mstrom
-
Posts
10 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by mstrom
-
-
Btw, I've gotten this several times trying to update malware bytes
An error has occurred. Please report this error code to our support team.
PROGRAM_ERROR_UPDATING (5, 0, CreateFile)
Access is denied.
-
ComboFix 12-07-27.03 - Michele 07/27/2012 16:24:01.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3838.2049 [GMT -4:00]
Running from: c:\users\Onelchela\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\AutoRun.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 20:57 . 2012-07-27 20:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 20:57 . 2012-07-27 20:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-27 20:29 . 2012-07-27 20:29 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06699AA0-CEB3-4777-AE0C-CC5E267D1219}\offreg.dll
2012-07-27 11:42 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06699AA0-CEB3-4777-AE0C-CC5E267D1219}\mpengine.dll
2012-07-26 23:34 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-07-26 23:34 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-26 23:34 . 2012-07-26 23:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-26 18:14 . 2012-07-26 18:14 -------- d-----w- c:\users\Onelchela\AppData\Roaming\Apple Computer
2012-07-26 15:05 . 2012-07-26 15:05 -------- d-----w- c:\users\Onelchela\AppData\Roaming\Malwarebytes
2012-07-25 19:33 . 2012-07-26 19:53 -------- d-----w- c:\users\DefaultAppPool
2012-07-14 00:18 . 2012-07-14 00:24 -------- d-----w- C:\e66a12832b4b4bc17735b97a91aaca
2012-07-13 21:28 . 2012-07-13 21:28 -------- d-----w- C:\00a6006033da9cd7d0
2012-07-12 15:31 . 2012-07-13 15:18 -------- d-----w- C:\a3ec2b0277659583c37863d1
2012-07-12 13:30 . 2012-07-26 19:53 -------- d-----w- c:\users\MSSQL$SQLEXPRESS
2012-07-12 13:28 . 2012-02-11 12:46 82520 ----a-w- c:\windows\system32\fssres.dll
2012-07-12 13:28 . 2012-02-11 12:46 180312 ----a-w- c:\windows\system32\hadrres.dll
2012-07-12 12:37 . 2012-07-13 17:03 -------- d-----w- c:\users\Michele\AppData\Roaming\Download Manager
2012-07-12 00:59 . 2012-07-12 00:59 -------- d-----w- c:\program files\Microsoft
2012-07-11 22:08 . 2012-07-11 22:08 -------- d-----w- c:\programdata\PreEmptive Solutions
2012-07-11 20:24 . 2012-07-11 20:24 -------- d-----w- c:\users\Michele\AppData\Roaming\Microsoft Corporation
2012-07-11 20:20 . 2012-07-11 20:20 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-07-11 20:12 . 2012-07-13 21:28 2378624 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-07-11 19:56 . 2012-07-11 20:03 -------- d-----w- c:\program files (x86)\Microsoft F#
2012-07-11 19:56 . 2012-07-11 19:58 -------- d-----w- c:\program files (x86)\HTML Help Workshop
2012-07-11 19:56 . 2012-07-12 11:57 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2012-07-11 19:38 . 2012-07-11 19:38 -------- d-----w- c:\windows\symbols
2012-07-11 19:13 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 13:31 . 2010-04-03 14:50 105824 ----a-w- c:\windows\system32\SQSRVRES.DLL
2012-07-11 13:15 . 2012-07-26 19:53 -------- d-----w- c:\users\Classic .NET AppPool
2012-07-11 13:12 . 2012-07-11 13:12 -------- d-----w- c:\windows\SysWow64\BestPractices
2012-07-11 13:12 . 2012-07-11 13:12 -------- d-----w- c:\windows\system32\BestPractices
2012-07-11 13:12 . 2012-07-11 13:12 -------- d-----w- C:\inetpub
2012-07-11 12:08 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 12:08 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 12:08 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 12:08 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 12:08 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 12:08 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 12:08 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 12:08 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 12:08 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 12:08 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 12:08 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 12:08 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 12:08 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-11 00:28 . 2012-07-11 00:28 -------- d-----w- c:\program files (x86)\NuGet 1.2
2012-07-11 00:09 . 2012-07-11 00:09 -------- d-----w- c:\program files (x86)\IIS Express
2012-07-10 23:20 . 2012-07-10 23:20 -------- d-----w- c:\programdata\VS
2012-07-10 23:13 . 2012-07-11 00:19 -------- d-----w- c:\program files\IIS
2012-07-10 23:13 . 2012-07-11 00:19 -------- d-----w- c:\program files (x86)\IIS
2012-07-10 23:13 . 2012-07-13 21:20 588256 ----a-w- c:\programdata\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll
2012-07-10 23:09 . 2012-07-13 16:19 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2012-07-10 23:08 . 2012-07-10 23:08 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-07-10 23:08 . 2012-07-10 23:08 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-07-10 20:57 . 2012-07-10 21:00 -------- d-----w- C:\NUnitRTM
2012-07-07 00:08 . 2012-07-07 00:08 -------- d-----w- c:\users\Michele\AppData\Roaming\Malwarebytes
2012-07-07 00:08 . 2012-07-07 00:08 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 13:33 . 2009-11-30 09:35 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-08 20:56 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 20:56 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-08 20:56 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 20:56 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 20:56 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-08 20:56 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-08 20:56 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-08 20:56 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-08 20:56 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2010-01-28 23:30 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 04:01 . 2012-06-13 23:57 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-13 23:57 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-13 23:57 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 11:06 . 2012-06-13 23:57 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 23:57 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 23:57 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 23:57 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-15 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2988784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-21 244480]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2009-04-13 630784]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504]
"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IOGEAR Auto Printer Sharing Switch"="c:\program files (x86)\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe" [2010-03-05 867328]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-30 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-04-24 428384]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-21 62720]
S2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-04-24 2175328]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 22:43]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 22:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 503864]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-08-06 828960]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=2736110995b6l0340z195a4891t228
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.progress-energy.com/CACHE/stc/3/binaries/vpnweb.cab
FF - ProfilePath - c:\users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\gm1kwx2x.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Michele\AppData\Roaming\Move Networks
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4173360909-679456854-1895235350-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4173360909-679456854-1895235350-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-27 17:03:25
ComboFix-quarantined-files.txt 2012-07-27 21:03
ComboFix2.txt 2012-07-27 20:10
.
