Windows 7, some run Vista and a couple run XP still. When we click on any of the drives, the folders all show up as "applications" and are all the same size. We also can't access them when this happens. In addition to those files being changed, there are new files that show up labeled porn, sexy, passwords, secret and a video file that is 0 kb and is labeled "x". We run AVG and spybot and neither turn up anything. We have followed the instructions from our IT guy and each time we think this virus is gone, it comes back a few minutes later.

    On a couple of the computers AVG and MSE found and removed a few trojans (win32.muollo was one of them) but even after following those anti-virus programs' instructions, the files revert back to their messed up state within an hour.

    FWIW, we are still working with our IT person but I am coming here in an effort to exhaust every option and get the business running again asap. Any help you all can offer would be much appreciated.

    HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:41:20 PM, on 1/11/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.0\ToolbarUpdater.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Multi-Tech Systems\FaxFinder Client Software\ff110client.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Whitney.SURETY\My Documents\Downloads\HijackThis.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAA0ADAAMgA3ADQAOAA3ADUALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEA"&"prod=90"&"ver=9.0.894
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: FaxFinder Client.lnk = C:\Program Files\Multi-Tech Systems\FaxFinder Client Software\ff110client.exe
    O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
    O4 - Global Startup: MaxCommunicator.lnk = C:\Program Files\AltiGen\MaxCommunicator\MaxCommunicator.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files\Amazon\Add to Wish List IE Extension\run.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (FormFlow Form Control) - https://bondline2.cnasurety.com/secure/Codebase/FormCtl.cab
    O16 - DPF: {6800EDD7-9E5C-47A1-A075-9C0EBFF15AC2} - https://bondline2.cnasurety.com/secure/codebase/imagebmp.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1357856250978
    O16 - DPF: {8C63ACAC-BD5E-45C0-BE09-4D5387A8B9D2} - https://bondline2.cnasurety.com/secure/codebase/imagejpg.cab
    O16 - DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} (ClientPlugin Object) - https://techinline.net/Client/TIClient.cab
    O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (FormFlowScriptObject Class) - https://bondline2.cnasurety.com/secure/codebase/scriptobject.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F4F6546F-FBA9-11D1-8AFB-080009ECFDC5} (FormFlow ListBox Control) - https://bondline2.cnasurety.com/secure/codebase/listbox.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = surety1.local
    O17 - HKLM\Software\..\Telephony: DomainName = surety1.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = surety1.local
    O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
    O23 - Service: vToolbarUpdater14.0.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.0\ToolbarUpdater.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/WHITNE~1.SUR/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

    --
    End of file - 14252 bytes



    DDS log:

