Webhp infection (2nd PC)

Magikvw · November 19, 2012

I know I already have a topic running for this but I have a second infected machine as well. So any help here is greatly appreciated.

Malwarbytes and Endpoint seemed to find part of it (or possibly a different "bug") - but webhp still shows in the URL when using Google and redirects search results. I am experiencing no other symptoms at this time.

Thank you!

Here are the DDS Logs:

DDS:

DDS (Ver_2012-11-07.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2

Run by jlincoln at 11:48:15 on 2012-11-19

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8175.1384 [GMT -5:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\atieclxx.exe

C:\Program Files\Common Files\SPBA\upeksvr.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe

C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Startel Administrative Controls\sac.exe

C:\Windows\splwow64.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.acculormemberservices.com/

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: DisableCAD = dword:1

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.128.101.2 216.171.129.13

TCP: Interfaces\{EE03ECAE-1EE9-4EFD-923C-C85440EB6A15} : DHCPNameServer = 192.128.101.2 216.171.129.13

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

LSA: Authentication Packages = msv1_0 wvauth

x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe

x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe

x64-Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe

x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"

x64-RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-9-19 19264]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-19 204288]

R2 EmbassyService;EmbassyService;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2012-1-17 218504]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-19 13632]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-9-19 189608]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-7-5 375728]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-6-8 15928]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-9-24 72216]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-13 399432]

R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2012-9-25 145448]

R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2011-3-22 1831024]

R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2012-1-5 1679872]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-9-19 95248]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-9-24 138912]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-9-19 357184]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-9-19 789824]

R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\System32\drivers\SNTUSB64.SYS [2011-5-27 63528]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-13 676936]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]

S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-26 1255736]

S3 WvPCR;WvPCR;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [2012-1-16 198144]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-11-13 19:19:46 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-13 19:19:45 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-11-13 19:19:45 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-11-13 19:19:45 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-11-13 19:14:17 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-11-13 19:14:16 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-11-13 19:14:15 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-11-13 19:14:15 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-11-13 19:14:14 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-11-13 19:14:13 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-11-13 19:14:13 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-11-13 16:35:22 -------- d-----w- C:\Users\jlincoln\AppData\Roaming\Malwarebytes

2012-11-13 16:34:33 -------- d-----w- C:\ProgramData\Malwarebytes

2012-11-13 16:34:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-07 14:11:33 -------- d--h--w- C:\ProgramData\Teorex

2012-11-07 14:10:31 -------- d-----w- C:\Program Files\FolderIco

2012-11-07 14:09:03 -------- d--h--w- C:\ProgramData\blekko toolbars

2012-11-05 20:20:50 -------- d-----w- C:\Users\jlincoln\AppData\Roaming\Avery

2012-11-05 20:19:30 -------- d-----w- C:\Program Files (x86)\Avery

2012-10-22 19:48:18 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-10-22 19:48:17 366592 ----a-w- C:\Windows\System32\qdvd.dll

.

==================== Find3M ====================

.

2012-11-06 14:05:08 88008 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll

2012-11-06 14:04:54 35240 ----a-w- C:\Windows\System32\LMIport.dll

2012-11-06 14:04:52 83880 ----a-w- C:\Windows\System32\LMIinit.dll

2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-10-10 15:39:37 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-10 15:39:36 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-10-10 15:39:36 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-10-10 13:02:25 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-10 13:02:25 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-10-02 16:19:43 233120 ----a-w- C:\Windows\System32\drivers\wpshelper.sys

2012-09-29 01:42:04 2177704 ----a-w- C:\Windows\System32\coin92.dll

2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-09-24 20:47:10 172592 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-09-19 09:03:59 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-09-19 08:43:16 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe

2012-09-19 07:40:12 0 ----a-w- C:\Windows\ativpsrm.bin

2012-09-19 07:25:53 81904 ----a-w- C:\Windows\System32\pbadrvdll.dll

2012-09-19 07:25:53 80368 ----a-w- C:\Windows\SysWow64\pbadrvdll.dll

2012-09-19 07:25:53 32240 ----a-w- C:\Windows\System32\drivers\PBADRV.SYS

2012-09-19 07:25:53 239104 ----a-w- C:\Windows\System32\bioapi_mds300.dll

2012-09-19 07:25:53 155136 ----a-w- C:\Windows\System32\bioapi100.dll

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

.

============= FINISH: 11:51:12.79 ===============

Attach

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Upek Touchchip Fingerprint Reader

Wave Crypto Runtime 2.0.7.0 x86

Wave Infrastructure Installer

Wave Support Software Installer

Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

11/16/2012 7:10:00 AM, Error: NetBT [4321] - The name "PCC :1d" could not be registered on the interface with IP address 192.128.101.126. The computer with the IP address 192.128.101.113 did not allow the name to be claimed by this computer.