Pre-Run: 232,272,998,400 bytes free
Post-Run: 231,948,738,560 bytes free
.
- - End Of File - - 4C98DA0F815301E2FE02963F39C0BF01
Here's combofix on the other account. I'm going to try malware bytes one more time to see if it shuts off. If it does, I'll then proceed with the next scan as instructed.
-
I've seen that name several days in a row in super anti spyware.
Now that could be it reacting to my adding malwarebytes and specifically the chameleon mode (the whole interference between two antiviruses issue) however, i did see a trojan when scanning with malware bytes a few days ago.
The thing that set me on this path, was that yesterday I saw some strange behavior on my machine and turned it off, thinking it was a virus. Since then I've not been able to run malware bytes sucessfully. My research on the virus showed me that it can turn malware bytes or even your machine off - which is just what happens to me, it runs for a few minutes, then the machine shuts off.
I'll try it again today and see what happens.
-
ComboFix 12-07-27.03 - Michele 07/27/2012 15:54:35.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3838.2476 [GMT -4:00]
Running from: c:\users\Michele\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 20:05 . 2012-07-27 20:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 20:05 . 2012-07-27 20:05 -------- d-----w- c:\users\Onelchela\AppData\Local\temp
2012-07-27 11:42 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06699AA0-CEB3-4777-AE0C-CC5E267D1219}\mpengine.dll
2012-07-26 23:34 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-07-26 23:34 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-26 23:34 . 2012-07-26 23:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-26 18:14 . 2012-07-26 18:14 -------- d-----w- c:\users\Onelchela\AppData\Roaming\Apple Computer
2012-07-26 15:05 . 2012-07-26 15:05 -------- d-----w- c:\users\Onelchela\AppData\Roaming\Malwarebytes
2012-07-25 19:33 . 2012-07-26 19:53 -------- d-----w- c:\users\DefaultAppPool
2012-07-14 00:18 . 2012-07-14 00:24 -------- d-----w- C:\e66a12832b4b4bc17735b97a91aaca
2012-07-13 21:28 . 2012-07-13 21:28 -------- d-----w- C:\00a6006033da9cd7d0
2012-07-12 15:31 . 2012-07-13 15:18 -------- d-----w- C:\a3ec2b0277659583c37863d1
2012-07-12 13:30 . 2012-07-26 19:53 -------- d-----w- c:\users\MSSQL$SQLEXPRESS
2012-07-12 13:28 . 2012-02-11 12:46 82520 ----a-w- c:\windows\system32\fssres.dll
2012-07-12 13:28 . 2012-02-11 12:46 180312 ----a-w- c:\windows\system32\hadrres.dll
2012-07-12 12:37 . 2012-07-13 17:03 -------- d-----w- c:\users\Michele\AppData\Roaming\Download Manager
2012-07-12 00:59 . 2012-07-12 00:59 -------- d-----w- c:\program files\Microsoft
2012-07-11 22:08 . 2012-07-11 22:08 -------- d-----w- c:\programdata\PreEmptive Solutions
2012-07-11 20:24 . 2012-07-11 20:24 -------- d-----w- c:\users\Michele\AppData\Roaming\Microsoft Corporation
2012-07-11 20:20 . 2012-07-11 20:20 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-07-11 20:12 . 2012-07-13 21:28 2378624 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-07-11 19:56 . 2012-07-11 20:03 -------- d-----w- c:\program files (x86)\Microsoft F#
2012-07-11 19:56 . 2012-07-11 19:58 -------- d-----w- c:\program files (x86)\HTML Help Workshop
2012-07-11 19:56 . 2012-07-12 11:57 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2012-07-11 19:38 . 2012-07-11 19:38 -------- d-----w- c:\windows\symbols
2012-07-11 19:13 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 13:31 . 2010-04-03 14:50 105824 ----a-w- c:\windows\system32\SQSRVRES.DLL
2012-07-11 13:15 . 2012-07-26 19:53 -------- d-----w- c:\users\Classic .NET AppPool
2012-07-11 13:12 . 2012-07-11 13:12 -------- d-----w- c:\windows\SysWow64\BestPractices
2012-07-11 13:12 . 2012-07-11 13:12 -------- d-----w- c:\windows\system32\BestPractices
2012-07-11 13:12 . 2012-07-11 13:12 -------- d-----w- C:\inetpub
2012-07-11 12:08 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 12:08 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 12:08 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 12:08 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 12:08 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 12:08 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 12:08 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 12:08 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 12:08 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 12:08 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 12:08 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 12:08 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 12:08 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-11 00:28 . 2012-07-11 00:28 -------- d-----w- c:\program files (x86)\NuGet 1.2
2012-07-11 00:09 . 2012-07-11 00:09 -------- d-----w- c:\program files (x86)\IIS Express
2012-07-10 23:20 . 2012-07-10 23:20 -------- d-----w- c:\programdata\VS
2012-07-10 23:13 . 2012-07-11 00:19 -------- d-----w- c:\program files\IIS
2012-07-10 23:13 . 2012-07-11 00:19 -------- d-----w- c:\program files (x86)\IIS
