mstrom

Members
  • Content count

    10
  • Joined

  • Last visited

About mstrom

  • Rank
    New Member
  1. I was able to run scans on the two accounts, I'm not seeing the virus. I'm not sure what happened but it has been acting strange before, shutting off during scans and even shutting off as soon as I tried to get into one of the accounts. In any case, both scans came up clean. Thanks so much for your help.
  2. Btw, I've gotten this several times trying to update malware bytes An error has occurred. Please report this error code to our support team. PROGRAM_ERROR_UPDATING (5, 0, CreateFile) Access is denied.
  3. ComboFix 12-07-27.03 - Michele 07/27/2012 16:24:01.2.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3838.2049 [GMT -4:00] Running from: c:\users\Onelchela\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\AutoRun.ini . . ((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 ))))))))))))))))))))))))))))))) . . 2012-07-27 20:57 . 2012-07-27 20:57 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-27 20:57 . 2012-07-27 20:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-07-27 20:29 . 2012-07-27 20:29 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06699AA0-CEB3-4777-AE0C-CC5E267D1219}\offreg.dll 2012-07-27 11:42 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06699AA0-CEB3-4777-AE0C-CC5E267D1219}\mpengine.dll 2012-07-26 23:34 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2012-07-26 23:34 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-26 23:34 . 2012-07-26 23:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-26 18:14 . 2012-07-26 18:14 -------- d-----w- c:\users\Onelchela\AppData\Roaming\Apple Computer 2012-07-26 15:05 . 2012-07-26 15:05 -------- d-----w- c:\users\Onelchela\AppData\Roaming\Malwarebytes 2012-07-25 19:33 . 2012-07-26 19:53 -------- d-----w- c:\users\DefaultAppPool 2012-07-14 00:18 . 2012-07-14 00:24 -------- d-----w- C:\e66a12832b4b4bc17735b97a91aaca 2012-07-13 21:28 . 2012-07-13 21:28 -------- d-----w- C:\00a6006033da9cd7d0 2012-07-12 15:31 . 2012-07-13 15:18 -------- d-----w- C:\a3ec2b0277659583c37863d1 2012-07-12 13:30 . 2012-07-26 19:53 -------- d-----w- c:\users\MSSQL$SQLEXPRESS 2012-07-12 13:28 . 2012-02-11 12:46 82520 ----a-w- c:\windows\system32\fssres.dll 2012-07-12 13:28 . 2012-02-11 12:46 180312 ----a-w- c:\windows\system32\hadrres.dll 2012-07-12 12:37 . 2012-07-13 17:03 -------- d-----w- c:\users\Michele\AppData\Roaming\Download Manager 2012-07-12 00:59 . 2012-07-12 00:59 -------- d-----w- c:\program files\Microsoft 2012-07-11 22:08 . 2012-07-11 22:08 -------- d-----w- c:\programdata\PreEmptive Solutions 2012-07-11 20:24 . 2012-07-11 20:24 -------- d-----w- c:\users\Michele\AppData\Roaming\Microsoft Corporation 2012-07-11 20:20 . 2012-07-11 20:20 -------- d-----w- c:\program files\Microsoft Sync Framework 2012-07-11 20:12 . 2012-07-13 21:28 2378624 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-07-11 19:56 . 2012-07-11 20:03 -------- d-----w- c:\program files (x86)\Microsoft F# 2012-07-11 19:56 . 2012-07-11 19:58 -------- d-----w- c:\program files (x86)\HTML Help Workshop 2012-07-11 19:56 . 2012-07-12 11:57 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules 2012-07-11 19:38 . 2012-07-11 19:38 -------- d-----w- c:\windows\symbols 2012-07-11 19:13 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 13:31 . 2010-04-03 14:50 105824 ----a-w- c:\windows\system32\SQSRVRES.DLL 2012-07-11 13:15 . 2012-07-26 19:53 -------- d-----w- c:\users\Classic .NET AppPool 2012-07-11 13:12 . 2012-07-11 13:12 -------- d-----w- c:\windows\SysWow64\BestPractices 2012-07-11 13:12 . 2012-07-11 13:12 -------- d-----w- c:\windows\system32\BestPractices 2012-07-11 13:12 . 2012-07-11 13:12 -------- d-----w- C:\inetpub 2012-07-11 12:08 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-11 12:08 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2012-07-11 12:08 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2012-07-11 12:08 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll 2012-07-11 12:08 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2012-07-11 12:08 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2012-07-11 12:08 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-07-11 12:08 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll 2012-07-11 12:08 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll 2012-07-11 12:08 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll 2012-07-11 12:08 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll 2012-07-11 12:08 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll 2012-07-11 12:08 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-07-11 00:28 . 2012-07-11 00:28 -------- d-----w- c:\program files (x86)\NuGet 1.2 2012-07-11 00:09 . 2012-07-11 00:09 -------- d-----w- c:\program files (x86)\IIS Express 2012-07-10 23:20 . 2012-07-10 23:20 -------- d-----w- c:\programdata\VS 2012-07-10 23:13 . 2012-07-11 00:19 -------- d-----w- c:\program files\IIS 2012-07-10 23:13 . 2012-07-11 00:19 -------- d-----w- c:\program files (x86)\IIS 2012-07-10 23:13 . 2012-07-13 21:20 588256 ----a-w- c:\programdata\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll 2012-07-10 23:09 . 2012-07-13 16:19 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0 2012-07-10 23:08 . 2012-07-10 23:08 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0 2012-07-10 23:08 . 