11/15/2012 5:13:07 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.

11/15/2012 5:12:40 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.

11/15/2012 5:12:08 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.

11/15/2012 5:08:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TdmService with arguments "" in order to run the server: {2F723A84-FD6F-4C32-9477-391FA6EA0BB6}

11/15/2012 5:08:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

11/15/2012 5:08:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

11/15/2012 5:06:24 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

11/15/2012 4:38:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

11/15/2012 4:38:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/15/2012 4:38:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/15/2012 4:38:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

11/15/2012 4:35:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl spldr SRTSP SRTSPX vpcvmm Wanarpv6

11/12/2012 12:27:10 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

11/12/2012 12:27:05 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

11/12/2012 12:27:03 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain PCC due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

.

==== End Of File ===========================

screen317 · November 19, 2012

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When the tool is finished, it will produce a report for you.
Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Magikvw · November 19, 2012

OK -

MBAM Log is below - Combodix and DDS to follow:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.19.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

jlincoln :: OPSMGR [administrator]

Protection: Disabled

11/19/2012 1:56:24 PM

mbam-log-2012-11-19 (13-56-24).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 246409

Time elapsed: 1 minute(s), 57 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Magikvw · November 19, 2012

I am sorry this is taking so long - I cannot figure out how to disable the active scanning for my Endpoint software. It is server controlled so I cannot run it off at the client side.

I do have the admin user and password and have been looking in the Server control but I cannot sifugre out how to disable it. Combofix saus it needs to be disabled before continuing

Magikvw · November 20, 2012

OK - here is the Combo fix log and a new DDS log. I could not disable the Endpoint active protection and I had already started the Combo fix process - Combofix ended up running with the active Endpoint still running - I hope that's not a problem.

ComboFix

ComboFix 12-11-19.02 - jlincoln 11/19/2012 17:02:59.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8175.6304 [GMT -5:00]

Running from: c:\users\jlincoln\Desktop\ComboFix.exe

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\DDa03of0DXejIW

.

((((((((((((((((((((((((( Files Created from 2012-10-20 to 2012-11-20 )))))))))))))))))))))))))))))))

.

2012-11-19 22:35 . 2012-11-19 22:35 -------- d-----w- c:\users\Jeff Lincoln\AppData\Local\temp

2012-11-19 22:35 . 2012-11-19 22:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-19 22:35 . 2012-11-19 22:35 -------- d-----w- c:\users\administrator\AppData\Local\temp

2012-11-13 19:19 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-13 19:19 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-13 19:19 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-13 19:19 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-13 19:14 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-13 19:14 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-13 19:14 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-13 19:14 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-13 19:14 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-13 19:14 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-13 19:14 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-13 16:35 . 2012-11-13 16:35 -------- d-----w- c:\users\jlincoln\AppData\Roaming\Malwarebytes

2012-11-13 16:34 . 2012-11-13 16:34 -------- d-----w- c:\programdata\Malwarebytes

2012-11-13 16:34 . 2012-11-13 17:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-07 14:11 . 2012-11-07 14:11 -------- d--h--w- c:\programdata\Teorex

2012-11-07 14:10 . 2012-11-13 17:45 -------- d-----w- c:\program files\FolderIco

2012-11-07 14:09 . 2012-11-07 21:01 -------- d--h--w- c:\programdata\blekko toolbars

2012-11-05 20:20 . 2012-11-05 20:20 -------- d-----w- c:\users\jlincoln\AppData\Roaming\Avery

2012-11-05 20:19 . 2012-11-13 17:31 -------- d-----w- c:\program files (x86)\Avery

2012-10-22 19:48 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-10-22 19:48 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-13 19:14 . 2012-09-24 23:27 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-11-06 14:05 . 2012-09-24 22:16 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-11-06 14:04 . 2012-09-24 22:16 35240 ----a-w- c:\windows\system32\LMIport.dll

2012-11-06 14:04 . 2012-09-24 22:16 83880 ----a-w- c:\windows\system32\LMIinit.dll

2012-10-10 15:39 . 2012-10-10 15:39 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-10 15:39 . 2012-10-10 15:40 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-10-10 15:39 . 2012-10-10 15:40 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-10 13:02 . 2012-09-19 07:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-10 13:02 . 2012-09-19 07:13 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-02 16:19 . 2012-09-24 20:48 233120 ----a-w- c:\windows\system32\drivers\wpshelper.sys

2012-09-29 01:42 . 2012-09-29 01:42 2177704 ----a-w- c:\windows\system32\coin92.dll

2012-09-24 20:47 . 2012-09-24 20:47 172592 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-09-24 20:40 . 2010-06-24 16:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-09-19 09:04 . 2012-09-19 09:04 360832 ----a-w- c:\windows\system32\drivers\vpcvmm.sys