2012-07-10 23:13 . 2012-07-13 21:20 588256 ----a-w- c:\programdata\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll
2012-07-10 23:09 . 2012-07-13 16:19 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2012-07-10 23:08 . 2012-07-10 23:08 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-07-10 23:08 . 2012-07-10 23:08 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-07-10 20:57 . 2012-07-10 21:00 -------- d-----w- C:\NUnitRTM
2012-07-07 00:08 . 2012-07-07 00:08 -------- d-----w- c:\users\Michele\AppData\Roaming\Malwarebytes
2012-07-07 00:08 . 2012-07-07 00:08 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 13:33 . 2009-11-30 09:35 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-08 20:56 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 20:56 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-08 20:56 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 20:56 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 20:56 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-08 20:56 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-08 20:56 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-08 20:56 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-08 20:56 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2010-01-28 23:30 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 04:01 . 2012-06-13 23:57 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-13 23:57 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-13 23:57 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 11:06 . 2012-06-13 23:57 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 23:57 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 23:57 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 23:57 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-15 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2988784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-21 244480]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2009-04-13 630784]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504]
"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IOGEAR Auto Printer Sharing Switch"="c:\program files (x86)\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe" [2010-03-05 867328]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-30 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-04-24 428384]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-21 62720]
S2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-04-24 2175328]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 22:43]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 22:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 503864]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-08-06 828960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=2736110995b6l0340z195a4891t228
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.progress-energy.com/CACHE/stc/3/binaries/vpnweb.cab
FF - ProfilePath - c:\users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\gm1kwx2x.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Michele\AppData\Roaming\Move Networks
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4173360909-679456854-1895235350-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4173360909-679456854-1895235350-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-27 16:10:27
ComboFix-quarantined-files.txt 2012-07-27 20:10
.
Pre-Run: 229,764,104,192 bytes free
Post-Run: 232,078,237,696 bytes free
.
- - End Of File - - 3D53E6BE10CB9AE6BC14E0CE2C9ACBCD
During the scan, it sent me a message that something called pev had stopped working, fyi
-
That third one was from the other account, btw.
Here's a scan today from the other account (the one that keeps shutting off when I run malware bytes on it)
By the way. While creating a restore point, I notice my points only go back to 7/16. I've had this laptop for over 2 1/2 years. Should there be more restore points - could the virus have deleted old ones?
- Michele
-
First one is from 2:37 EST today.
Second is from 2:32 EST Today.
I happened to run it last night, so the third is from last night:
TDSSKiller.2.7.48.0_27.07.2012_14.32.41_log.txt
-
Here it is again from another account on my machine - this is the one I've actually seen the computer shut down from:
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Michele [Admin rights]
Mode: Scan -- Date: 07/27/2012 07:50:06
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545032B9A300 ATA Device +++++
--- User ---
[MBR] 3a97e95e6eede83ee629323686704eb5
[bSP] 197378bd88490744b0a380f8269312e7 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
-
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Michele [Admin rights]
Mode: Scan -- Date: 07/27/2012 07:42:58
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545032B9A300 ATA Device +++++
--- User ---
[MBR] 3a97e95e6eede83ee629323686704eb5
[bSP] 197378bd88490744b0a380f8269312e7 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
-
From what I can tell, this virus is preventing me from running malware bytes by shutting my machine off during the scan.