2012-07-10 23:08 -------- d-----w- c:\program files\Microsoft Help Viewer 2012-07-10 20:57 . 2012-07-10 21:00 -------- d-----w- C:\NUnitRTM 2012-07-07 00:08 . 2012-07-07 00:08 -------- d-----w- c:\users\Michele\AppData\Roaming\Malwarebytes 2012-07-07 00:08 . 2012-07-07 00:08 -------- d-----w- c:\programdata\Malwarebytes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-11 13:33 . 2009-11-30 09:35 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-02 22:19 . 2012-06-08 20:56 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-08 20:56 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-08 20:56 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-08 20:56 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-08 20:56 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-08 20:56 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-08 20:56 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-08 20:56 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:15 . 2012-06-08 20:56 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-05-31 16:25 . 2010-01-28 23:30 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-15 04:01 . 2012-06-13 23:57 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:59 . 2012-06-13 23:57 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-05-15 03:03 . 2012-06-13 23:57 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-04 11:06 . 2012-06-13 23:57 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-13 23:57 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 23:57 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-13 23:57 209920 ----a-w- c:\windows\system32\profsvc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-15 39408] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2988784] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-21 244480] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304] "Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2009-04-13 630784] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504] "CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720] "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "IOGEAR Auto Printer Sharing Switch"="c:\program files (x86)\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe" [2010-03-05 867328] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664] R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-30 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744] R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-04-24 428384] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264] S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-08-06 844320] S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672] S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-21 62720] S2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-04-24 2175328] S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192] S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480] S3 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Contents of the 'Scheduled Tasks' folder . 2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 22:43] . 2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 22:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 503864] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-08-06 828960] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=2736110995b6l0340z195a4891t228 mLocal Page = c:\windows\SysWOW64\blank.htm Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.1.254 DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.progress-energy.com/CACHE/stc/3/binaries/vpnweb.cab FF - ProfilePath - c:\users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\gm1kwx2x.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Michele\AppData\Roaming\Move Networks . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc] "ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-4173360909-679456854-1895235350-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-4173360909-679456854-1895235350-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-27 17:03:25 ComboFix-quarantined-files.txt 2012-07-27 21:03 ComboFix2.txt 2012-07-27 20:10 . Pre-Run: 232,272,998,400 bytes free Post-Run: 231,948,738,560 bytes free . - - End Of File - - 4C98DA0F815301E2FE02963F39C0BF01 Here's combofix on the other account. I'm going to try malware bytes one more time to see if it shuts off. If it does, I'll then proceed with the next scan as instructed.
  4. I've seen that name several days in a row in super anti spyware. Now that could be it reacting to my adding malwarebytes and specifically the chameleon mode (the whole interference between two antiviruses issue) however, i did see a trojan when scanning with malware bytes a few days ago. The thing that set me on this path, was that yesterday I saw some strange behavior on my machine and turned it off, thinking it was a virus. Since then I've not been able to run malware bytes sucessfully. My research on the virus showed me that it can turn malware bytes or even your machine off - which is just what happens to me, it runs for a few minutes, then the machine shuts off. I'll try it again today and see what happens.