2012-09-19 09:04 . 2012-09-19 09:04 936448 ----a-w- c:\windows\system32\vmsal.exe

2012-09-19 09:04 . 2012-09-19 09:04 793600 ----a-w- c:\windows\SysWow64\vmsal.exe

2012-09-19 09:04 . 2012-09-19 09:04 59392 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys

2012-09-19 09:04 . 2012-09-19 09:04 562176 ----a-w- c:\windows\system32\VMCPropertyHandler.dll

2012-09-19 09:04 . 2012-09-19 09:04 4514816 ----a-w- c:\windows\system32\vpc.exe

2012-09-19 09:04 . 2012-09-19 09:04 2264064 ----a-w- c:\windows\system32\VPCWizard.exe

2012-09-19 09:04 . 2012-09-19 09:04 1369600 ----a-w- c:\windows\system32\VPCSettings.exe

2012-09-19 09:04 . 2012-09-19 09:04 1210368 ----a-w- c:\windows\system32\VMWindow.exe

2012-09-19 09:04 . 2012-09-19 09:04 95232 ----a-w- c:\windows\system32\drivers\vpcusb.sys

2012-09-19 09:04 . 2012-09-19 09:04 194944 ----a-w- c:\windows\system32\drivers\vpchbus.sys

2012-09-19 09:04 . 2012-09-19 09:04 15872 ----a-w- c:\windows\system32\vpchbuspipe.dll

2012-09-19 09:04 . 2012-09-19 09:04 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe

2012-09-19 09:04 . 2012-09-19 09:04 778752 ----a-w- c:\windows\system32\mssvp.dll

2012-09-19 09:04 . 2012-09-19 09:04 75264 ----a-w- c:\windows\system32\msscntrs.dll

2012-09-19 09:04 . 2012-09-19 09:04 666624 ----a-w- c:\windows\SysWow64\mssvp.dll

2012-09-19 09:04 . 2012-09-19 09:04 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll

2012-09-19 09:04 . 2012-09-19 09:04 591872 ----a-w- c:\windows\system32\SearchIndexer.exe

2012-09-19 09:04 . 2012-09-19 09:04 491520 ----a-w- c:\windows\system32\mssph.dll

2012-09-19 09:04 . 2012-09-19 09:04 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe

2012-09-19 09:04 . 2012-09-19 09:04 337408 ----a-w- c:\windows\SysWow64\mssph.dll

2012-09-19 09:04 . 2012-09-19 09:04 31232 ----a-w- c:\windows\SysWow64\prevhost.exe

2012-09-19 09:04 . 2012-09-19 09:04 31232 ----a-w- c:\windows\system32\prevhost.exe

2012-09-19 09:04 . 2012-09-19 09:04 288256 ----a-w- c:\windows\system32\mssphtb.dll

2012-09-19 09:04 . 2012-09-19 09:04 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2012-09-19 09:04 . 2012-09-19 09:04 2315776 ----a-w- c:\windows\system32\tquery.dll

2012-09-19 09:04 . 2012-09-19 09:04 2223616 ----a-w- c:\windows\system32\mssrch.dll

2012-09-19 09:04 . 2012-09-19 09:04 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll

2012-09-19 09:04 . 2012-09-19 09:04 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe

2012-09-19 09:04 . 2012-09-19 09:04 1549312 ----a-w- c:\windows\SysWow64\tquery.dll

2012-09-19 09:04 . 2012-09-19 09:04 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll

2012-09-19 09:04 . 2012-09-19 09:04 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe

2012-09-19 09:04 . 2012-09-19 09:04 976896 ----a-w- c:\windows\system32\inetcomm.dll

2012-09-19 09:04 . 2012-09-19 09:04 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-09-19 09:04 . 2012-09-19 09:04 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll

2012-09-19 09:04 . 2012-09-19 09:04 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2012-09-19 09:04 . 2012-09-19 09:04 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2012-09-19 09:04 . 2012-09-19 09:04 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2012-09-19 09:04 . 2012-09-19 09:04 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

2012-09-19 09:04 . 2012-09-19 09:04 613888 ----a-w- c:\windows\system32\psisdecd.dll

2012-09-19 09:04 . 2012-09-19 09:04 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-09-19 09:04 . 2012-09-19 09:04 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2012-09-19 09:04 . 2012-09-19 09:04 1395712 ----a-w- c:\windows\system32\mfc42.dll

2012-09-19 09:04 . 2012-09-19 09:04 1359872 ----a-w- c:\windows\system32\mfc42u.dll

2012-09-19 09:04 . 2012-09-19 09:04 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll

2012-09-19 09:04 . 2012-09-19 09:04 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll

2012-09-19 09:04 . 2012-09-19 09:04 108032 ----a-w- c:\windows\system32\psisrndr.ax