The logs I'm instructed to give here
http://forums.malwarebytes.org//index.php?showtopic=9573
Are copied and attached, as requested
DDS text:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Michele at 20:19:21 on 2012-07-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3838.2390 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
c:\Program Files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Video Web Camera\traybar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\Video Web Camera\CEC_MAIN.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=2736110995b6l0340z195a4891t228
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=2736110995b6l0340z195a4891t228
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\npchrome_frame.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRunOnce: [Application Restart #2] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --automation-channel=ChromeTestingInterface:4300.2 --chrome-frame --no-first-run --disable-background-mode --disable-popup-blocking --disable-print-preview --user-data-dir="C:\Users\Michele\AppData\Local\Google\Chrome Frame\User Data\iexplore" --chrome-version=18.0.1025.168 --lang=en-US --flag-switches-begin --flag-switches-end --restore-last-session
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [CLMLServer] "c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iOGEAR Auto Printer Sharing Switch] C:\Program Files (x86)\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe start
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.progress-energy.com/CACHE/stc/3/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{990FC366-3581-4E0F-9180-5B2B0892A93E} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{990FC366-3581-4E0F-9180-5B2B0892A93E}\C41626F69725F657475627 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B5B3D626-D852-44BC-9022-67E0A9E25F76} : DhcpNameServer = 192.168.1.254
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\npchrome_frame.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\npchrome_frame.dll
BHO-X64: ChromeFrame BHO - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [CLMLServer] "c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
mRun-x64: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iOGEAR Auto Printer Sharing Switch] C:\Program Files (x86)\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe start
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\gm1kwx2x.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Users\Michele\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\Michele\AppData\Roaming\Move Networks
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-10-3 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-20 62720]
R2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-4-24 2175328]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-15 240160]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-2-3 427192]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-4-24 428384]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-26 23:34:29 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2012-07-26 23:34:26 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-26 23:34:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-26 22:41:34 -------- d-----w- C:\Users\Michele\AppData\Local\{D9A15D1F-4D54-4282-9308-8C4AD67861C2}
2012-07-26 22:40:50 -------- d-----w- C:\Users\Michele\AppData\Local\{2BF79A84-8F7F-415B-9CCB-023415E44D2D}
2012-07-26 21:57:52 -------- d-----w- C:\Users\Michele\AppData\Local\{7B3599E8-EB08-435F-B466-D618F6FA91F5}
2012-07-26 19:23:35 -------- d-----w- C:\Users\Michele\AppData\Local\{20947E5E-605B-440F-BA68-FD9B1226E83D}
2012-07-26 18:42:37 -------- d-----w- C:\Users\Michele\AppData\Local\{E36143E5-73A4-4A7E-BF64-20AA6669B2B4}
2012-07-26 18:10:15 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5C242EC8-EB8C-499F-A150-6320755E4209}\mpengine.dll
2012-07-26 18:09:08 -------- d-----w- C:\Users\Michele\AppData\Local\{3873BB2C-3750-46C4-AB8A-F314E5545516}
2012-07-26 13:22:14 -------- d-----w- C:\Users\Michele\AppData\Local\{C69D83ED-9C2E-4A5A-97CC-D8F23383F509}
2012-07-26 13:22:03 -------- d-----w- C:\Users\Michele\AppData\Local\{CE9ED033-A8BD-4AE2-88EF-69465F429052}