  5. ComboFix 12-07-27.03 - Michele 07/27/2012 15:54:35.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3838.2476 [GMT -4:00] Running from: c:\users\Michele\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 ))))))))))))))))))))))))))))))) . . 2012-07-27 20:05 . 2012-07-27 20:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-27 20:05 . 2012-07-27 20:05 -------- d-----w- c:\users\Onelchela\AppData\Local\temp 2012-07-27 11:42 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06699AA0-CEB3-4777-AE0C-CC5E267D1219}\mpengine.dll 2012-07-26 23:34 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2012-07-26 23:34 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-26 23:34 . 2012-07-26 23:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-26 18:14 . 2012-07-26 18:14 -------- d-----w- c:\users\Onelchela\AppData\Roaming\Apple Computer 2012-07-26 15:05 . 2012-07-26 15:05 -------- d-----w- c:\users\Onelchela\AppData\Roaming\Malwarebytes 2012-07-25 19:33 . 2012-07-26 19:53 -------- d-----w- c:\users\DefaultAppPool 2012-07-14 00:18 . 2012-07-14 00:24 -------- d-----w- C:\e66a12832b4b4bc17735b97a91aaca 2012-07-13 21:28 . 2012-07-13 21:28 -------- d-----w- C:\00a6006033da9cd7d0 2012-07-12 15:31 . 2012-07-13 15:18 -------- d-----w- C:\a3ec2b0277659583c37863d1 2012-07-12 13:30 . 2012-07-26 19:53 -------- d-----w- c:\users\MSSQL$SQLEXPRESS 2012-07-12 13:28 . 2012-02-11 12:46 82520 ----a-w- c:\windows\system32\fssres.dll 2012-07-12 13:28 . 2012-02-11 12:46 180312 ----a-w- c:\windows\system32\hadrres.dll 2012-07-12 12:37 . 2012-07-13 17:03 -------- d-----w- c:\users\Michele\AppData\Roaming\Download Manager 2012-07-12 00:59 . 2012-07-12 00:59 -------- d-----w- c:\program files\Microsoft 2012-07-11 22:08 . 2012-07-11 22:08 -------- d-----w- c:\programdata\PreEmptive Solutions 2012-07-11 20:24 . 2012-07-11 20:24 -------- d-----w- c:\users\Michele\AppData\Roaming\Microsoft Corporation 2012-07-11 20:20 . 2012-07-11 20:20 -------- d-----w- c:\program files\Microsoft Sync Framework 2012-07-11 20:12 . 2012-07-13 21:28 2378624 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-07-11 19:56 . 2012-07-11 20:03 -------- d-----w- c:\program files (x86)\Microsoft F# 2012-07-11 19:56 . 2012-07-11 19:58 -------- d-----w- c:\program files (x86)\HTML Help Workshop 2012-07-11 19:56 . 2012-07-12 11:57 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules 2012-07-11 19:38 . 2012-07-11 19:38 -------- d-----w- c:\windows\symbols 2012-07-11 19:13 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 13:31 . 2010-04-03 14:50 105824 ----a-w- c:\windows\system32\SQSRVRES.DLL 2012-07-11 13:15 . 2012-07-26 19:53 -------- d-----w- c:\users\Classic .NET AppPool 2012-07-11 13:12 . 2012-07-11 13:12 -------- d-----w- c:\windows\SysWow64\BestPractices 2012-07-11 13:12 . 2012-07-11 13:12 -------- d-----w- c:\windows\system32\BestPractices 2012-07-11 13:12 . 2012-07-11 13:12 -------- d-----w- C:\inetpub 2012-07-11 12:08 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-11 12:08 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2012-07-11 12:08 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2012-07-11 12:08 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll 2012-07-11 12:08 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2012-07-11 12:08 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2012-07-11 12:08 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-07-11 12:08 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll 2012-07-11 12:08 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll 2012-07-11 12:08 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll 2012-07-11 12:08 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll 2012-07-11 12:08 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll 2012-07-11 12:08 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-07-11 00:28 . 2012-07-11 00:28 -------- d-----w- c:\program files (x86)\NuGet 1.2 2012-07-11 00:09 . 2012-07-11 00:09 -------- d-----w- c:\program files (x86)\IIS Express 2012-07-10 23:20 . 2012-07-10 23:20 -------- d-----w- c:\programdata\VS 2012-07-10 23:13 . 2012-07-11 00:19 -------- d-----w- c:\program files\IIS 2012-07-10 23:13 . 2012-07-11 00:19 -------- d-----w- c:\program files (x86)\IIS 2012-07-10 23:13 . 2012-07-13 21:20 588256 ----a-w- c:\programdata\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll 2012-07-10 23:09 . 2012-07-13 16:19 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0 2012-07-10 23:08 . 2012-07-10 23:08 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0 2012-07-10 23:08 . 2012-07-10 23:08 -------- d-----w- c:\program files\Microsoft Help Viewer 2012-07-10 20:57 . 2012-07-10 21:00 -------- d-----w- C:\NUnitRTM 2012-07-07 00:08 . 2012-07-07 00:08 -------- d-----w- c:\users\Michele\AppData\Roaming\Malwarebytes 2012-07-07 00:08 . 2012-07-07 00:08 -------- d-----w- c:\programdata\Malwarebytes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-11 13:33 . 2009-11-30 09:35 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-02 22:19 . 2012-06-08 20:56 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-08 20:56 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-08 20:56 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-08 20:56 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-08 20:56 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-08 20:56 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-08 20:56 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-08 20:56 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:15 . 