2012-09-19 09:04 . 2012-09-19 09:04 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-09-19 09:04 . 2012-09-19 09:04 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-09-19 09:04 . 2012-09-19 09:04 70656 ----a-w- c:\windows\SysWow64\fontsub.dll

2012-09-19 09:04 . 2012-09-19 09:04 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2012-09-19 09:04 . 2012-09-19 09:04 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-09-19 09:04 . 2012-09-19 09:04 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-09-19 09:04 . 2012-09-19 09:04 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-09-19 09:04 . 2012-09-19 09:04 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2012-09-19 09:04 . 2012-09-19 09:04 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-09-19 09:04 . 2012-09-19 09:04 404480 ----a-w- c:\windows\system32\umpnpmgr.dll

2012-09-19 09:04 . 2012-09-19 09:04 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-09-19 09:04 . 2012-09-19 09:04 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-09-19 09:04 . 2012-09-19 09:04 340992 ----a-w- c:\windows\system32\schannel.dll

2012-09-19 09:04 . 2012-09-19 09:04 31232 ----a-w- c:\windows\system32\lsass.exe

2012-09-19 09:04 . 2012-09-19 09:04 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-09-19 09:04 . 2012-09-19 09:04 294912 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-09-19 09:04 . 2012-09-19 09:04 29184 ----a-w- c:\windows\system32\sspisrv.dll

2012-09-19 09:04 . 2012-09-19 09:04 2871808 ----a-w- c:\windows\explorer.exe

2012-09-19 09:04 . 2012-09-19 09:04 28160 ----a-w- c:\windows\system32\secur32.dll

2012-09-19 09:04 . 2012-09-19 09:04 2616320 ----a-w- c:\windows\SysWow64\explorer.exe

2012-09-19 09:04 . 2012-09-19 09:04 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

2012-09-19 09:04 . 2012-09-19 09:04 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-09-19 09:04 . 2012-09-19 09:04 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-09-19 09:04 . 2012-09-19 09:04 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-09-19 09:04 . 2012-09-19 09:04 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2012-09-19 09:04 . 2012-09-19 09:04 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2012-09-19 09:04 . 2012-09-19 09:04 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-09-19 09:04 . 2012-09-19 09:04 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2012-09-19 09:04 . 2012-09-19 09:04 1447936 ----a-w- c:\windows\system32\lsasrv.dll

2012-09-19 09:04 . 2012-09-19 09:04 136192 ----a-w- c:\windows\system32\sspicli.dll

2012-09-19 09:04 . 2012-09-19 09:04 100864 ----a-w- c:\windows\system32\fontsub.dll

2012-09-19 09:04 . 2012-09-19 09:04 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-09-19 09:04 . 2012-09-19 09:04 77312 ----a-w- c:\windows\system32\packager.dll

2012-09-19 09:04 . 2012-09-19 09:04 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-09-19 09:04 . 2012-09-19 09:04 723456 ----a-w- c:\windows\system32\EncDec.dll

2012-09-19 09:04 . 2012-09-19 09:04 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-09-19 09:04 . 2012-09-19 09:04 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2012-09-19 09:04 . 2012-09-19 09:04 3216384 ----a-w- c:\windows\system32\msi.dll

2012-09-19 09:04 . 2012-09-19 09:04 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-09-19 09:04 . 2012-09-19 09:04 1139200 ----a-w- c:\windows\system32\FntCache.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-25 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-07 343168]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]

"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2011-03-22 115560]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]

R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-26 1255736]

R3 WvPCR;WvPCR;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [2012-01-16 198144]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-05-21 19264]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-07 204288]

S2 EmbassyService;EmbassyService;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2012-01-17 218504]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-05-30 13632]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-11-09 189608]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-06 375728]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-06-08 15928]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]

S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2009-09-17 145448]

S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2012-01-05 1679872]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-06 95248]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-09-24 138912]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-05-21 357184]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-05-21 789824]

S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS [2011-05-27 63528]

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-19 13:02]

.

2012-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-25 17:08]

.

2012-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-25 17:08]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2011-12-08 15:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2011-12-08 15:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl64.exe" [2011-07-21 2907240]

"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-12-08 381296]

"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]

"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-06-08 57928]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.acculormemberservices.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.128.101.2 216.171.129.13

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

SafeBoot-Symantec Antvirus

Toolbar-Locked - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

.

**************************************************************************

.

Completion time: 2012-11-20 09:17:01 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-20 14:16

.

Pre-Run: 415,330,324,480 bytes free

Post-Run: 414,376,665,088 bytes free

.

- - End Of File - - FBEEDB4FAF4B3EC93A19FC3889D8DC01

DDS

DDS (Ver_2012-11-07.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2

Run by jlincoln at 9:22:28 on 2012-11-20

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8175.5737 [GMT -5:00]