Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect virus...tried everything I know


  • This topic is locked This topic is locked
42 replies to this topic

#1 BeckoningChasm

BeckoningChasm

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 10 April 2013 - 11:34 PM

Greetings, all.  I work for a small IT consulting company, and one of our clients has the Google-Bing-Yahoo redirect virus…I think.  He can do two or three searches just fine, but the third or fourth always wants to go to some shopping site (livesearchnow).  (His AV is Trend Micro, which is blocking the redirect.)  


I've been working with computers, servers, etc for over twenty years so these sort of things typically don't panic me.  Here is his setup:  Windows 7 Pro on a small SBS environment, running Trend Micro, Desktop and Documents folders redirected to the server.   Trend is being hosted by the SBS server.  


Here are the steps I have taken:


1 - removed the drive from the system and placed it in a SATA caddy, then scanned with a clean PC using MSE and MalwareBytes.  MSE found and removed two items - Fotomoto (a redirector) and AdRotator.  MalwareBytes found nothing after MSE finished scanning.   I also used Disk Manager to make sure the drive had no suspicious, hidden partitions; I have encountered some viruses that create a small (10 meg) partition and hide there.  Nothing suspicious.


I put the drive back in the system and for a couple of days, the PC had no problems.  Then the redirection resurfaced.


2 - on the system in question, I ran ComboFix.  I generally find that ComboFix fixes almost everything, if a conventional AV scan doesn't.   ComboFix found and removed a couple of items (unfortunately I don't have the log), I rebooted and tried the search engines.  After two or three searches, again, the browser was redirected (again, Trend stopped the bad page).  


3 - ran TDSSKiller.  Nothing found.


4 - SuperAntiSpyware.  Nothing found.


5 - SecurityCheck.  Nothing found.


6 - AdwCleaner.  Nothing found.


7 - AswMBR.  Nothing found.


Finally, I removed the drive from the system again, ran MSE, ran MalwareBytes, mapped drives from the virus-scanning PC to the user’s Desktop and Documents folder and scanned those, again with MSE and MalwareBytes, and each time nothing is found.


At this point, I have no idea how to proceed.  I could do a complete re-installation of the OS, but I prefer not doing that if it is avoidable.  (It's like curing an itchy foot by amputating the leg.)  On my last visit to the site, the final thing I did was run HiJackThus, and I do have a copy of the log if needed.  


If anyone has any ideas of how to proceed, I would be most grateful.  


I need to make one further point:  this particular client is about 25 (twenty-five) miles away, so a visit to his site is a considerable hop.  Hence, if anyone has any multiple steps that need to be performed it would be best all around if I could have all those steps at once, rather than one at a time.  I know that may not be possible, but gas prices being what they are I thought I would ask anyway.  The client does have TeamViewer so some things can be run remotely.


I’ve asked the client to run DDS on his machine, and he has forward the logs to me.  The first is displayed below; the second says not to post unless requested.  


Many thanks in advance for any advice.

_____________________________________________________________


DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16476

Run by bkline at 9:43:46 on 2013-04-10

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3071.1668 [GMT -4:00]

.

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Broadcom\BPowMon\BPowMon.exe

C:\Windows\system32\dldocoms.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe

C:\Windows\system32\PSIService.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\atieclxx.exe

C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe

C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Dell 968 AIO Printer\dldomon.exe

C:\Program Files\Dell 968 AIO Printer\memcard.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Intuit\QuickBooks 2009\QBW32.EXE

C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\PROGRA~1\Intuit\QUICKB~1\QuickBooksMessaging.exe

C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k WerSvcGroup

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - <orphaned>

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {D5233FCD-D258-4903-89B8-FB1568E7413D} -

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - c:\program files\common files\simple adblock\SimpleAdblock.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [IgfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"

mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload

mRun: [dldomon.exe] "c:\program files\dell 968 aio printer\dldomon.exe"

mRun: [MemoryCardManager] "c:\program files\dell 968 aio printer\memcard.exe"

mRun: [Dell 968 AIO Printer Fax Server] "c:\program files\dell 968 aio printer\fm3032.exe" /s

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe  startup

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickBooksDB19] c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -n qb_brian-pc_19 -qs -gd all -gk all -gp 4096 -gu all -ch 128m -c 64m  -x tcpip(broadcastlistener=no;port=55333) -ti 0 -ec simple  -qi -qw  -tl 120 -oe c:\progra~2\intuit\quickb~2\DBSTAR~1.LOG -y

mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} -

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

TCP: NameServer = 192.168.1.2

TCP: Interfaces\{D58E247F-BC55-4F30-85EC-2571550CC1FF} : DHCPNameServer = 192.168.1.2

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - <orphaned>

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\bkline\appdata\roaming\mozilla\firefox\profiles\n3lrd7h9.default\

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\bkline\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - ExtSQL: 2013-03-15 10:53; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\bkline\appdata\roaming\mozilla\firefox\profiles\n3lrd7h9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

.