2012-06-08 20:56 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-05-31 16:25 . 2010-01-28 23:30 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-15 04:01 . 2012-06-13 23:57 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:59 . 2012-06-13 23:57 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-05-15 03:03 . 2012-06-13 23:57 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-04 11:06 . 2012-06-13 23:57 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-13 23:57 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 23:57 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-13 23:57 209920 ----a-w- c:\windows\system32\profsvc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-15 39408] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2988784] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-21 244480] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304] "Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2009-04-13 630784] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504] "CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720] "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "IOGEAR Auto Printer Sharing Switch"="c:\program files (x86)\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe" [2010-03-05 867328] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664] R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-30 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744] R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-04-24 428384] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264] S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-08-06 844320] S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672] S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-21 62720] S2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-04-24 2175328] S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192] S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480] S3 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Contents of the 'Scheduled Tasks' folder . 2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 22:43] . 2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 22:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 503864] "Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-08-06 828960] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=2736110995b6l0340z195a4891t228 mLocal Page = c:\windows\SysWOW64\blank.htm Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.1.254 DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.progress-energy.com/CACHE/stc/3/binaries/vpnweb.cab FF - ProfilePath - c:\users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\gm1kwx2x.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Michele\AppData\Roaming\Move Networks . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc] "ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-4173360909-679456854-1895235350-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-4173360909-679456854-1895235350-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-27 16:10:27 ComboFix-quarantined-files.txt 2012-07-27 20:10 . Pre-Run: 229,764,104,192 bytes free Post-Run: 232,078,237,696 bytes free . - - End Of File - - 3D53E6BE10CB9AE6BC14E0CE2C9ACBCD During the scan, it sent me a message that something called pev had stopped working, fyi
  6. That third one was from the other account, btw. Here's a scan today from the other account (the one that keeps shutting off when I run malware bytes on it) By the way. While creating a restore point, I notice my points only go back to 7/16. I've had this laptop for over 2 1/2 years. Should there be more restore points - could the virus have deleted old ones? - Michele TDSSKiller.2.7.48.0_27.07.2012_14.46.13_log.txt
  7. First one is from 2:37 EST today. Second is from 2:32 EST Today. I happened to run it last night, so the third is from last night: TDSSKiller.2.7.48.0_27.07.2012_14.32.41_log.txt TDSSKiller.2.7.48.0_27.07.2012_14.32.12_log.txt TDSSKiller.2.5.4.0_26.07.2012_19.32.24_log.txt
  8. Here it is again from another account on my machine - this is the one I've actually seen the computer shut down from: RogueKiller V7.6.4 [07/17/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Michele [Admin rights] Mode: Scan -- Date: 07/27/2012 07:50:06 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 3 ¤¤¤ [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS545032B9A300 ATA Device +++++ --- User --- [MBR] 3a97e95e6eede83ee629323686704eb5 [bSP] 197378bd88490744b0a380f8269312e7 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  9. RogueKiller V7.6.4 [07/17/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Michele [Admin rights] Mode: Scan -- Date: 07/27/2012 07:42:58 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 3 ¤¤¤ [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS545032B9A300 ATA Device +++++ --- User --- [MBR] 3a97e95e6eede83ee629323686704eb5 [bSP] 197378bd88490744b0a380f8269312e7 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  10. From what I can tell, this virus is preventing me from running malware bytes by shutting my machine off during the scan. The logs I'm instructed to give here http://forums.malwarebytes.org//index.php?showtopic=9573 Are copied and attached, as requested DDS text: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31 Run by Michele at 20:19:21 on 2012-07-26 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3838.2390 [GMT -4:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Windows\system32\svchost.exe -k apphost C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe c:\Program Files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe C:\Windows\system32\svchost.exe -k iissvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe C:\Program Files (x86)\Video Web Camera\traybar.