2012-07-26 13:21:30 -------- d-----w- C:\Users\Michele\AppData\Local\{82BBDADB-2396-41C3-9C2C-0737F2745413}
2012-07-26 01:21:13 -------- d-----w- C:\Users\Michele\AppData\Local\{66505DF6-53D6-4268-B8CD-DFE8B271D48D}
2012-07-26 01:20:58 -------- d-----w- C:\Users\Michele\AppData\Local\{AC9E9FF0-C03C-40E7-BE9C-22A08A190F41}
2012-07-26 01:20:43 -------- d-----w- C:\Users\Michele\AppData\Local\{927741F8-054B-4231-9873-24E6EBBAF401}
2012-07-25 13:20:02 -------- d-----w- C:\Users\Michele\AppData\Local\{7826658D-676D-490A-998B-6A8E6C1A48CE}
2012-07-25 13:19:27 -------- d-----w- C:\Users\Michele\AppData\Local\{1ABA9759-60C6-480E-BAF8-6F9EC7A981FA}
2012-07-25 01:18:58 -------- d-----w- C:\Users\Michele\AppData\Local\{1FA26169-6A10-4A2C-BD96-4975939F12D2}
2012-07-25 01:18:35 -------- d-----w- C:\Users\Michele\AppData\Local\{4228F05D-7AF0-4E44-9CE2-B08D4962B5E7}
2012-07-24 12:46:08 -------- d-----w- C:\Users\Michele\AppData\Local\{A5D6EF4D-F461-4891-8B55-3766CC9C973D}
2012-07-24 12:45:56 -------- d-----w- C:\Users\Michele\AppData\Local\{E7B53425-2F8F-4F0C-BBC1-BB0791B39896}
2012-07-23 15:46:54 -------- d-----w- C:\Users\Michele\AppData\Local\{CE554528-62D8-42B4-9453-73A8E31D15A8}
2012-07-23 15:46:31 -------- d-----w- C:\Users\Michele\AppData\Local\{CD31EDE5-4C55-45A8-921E-2745C4912CFC}
2012-07-23 03:45:55 -------- d-----w- C:\Users\Michele\AppData\Local\{1F26D0D2-99AB-40E3-8440-B090280F55EC}
2012-07-23 03:45:37 -------- d-----w- C:\Users\Michele\AppData\Local\{C77D0978-4C8B-4F01-AEE2-E389EA921F94}
2012-07-22 15:45:23 -------- d-----w- C:\Users\Michele\AppData\Local\{C7D7FE81-37B9-4BE0-A5E0-89F31625A350}
2012-07-22 15:45:11 -------- d-----w- C:\Users\Michele\AppData\Local\{E21E3B46-64E1-43E4-AB3D-C16AE2448809}
2012-07-20 12:24:16 -------- d-----w- C:\Users\Michele\AppData\Local\{7FDBB3C1-E787-4803-98E8-6BC1E65163D1}
2012-07-20 12:24:05 -------- d-----w- C:\Users\Michele\AppData\Local\{F296FA8E-0328-402D-9686-D396BC0E11C6}
2012-07-20 12:23:54 -------- d-----w- C:\Users\Michele\AppData\Local\{054C6D22-13C0-4F6B-9A44-0580E96E1803}
2012-07-19 13:46:23 -------- d-----w- C:\Users\Michele\AppData\Local\{CC8E336C-13C5-41D2-90DA-B265572A30A2}
2012-07-19 13:46:12 -------- d-----w- C:\Users\Michele\AppData\Local\{1F0C136E-4C23-476D-A972-DA85C49E1EDA}
2012-07-19 13:46:01 -------- d-----w- C:\Users\Michele\AppData\Local\{285CB606-AA33-4412-8F0A-DD6408C61457}
2012-07-19 01:45:23 -------- d-----w- C:\Users\Michele\AppData\Local\{4AEDB81F-AFB5-4292-AE45-27EB85545D72}
2012-07-18 13:45:07 -------- d-----w- C:\Users\Michele\AppData\Local\{62AA159C-1286-4C04-8549-F5AA2451139A}
2012-07-18 13:13:46 -------- d-----w- C:\Users\Michele\AppData\Local\{889C9D21-FF50-4F26-88E4-4105101969A9}
2012-07-18 01:07:15 -------- d-----w- C:\Users\Michele\AppData\Local\{C5573620-59FE-4FFB-A7D7-B1460BD91EB4}
2012-07-18 01:06:58 -------- d-----w- C:\Users\Michele\AppData\Local\{A07D7B3B-E09F-4BF8-A08B-6F61FECD476F}
2012-07-17 13:06:44 -------- d-----w- C:\Users\Michele\AppData\Local\{B18DD70A-5B67-4BC6-99DA-18F88EA158A6}
2012-07-17 13:06:31 -------- d-----w- C:\Users\Michele\AppData\Local\{A39C3C17-890B-4002-AD03-806F481E0FA4}
2012-07-16 16:39:56 -------- d-----w- C:\Users\Michele\AppData\Local\{440DDBE1-428C-41A7-A867-9DA4876F3708}
2012-07-16 16:39:43 -------- d-----w- C:\Users\Michele\AppData\Local\{659AA748-24C1-4ED7-BE1B-1F050DABFADA}
2012-07-16 11:54:32 -------- d-----w- C:\Users\Michele\AppData\Local\{A555E003-2653-441A-A975-FC2BFBABBE7D}
2012-07-15 23:15:03 -------- d-----w- C:\Users\Michele\AppData\Local\{663B41E2-CE69-4174-B25D-6D78754E4A43}
2012-07-15 23:14:51 -------- d-----w- C:\Users\Michele\AppData\Local\{5B40EC8C-3D0D-432F-8226-16E434F8116E}
2012-07-15 23:14:40 -------- d-----w- C:\Users\Michele\AppData\Local\{A1BFC810-35EC-4DE5-AD55-DBB6456E7D36}
2012-07-15 19:45:47 77664 ----a-w- C:\Windows\System32\perf-ReportServer$SQLEXPRESS-rsctr.dll
2012-07-15 19:45:47 47968 ----a-w- C:\Windows\SysWow64\perf-ReportServer$SQLEXPRESS-rsctr.dll