============= SERVICES / DRIVERS ===============

.

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-3-10 145936]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]

R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2011-4-21 81920]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-9-8 176128]

R2 BPowMon;Broadcom Power monitoring service;c:\program files\broadcom\bpowmon\BPowMon.exe [2009-8-17 79168]

R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-3-11 398184]

R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]

R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2011-4-28 2025336]

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-5-7 51792]

R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\tmxpflt.sys [2009-5-21 264504]

R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2009-5-21 36664]

R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-3-10 256528]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-1-16 211984]

R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2011-4-21 273960]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-11 21104]

R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\TmPfw.exe [2009-10-21 497008]

R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2009-10-21 685320]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-11 682344]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-30 52224]

S4 QuickBooksDB19;QuickBooksDB19;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb19 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB19 [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2013-04-10 07:01:21    2347008    ----a-w-    c:\windows\system32\win32k.sys

2013-04-10 07:01:08    38912    ----a-w-    c:\windows\system32\csrsrv.dll

2013-04-10 07:01:07    69632    ----a-w-    c:\windows\system32\smss.exe

2013-04-10 07:01:07    3968856    ----a-w-    c:\windows\system32\ntkrnlpa.exe

2013-04-10 07:01:07    3913560    ----a-w-    c:\windows\system32\ntoskrnl.exe

2013-03-20 16:28:12    --------    d-----w-    c:\program files\CCleaner

2013-03-15 14:40:37    --------    d-sh--w-    C:\$RECYCLE.BIN

2013-03-15 13:55:04    --------    d-----w-    c:\program files\common files\Simple Adblock

2013-03-15 13:32:18    --------    d-----w-    c:\users\bkline\appdata\roaming\SUPERAntiSpyware.com

2013-03-15 13:21:54    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com

2013-03-15 13:21:54    --------    d-----w-    c:\program files\SUPERAntiSpyware

2013-03-15 13:20:34    --------    d-----w-    c:\program files\SecurityXploded

2013-03-15 12:42:26    --------    d-----w-    c:\programdata\HitmanPro

2013-03-15 12:42:26    --------    d-----w-    c:\program files\HitmanPro

2013-03-13 07:01:34    15872    ----a-w-    c:\windows\system32\drivers\usb8023.sys

2013-03-11 20:49:20    --------    d-----w-    c:\users\bkline\appdata\local\Mozilla

.

==================== Find3M  ====================

.

2013-03-13 13:25:27    73432    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-13 13:25:27    693976    ----a-w-    c:\windows\system32\FlashPlayerApp.exe

2013-03-12 18:51:12    4184    --sha-w-    c:\windows\system32\KGyGaAvL.sys

2013-03-02 05:07:36    1212264    ----a-w-    c:\windows\system32\drivers\ntfs.sys

2013-02-26 16:21:05    155648    --sha-r-    c:\windows\system32\dmdskres27.dll

2013-02-22 03:46:00    1800704    ----a-w-    c:\windows\system32\jscript9.dll

2013-02-22 03:38:00    1129472    ----a-w-    c:\windows\system32\wininet.dll

2013-02-22 03:37:50    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl

2013-02-22 03:34:17    142848    ----a-w-    c:\windows\system32\ieUnatt.exe

2013-02-22 03:34:03    420864    ----a-w-    c:\windows\system32\vbscript.dll

2013-02-22 03:31:46    2382848    ----a-w-    c:\windows\system32\mshtml.tlb

2013-02-15 04:37:10    3217408    ----a-w-    c:\windows\system32\mstscax.dll

2013-02-15 04:34:10    131584    ----a-w-    c:\windows\system32\aaclient.dll

2013-02-15 03:25:51    36864    ----a-w-    c:\windows\system32\tsgqec.dll

2013-01-17 06:28:58    232336    ------w-    c:\windows\system32\MpSigStub.exe

.

============= FINISH:  9:44:28.56 ===============







 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:41 AM

Posted 11 April 2013 - 05:28 AM


Hello BeckoningChasm

ask what browser is redirecting and let me know that first

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
  • Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 BeckoningChasm

BeckoningChasm
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 11 April 2013 - 08:19 PM

Hi Gringo, and thanks.  Haven't had a chance to get to the client to run this, but I didn't want the topic closed.  I will get it done tomorrow and post the logs.  THank you again.