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe C:\Program Files (x86)\Video Web Camera\CEC_MAIN.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe C:\Program Files (x86)\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uStart Page = hxxp://www.google.com/ mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=2736110995b6l0340z195a4891t228 mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=2736110995b6l0340z195a4891t228 mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\npchrome_frame.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe uRunOnce: [Application Restart #2] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --automation-channel=ChromeTestingInterface:4300.2 --chrome-frame --no-first-run --disable-background-mode --disable-popup-blocking --disable-print-preview --user-data-dir="C:\Users\Michele\AppData\Local\Google\Chrome Frame\User Data\iexplore" --chrome-version=18.0.1025.168 --lang=en-US --flag-switches-begin --flag-switches-end --restore-last-session mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe" mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [CLMLServer] "c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iOGEAR Auto Printer Sharing Switch] C:\Program Files (x86)\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe start mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL Trusted Zone: intuit.com\ttlc DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.progress-energy.com/CACHE/stc/3/binaries/vpnweb.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{990FC366-3581-4E0F-9180-5B2B0892A93E} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{990FC366-3581-4E0F-9180-5B2B0892A93E}\C41626F69725F657475627 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{B5B3D626-D852-44BC-9022-67E0A9E25F76} : DhcpNameServer = 192.168.1.254 Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\npchrome_frame.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\npchrome_frame.dll BHO-X64: ChromeFrame BHO - No File TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe" mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun-x64: [CLMLServer] "c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" mRun-x64: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [iOGEAR Auto Printer Sharing Switch] C:\Program Files (x86)\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe start mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\gm1kwx2x.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll FF - plugin: C:\Users\Michele\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\Michele\AppData\Roaming\Move Networks . ============= SERVICES / DRIVERS =============== . R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-10-3 844320] R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496] R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672] R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-20 62720] R2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-4-24 2175328] R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-15 240160] R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-2-3 427192] R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664] S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664] S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744] S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-4-24 428384] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-07-26 23:34:29 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2012-07-26 23:34:26 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-26 23:34:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-26 22:41:34 -------- d-----w- C:\Users\Michele\AppData\Local\{D9A15D1F-4D54-4282-9308-8C4AD67861C2} 2012-07-26 22:40:50 -------- d-----w- C:\Users\Michele\AppData\Local\{2BF79A84-8F7F-415B-9CCB-023415E44D2D} 2012-07-26 21:57:52 -------- d-----w- C:\Users\Michele\AppData\Local\{7B3599E8-EB08-435F-B466-D618F6FA91F5} 2012-07-26 19:23:35 -------- d-----w- C:\Users\Michele\AppData\Local\{20947E5E-605B-440F-BA68-FD9B1226E83D} 2012-07-26 18:42:37 -------- d-----w- C:\Users\Michele\AppData\Local\{E36143E5-73A4-4A7E-BF64-20AA6669B2B4} 2012-07-26 18:10:15 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5C242EC8-EB8C-499F-A150-6320755E4209}\mpengine.dll 2012-07-26 18:09:08 -------- d-----w- C:\Users\Michele\AppData\Local\{3873BB2C-3750-46C4-AB8A-F314E5545516} 2012-07-26 13:22:14 -------- d-----w- C:\Users\Michele\AppData\Local\{C69D83ED-9C2E-4A5A-97CC-D8F23383F509} 2012-07-26 13:22:03 -------- d-----w- C:\Users\Michele\AppData\Local\{CE9ED033-A8BD-4AE2-88EF-69465F429052} 2012-07-26 13:21:30 -------- d-----w- C:\Users\Michele\AppData\Local\{82BBDADB-2396-41C3-9C2C-0737F2745413} 2012-07-26 01:21:13 -------- d-----w- C:\Users\Michele\AppData\Local\{66505DF6-53D6-4268-B8CD-DFE8B271D48D} 2012-07-26 01:20:58 -------- d-----w- C:\Users\Michele\AppData\Local\{AC9E9FF0-C03C-40E7-BE9C-22A08A190F41} 2012-07-26 