ComboFix 13-11-19.01 - Zer0 20/11/2013 15:03:05.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6135.3291 [GMT 11:00] Running from: c:\users\Zer0\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\autorun.inf c:\program files (x86)\HTV c:\program files (x86)\HTV\akv.cfg c:\program files (x86)\HTV\htv.001 c:\program files (x86)\HTV\HTV.002 c:\program files (x86)\HTV\HTV.005 c:\program files (x86)\HTV\HTV.009 c:\program files (x86)\Setup.exe C:\STF1350.tmp C:\STF3786.tmp C:\STF6616.tmp C:\STF919F.tmp C:\STFA87.tmp C:\STFAEBB.tmp C:\STFC7A4.tmp C:\STFDB2E.tmp C:\STFE224.tmp C:\STFF4EE.tmp c:\users\Administrator\Desktop\Setup.exe c:\users\Zer0\AppData\Local\assembly\tmp c:\users\Zer0\AppData\Roaming\dclogs c:\users\Zer0\AppData\Roaming\Eqdige c:\users\Zer0\AppData\Roaming\Eqdige\dace.sac c:\users\Zer0\AppData\Roaming\Help\coredb\storage c:\users\Zer0\AppData\Roaming\vso_ts_preview.xml c:\windows\inf\ndiscap64.inf c:\windows\SysWow64\c6to4.dll c:\windows\SysWow64\FlashPlayerApp.exe c:\windows\SysWow64\frapsvid.dll c:\windows\SysWow64\networkdlllsp.dll c:\windows\SysWow64\Packet.dll c:\windows\XSxS F:\install.exe . . ((((((((((((((((((((((((( Files Created from 2013-10-20 to 2013-11-20 ))))))))))))))))))))))))))))))) . . 2013-11-20 04:11 . 2013-11-20 04:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-11-19 05:48 . 2013-11-19 05:48 -------- d-----w- C:\found.000 2013-11-19 05:25 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{413DF429-BC7D-4E85-A833-57876691B827}\mpengine.dll 2013-11-18 14:53 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-11-16 10:55 . 2013-11-16 10:55 -------- d-----w- c:\users\Zer0\AppData\Local\NVIDIA Corporation 2013-11-13 07:13 . 2013-10-13 14:36 96768 ----a-w- c:\windows\system32\mshtmled.dll 2013-11-13 07:12 . 2013-10-13 15:58 17847296 ----a-w- c:\windows\system32\mshtml.dll 2013-11-13 07:12 . 2013-10-13 15:09 10926080 ----a-w- c:\windows\system32\ieframe.dll 2013-11-13 06:53 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL 2013-11-12 09:32 . 2013-11-19 02:17 -------- d-----w- c:\program files (x86)\SpeedFan 2013-11-12 08:19 . 2013-11-12 08:20 -------- d-----w- c:\program files\Speccy 2013-11-12 02:05 . 2013-11-12 02:05 -------- d-----w- C:\FRST 2013-11-12 01:55 . 2013-11-12 01:55 -------- d-----w- c:\windows\ERUNT 2013-11-11 22:02 . 2013-11-11 23:22 -------- d-----w- C:\AdwCleaner 2013-11-10 15:57 . 2013-11-10 15:57 -------- d-----w- c:\program files (x86)\ESET 2013-11-10 15:36 . 2013-11-10 15:36 -------- d-----w- c:\programdata\IDM 2013-11-10 14:36 . 2013-11-16 08:46 -------- d-----w- c:\users\Zer0\AppData\Local\CrashDumps 2013-11-10 11:12 . 2013-11-10 11:12 -------- d-----w- c:\programdata\c8865564-28bf-4d35-8039-1f4e8b199063 2013-11-10 11:11 . 2013-11-10 11:14 -------- d-----w- C:\MyBootCD 2013-11-09 15:59 . 2013-06-25 22:55 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-11-09 15:59 . 2013-09-08 02:30 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-11-09 15:59 . 2013-09-08 02:27 327168 ----a-w- c:\windows\system32\mswsock.dll 2013-11-09 15:59 . 2013-09-08 02:03 231424 ----a-w- c:\windows\SysWow64\mswsock.dll 2013-11-09 15:59 . 2013-07-03 04:40 42496 ----a-w- c:\windows\system32\drivers\usbscan.sys 2013-11-09 15:59 . 2013-07-03 04:05 76800 ----a-w- c:\windows\system32\drivers\hidclass.sys 2013-11-09 15:59 . 2013-07-03 04:05 32896 ----a-w- c:\windows\system32\drivers\hidparse.sys 2013-11-09 15:59 . 2013-07-12 10:41 100864 ----a-w- c:\windows\system32\drivers\usbcir.sys 2013-11-09 15:59 . 2013-07-12 10:40 109824 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys 2013-11-09 15:59 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll 2013-11-09 15:59 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll 2013-11-09 15:57 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll 2013-11-09 15:56 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-11-09 15:56 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-11-09 15:56 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-11-09 15:56 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-11-09 15:56 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-11-09 15:56 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-11-09 15:56 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-11-09 15:56 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-11-07 04:14 . 