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35
    Run by Whitney at 12:43:20 on 2013-01-11
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1883 [GMT -8:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ================
    .
    \??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    \??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.0\ToolbarUpdater.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    \??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Multi-Tech Systems\FaxFinder Client Software\ff110client.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAA0ADAAMgA3ADQAOAA3ADUALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEA"&"prod=90"&"ver=9.0.894
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\faxfin~1.lnk - c:\program files\multi-tech systems\faxfinder client software\ff110client.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\maxcom~1.lnk - c:\program files\altigen\maxcommunicator\MaxCommunicator.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - c:\program files\amazon\add to wish list ie extension\run.htm
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {11818680-FCF6-11D0-9808-0800092A4865} - hxxps://bondline2.cnasurety.com/secure/Codebase/FormCtl.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {6800EDD7-9E5C-47A1-A075-9C0EBFF15AC2} - hxxps://bondline2.cnasurety.com/secure/codebase/imagebmp.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357856250978
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {8C63ACAC-BD5E-45C0-BE09-4D5387A8B9D2} - hxxps://bondline2.cnasurety.com/secure/codebase/imagejpg.cab
    DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} - hxxps://techinline.net/Client/TIClient.cab
    DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} - hxxps://bondline2.cnasurety.com/secure/codebase/scriptobject.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F4F6546F-FBA9-11D1-8AFB-080009ECFDC5} - hxxps://bondline2.cnasurety.com/secure/codebase/listbox.cab
    TCP: NameServer = 192.168.2.3 8.8.4.4
    TCP: Interfaces\{F25E5007-DD8B-43EF-BF33-DBB3BFCEF478} : DHCPNameServer = 192.168.2.3 8.8.4.4
    Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\whitney.surety\application data\mozilla\firefox\profiles\9k56qnil.default\
    FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\13.2.0\npsitesafety.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 31952]
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
    R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2009-11-13 24064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 237408]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 41040]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 301920]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
    R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2010-9-17 1248256]
    R2 vToolbarUpdater14.0.0;vToolbarUpdater14.0.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.0.0\ToolbarUpdater.exe [2012-12-26 945480]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
    R3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2009-11-13 176640]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-9 31576]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-29 167264]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]
    .
    =============== Created Last 30 ================
    .
    2013-01-10 22:43:39 -------- d--h--w- c:\windows\PIF
    2013-01-10 22:35:52 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{82053887-3933-43e0-9923-78d6ac12fb2d}\mpengine.dll
    2013-01-10 22:34:03 6812136 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-01-10 22:33:54 237072 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-10 22:30:41 -------- d-----w- c:\program files\Microsoft Security Client
    2013-01-10 22:25:22 -------- d-----w- c:\windows\system32\winrm
    2013-01-10 22:25:18 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2013-01-10 20:41:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2013-01-10 19:48:50 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
    .
    ==================== Find3M ====================
    .
    2013-01-08 22:09:45 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-08 22:09:45 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-26 13:15:44 31576 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-11-13 11:20:36 1875456 ----a-w- c:\windows\system32\win32k.sys
    2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
    2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
    .
    ============= FINISH: 12:43:56.22 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/11/2009 6:12:32 PM
    System Uptime: 1/11/2013 11:53:29 AM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0T656F
    Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz | CPU | 2593/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 74 GiB total, 39.149 GiB free.
    D: is CDROM (CDFS)
    I: is NetworkDisk (NTFS) - 930 GiB total, 610.992 GiB free.
    K: is NetworkDisk (NTFS) - 930 GiB total, 610.992 GiB free.
    N: is NetworkDisk (NTFS) - 930 GiB total, 610.992 GiB free.
    P: is NetworkDisk (NTFS) - 930 GiB total, 610.992 GiB free.
    S: is NetworkDisk (NTFS) - 930 GiB total, 610.992 GiB free.
    T: is NetworkDisk (NTFS) - 930 GiB total, 610.992 GiB free.
    U: is NetworkDisk (NTFS) - 930 GiB total, 610.992 GiB free.
    W: is NetworkDisk (NTFS) - 930 GiB total, 610.992 GiB free.
    Y: is NetworkDisk (NTFS) - 930 GiB total, 610.992 GiB free.
    Z: is NetworkDisk (NTFS) - 930 GiB total, 610.992 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP550: 10/15/2012 8:54:28 AM - System Checkpoint
    RP551: 10/16/2012 12:08:28 PM - System Checkpoint
    RP552: 10/17/2012 4:33:42 PM - System Checkpoint
    RP553: 10/19/2012 12:30:02 PM - System Checkpoint
    RP554: 10/22/2012 11:48:13 AM - System Checkpoint
    RP555: 10/25/2012 11:15:58 AM - System Checkpoint