2012-07-15 19:43:24 47456 ----a-w- C:\Windows\SysWow64\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2012-07-15 19:43:23 77152 ----a-w- C:\Windows\System32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2012-07-15 19:42:41 79200 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll
2012-07-15 19:42:41 73568 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll
2012-07-15 19:34:32 -------- d-----w- C:\Windows\System32\RsFx
2012-07-15 19:19:21 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2012-07-15 19:19:21 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-07-15 11:13:57 -------- d-----w- C:\Users\Michele\AppData\Local\{953E6D52-3E15-4D82-A8BE-D04F7A040B3B}
2012-07-14 23:12:35 -------- d-----w- C:\Users\Michele\AppData\Local\{0365D254-70B8-4ADB-991E-0AD146111756}
2012-07-14 23:10:47 -------- d-----w- C:\Users\Michele\AppData\Local\{8ED7C8FA-399A-4B25-91F5-04E7EBFB8C6E}
2012-07-14 00:18:15 -------- d-----w- C:\e66a12832b4b4bc17735b97a91aaca
2012-07-13 21:28:15 -------- d-----w- C:\00a6006033da9cd7d0
2012-07-13 15:11:59 -------- d-----w- C:\Users\Michele\AppData\Local\{A011E925-D595-4FE8-8629-21641E9FB147}
2012-07-13 15:11:48 -------- d-----w- C:\Users\Michele\AppData\Local\{CB95C2F5-1BA6-4084-9D76-F39F29B86B7F}
2012-07-13 15:08:29 -------- d-----w- C:\Users\Michele\AppData\Local\{494F7108-5482-484A-AA39-E1CCCF1AC3E9}
2012-07-13 00:40:55 -------- d-----w- C:\Users\Michele\AppData\Local\{466A4F8B-5369-4A5F-AF79-8E4CBCB06E04}
2012-07-13 00:40:44 -------- d-----w- C:\Users\Michele\AppData\Local\{3B549F20-0B7A-4516-98EF-501E01080287}
2012-07-13 00:40:33 -------- d-----w- C:\Users\Michele\AppData\Local\{D8B1D8B4-29A0-4BF3-A919-45F9C691CA2D}
2012-07-13 00:40:09 -------- d-----w- C:\Users\Michele\AppData\Local\{ECC8AF5D-E057-4462-9259-36B8044F0EFD}
2012-07-12 15:31:29 -------- d-----w- C:\a3ec2b0277659583c37863d1
2012-07-12 13:28:34 82520 ----a-w- C:\Windows\System32\fssres.dll
2012-07-12 13:28:32 180312 ----a-w- C:\Windows\System32\hadrres.dll
2012-07-12 12:39:32 -------- d-----w- C:\Users\Michele\AppData\Local\{2C0B5707-8C66-44C4-A8D2-09F300AE4E6C}
2012-07-12 12:39:04 -------- d-----w- C:\Users\Michele\AppData\Local\{66133FBA-B679-44C2-BCEB-25A4D11F0907}
2012-07-12 12:01:50 -------- d-----w- C:\Users\Michele\AppData\Local\{73C598DA-AB34-4EF3-9527-5DFF298F0D74}
2012-07-12 00:59:32 -------- d-----w- C:\Program Files\Microsoft
2012-07-12 00:01:35 -------- d-----w- C:\Users\Michele\AppData\Local\{DB83AE61-9D92-46CA-8F58-E0A327656B6F}
2012-07-12 00:01:23 -------- d-----w- C:\Users\Michele\AppData\Local\{2F622762-9895-4154-8E77-753E93518D28}
2012-07-12 00:01:10 -------- d-----w- C:\Users\Michele\AppData\Local\{5C770DDE-2F98-489F-A8BC-E145520E2EDF}
2012-07-12 00:00:47 -------- d-----w- C:\Users\Michele\AppData\Local\{1311641E-81C9-457F-B68A-4D8AD62F06A2}
2012-07-11 22:08:19 -------- d-----w- C:\ProgramData\PreEmptive Solutions
2012-07-11 20:24:06 -------- d-----w- C:\Users\Michele\AppData\Roaming\Microsoft Corporation
2012-07-11 20:12:14 2378624 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-07-11 19:56:36 -------- d-----w- C:\Program Files (x86)\Microsoft F#
2012-07-11 19:56:36 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop
2012-07-11 19:56:34 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2012-07-11 19:13:05 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 13:31:34 105824 ----a-w- C:\Windows\System32\SQSRVRES.DLL
2012-07-11 13:12:24 -------- d-----w- C:\Windows\SysWow64\BestPractices
2012-07-11 13:12:21 -------- d-----w- C:\Windows\System32\BestPractices
2012-07-11 13:12:20 -------- d-----w- C:\inetpub
2012-07-11 12:08:58 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-11 12:08:58 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 12:08:57 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-07-11 12:08:57 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2012-07-11 12:08:57 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 12:08:57 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-07-11 12:08:57 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-07-11 12:08:57 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 12:08:57 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 12:08:57 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-07-11 12:08:57 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 12:08:57 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 12:08:57 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-07-11 12:00:19 -------- d-----w- C:\Users\Michele\AppData\Local\{0A0F1BB0-56CE-46F9-BC31-D52697BAA50F}