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:41 AM

Posted 11 April 2013 - 08:27 PM

No problem and thanks for letting me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 BeckoningChasm

BeckoningChasm
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 12 April 2013 - 11:48 AM

I apologize for the length of the OTL log file, but because this has been a problem with this system for a while I used a 60 day window instead of the standard 30 day time-frame.

________________________

 

OTL logfile created on: 4/12/2013 11:23:02 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\dell
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 34.26% Memory free
6.00 Gb Paging File | 3.45 Gb Available in Paging File | 57.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.57 Gb Total Space | 413.55 Gb Free Space | 90.98% Space Free | Partition Type: NTFS
Drive H: | 59.61 Gb Total Space | 13.55 Gb Free Space | 22.73% Space Free | Partition Type: FAT32
 
Computer Name: BRIAN-PC | User Name: bkline | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\dell\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intuit\QuickBooks 2009\QuickBooksMessaging.exe (Intuit)
PRC - C:\Program Files\Intuit\QuickBooks 2009\QBW32.EXE (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe (Trend Micro Inc.)
PRC - C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.)
PRC - C:\Program Files\Broadcom\BPowMon\BPowMon.exe (Broadcom Corp.)
PRC - C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe ()
PRC - C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe (Trend Micro Inc.)
PRC - C:\Program Files\Dell 968 AIO Printer\dldomon.exe ()
PRC - C:\Program Files\Dell 968 AIO Printer\memcard.exe ()
PRC - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe (Intuit Inc.)
PRC - C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe (Trend Micro Inc.)
PRC - C:\Windows\System32\dldocoms.exe ( )
PRC - C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software SB, Inc)
PRC - C:\Program Files\ACT\Act for Windows\ActSage.exe (Sage Software SB, Inc)
PRC - C:\Windows\System32\PSIService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Infralution.Control#\1fad86c5f66226f47e080d07b2c9e847\Infralution.Controls.VirtualTree.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Infralution.Controls\b92b38d7c88bc2a30c24660b2579a78c\Infralution.Controls.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics.Act.Wi#\699fed538036a5882dfc13fcccf6a185\Infragistics.Act.Win.UltraWinSchedule.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Infralution.Common\9fcd6d575a54b3485bae0e5de25182ee\Infralution.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics.Act.Win\41ccb245bb3c8b245c4fb1fea8859fb7\Infragistics.Act.Win.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics.Act.Sh#\363d42317ce500dd20d2dbeab4c1adfb\Infragistics.Act.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Genghis\6cf59f7c11cfc76e78c33f1c85aa63c2\Genghis.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DevComponents.DotNe#\342055fb5080e9f70bbe7ed39640b7fd\DevComponents.DotNetBar.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\C1.Win.C1Spell\ba8e4838e06955cc1045fbcdd33baad3\C1.Win.C1Spell.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\C1.Win.C1FlexGrid\f763d6cc54789bb7c663f94567373519\C1.Win.C1FlexGrid.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\C1.Common\7c8c257b5a582da8d2d718604785e847\C1.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Widgets\b4750cbe60dc740204e8fe077710051e\Act.UI.Widgets.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.UI.SyncSetup\b9268c750ed5263f276a7b7180edbf40\Act.UI.SyncSetup.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Updater\34d88486555cf1f3d52e322b9b1ceca7\Act.UI.Updater.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Remoting.Com#\bbe557f55e65de8363c2298862b69dbe\Act.UI.Remoting.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.UI.PickList\b614de4f702751fac0eb82df4447f9b0\Act.UI.PickList.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Opportunitie#\6a154711e5441ebb4c9cbe0230a4727a\Act.UI.Opportunities.Views.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Groups.Views\cd57ba4267a8812ac4d8713c9c0b140a\Act.UI.Groups.Views.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Email\4a7d472c4cc9c7d2e9cbf7fb29224833\Act.UI.Email.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Dialogs\0944a27da1f5ddcb18cd2340231fc9b2\Act.UI.Dialogs.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Designer.Lay#\8c29d0e199a91050ebb02fad1fe5ffe5\Act.UI.Designer.Layout.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Designer.Con#\d52d10cd7fbfb3aec8472b474e185150\Act.UI.Designer.Controls.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Contacts.Vie#\ffeeefb327fbb8f538201c12e0500b08\Act.UI.Contacts.Views.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Core\e508525ccc938e3e61148e0147aeb2e9\Act.UI.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Calendar.Vie#\dcddf87b1c57981486c7087d12a8e725\Act.UI.Calendar.Views.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.UI.ActivityView#\18944c8f29921bccaa666b35902ab360\Act.UI.ActivityViews.Widgets.TimeSelector.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Activities.V#\5a8a63866708453d6f41348569790b58\Act.UI.Activities.Views.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Activities.V#\28637dfad1f66c9385d5906a50a322d4\Act.UI.Activities.Views.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.UI\1971fb20b2cc831c8a84233a70293bff\Act.UI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Windows.#\9a0eb6a00e759b3ecabfb5c17bacae7e\Act.Shared.Windows.Forms.NotificationItem.