    RP556: 10/26/2012 11:53:09 AM - System Checkpoint
    RP557: 11/1/2012 1:04:00 PM - System Checkpoint
    RP558: 11/6/2012 12:39:17 PM - System Checkpoint
    RP559: 11/7/2012 1:12:21 PM - System Checkpoint
    RP560: 11/9/2012 12:39:30 PM - System Checkpoint
    RP561: 11/12/2012 12:58:20 PM - System Checkpoint
    RP562: 11/14/2012 8:33:22 AM - System Checkpoint
    RP563: 11/15/2012 12:04:01 PM - System Checkpoint
    RP564: 11/15/2012 4:19:27 PM - Software Distribution Service 3.0
    RP565: 11/19/2012 8:24:50 AM - System Checkpoint
    RP566: 11/20/2012 8:43:44 AM - System Checkpoint
    RP567: 11/28/2012 10:19:35 AM - System Checkpoint
    RP568: 11/29/2012 11:25:26 AM - System Checkpoint
    RP569: 12/11/2012 1:24:36 PM - System Checkpoint
    RP570: 12/12/2012 1:25:41 PM - System Checkpoint
    RP571: 12/13/2012 2:36:00 PM - System Checkpoint
    RP572: 12/14/2012 3:25:36 PM - System Checkpoint
    RP573: 12/16/2012 4:44:01 AM - System Checkpoint
    RP574: 12/17/2012 5:25:29 AM - System Checkpoint
    RP575: 12/18/2012 5:41:04 AM - System Checkpoint
    RP576: 12/19/2012 6:24:44 AM - System Checkpoint
    RP577: 12/20/2012 7:23:45 AM - System Checkpoint
    RP578: 12/21/2012 12:01:44 PM - System Checkpoint
    RP579: 12/22/2012 12:21:17 PM - System Checkpoint
    RP580: 12/23/2012 1:20:38 PM - System Checkpoint
    RP581: 12/24/2012 4:44:08 PM - System Checkpoint
    RP582: 12/26/2012 2:42:33 AM - System Checkpoint
    RP583: 12/27/2012 2:56:39 AM - System Checkpoint
    RP584: 12/28/2012 3:56:00 AM - System Checkpoint
    RP585: 12/29/2012 4:55:04 AM - System Checkpoint
    RP586: 12/30/2012 4:55:28 AM - System Checkpoint
    RP587: 12/31/2012 7:19:25 AM - System Checkpoint
    RP588: 1/1/2013 7:54:10 AM - System Checkpoint
    RP589: 1/2/2013 9:42:27 AM - System Checkpoint
    RP590: 1/3/2013 11:57:29 AM - System Checkpoint
    RP591: 1/4/2013 12:31:28 PM - System Checkpoint
    RP592: 1/5/2013 1:15:21 PM - System Checkpoint
    RP593: 1/6/2013 4:44:16 PM - System Checkpoint
    RP594: 1/7/2013 4:47:56 PM - System Checkpoint
    RP595: 1/8/2013 4:48:38 PM - System Checkpoint
    RP596: 1/9/2013 5:48:28 PM - System Checkpoint
    RP597: 1/10/2013 1:40:41 PM - Software Distribution Service 3.0
    RP598: 1/10/2013 2:25:02 PM - Software Distribution Service 3.0
    RP599: 1/10/2013 2:33:54 PM - Software Distribution Service 3.0
    RP600: 1/10/2013 2:35:42 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe Acrobat 9 Pro
    Adobe Acrobat 9.5.2 - CPSID_83708
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.2
    Adobe Shockwave Player 11.6
    AltiGenJLIB
    Amazon Add to Wish List IE Extension 1.1
    AVG 2012
    AVG Security Toolbar
    Bond-Pro
    Broadcom Management Programs
    Dell Backup and Recovery Manager
    eFax Messenger
    FaxFinder Client Software
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB953955)
    Hotfix for Windows XP (KB954434)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB958347)
    Hotfix for Windows XP (KB959252)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB968764)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 35
    Junk Mail filter update
    MaxCommunicator 6.5
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2742597)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Outlook Personal Folders Backup
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Unified Communications Client API SDK
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Mozilla Firefox 16.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser (KB927977)
    Norton Security Scan
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    OutlookAccessAddInSetup
    QuickBooks
    QuickBooks Pro 2011
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    swMSM
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows Internet Explorer 8 (KB2632503)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Search 4.0
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/9/2013 3:12:30 AM, error: NETLOGON [5719] - No Domain Controller is available for domain SURETY due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    1/8/2013 11:57:00 AM, error: NETLOGON [5719] - No Domain Controller is available for domain SURETY due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    1/10/2013 3:44:36 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Vobfus.NM&threatid=2147678606 Name: Worm:Win32/Vobfus.NM ID: 2147678606 Severity: Severe Category: Worm Path: file:_K:\Porn.exe;file:_\\POWEREDGE\Contract\1 - Contract Account Rate Sheet.exe;file:_\\POWEREDGE\Contract\12-22-11 Merchants POA.exe;file:_\\POWEREDGE\Contract\80154 syblon co 1 4.28.10.exe;file:_\\POWEREDGE\Contract\8a sba q&a.exe;file:_\\POWEREDGE\Contract\8a.exe;file:_\\POWEREDGE\Contract\A-Fee List.exe;file:_\\POWEREDGE\Contract\all is well letter job already started.exe;file:_\\POWEREDGE\Contract\bear data.exe;file:_\\POWEREDGE\Contract\bid log template.exe;file:_\\POWEREDGE\Contract\bor - HCC.exe;file:_\\POWEREDGE\Contract\bor.exe;file:_\\POWEREDGE\Contract\Burnett Guide without burnett marketing.exe;file:_\\POWEREDGE\Contract\Burnett Guide.exe;file:_\\POWEREDGE\Contract\Burnett sample statment no cover letter.exe;file:_\\POWEREDGE\Contract\Burnett sample statment.exe;file:_\\POWEREDGE\Contract\CAPITAL RETENTION.exe;file:_\\POWEREDGE\Contract\CC authorization.exe;file:_\\POWEREDGE\Contract\Civil Codes for the Bonds we write.exe;file:_\\POWEREDGE\Contract\cna bor.exe;file:_\\POWEREDGE\Contract\Collate Detection Origin: Network share Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\WINDOWS\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.141.3637.0, AS: 1.141.3637.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9002.0, NIS: 0.0.0.0
    1/10/2013 1:56:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgtp
    .
    ==== End Of File ===========================