01:20:43 -------- d-----w- C:\Users\Michele\AppData\Local\{927741F8-054B-4231-9873-24E6EBBAF401} 2012-07-25 13:20:02 -------- d-----w- C:\Users\Michele\AppData\Local\{7826658D-676D-490A-998B-6A8E6C1A48CE} 2012-07-25 13:19:27 -------- d-----w- C:\Users\Michele\AppData\Local\{1ABA9759-60C6-480E-BAF8-6F9EC7A981FA} 2012-07-25 01:18:58 -------- d-----w- C:\Users\Michele\AppData\Local\{1FA26169-6A10-4A2C-BD96-4975939F12D2} 2012-07-25 01:18:35 -------- d-----w- C:\Users\Michele\AppData\Local\{4228F05D-7AF0-4E44-9CE2-B08D4962B5E7} 2012-07-24 12:46:08 -------- d-----w- C:\Users\Michele\AppData\Local\{A5D6EF4D-F461-4891-8B55-3766CC9C973D} 2012-07-24 12:45:56 -------- d-----w- C:\Users\Michele\AppData\Local\{E7B53425-2F8F-4F0C-BBC1-BB0791B39896} 2012-07-23 15:46:54 -------- d-----w- C:\Users\Michele\AppData\Local\{CE554528-62D8-42B4-9453-73A8E31D15A8} 2012-07-23 15:46:31 -------- d-----w- C:\Users\Michele\AppData\Local\{CD31EDE5-4C55-45A8-921E-2745C4912CFC} 2012-07-23 03:45:55 -------- d-----w- C:\Users\Michele\AppData\Local\{1F26D0D2-99AB-40E3-8440-B090280F55EC} 2012-07-23 03:45:37 -------- d-----w- C:\Users\Michele\AppData\Local\{C77D0978-4C8B-4F01-AEE2-E389EA921F94} 2012-07-22 15:45:23 -------- d-----w- C:\Users\Michele\AppData\Local\{C7D7FE81-37B9-4BE0-A5E0-89F31625A350} 2012-07-22 15:45:11 -------- d-----w- C:\Users\Michele\AppData\Local\{E21E3B46-64E1-43E4-AB3D-C16AE2448809} 2012-07-20 12:24:16 -------- d-----w- C:\Users\Michele\AppData\Local\{7FDBB3C1-E787-4803-98E8-6BC1E65163D1} 2012-07-20 12:24:05 -------- d-----w- C:\Users\Michele\AppData\Local\{F296FA8E-0328-402D-9686-D396BC0E11C6} 2012-07-20 12:23:54 -------- d-----w- C:\Users\Michele\AppData\Local\{054C6D22-13C0-4F6B-9A44-0580E96E1803} 2012-07-19 13:46:23 -------- d-----w- C:\Users\Michele\AppData\Local\{CC8E336C-13C5-41D2-90DA-B265572A30A2} 2012-07-19 13:46:12 -------- d-----w- C:\Users\Michele\AppData\Local\{1F0C136E-4C23-476D-A972-DA85C49E1EDA} 2012-07-19 13:46:01 -------- d-----w- C:\Users\Michele\AppData\Local\{285CB606-AA33-4412-8F0A-DD6408C61457} 2012-07-19 01:45:23 -------- d-----w- C:\Users\Michele\AppData\Local\{4AEDB81F-AFB5-4292-AE45-27EB85545D72} 2012-07-18 13:45:07 -------- d-----w- C:\Users\Michele\AppData\Local\{62AA159C-1286-4C04-8549-F5AA2451139A} 2012-07-18 13:13:46 -------- d-----w- C:\Users\Michele\AppData\Local\{889C9D21-FF50-4F26-88E4-4105101969A9} 2012-07-18 01:07:15 -------- d-----w- C:\Users\Michele\AppData\Local\{C5573620-59FE-4FFB-A7D7-B1460BD91EB4} 2012-07-18 01:06:58 -------- d-----w- C:\Users\Michele\AppData\Local\{A07D7B3B-E09F-4BF8-A08B-6F61FECD476F} 2012-07-17 13:06:44 -------- d-----w- C:\Users\Michele\AppData\Local\{B18DD70A-5B67-4BC6-99DA-18F88EA158A6} 2012-07-17 13:06:31 -------- d-----w- C:\Users\Michele\AppData\Local\{A39C3C17-890B-4002-AD03-806F481E0FA4} 2012-07-16 16:39:56 -------- d-----w- C:\Users\Michele\AppData\Local\{440DDBE1-428C-41A7-A867-9DA4876F3708} 2012-07-16 16:39:43 -------- d-----w- C:\Users\Michele\AppData\Local\{659AA748-24C1-4ED7-BE1B-1F050DABFADA} 2012-07-16 11:54:32 -------- d-----w- C:\Users\Michele\AppData\Local\{A555E003-2653-441A-A975-FC2BFBABBE7D} 2012-07-15 23:15:03 -------- d-----w- C:\Users\Michele\AppData\Local\{663B41E2-CE69-4174-B25D-6D78754E4A43} 2012-07-15 23:14:51 -------- d-----w- C:\Users\Michele\AppData\Local\{5B40EC8C-3D0D-432F-8226-16E434F8116E} 2012-07-15 23:14:40 -------- d-----w- C:\Users\Michele\AppData\Local\{A1BFC810-35EC-4DE5-AD55-DBB6456E7D36} 2012-07-15 19:45:47 77664 ----a-w- C:\Windows\System32\perf-ReportServer$SQLEXPRESS-rsctr.dll 2012-07-15 19:45:47 47968 ----a-w- C:\Windows\SysWow64\perf-ReportServer$SQLEXPRESS-rsctr.dll 2012-07-15 19:43:24 47456 ----a-w- C:\Windows\SysWow64\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll 2012-07-15 19:43:23 77152 ----a-w- C:\Windows\System32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll 2012-07-15 19:42:41 79200 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll 2012-07-15 19:42:41 73568 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll 2012-07-15 19:34:32 -------- d-----w- C:\Windows\System32\RsFx 2012-07-15 19:19:21 -------- d-----w- C:\Program Files\Microsoft Analysis Services 2012-07-15 19:19:21 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2012-07-15 11:13:57 -------- d-----w- C:\Users\Michele\AppData\Local\{953E6D52-3E15-4D82-A8BE-D04F7A040B3B} 2012-07-14 23:12:35 -------- d-----w- C:\Users\Michele\AppData\Local\{0365D254-70B8-4ADB-991E-0AD146111756} 2012-07-14 23:10:47 -------- d-----w- C:\Users\Michele\AppData\Local\{8ED7C8FA-399A-4B25-91F5-04E7EBFB8C6E} 2012-07-14 00:18:15 -------- d-----w- C:\e66a12832b4b4bc17735b97a91aaca 2012-07-13 21:28:15 -------- d-----w- C:\00a6006033da9cd7d0 2012-07-13 15:11:59 -------- d-----w- C:\Users\Michele\AppData\Local\{A011E925-D595-4FE8-8629-21641E9FB147} 2012-07-13 15:11:48 -------- d-----w- C:\Users\Michele\AppData\Local\{CB95C2F5-1BA6-4084-9D76-F39F29B86B7F} 2012-07-13 15:08:29 -------- d-----w- C:\Users\Michele\AppData\Local\{494F7108-5482-484A-AA39-E1CCCF1AC3E9} 2012-07-13 00:40:55 -------- d-----w- C:\Users\Michele\AppData\Local\{466A4F8B-5369-4A5F-AF79-8E4CBCB06E04} 2012-07-13 00:40:44 -------- d-----w- C:\Users\Michele\AppData\Local\{3B549F20-0B7A-4516-98EF-501E01080287} 2012-07-13 00:40:33 -------- d-----w- C:\Users\Michele\AppData\Local\{D8B1D8B4-29A0-4BF3-A919-45F9C691CA2D} 2012-07-13 00:40:09 -------- d-----w- C:\Users\Michele\AppData\Local\{ECC8AF5D-E057-4462-9259-36B8044F0EFD} 2012-07-12 15:31:29 -------- d-----w- C:\a3ec2b0277659583c37863d1 2012-07-12 13:28:34 82520 ----a-w- C:\Windows\System32\fssres.dll 2012-07-12 13:28:32 180312 ----a-w- C:\Windows\System32\hadrres.dll 2012-07-12 12:39:32 -------- d-----w- C:\Users\Michele\AppData\Local\{2C0B5707-8C66-44C4-A8D2-09F300AE4E6C} 2012-07-12 12:39:04 -------- d-----w- C:\Users\Michele\AppData\Local\{66133FBA-B679-44C2-BCEB-25A4D11F0907} 2012-07-12 12:01:50 -------- d-----w- C:\Users\Michele\AppData\Local\{73C598DA-AB34-4EF3-9527-5DFF298F0D74} 2012-07-12 00:59:32 -------- d-----w- C:\Program Files\Microsoft 2012-07-12 00:01:35 -------- d-----w- C:\Users\Michele\AppData\Local\{DB83AE61-9D92-46CA-8F58-E0A327656B6F} 2012-07-12 00:01:23 -------- d-----w- C:\Users\Michele\AppData\Local\{2F622762-9895-4154-8E77-753E93518D28} 2012-07-12 00:01:10 -------- d-----w- C:\Users\Michele\AppData\Local\{5C770DDE-2F98-489F-A8BC-E145520E2EDF} 2012-07-12 00:00:47 -------- d-----w- C:\Users\Michele\AppData\Local\{1311641E-81C9-457F-B68A-4D8AD62F06A2} 2012-07-11 22:08:19 -------- d-----w- C:\ProgramData\PreEmptive Solutions 2012-07-11 20:24:06 -------- d-----w- C:\Users\Michele\AppData\Roaming\Microsoft Corporation 2012-07-11 20:12:14 2378624 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-07-11 19:56:36 -------- d-----w- C:\Program Files (x86)\Microsoft F# 2012-07-11 19:56:36 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop 2012-07-11 19:56:34 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules 2012-07-11 19:13:05 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 13:31:34 105824 ----a-w- C:\Windows\System32\SQSRVRES.DLL 2012-07-11 13:12:24 -------- d-----w- C:\Windows\SysWow64\BestPractices 2012-07-11 13:12:21 -------- d-----w- C:\Windows\System32\BestPractices 2012-07-11 13:12:20 -------- d-----w- C:\inetpub 2012-07-11 12:08:58 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll 2012-07-11 12:08:58 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll 2012-07-11 12:08:57 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-07-11 12:08:57 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll 2012-07-11 12:08:57 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll 2012-07-11 12:08:57 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll 2012-07-11 12:08:57 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll 2012-07-11 12:08:57 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll 2012-07-11 12:08:57 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll 2012-07-11 12:08:57 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll 2012-07-11 12:08:57 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll 2012-07-11 12:08:57 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll 2012-07-11 12:08:57 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-07-11 12:00:19 -------- d-----w- C:\Users\Michele\AppData\Local\{0A0F1BB0-56CE-46F9-BC31-D52697BAA50F} 2012-07-11 12:00:07 -------- d-----w- C:\Users\Michele\AppData\Local\{96D98980-A032-4E51-9E50-B70D12E30553} 2012-07-11 11:59:56 -------- d-----w- C:\Users\Michele\AppData\Local\{D8E438C2-C37B-4D4D-855A-88EAC2BF1BDF} 2012-07-11 11:57:19 -------- d-----w- C:\Users\Michele\AppData\Local\{B7FDF109-1E67-4A5C-996F-2CEE1EAF06FD} 2012-07-11 00:28:41 -------- d-----w- C:\Program Files (x86)\NuGet 1.2 2012-07-11 00:09:01 -------- d-----w- C:\Program Files (x86)\IIS Express 2012-07-10 23:20:01 -------- d-----w- C:\ProgramData\VS 2012-07-10 23:13:40 -------- d-----w- C:\Program Files\IIS 2012-07-10 23:13:40 -------- d-----w- C:\Program Files (x86)\IIS 2012-07-10 23:13:06 588256 ----a-w- C:\ProgramData\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll 2012-07-10 23:09:58 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0 2012-07-10 23:08:49 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0 2012-07-10 23:08:49 -------- d-----w- C:\Program Files\Microsoft Help Viewer 2012-07-10 20:57:21 -------- d-----w- C:\NUnitRTM 2012-07-10 13:40:05 -------- d-----w- C:\Users\Michele\AppData\Local\{8F45D661-D943-496E-88FA-7B714956DBB7} 2012-07-10 13:39:50 -------- d-----w- C:\Users\Michele\AppData\Local\{F61C0AEE-CA94-4CC3-AE4C-F880FA577CD7} 2012-07-10 00:20:20 -------- d-----w- C:\Users\Michele\AppData\Local\{8A704ED1-44F9-4EA1-BE03-570325041746} 2012-07-10 00:19:58 -------- d-----w- C:\Users\Michele\AppData\Local\{62A5AE27-487F-4448-90F5-29C1C373C860} 2012-07-10 00:19:46 -------- d-----w- C:\Users\Michele\AppData\Local\{ABA20487-76FB-4EC4-8D3B-62D96ECF1CF6} 2012-07-09 12:19:21 -------- d-----w- C:\Users\Michele\AppData\Local\{ED6425A1-D7CC-46F1-9A1C-0E4A6B3741CD} 2012-07-09 12:19:10 -------- d-----w- C:\Users\Michele\AppData\Local\{A5C98C1B-0146-44CB-9001-2F8A5A3EA467} 2012-07-09 12:18:45 -------- d-----w- C:\Users\Michele\AppData\Local\{8FBEC88E-4478-4B98-A8F5-24C988674D97} 2012-07-08 14:39:10 -------- d-----w- C:\Users\Michele\AppData\Local\{5F485DD8-71E6-4BDF-9BC2-80C143702AB0} 2012-07-08 14:38:58 -------- d-----w- C:\Users\Michele\AppData\Local\{CF1721F5-AD1D-413A-B3D7-56E87E4A66B9} 2012-07-08 14:29:40 -------- d-----w- C:\Users\Michele\AppData\Local\{284BD623-EB9E-4A5B-8EC5-D37AC543AC80} 2012-07-08 14:29:28 -------- d-----w- C:\Users\Michele\AppData\Local\{63BF8F29-2B12-4AFB-A1E9-A72FA744AE42} 2012-07-08 01:25:09 -------- d-----w- C:\Users\Michele\AppData\Local\{60E6452D-D7FB-4C34-B697-506009C48349} 