ComboFix 11-12-27.01 - Jason 12/27/2011 11:48:12.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3326.2506 [GMT -6:00]
Running from: c:\users\Jason\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-27 to 2011-12-27 )))))))))))))))))))))))))))))))
.
.
2011-12-27 18:01 . 2011-12-27 18:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-26 18:58 . 2011-12-26 18:59 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-24 16:46 . 2011-12-17 01:20 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-24 16:46 . 2011-12-17 01:20 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-24 16:46 . 2011-12-17 01:20 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-24 16:46 . 2011-12-24 21:11 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-23 16:19 . 2011-12-27 18:01 -------- d-----w- c:\users\Jason\AppData\Local\temp
2011-12-23 16:01 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-22 21:35 . 2011-12-22 21:35 -------- d-----w- C:\_OTL
2011-12-22 20:34 . 2011-12-22 20:34 -------- d-----w- c:\program files\Tweaking.com
2011-12-21 00:54 . 2011-12-22 20:35 -------- d-----w- C:\temp
2011-12-12 09:47 . 2011-12-12 09:47 -------- d-----w- c:\users\Jason\AppData\Local\Chromium
2011-12-12 09:47 . 2011-12-22 00:46 -------- d-----w- c:\users\Jason\AppData\Roaming\ArcheAge
2011-12-12 09:42 . 2011-12-22 00:44 -------- d-----w- c:\program files\ArcheAge
2011-11-28 21:32 . 2011-12-04 04:04 -------- d-----w- c:\program files\Common Files\BioWare
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 11:25 . 2011-07-24 07:14 140072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-11-24 11:25 . 2011-07-24 07:15 280904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-11-24 11:25 . 2011-07-24 07:14 280904 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-11-24 11:01 . 2011-07-24 07:14 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-11-22 08:50 . 2011-07-24 07:14 138056 ----a-w- c:\users\Jason\AppData\Roaming\PnkBstrK.sys
2011-11-22 08:49 . 2011-07-24 07:14 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-11-03 09:23 . 2011-11-03 09:23 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-11-03 09:23 . 2011-11-03 09:23 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-10-29 03:02 . 2011-06-28 00:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-22 11:21 . 2011-10-22 11:21 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-10-15 08:53 . 2011-10-29 06:19 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-15 08:53 . 2011-10-29 06:19 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-15 08:53 . 2011-10-29 06:19 61248 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-15 08:53 . 2011-10-29 06:19 5578560 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-15 08:53 . 2011-10-29 06:19 2401088 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-15 08:53 . 2011-10-29 06:19 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-15 08:53 . 2011-10-29 06:19 18871616 ----a-w- c:\windows\system32\nvoglv32.dll
2011-10-15 08:53 . 2011-10-29 06:19 17248576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-15 08:53 . 2011-10-29 06:19 13205312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-10-15 08:53 . 2011-10-29 06:19 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-10-15 08:53 . 2011-05-26 18:43 7041856 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-10-15 08:53 . 2011-05-26 18:43 2458432 ----a-w- c:\windows\system32\nvapi.dll
2011-10-15 08:53 . 2011-04-08 03:45 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-15 08:53 . 2011-04-08 03:45 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-04-08 03:45 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-04-08 03:44 6350144 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-04-08 03:44 3840320 ----a-w- c:\windows\system32\nvsvc.dll
2011-10-15 08:53 . 2010-03-23 23:25 123712 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 05:54 . 2011-10-15 05:54 321856 ----a-w- c:\windows\system32\nvStreaming.exe
2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 11:21 . 2011-10-04 11:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-12-24 21:11 . 2011-05-26 18:33 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-23_16.37.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-24 03:16 . 2011-12-27 17:40 33786 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 04:55 . 2011-12-23 16:05 38622 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-12-27 17:40 38622 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-24 00:41 . 2011-12-27 17:40 13464 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2096996257-4211928804-478179605-1000_UserData.bin
- 2011-12-23 16:03 . 2011-12-23 16:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-27 17:37 . 2011-12-27 17:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-23 16:03 . 2011-12-23 16:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-27 17:37 . 2011-12-27 17:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:05 . 2011-12-23 16:10 660022 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2011-12-27 17:42 660022 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2011-12-27 17:42 120950 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2011-12-23 16:10 120950 c:\windows\System32\perfc009.dat
+ 2009-07-14 04:34 . 2011-12-24 21:23 108112 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:47 . 2011-12-23 16:02 395588 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2011-12-27 06:58 395588 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:03 . 2011-12-23 18:34 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:03 . 2011-12-25 18:16 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2011-05-26 18:48 . 2011-12-27 06:58 8671390 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2096996257-4211928804-478179605-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2011-09-25 1242448]
"Akamai NetSession Interface"="c:\users\Jason\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"RaidCall"="c:\program files\raidcall\raidcall.exe" [2011-08-05 2043904]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 18:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-01 685816]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-05-25 139368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-07 583680]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-24 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2011-10-14 745832]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 RTL8187B;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys [2009-11-05 376832]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\v6mpz0xy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2096996257-4211928804-478179605-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:76,ad,7f,1f,14,3a,86,82,85,53,0d,f9,9d,e3,b3,55,87,51,e5,05,58,0f,41,
a3,03,ee,bc,cf,a8,c6,dc,1c,4b,71,e4,4c,45,80,5c,80,d3,b1,06,01,69,7d,78,6f,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-2096996257-4211928804-478179605-1000\Software\SecuROM\License information*]
"datasecu"=hex:ca,ac,83,39,72,1f,b1,5e,44,eb,c4,34,80,d2,9a,e1,bd,41,0f,d0,63,
ad,8b,63,ac,9a,99,f7,d0,2b,79,cb,e9,4c,d7,1e,4e,bc,f4,89,42,b2,9b,9b,cf,99,\
"rkeysecu"=hex:82,3e,c6,2a,7a,c3,27,6c,bb,25,d7,23,89,24,e0,3a
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-27 12:03:14
ComboFix-quarantined-files.txt 2011-12-27 18:03
ComboFix2.txt 2011-12-23 16:41
.
Pre-Run: 57,285,824,512 bytes free
Post-Run: 57,222,041,600 bytes free
.
- - End Of File - - E43005EE28C31CC014FC3CC4D0C62A2F