2013-10-18 00:51 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ABB41426-20AA-473F-B85F-3B32D45A6E7C}\gapaengine.dll 2013-10-30 08:50 . 2013-11-08 20:47 1064224 ----a-w- c:\windows\system32\nvspcap64.dll 2013-10-30 08:50 . 2013-11-08 20:47 955168 ----a-w- c:\windows\SysWow64\nvspcap.dll 2013-10-30 08:49 . 2013-09-27 23:01 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys 2013-10-30 08:49 . 2013-09-27 23:01 28960 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll 2013-10-29 10:20 . 2013-10-29 10:20 -------- d-----w- c:\users\Zer0\AppData\Local\UWebKit 2013-10-23 04:50 . 2013-10-16 00:48 1884448 ----a-w- c:\windows\system32\nvdispco6433158.dll 2013-10-23 04:50 . 2013-10-16 00:48 1511712 ----a-w- c:\windows\system32\nvdispgenco6433158.dll 2013-10-22 16:02 . 2013-10-22 16:02 589600 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2013-10-22 13:11 . 2008-07-09 08:05 421888 ----a-w- c:\windows\system32\ac3filter.acm 2013-10-22 13:11 . 2013-10-22 13:11 -------- d-----w- c:\program files (x86)\AC3Filter . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-16 09:52 . 2013-09-11 01:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-11-13 07:08 . 2010-09-04 06:40 82896128 ----a-w- c:\windows\system32\MRT.exe 2013-11-11 11:13 . 2012-11-30 13:02 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-11-11 11:01 . 2012-11-30 13:02 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-11-01 04:27 . 2012-11-30 13:02 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2013-10-23 10:30 . 2012-10-15 05:19 2695200 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-10-23 10:30 . 2012-10-15 05:19 15212336 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-10-23 10:30 . 2012-02-22 01:57 1435504 ----a-w- c:\windows\system32\nvumdshimx.dll 2013-10-23 10:30 . 2010-07-09 19:38 18286416 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-10-23 10:30 . 2010-03-17 01:07 3067560 ----a-w- c:\windows\system32\nvapi64.dll 2013-10-23 08:20 . 2011-02-22 15:39 6669600 ----a-w- c:\windows\system32\nvcpl.dll 2013-10-23 08:20 . 2011-02-22 15:39 3489568 ----a-w- c:\windows\system32\nvsvc64.dll 2013-10-23 08:20 . 2011-02-22 15:38 922912 ----a-w- c:\windows\system32\nvvsvc.exe 2013-10-23 08:20 . 2011-02-22 15:38 219424 ----a-w- c:\windows\system32\nvmctray.dll 2013-10-23 08:20 . 2010-03-16 11:50 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-10-23 08:20 . 2012-02-22 01:59 3426956 ----a-w- c:\windows\system32\nvcoproc.bin 2013-10-18 00:51 . 2011-08-08 23:38 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-10-08 21:36 . 2013-10-08 21:36 17813896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-09-27 23:01 . 2013-09-06 12:09 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll 2013-09-26 22:53 . 2013-09-26 22:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-09-26 22:53 . 2010-10-24 10:25 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-09-12 08:58 . 2013-09-20 10:55 1511712 ----a-w- c:\windows\system32\nvdispgenco6432723.dll 2013-09-12 08:58 . 2013-09-20 10:55 1884448 ----a-w- c:\windows\system32\nvdispco6432723.dll 2013-08-29 01:48 . 2013-11-09 16:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2010-09-27 08:52 . 2010-10-04 11:38 726384 ----a-w- c:\program files (x86)\AutoRun.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2013-10-30 1820584] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-07 17706088] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-04-10 668944] "Akamai NetSession Interface"="c:\users\Zer0\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [x] R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x] R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\gPotato\IrisOnline\GameGuard\dump_wmimmc.sys;c:\program files (x86)\gPotato\IrisOnline\GameGuard\dump_wmimmc.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] R3 LVUVC64;Logitech Webcam 600(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x] R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x] R3 SaiK0ccf;SaiK0ccf;c:\windows\system32\DRIVERS\SaiK0ccf.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0ccf.sys [x] R3 SaiU0CCF;SaiU0CCF;c:\windows\system32\DRIVERS\SaiU0CCF.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU0CCF.sys [x] R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x] R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 SmoothPingProxy;SmoothPingProxy;c:\program files (x86)\Smoothping Elite\SmoothPingProxy.exe;c:\program files (x86)\Smoothping Elite\SmoothPingProxy.