2012-07-08 01:24:57 -------- d-----w- C:\Users\Michele\AppData\Local\{48F531F3-BC87-48E1-950E-858E9B1E3B1B} 2012-07-07 10:08:28 -------- d-----w- C:\Users\Michele\AppData\Local\{B33871C5-2223-4A12-9A37-194A0F11E6AE} 2012-07-07 10:08:12 -------- d-----w- C:\Users\Michele\AppData\Local\{32114374-EEB2-426D-AA36-BAA50CFE992E} 2012-07-07 00:10:23 -------- d-----w- C:\Users\Michele\AppData\Local\{E46BEE47-C748-43E5-8AE7-F62843FBC92B} 2012-07-07 00:10:11 -------- d-----w- C:\Users\Michele\AppData\Local\{E58608CF-A662-4AED-9990-5C5C23D0863E} 2012-07-07 00:08:29 -------- d-----w- C:\Users\Michele\AppData\Roaming\Malwarebytes 2012-07-07 00:08:25 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-07 00:04:10 -------- d-----w- C:\Users\Michele\AppData\Local\{434C9B33-EE46-4B52-B3EA-CA4234C48BE8} 2012-07-07 00:03:55 -------- d-----w- C:\Users\Michele\AppData\Local\{BFC3C571-A978-4EF3-92A6-93D62A7FEB32} 2012-07-06 13:34:57 -------- d-----w- C:\Users\Michele\AppData\Local\{66E14247-0D06-4F4D-A9E3-6601C3B04E1B} 2012-07-06 13:34:44 -------- d-----w- C:\Users\Michele\AppData\Local\{004A8557-1092-4251-B656-DEB4ED3E3158} 2012-07-06 01:21:40 -------- d-----w- C:\Users\Michele\AppData\Local\{2AADA8AD-0200-4C4B-A474-1CEC92BC557D} 2012-07-06 01:21:16 -------- d-----w- C:\Users\Michele\AppData\Local\{E5420924-E8DD-490C-8317-8F060927B911} 2012-07-05 13:21:53 -------- d-----w- C:\Users\Michele\AppData\Local\{DE67DC0F-33AF-400C-823E-12B2F4570DAF} 2012-07-05 13:21:17 -------- d-----w- C:\Users\Michele\AppData\Local\{05B5C523-2032-4996-B8CC-09FA35A65039} 2012-07-04 20:15:54 -------- d-----w- C:\Users\Michele\AppData\Local\{9DBB2EBD-DE13-4F5C-859F-BB77BB8791C3} 2012-07-04 20:15:42 -------- d-----w- C:\Users\Michele\AppData\Local\{99B3766B-A079-466B-82F1-CC3660581BE7} 2012-07-04 19:52:07 -------- d-----w- C:\Users\Michele\AppData\Local\{55829EE1-9D31-4E31-8F4A-B484CE12B369} 2012-07-04 19:51:52 -------- d-----w- C:\Users\Michele\AppData\Local\{C2E9C15E-FAD7-47AD-B7D2-F8F2B3F8B8D9} 2012-07-04 15:48:12 -------- d-----w- C:\Users\Michele\AppData\Local\{9D8BD0CC-A61F-4828-996D-E6501F77BD9D} 2012-07-04 15:48:00 -------- d-----w- C:\Users\Michele\AppData\Local\{9563928E-19AE-4E1D-9FFD-70E21A728070} 2012-07-04 15:47:33 -------- d-----w- C:\Users\Michele\AppData\Local\{F4C80855-9952-42ED-8B3A-1513A4F00B9D} 2012-07-04 15:47:20 -------- d-----w- C:\Users\Michele\AppData\Local\{95AFF68E-DBFE-426E-A313-961D3065FD35} 2012-07-04 00:24:50 -------- d-----w- C:\Users\Michele\AppData\Local\{B958455C-B2C0-4A62-80F0-7CC30184352D} 2012-07-04 00:24:25 -------- d-----w- C:\Users\Michele\AppData\Local\{A93E71A6-2BC6-46E3-B4BF-B1A3FAD6BDB5} 2012-07-04 00:23:02 -------- d-----w- C:\Users\Michele\AppData\Local\{F9745DDE-4F56-43D7-A7A7-270E6DCB44BB} 2012-07-04 00:22:31 -------- d-----w- C:\Users\Michele\AppData\Local\{671A2093-547A-4ED2-B453-CE7A8676D3D9} 2012-07-03 22:58:49 -------- d-----w- C:\Users\Michele\AppData\Local\{5061B38A-CDAA-491A-A313-048EA9462DE7} 2012-07-03 22:58:12 -------- d-----w- C:\Users\Michele\AppData\Local\{12E289C3-1E7D-413D-9935-FCDBC5F082C8} 2012-07-03 10:37:27 -------- d-----w- C:\Users\Michele\AppData\Local\{E8BD6DA8-0AE4-49B2-95C3-7FC7D4E05E71} 2012-07-03 10:36:51 -------- d-----w- C:\Users\Michele\AppData\Local\{E9B8BDE6-C742-4F34-A4E3-1E99474C6EE6} 2012-07-02 15:53:55 -------- d-----w- C:\Users\Michele\AppData\Local\{B26E442C-18F4-48F8-A5BB-FFC5F0005C63} 2012-07-02 15:53:42 -------- d-----w- C:\Users\Michele\AppData\Local\{D9B59E6D-069D-43F7-ADAC-BCF400AFE9F3} 2012-07-02 14:33:54 -------- d-----w- C:\Users\Michele\AppData\Local\{5E40A5F1-CB78-46D0-A268-BE1A8F1134FA} 2012-07-02 14:33:42 -------- d-----w- C:\Users\Michele\AppData\Local\{D1DD93DD-7BFF-452C-8900-A62C1A5304DF} 2012-07-02 12:17:25 -------- d-----w- C:\Users\Michele\AppData\Local\{BC5E3515-6F97-471E-8165-AEE55602792F} 2012-07-02 12:17:01 -------- d-----w- C:\Users\Michele\AppData\Local\{2AB5E607-7701-4183-8B90-5594BE7B00D4} 2012-07-02 00:17:13 -------- d-----w- C:\Users\Michele\AppData\Local\{ABD1ACA7-36B6-42F2-AF0B-7CDF90B807FD} 2012-07-02 00:17:01 -------- d-----w- C:\Users\Michele\AppData\Local\{504BAFC1-C4D5-43CB-9030-8D8E8464D036} 2012-07-01 01:24:46 -------- d-----w- C:\Users\Michele\AppData\Local\{A0C1B390-9781-4472-A6A9-AA44D5D02D65} 2012-07-01 01:24:35 -------- d-----w- C:\Users\Michele\AppData\Local\{3877B775-A724-4537-A737-37B3E227EBAC} 2012-06-30 21:17:33 -------- d-----w- C:\Users\Michele\AppData\Local\{0BA2454C-3FE3-4DB0-BF93-D9792B1F489E} 2012-06-30 00:17:19 -------- d-----w- C:\Users\Michele\AppData\Local\{DA2CA38D-A067-44E7-92D9-BBB649445BFB} 2012-06-30 00:16:53 -------- d-----w- C:\Users\Michele\AppData\Local\{BD454BD9-1DDB-48F9-A093-FA9C55563EB0} 2012-06-28 23:05:27 -------- d-----w- C:\Users\Michele\AppData\Local\{8453CD47-991F-4453-AAB3-11B34EE9DA28} 2012-06-28 23:05:15 -------- d-----w- C:\Users\Michele\AppData\Local\{C04342E7-1ACC-4F91-A964-930F207753EF} 2012-06-27 14:24:29 -------- d-----w- C:\Users\Michele\AppData\Local\{5A735838-2073-4B0F-AFAA-0BC8EF5DACAE} . ==================== Find3M ==================== . 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-31 16:25:12 279656 ----a-w- C:\Windows\System32\MpSigStub.exe 2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll 2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys . ============= FINISH: 20:21:04.36 =============== - Michele Attach.txt