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Windows.#\65cd5bdd9318e8f1e030bd73cc3835d1\Act.Shared.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Win32\0be4213fd24e19bc7704402602234acf\Act.Shared.Win32.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.LicProvi#\3bf578af0d24fbc67eb406eb3d8b1b62\Act.Shared.LicProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Componen#\e5f7b85a8894d4b7fc6eee1f81d47698\Act.Shared.ComponentModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.Compo#\f79e8c1f17c91ca2687bc7bf7a788ce4\Act.Framework.ComponentModel.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.Compo#\6a2193f84179d2681787fd20db3862de\Act.Framework.ComponentModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Devices.Plugin\eb798aedd444f1a4d6c6f17079fe0b1e\Act.Devices.Plugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Application.Int#\fdaa33f8554d7bb5dceb773a260c33b0\Act.Application.Interop.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\31a8f96f8939ac18a867ee26cc37eda8\System.Design.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\TAPIEx_Wrap\dd96ac2e3e41da983892bc03feabbe39\TAPIEx_Wrap.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Office\99aa9ecdaa1a3a57496d94d44d980ffd\Office.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.ADChronopher\94fbc4c8e270aee5e324cfce2ff92715\Interop.ADChronopher.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Extensibility\b695c8097c99c25895ac50a425bccdff\Extensibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\autocomplete\1dd7d1e43279f4ef7717dd0204f5150f\autocomplete.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.UI.LookupsResou#\70c603907fe83db3fa962f916b7b33a5\Act.UI.LookupsResources.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ACT.UI.Common.Images\066f36290c7b0671f255361c13151361\ACT.UI.Common.Images.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Utilities\c974e25c4d388aef4f25b318e173fff0\Act.Shared.Utilities.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Messaging\15c41af3592df5875b2ce8a1c4239d00\Act.Shared.Messaging.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Licensing\2214ca0e06c6d2b5286707413e3e41e8\Act.Shared.Licensing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Config\b69f562cfa2bd296093c8bbbd5b12689\Act.Shared.Config.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Diagnost#\5d461d2c9a962c225016b67b849febf5\Act.Shared.Diagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Collecti#\61e04ab3b209c013d65c0f31dc152494\Act.Shared.Collections.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.Synch#\fa4b9619e13341d5c8a10c11d1a0ab4d\Act.Framework.Synchronization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\act.outlook\cb449e69a00c8d22dfe4683fe73edd4d\act.outlook.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.Inter#\20096989462893886c566d0bf032e33a\Act.Framework.Interop.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.Messa#\71692ddb29f3f664a7079b7e43debc84\Act.Framework.Messaging.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Data.Resources\386e75659df98ceae9e786439c38eed9\Act.Data.Resources.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Data\ba42099b9c750c53827d73089b3e3f44\Act.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Data.ActDb\6b30172ffb4e9aa103b600ce00e32717\Act.Data.ActDb.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\eb4fa29ea9ab56d453b36696edbe6423\System.Runtime.Serialization.Formatters.Soap.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files\Microsoft Office\Office12\OUTLCTL.DLL ()
MOD - C:\Windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll ()
MOD - C:\Windows\assembly\GAC\ActEmailConnectorMetaData\1.0.0.0__ebf6b2ff4d0a08aa\ActEmailConnectorMetaData.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Act.UI.Companies.Views\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.Companies.Views.dll ()
MOD - C:\Windows\assembly\GAC_32\Act.Outlook.Message.Reader\9.1.162.0__ebf6b2ff4d0a08aa\Act.Outlook.Message.Reader.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Desktop\9.1.162.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Desktop.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Shared\9.1.162.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.AppCommon\9.1.162.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.AppCommon.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Interfaces\9.1.162.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Interfaces.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Act.Shared.Localization\9.1.162.0__ebf6b2ff4d0a08aa\Act.Shared.Localization.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Act.Framework\9.1.162.0__ebf6b2ff4d0a08aa\Act.Framework.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2009\QBMAPILibrary.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2009\mbpopup.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2009\BackupLib.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2009\boost_regex-vc80-mt-p-1_33.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files\Dell 968 AIO Printer\dldomon.exe ()
MOD - C:\Program Files\Dell 968 AIO Printer\memcard.exe ()
MOD - C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll ()
MOD - C:\Program Files\Dell 968 AIO Printer\dldoscw.dll ()
MOD - C:\Program Files\Dell 968 AIO Printer\dldocfg.dll ()
MOD - C:\Program Files\Dell 968 AIO Printer\dldodatr.dll ()
MOD - C:\Program Files\Dell 968 AIO Printer\DLDOptp.dll ()
MOD - C:\Program Files\ACT\Act for Windows\ActOutlookAddin.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QuickBooksDB19) -- C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.)