2012-07-11 12:00:07 -------- d-----w- C:\Users\Michele\AppData\Local\{96D98980-A032-4E51-9E50-B70D12E30553}
2012-07-11 11:59:56 -------- d-----w- C:\Users\Michele\AppData\Local\{D8E438C2-C37B-4D4D-855A-88EAC2BF1BDF}
2012-07-11 11:57:19 -------- d-----w- C:\Users\Michele\AppData\Local\{B7FDF109-1E67-4A5C-996F-2CEE1EAF06FD}
2012-07-11 00:28:41 -------- d-----w- C:\Program Files (x86)\NuGet 1.2
2012-07-11 00:09:01 -------- d-----w- C:\Program Files (x86)\IIS Express
2012-07-10 23:20:01 -------- d-----w- C:\ProgramData\VS
2012-07-10 23:13:40 -------- d-----w- C:\Program Files\IIS
2012-07-10 23:13:40 -------- d-----w- C:\Program Files (x86)\IIS
2012-07-10 23:13:06 588256 ----a-w- C:\ProgramData\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll
2012-07-10 23:09:58 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-07-10 23:08:49 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2012-07-10 23:08:49 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2012-07-10 20:57:21 -------- d-----w- C:\NUnitRTM
2012-07-10 13:40:05 -------- d-----w- C:\Users\Michele\AppData\Local\{8F45D661-D943-496E-88FA-7B714956DBB7}
2012-07-10 13:39:50 -------- d-----w- C:\Users\Michele\AppData\Local\{F61C0AEE-CA94-4CC3-AE4C-F880FA577CD7}
2012-07-10 00:20:20 -------- d-----w- C:\Users\Michele\AppData\Local\{8A704ED1-44F9-4EA1-BE03-570325041746}
2012-07-10 00:19:58 -------- d-----w- C:\Users\Michele\AppData\Local\{62A5AE27-487F-4448-90F5-29C1C373C860}
2012-07-10 00:19:46 -------- d-----w- C:\Users\Michele\AppData\Local\{ABA20487-76FB-4EC4-8D3B-62D96ECF1CF6}
2012-07-09 12:19:21 -------- d-----w- C:\Users\Michele\AppData\Local\{ED6425A1-D7CC-46F1-9A1C-0E4A6B3741CD}
2012-07-09 12:19:10 -------- d-----w- C:\Users\Michele\AppData\Local\{A5C98C1B-0146-44CB-9001-2F8A5A3EA467}
2012-07-09 12:18:45 -------- d-----w- C:\Users\Michele\AppData\Local\{8FBEC88E-4478-4B98-A8F5-24C988674D97}
2012-07-08 14:39:10 -------- d-----w- C:\Users\Michele\AppData\Local\{5F485DD8-71E6-4BDF-9BC2-80C143702AB0}
2012-07-08 14:38:58 -------- d-----w- C:\Users\Michele\AppData\Local\{CF1721F5-AD1D-413A-B3D7-56E87E4A66B9}
2012-07-08 14:29:40 -------- d-----w- C:\Users\Michele\AppData\Local\{284BD623-EB9E-4A5B-8EC5-D37AC543AC80}
2012-07-08 14:29:28 -------- d-----w- C:\Users\Michele\AppData\Local\{63BF8F29-2B12-4AFB-A1E9-A72FA744AE42}
2012-07-08 01:25:09 -------- d-----w- C:\Users\Michele\AppData\Local\{60E6452D-D7FB-4C34-B697-506009C48349}
2012-07-08 01:24:57 -------- d-----w- C:\Users\Michele\AppData\Local\{48F531F3-BC87-48E1-950E-858E9B1E3B1B}
2012-07-07 10:08:28 -------- d-----w- C:\Users\Michele\AppData\Local\{B33871C5-2223-4A12-9A37-194A0F11E6AE}
2012-07-07 10:08:12 -------- d-----w- C:\Users\Michele\AppData\Local\{32114374-EEB2-426D-AA36-BAA50CFE992E}
2012-07-07 00:10:23 -------- d-----w- C:\Users\Michele\AppData\Local\{E46BEE47-C748-43E5-8AE7-F62843FBC92B}
2012-07-07 00:10:11 -------- d-----w- C:\Users\Michele\AppData\Local\{E58608CF-A662-4AED-9990-5C5C23D0863E}
2012-07-07 00:08:29 -------- d-----w- C:\Users\Michele\AppData\Roaming\Malwarebytes
2012-07-07 00:08:25 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-07 00:04:10 -------- d-----w- C:\Users\Michele\AppData\Local\{434C9B33-EE46-4B52-B3EA-CA4234C48BE8}
2012-07-07 00:03:55 -------- d-----w- C:\Users\Michele\AppData\Local\{BFC3C571-A978-4EF3-92A6-93D62A7FEB32}
2012-07-06 13:34:57 -------- d-----w- C:\Users\Michele\AppData\Local\{66E14247-0D06-4F4D-A9E3-6601C3B04E1B}
2012-07-06 13:34:44 -------- d-----w- C:\Users\Michele\AppData\Local\{004A8557-1092-4251-B656-DEB4ED3E3158}
2012-07-06 01:21:40 -------- d-----w- C:\Users\Michele\AppData\Local\{2AADA8AD-0200-4C4B-A474-1CEC92BC557D}
2012-07-06 01:21:16 -------- d-----w- C:\Users\Michele\AppData\Local\{E5420924-E8DD-490C-8317-8F060927B911}
2012-07-05 13:21:53 -------- d-----w- C:\Users\Michele\AppData\Local\{DE67DC0F-33AF-400C-823E-12B2F4570DAF}