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x] S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x] S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys;c:\windows\SYSNATIVE\DRIVERS\vcsvad.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc Akamai REG_MULTI_SZ Akamai . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-11-16 20:03 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11 09:52] . 2013-11-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3687147164-1298252514-2334443246-1000Core.job - c:\users\Zer0\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-15 14:25] . 2013-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-28 06:02] . 2013-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-28 06:02] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-10-14 158208] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912] "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-02 415816] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-02 4725320] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-02 2412616] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-11-08 1064224] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421; uSearchAssistant = hxxp://www.google.com IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Zer0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk Trusted Zone: battlefield.com\battlelog Trusted Zone: clonewarsadventures.com Trusted Zone: cumshotsurprise.com\www Trusted Zone: freerealms.com Trusted Zone: safelinking.net Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 10.0.0.138 TCP: Interfaces\{09422DDC-6800-45E3-9216-B5095F00AEB7}: NameServer = 8.8.8.8,8.8.8.4 FF - ProfilePath - c:\users\Zer0\AppData\Roaming\Mozilla\Firefox\Profiles\yuohtlfh.default-1379735746604\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.au/ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-{A6356F2F-D3E1-4D83-9AA2-72871DD0C298} - c:\program files (x86)\InstallShield Installation Information\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46, 04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff, 2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f "{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d, 36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0 "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1, 93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:6b,2c,c7,0f,cc,55,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,01,13,ca,bb,ea,00,4e,8d,14,83,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,01,13,ca,bb,ea,00,4e,8d,14,83,\ . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.HTM" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.HTM" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.MHT" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.MHT" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.URL" . [HKEY_USERS\S-1-5-21-3687147164-1298252514-2334443246-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3687147164-1298252514-2334443246-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-3687147164-1298252514-2334443246-1000\Software\SecuROM\License information*] "datasecu"=hex:c7,ab,43,59,42,26,7a,78,56,d5,35,a2,22,5b,42,0d,2f,39,dc,a1,cb, ec,20,6c,62,bf,a2,06,4a,58,73,29,d2,1e,ec,19,06,43,d8,c5,fa,da,cf,8b,43,71,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_USERS\S-1-5-21-3687147164-1298252514-2334443246-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):e0,51,b2,99,78,ed,d0,7f,4b,7d,a2,3d,42,45,53,96,cd,76,9b,dc,53, b0,d3,a0,bc,ef,d0,55,ce,45,2b,d0,1c,b0,43,25,23,bf,7e,f3,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-3687147164-1298252514-2334443246-1000_Classes\Wow6432Node\CLSID\{bc6a3a51-d218-4f2e-92d8-59746f601326}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000013c "Therad"=dword:00000001 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe . ************************************************************************** . Completion time: 2013-11-20 15:29:45 - machine was rebooted ComboFix-quarantined-files.txt 2013-11-20 04:29 . Pre-Run: 777,451,618,304 bytes free Post-Run: 777,669,902,336 bytes free . - - End Of File - - C3EA86BF39C075BF9F5E9DFE655E6D38 A36C5E4F47E84449FF07ED3517B43A31