    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-11 12:49:32
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD083GJ rev.1AC01117 74.51GB
    Running: lpxrzgmk.exe; Driver: C:\DOCUME~1\WHITNE~1.SUR\LOCALS~1\Temp\pwlyqpow.sys


    ---- System - GMER 2.0 ----

    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xB6116004]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xB61160D4]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB6115D76]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB6115E1E]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB6115EBA]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB6115F56]

    ---- Kernel code sections - GMER 2.0 ----

    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8FE6360, 0x37399D, 0xE8000020]
    ? C:\DOCUME~1\WHITNE~1.SUR\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 2.0 ----

    .text C:\WINDOWS\system32\SearchIndexer.exe[1176] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, AC, 27, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, AF, 27, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, AC, 27, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, AD, 27, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90FDC6
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, AE, 27, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, AD, 27, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, AE, 27, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90FE37
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, AC, 27, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90FF65
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, AD, 27, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, AE, 27, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, AF, 27, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 84, B8, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 87, B8, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 84, B8, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 85, B8, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B918E9E
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 86, B8, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 85, B8, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 86, B8, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B918F0F
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 84, B8, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91903D
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 85, B8, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 86, B8, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 87, B8, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1912] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 90, 1B, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 93, 1B, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 90, 1B, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 91, 1B, 00] {TEST AL, 0x91; SBB EAX, [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F1AA
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 92, 1B, 00] {TEST AL, 0x92; SBB EAX, [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 91, 1B, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 92, 1B, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F21B
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 90, 1B, 00] {TEST AL, 0x90; SBB EAX, [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F349
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 91, 1B, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 92, 1B, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 93, 1B, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe[2296] kernel32.dll!CreateThread + 1A 7C810721 4 Bytes CALL 0358A939 C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C8, 3E, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, CB, 3E, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C8, 3E, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C9, 3E, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9114E2
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, CA, 3E, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C9, 3E, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, CA, 3E, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B911553
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C8, 3E, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B911681
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C9, 3E, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, CA, 3E, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, CB, 3E, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 94, 37, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 97, 37, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 94, 37, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 95, 37, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B910DAE
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 96, 37, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 95, 37, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 96, 37, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B910E1F
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 94, 37, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B910F4D
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 95, 37, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 96, 37, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 97, 37, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C4, FB, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, C7, FB, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C4, FB, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C5, FB, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91D1DE
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, C6, FB, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C5, FB, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, C6, FB, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91D24F
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C4, FB, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91D37D
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C5, FB, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, C6, FB, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, C7, FB, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 98, 94, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 9B, 94, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 98, 94, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 99, 94, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B916AB2
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 9A, 94, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 99, 94, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 9A, 94, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B916B23
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 98, 94, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916C51
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 99, 94, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 9A, 94, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 9B, 94, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

    ---- User IAT/EAT - GMER 2.0 ----

    IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1264] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 003D0010
    IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1912] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00CF0010
    IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2100] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00320010
    IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2916] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00690010
    IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3212] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 003E0010
    IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3912] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 01120010
    IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4016] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00AA0010

    ---- EOF - GMER 2.0 ----
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,842
    First Name:
    Karen
    I'm sorry but we can't work malware on company computers. Please refer to the following sticky post at the top of this forum:

    http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

    where it stipulates:
    If your IT department cannot fix it then it's best to call in a professional to take care of it for you. Therefore I'm closing this thread.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1084748

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice