ComboFix 11-12-22.04 - Jason 12/23/2011 10:06:42.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3326.2522 [GMT -6:00] Running from: c:\users\Jason\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Jason\AppData\Roaming\Microsoft\Windows\Templates\787772d6t052h555r358d3lui8o1 c:\windows\$NtUninstallKB47642$ c:\windows\$NtUninstallKB47642$\2889225772\cfg.ini c:\windows\$NtUninstallKB47642$\4156224787 . . ((((((((((((((((((((((((( Files Created from 2011-11-23 to 2011-12-23 ))))))))))))))))))))))))))))))) . . 2011-12-23 16:19 . 2011-12-23 16:37 -------- d-----w- c:\users\Jason\AppData\Local\temp 2011-12-23 16:19 . 2011-12-23 16:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-23 16:01 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-12-22 21:35 . 2011-12-22 21:35 -------- d-----w- C:\_OTL 2011-12-22 20:34 . 2011-12-22 20:34 -------- d-----w- c:\program files\Tweaking.com 2011-12-21 00:54 . 2011-12-22 20:35 -------- d-----w- C:\temp 2011-12-12 09:47 . 2011-12-12 09:47 -------- d-----w- c:\users\Jason\AppData\Local\Chromium 2011-12-12 09:47 . 2011-12-22 00:46 -------- d-----w- c:\users\Jason\AppData\Roaming\ArcheAge 2011-12-12 09:42 . 2011-12-22 00:44 -------- d-----w- c:\program files\ArcheAge 2011-11-28 21:32 . 2011-12-04 04:04 -------- d-----w- c:\program files\Common Files\BioWare 2011-11-25 11:17 . 2011-12-22 00:46 -------- d-----w- c:\users\Jason\AppData\Roaming\Tunngle 2011-11-25 11:17 . 2011-11-26 14:52 -------- d-----w- c:\programdata\Tunngle 2011-11-25 11:17 . 2009-09-16 14:02 27136 ----a-w- c:\windows\system32\drivers\tap0901t.sys 2011-11-25 11:17 . 2011-11-25 11:18 -------- d-----w- c:\program files\Tunngle 2011-11-24 18:11 . 2011-11-24 18:11 -------- d-----w- c:\program files\THQ . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-24 11:25 . 2011-07-24 07:14 140072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-11-24 11:25 . 2011-07-24 07:15 280904 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-11-24 11:25 . 2011-07-24 07:14 280904 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-11-24 11:01 . 2011-07-24 07:14 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0 2011-11-22 08:50 . 2011-07-24 07:14 138056 ----a-w- c:\users\Jason\AppData\Roaming\PnkBstrK.sys 2011-11-22 08:49 . 2011-07-24 07:14 75136 ----a-w- c:\windows\system32\PnkBstrA.exe 2011-11-03 09:23 . 2011-11-03 09:23 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys 2011-11-03 09:23 . 2011-11-03 09:23 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2011-10-29 03:02 . 2011-06-28 00:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-22 11:21 . 2011-10-22 11:21 65536 ----a-w- c:\windows\system32\frapsvid.dll 2011-10-15 08:53 . 2011-10-29 06:19 919872 ----a-w- c:\windows\system32\nvdispco32.dll 2011-10-15 08:53 . 2011-10-29 06:19 877376 ----a-w- c:\windows\system32\nvgenco32.dll 2011-10-15 08:53 . 2011-10-29 06:19 61248 ----a-w- c:\windows\system32\OpenCL.dll 2011-10-15 08:53 . 2011-10-29 06:19 5578560 ----a-w- c:\windows\system32\nvcuda.dll 2011-10-15 08:53 . 2011-10-29 06:19 2401088 ----a-w- c:\windows\system32\nvcuvid.dll 2011-10-15 08:53 . 2011-10-29 06:19 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-10-15 08:53 . 2011-10-29 06:19 18871616 ----a-w- c:\windows\system32\nvoglv32.dll 2011-10-15 08:53 . 2011-10-29 06:19 17248576 ----a-w- c:\windows\system32\nvcompiler.dll 2011-10-15 08:53 . 2011-10-29 06:19 13205312 ----a-w- c:\windows\system32\nvd3dum.dll 2011-10-15 08:53 . 2011-10-29 06:19 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-10-15 08:53 . 2011-05-26 18:43 7041856 ----a-w- c:\windows\system32\nvwgf2um.dll 2011-10-15 08:53 . 2011-05-26 18:43 2458432 ----a-w- c:\windows\system32\nvapi.dll 2011-10-15 08:53 . 2011-04-08 03:45 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll 2011-10-15 08:53 . 2011-04-08 03:45 203072 ----a-w- c:\windows\system32\nvmctray.dll 2011-10-15 08:53 . 2011-04-08 03:45 1136448 ----a-w- c:\windows\system32\nvvsvc.exe 2011-10-15 08:53 . 2011-04-08 03:44 6350144 ----a-w- c:\windows\system32\nvcpl.dll 2011-10-15 08:53 . 2011-04-08 03:44 3840320 ----a-w- c:\windows\system32\nvsvc.dll 2011-10-15 08:53 . 