2012-07-05 13:21:17 -------- d-----w- C:\Users\Michele\AppData\Local\{05B5C523-2032-4996-B8CC-09FA35A65039}
2012-07-04 20:15:54 -------- d-----w- C:\Users\Michele\AppData\Local\{9DBB2EBD-DE13-4F5C-859F-BB77BB8791C3}
2012-07-04 20:15:42 -------- d-----w- C:\Users\Michele\AppData\Local\{99B3766B-A079-466B-82F1-CC3660581BE7}
2012-07-04 19:52:07 -------- d-----w- C:\Users\Michele\AppData\Local\{55829EE1-9D31-4E31-8F4A-B484CE12B369}
2012-07-04 19:51:52 -------- d-----w- C:\Users\Michele\AppData\Local\{C2E9C15E-FAD7-47AD-B7D2-F8F2B3F8B8D9}
2012-07-04 15:48:12 -------- d-----w- C:\Users\Michele\AppData\Local\{9D8BD0CC-A61F-4828-996D-E6501F77BD9D}
2012-07-04 15:48:00 -------- d-----w- C:\Users\Michele\AppData\Local\{9563928E-19AE-4E1D-9FFD-70E21A728070}
2012-07-04 15:47:33 -------- d-----w- C:\Users\Michele\AppData\Local\{F4C80855-9952-42ED-8B3A-1513A4F00B9D}
2012-07-04 15:47:20 -------- d-----w- C:\Users\Michele\AppData\Local\{95AFF68E-DBFE-426E-A313-961D3065FD35}
2012-07-04 00:24:50 -------- d-----w- C:\Users\Michele\AppData\Local\{B958455C-B2C0-4A62-80F0-7CC30184352D}
2012-07-04 00:24:25 -------- d-----w- C:\Users\Michele\AppData\Local\{A93E71A6-2BC6-46E3-B4BF-B1A3FAD6BDB5}
2012-07-04 00:23:02 -------- d-----w- C:\Users\Michele\AppData\Local\{F9745DDE-4F56-43D7-A7A7-270E6DCB44BB}
2012-07-04 00:22:31 -------- d-----w- C:\Users\Michele\AppData\Local\{671A2093-547A-4ED2-B453-CE7A8676D3D9}
2012-07-03 22:58:49 -------- d-----w- C:\Users\Michele\AppData\Local\{5061B38A-CDAA-491A-A313-048EA9462DE7}
2012-07-03 22:58:12 -------- d-----w- C:\Users\Michele\AppData\Local\{12E289C3-1E7D-413D-9935-FCDBC5F082C8}
2012-07-03 10:37:27 -------- d-----w- C:\Users\Michele\AppData\Local\{E8BD6DA8-0AE4-49B2-95C3-7FC7D4E05E71}
2012-07-03 10:36:51 -------- d-----w- C:\Users\Michele\AppData\Local\{E9B8BDE6-C742-4F34-A4E3-1E99474C6EE6}
2012-07-02 15:53:55 -------- d-----w- C:\Users\Michele\AppData\Local\{B26E442C-18F4-48F8-A5BB-FFC5F0005C63}
2012-07-02 15:53:42 -------- d-----w- C:\Users\Michele\AppData\Local\{D9B59E6D-069D-43F7-ADAC-BCF400AFE9F3}
2012-07-02 14:33:54 -------- d-----w- C:\Users\Michele\AppData\Local\{5E40A5F1-CB78-46D0-A268-BE1A8F1134FA}
2012-07-02 14:33:42 -------- d-----w- C:\Users\Michele\AppData\Local\{D1DD93DD-7BFF-452C-8900-A62C1A5304DF}
2012-07-02 12:17:25 -------- d-----w- C:\Users\Michele\AppData\Local\{BC5E3515-6F97-471E-8165-AEE55602792F}
2012-07-02 12:17:01 -------- d-----w- C:\Users\Michele\AppData\Local\{2AB5E607-7701-4183-8B90-5594BE7B00D4}
2012-07-02 00:17:13 -------- d-----w- C:\Users\Michele\AppData\Local\{ABD1ACA7-36B6-42F2-AF0B-7CDF90B807FD}
2012-07-02 00:17:01 -------- d-----w- C:\Users\Michele\AppData\Local\{504BAFC1-C4D5-43CB-9030-8D8E8464D036}
2012-07-01 01:24:46 -------- d-----w- C:\Users\Michele\AppData\Local\{A0C1B390-9781-4472-A6A9-AA44D5D02D65}
2012-07-01 01:24:35 -------- d-----w- C:\Users\Michele\AppData\Local\{3877B775-A724-4537-A737-37B3E227EBAC}
2012-06-30 21:17:33 -------- d-----w- C:\Users\Michele\AppData\Local\{0BA2454C-3FE3-4DB0-BF93-D9792B1F489E}
2012-06-30 00:17:19 -------- d-----w- C:\Users\Michele\AppData\Local\{DA2CA38D-A067-44E7-92D9-BBB649445BFB}
2012-06-30 00:16:53 -------- d-----w- C:\Users\Michele\AppData\Local\{BD454BD9-1DDB-48F9-A093-FA9C55563EB0}
2012-06-28 23:05:27 -------- d-----w- C:\Users\Michele\AppData\Local\{8453CD47-991F-4453-AAB3-11B34EE9DA28}
2012-06-28 23:05:15 -------- d-----w- C:\Users\Michele\AppData\Local\{C04342E7-1ACC-4F91-A964-930F207753EF}
2012-06-27 14:24:29 -------- d-----w- C:\Users\Michele\AppData\Local\{5A735838-2073-4B0F-AFAA-0BC8EF5DACAE}
.
==================== Find3M ====================
.
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ----a-w- C:\Windows\System32\MpSigStub.exe
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
.
============= FINISH: 20:21:04.36 ===============
- Michele
trojan dropper svchost fake
in Resolved Malware Removal Logs
Posted
I was able to run scans on the two accounts, I'm not seeing the virus. I'm not sure what happened but it has been acting strange before, shutting off during scans and even shutting off as soon as I tried to get into one of the accounts.
In any case, both scans came up clean. Thanks so much for your help.