SRV - (BPowMon) -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe (Broadcom Corp.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe ()
SRV - (tmlisten) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe (Trend Micro Inc.)
SRV - (ntrtscan) -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe (Trend Micro Inc.)
SRV - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (TmPfw) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe (Trend Micro Inc.)
SRV - (TmProxy) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe (Trend Micro Inc.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (dldo_device) -- C:\Windows\System32\dldocoms.exe ( )
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (mbr) -- C:\Users\bkline\AppData\Local\Temp\mbr.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TmFilter) -- C:\Program Files\Trend Micro\Client Server Security Agent\tmxpflt.sys (Trend Micro Inc.)
DRV - (TmPreFilter) -- C:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys (Trend Micro Inc.)
DRV - (VSApiNt) -- C:\Program Files\Trend Micro\Client Server Security Agent\vsapint.sys (Trend Micro Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (tmactmon) -- C:\Windows\System32\DRIVERS\tmactmon.sys ()
DRV - (tmevtmgr) -- C:\Windows\System32\DRIVERS\tmevtmgr.sys ()
DRV - (tmcomm) -- C:\Windows\System32\DRIVERS\tmcomm.sys ()
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (tmwfp) -- C:\Windows\System32\drivers\tmwfp.sys (Trend Micro Inc.)
DRV - (tmlwf) -- C:\Windows\System32\drivers\tmlwf.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEC8865E-DCAD-418D-9D50-DBD730934BEE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2063186196-1619035941-1768809454-1142\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2063186196-1619035941-1768809454-1142\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2063186196-1619035941-1768809454-1142\..\SearchScopes,DefaultScope = {3AE2407C-8DAB-4345-BDEE-9464C78091B7}
IE - HKU\S-1-5-21-2063186196-1619035941-1768809454-1142\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2063186196-1619035941-1768809454-1142\..\SearchScopes\{3AE2407C-8DAB-4345-BDEE-9464C78091B7}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-ydwnld
IE - HKU\S-1-5-21-2063186196-1619035941-1768809454-1142\..\SearchScopes\{57920D54-96A3-46F1-AC21-C5AF93F1C29B}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-2063186196-1619035941-1768809454-1142\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2063186196-1619035941-1768809454-1142\..\SearchScopes\{8930BC82-8471-4D19-A674-FBB34C4F1398}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-2063186196-1619035941-1768809454-1142\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2063186196-1619035941-1768809454-1142\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\bkline\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\bkline\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/04/21 10:55:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/10 23:59:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/03/11 16:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bkline\AppData\Roaming\mozilla\Extensions
[2013/03/15 10:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bkline\AppData\Roaming\mozilla\Firefox\Profiles\n3lrd7h9.default\extensions
[2013/03/15 10:53:51 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\bkline\AppData\Roaming\mozilla\firefox\profiles\n3lrd7h9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/03/10 23:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/07 10:31:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/03/07 10:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/07 10:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\bkline\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\bkline\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\bkline\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\bkline\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\bkline\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\bkline\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2013/03/15 08:31:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files\ACT\ACT for Windows\ActSage.exe (Sage Software SB, Inc)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe (Sage Software SB, Inc)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell 968 AIO Printer Fax Server] C:\Program Files\Dell 968 AIO Printer\fm3032.exe ()
O4 - HKLM..\Run: [dldomon.exe] C:\Program Files\Dell 968 AIO Printer\dldomon.exe ()
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell 968 AIO Printer\memcard.exe ()
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [QuickBooksDB19] C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-2063186196-1619035941-1768809454-1142\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2063186196-1619035941-1768809454-1142\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-2063186196-1619035941-1768809454-1142\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-2063186196-1619035941-1768809454-1142\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2063186196-1619035941-1768809454-1142\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2063186196-1619035941-1768809454-1142\..Trusted Domains: reliable-electric.com ([remote] https in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = reliable.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D58E247F-BC55-4F30-85EC-2571550CC1FF}: DhcpNameServer = 192.168.1.2
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\tmpx - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk H:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 60 Days ==========
 
[2013/04/10 03:01:21 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/04/10 03:01:08 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/04/10 03:01:07 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/04/10 03:01:07 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/04/10 03:00:44 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013/04/10 03:00:44 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013/04/10 03:00:23 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/04/10 03:00:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/04/10 03:00:22 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/04/10 03:00:22 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/04/10 03:00:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/04/10 03:00:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/04/10 03:00:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/04/10 03:00:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/04/05 16:51:48 | 000,000,000 | ---D | C] -- \\SVR1\RedirectedFolders\bkline\Desktop\cleaners
[2013/03/25 22:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/20 12:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/03/15 10:41:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/15 10:40:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/15 09:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Simple Adblock
[2013/03/15 09:32:18 | 000,000,000 | ---D | C] -- C:\Users\bkline\AppData\Roaming\SUPERAntiSpyware.com
[2013/03/15 09:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/03/15 09:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/03/15 09:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/03/15 09:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\SecurityXploded
[2013/03/15 08:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/03/15 08:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/03/13 03:01:34 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/11 16:49:20 | 000,000,000 | ---D | C] -- C:\Users\bkline\AppData\Local\Mozilla
[2013/03/11 07:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/11 07:03:51 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/03/11 07:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/03/11 00:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/03/10 23:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/03/10 23:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/03/10 23:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/10 19:48:49 | 000,000,000 | ---D | C] -- C:\Users\bkline\AppData\Local\temp
[2013/03/06 12:24:56 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- \\SVR1\RedirectedFolders\bkline\Desktop\iexplore.exe
[2013/03/05 17:00:35 | 000,000,000 | ---D | C] -- C:\temp
[2013/03/05 08:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2013/03/05 08:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/02/26 16:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/02/26 16:24:16 | 000,000,000 | ---D | C] -- C:\Users\bkline\AppData\Local\Programs
[2013/02/13 04:02:25 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013/02/13 04:00:50 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 60 Days ==========
 
[2013/04/12 11:32:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2063186196-1619035941-1768809454-1142UA.job
[2013/04/12 11:28:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/12 11:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/12 11:21:19 | 000,697,716 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/12 11:21:19 | 000,132,068 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/12 08:59:59 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013/04/12 07:30:30 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/11 23:32:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2063186196-1619035941-1768809454-1142Core.job
[2013/04/11 07:33:25 | 000,002,229 | ---- | M] () -- \\SVR1\RedirectedFolders\bkline\Desktop\Google Chrome.lnk
[2013/04/10 03:12:03 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/10 03:12:03 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/10 03:05:19 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2013/04/10 03:05:02 | 000,427,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/10 03:04:47 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GDCM.job
[2013/04/10 03:04:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/10 03:04:16 | 2414,977,024 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/08 14:41:58 | 000,817,572 | ---- | M] () -- \\SVR1\RedirectedFolders\bkline\Desktop\Lighting Standards.pdf
[2013/04/03 10:00:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013/03/25 22:30:04 | 000,002,091 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/03/22 13:58:10 | 000,013,653 | ---- | M] () -- \\SVR1\RedirectedFolders\bkline\Desktop\Hartford Audit P & L.pdf
[2013/03/20 12:34:04 | 000,131,812 | ---- | M] () -- \\SVR1\RedirectedFolders\bkline\My Documents\cc_20130320_123329.reg
[2013/03/20 12:28:14 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/20 12:21:15 | 000,134,826 | ---- | M] () -- \\SVR1\RedirectedFolders\bkline\My Documents\03202013IE.reg
[2013/03/19 01:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/03/19 01:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/03/19 00:48:45 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/03/15 09:21:59 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/03/15 08:31:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/03/13 09:25:27 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/03/13 09:25:27 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/03/12 14:51:12 | 000,004,184 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2013/03/11 07:04:00 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/10 23:59:39 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/06 12:24:58 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- \\SVR1\RedirectedFolders\bkline\Desktop\iexplore.exe
[2013/02/28 23:09:59 | 002,347,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/02/26 12:21:05 | 000,155,648 | RHS- | M] () -- C:\Windows\System32\dmdskres27.dll
[2013/02/21 23:46:00 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/02/21 23:37:50 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/02/21 23:36:35 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/02/21 23:35:31 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/02/21 23:34:17 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/02/21 23:33:11 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/02/21 23:31:46 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/02/21 23:28:48 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/02/15 00:34:10 | 000,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013/02/14 23:25:51 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013/02/11 23:32:45 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/04/08 14:41:51 | 000,817,572 | ---- | C] () -- \\SVR1\RedirectedFolders\bkline\Desktop\Lighting Standards.pdf
[2013/03/25 22:30:04 | 000,002,091 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/03/22 13:58:32 | 000,013,653 | ---- | C] () -- \\SVR1\RedirectedFolders\bkline\Desktop\Hartford Audit P & L.pdf
[2013/03/20 12:33:37 | 000,131,812 | ---- | C] () -- \\SVR1\RedirectedFolders\bkline\My Documents\cc_20130320_123329.reg
[2013/03/20 12:28:14 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/20 12:21:14 | 000,134,826 | ---- | C] () -- \\SVR1\RedirectedFolders\bkline\My Documents\03202013IE.reg
[2013/03/15 09:21:59 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/03/11 07:04:00 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/10 23:59:39 | 000,001,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/03/10 23:59:39 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/10 17:22:37 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013/02/26 12:21:05 | 000,155,648 | RHS- | C] () -- C:\Windows\System32\dmdskres27.dll
[2013/02/26 12:21:05 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\GDCM.job
[2012/01/16 15:17:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/16 15:12:31 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/12/11 13:09:41 | 000,000,017 | ---- | C] () -- C:\Users\bkline\AppData\Local\resmon.resmoncfg
[2011/09/14 12:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/08/26 11:34:14 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/05/26 16:11:04 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/04/30 03:01:44 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/28 17:14:22 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dldooem.dll
[2011/04/28 17:14:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLDOPMON.DLL
[2011/04/28 17:14:22 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLDOFXPU.DLL
[2011/04/28 17:14:22 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DLDOPMRC.DLL
[2011/04/28 17:14:12 | 000,503,808 | ---- | C] () -- C:\Windows\System32\dldoutil.dll
[2011/04/28 17:14:12 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldoinst.dll
[2011/04/28 17:14:11 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dldopmui.dll
[2011/04/28 17:14:11 | 000,320,752 | ---- | C] ( ) -- C:\Windows\System32\dldoih.exe
[2011/04/28 17:14:11 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoinsb.dll
[2011/04/28 17:14:11 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoins.dll
[2011/04/28 17:14:11 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldojswr.dll
[2011/04/28 17:14:11 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldoinsr.dll
[2011/04/28 17:14:11 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldoprox.dll
[2011/04/28 17:14:10 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldogrd.dll
[2011/04/28 17:14:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldocub.dll
[2011/04/28 17:14:10 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldocu.dll
[2011/04/28 17:14:10 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldocur.dll
[2011/04/28 10:54:34 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/04/28 10:16:32 | 000,004,184 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2011/04/28 10:16:32 | 000,000,168 | RHS- | C] () -- C:\Windows\System32\FAA089946C.sys
[2011/04/28 09:45:01 | 000,000,862 | RHS- | C] () -- C:\Users\bkline\ntuser.pol
[2011/04/28 09:42:08 | 000,049,572 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/21 13:28:07 | 000,982,224 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/04/21 13:28:07 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2011/04/21 13:28:07 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2011/04/21 13:28:07 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/04/21 13:28:06 | 000,092,284 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/04/21 13:28:05 | 000,439,336 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/04/21 13:28:04 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/04/21 12:39:52 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2011/04/21 12:39:52 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2011/04/28 10:12:40 | 000,000,000 | ---D | M] -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Desktop
[2011/04/28 10:10:44 | 000,000,000 | ---D | M] -- C:\Windows\assembly\GAC_MSIL\policy.9.0.Act.Outlook.Service.Desktop
[2011/04/28 10:10:45 | 000,000,000 | ---D | M] -- C:\Windows\assembly\GAC_MSIL\policy.9.1.Act.Outlook.Service.Desktop
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
 



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:41 AM

Posted 12 April 2013 - 01:13 PM


Hello BeckoningChasm

we will run this now, it will help remove some files from the computer.


Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe
DeleteFile:
C:\Windows\System32\dmdskres27.dll
C:\Windows\tasks\GDCM.job
  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
    • Click Execute Now. Your computer will need to reboot in order to replace the files.
    • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\
  • Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 BeckoningChasm

BeckoningChasm
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 12 April 2013 - 02:10 PM

Hi Gringo, and thanks.   Because of the distance, I won't be able to try this until Monday morning.  (I might be able to run this remotely, but I typically prefer to be onsite when using very powerful tools, just in case.) 

 

I will run the utility and post the results here on Monday the 15th.



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:41 AM

Posted 12 April 2013 - 02:25 PM

OK I will see you then
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:41 AM

Posted 15 April 2013 - 12:27 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 BeckoningChasm

BeckoningChasm
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 15 April 2013 - 06:19 AM

I am heading out to the site right now to try the latest steps.   As I mentioned, the site is about 25 miles away so getting there isn't the quickest journey....my next post will be from the site with the log files.



#11 BeckoningChasm

BeckoningChasm
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 15 April 2013 - 07:37 AM

Hi Gringo--thank you thank you thank you!  Just came back from the site and the problem appears--"appears" being the operating word--to be solved.  Typically, the user could get perhaps two or three searches before Trend would put up its warning; when I left, he had done perhaps a dozen or so searches without problems.

 

BlitzBlank did not generate any logs that I could find, but I am hoping it did the trick.

 

I would like to keep this thread alive for another day or so, just to make certain that we are all good.

 

Again, thank you.  I'm going to stop tearing my hair out.



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:41 AM

Posted 15 April 2013 - 02:10 PM


Hello BeckoningChasm

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

  • Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 BeckoningChasm

BeckoningChasm
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 15 April 2013 - 04:16 PM

Hi Gringo, just spoke to the client, his internet searches are doing exactly what they should be doing.  He's pleased, I'm pleased, and we thank you.

 

I am scheduled to go out there tomorrow afternoon and will run ComboFix and post the log. 

 

Thank you again!



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:41 AM

Posted 15 April 2013 - 10:06 PM

If you can get the computer for a day or so we can really do this right


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 BeckoningChasm

BeckoningChasm
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 16 April 2013 - 12:07 PM

Ran ComboFix, here is the log:

 

ComboFix 13-04-15.01 - bkline 04/16/2013  12:50:54.9.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3071.1861 [GMT -4:00]
Running from: c:\dell\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-16 to 2013-04-16  )))))))))))))))))))))))))))))))
.
.
2013-04-16 16:55 . 2013-04-16 16:55 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-04-10 07:01 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 07:01 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 07:01 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 07:01 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 07:01 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-20 16:28 . 2013-03-20 16:28 -------- d-----w- c:\program files\CCleaner
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 13:25 . 2012-03-29 11:29 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 13:25 . 2011-05-20 11:16 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 03:32 . 2013-03-13 07:01 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 00:45 . 2013-02-23 15:17 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A58C18E3-3085-429D-A89B-3041F71E2F32}\mpengine.dll
2013-01-17 06:28 . 2011-04-30 06:28 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-03-07 14:31 . 2013-03-11 03:59 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-12 7739936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-23 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-23 166424]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Act.Outlook.Service"="c:\program files\ACT\ACT for Windows\Act.Outlook.Service.exe" [2007-03-28 9728]
"Act! Preloader"="c:\program files\ACT\ACT for Windows\ActSage.exe" [2007-03-28 1015808]
"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2009-04-27 455336]
"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2009-04-27 410280]
"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2009-04-27 311976]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"QuickBooksDB19"="c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe" [2009-10-01 131072]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2009-06-02 935208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-09-06 20:05 4780928 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [x]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [x]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\Trend Micro\Client Server Security Agent\TmPfw.exe [x]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 QuickBooksDB19;QuickBooksDB19;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [x]
S2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [x]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ    GPSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-07-14 01:14 126464 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 13:25]
.
2013-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-09 15:43]
.
2013-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-09 15:43]
.
2013-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2063186196-1619035941-1768809454-1142Core.job
- c:\users\bkline\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-01 19:03]
.
2013-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2063186196-1619035941-1768809454-1142UA.job
- c:\users\bkline\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-01 19:03]
.
2013-04-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 23:47]
.
2013-04-16 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 23:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.2
FF - ProfilePath - c:\users\bkline\AppData\Roaming\Mozilla\Firefox\Profiles\n3lrd7h9.default\
FF - ExtSQL: 2013-03-15 10:53; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\bkline\AppData\Roaming\Mozilla\Firefox\Profiles\n3lrd7h9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-16  12:56:45
ComboFix-quarantined-files.txt  2013-04-16 16:56
.
Pre-Run: 443,956,703,232 bytes free
Post-Run: 444,101,267,456 bytes free
.
- - End Of File - - CB67EEBDFF1A9B92FCA56A258715354B
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users