2010-03-23 23:25 123712 ----a-w- c:\windows\system32\nvshext.dll 2011-10-15 05:54 . 2011-10-15 05:54 321856 ----a-w- c:\windows\system32\nvStreaming.exe 2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2011-10-04 11:21 . 2011-10-04 11:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys 2011-11-09 19:36 . 2011-05-26 18:33 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\steam.exe" [2011-09-25 1242448] "Akamai NetSession Interface"="c:\users\Jason\AppData\Local\Akamai\netsession_win.exe" [2011-12-07 3305248] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] "RaidCall"="c:\program files\raidcall\raidcall.exe" [2011-08-05 2043904] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux5"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-01-07 18:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-01 685816] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-05-25 139368] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-07 583680] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-24 1343400] R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2011-10-14 745832] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720] S3 RTL8187B;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys [2009-11-05 376832] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 FF - ProfilePath - c:\users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\v6mpz0xy.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . HKCU-Run-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe HKLM-Run-Adobe Acrobat Speed Launcher - c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe HKLM-Run-Acrobat Assistant 8.0 - c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe HKLM-Run-BCSSync - c:\program files\Microsoft Office\Office14\BCSSync.exe HKLM-Run-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe AddRemove-Battlelog Web Plugins - c:\program files\Battlelog Web Plugins\uninstall.exe AddRemove-BattlEye for A2 - c:\program files\Bohemia Interactive\ArmABattlEye\UnInstallBE.exe AddRemove-BattlEye for OA - c:\program files\steam\steamapps\common\arma 2 operation arrowheadExpansion\BattlEye\UnInstallBE.exe AddRemove-NVIDIAStereo - c:\program files\NVIDIA Corporation\3D Vision\nvStInst.exe AddRemove-WinLiveSuite - c:\program files\Windows Live\Installer\wlarp.exe AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision - c:\program files\NVIDIA Corporation\Installer2\installer.2\NVI2.DLL AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver - c:\program files\NVIDIA Corporation\Installer2\installer.2\NVI2.DLL AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB - c:\program files\NVIDIA Corporation\Installer2\installer.2\NVI2.DLL AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX - c:\program files\NVIDIA Corporation\Installer2\installer.2\NVI2.DLL AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update - c:\program files\NVIDIA Corporation\Installer2\installer.2\NVI2.DLL AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver - c:\program files\NVIDIA Corporation\Installer2\installer.3\NVI2.DLL . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2096996257-4211928804-478179605-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:76,ad,7f,1f,14,3a,86,82,85,53,0d,f9,9d,e3,b3,55,87,51,e5,05,58,0f,41, a3,03,ee,bc,cf,a8,c6,dc,1c,4b,71,e4,4c,45,80,5c,80,d3,b1,06,01,69,7d,78,6f,\ "??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12 . [HKEY_USERS\S-1-5-21-2096996257-4211928804-478179605-1000\Software\SecuROM\License information*] "datasecu"=hex:ca,ac,83,39,72,1f,b1,5e,44,eb,c4,34,80,d2,9a,e1,bd,41,0f,d0,63, ad,8b,63,ac,9a,99,f7,d0,2b,79,cb,e9,4c,d7,1e,4e,bc,f4,89,42,b2,9b,9b,cf,99,\ "rkeysecu"=hex:82,3e,c6,2a,7a,c3,27,6c,bb,25,d7,23,89,24,e0,3a . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\windows\system32\nvvsvc.exe c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\PnkBstrA.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Completion time: 2011-12-23 10:41:54 - machine was rebooted ComboFix-quarantined-files.txt 2011-12-23 16:41 . Pre-Run: 57,203,601,408 bytes free Post-Run: 56,999,628,800 bytes free . - - End Of File - - 8E1BD08365F22EDB92F372446FBE7AC3