COMBOFIX LOG
ComboFix 12-12-20.02 - Austin 0/2012 Thu 16:02:24.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.932.81.1033.18.8191.6367 [GMT -5:00]
Running from: c:\users\Austin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SecureW2
c:\program files (x86)\SecureW2\sw2_rsaproxy.exe
c:\program files (x86)\SecureW2\sw2_tray.exe
c:\program files (x86)\SecureW2\Uninstall.exe
c:\users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
.
.
((((((((((((((((((((((((( Files Created from 2012-11-20 to 2012-12-20 )))))))))))))))))))))))))))))))
.
.
2012-12-20 21:10 . 2012-12-20 21:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-20 21:10 . 2012-12-20 21:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-20 20:32 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02EA4826-A5B3-423A-9233-E92F51821882}\mpengine.dll
2012-12-02 08:16 . 2012-11-16 14:11 132992 ----a-w- c:\windows\system32\PuranDefragBT.exe
2012-12-02 08:16 . 2012-08-13 22:27 1366912 ----a-w- c:\windows\system32\PuranFD.exe
2012-12-02 08:16 . 2012-08-13 22:27 292736 ----a-w- c:\windows\system32\PuranDefragS.exe
2012-12-02 08:16 . 2012-08-13 22:27 287616 ----a-w- c:\windows\system32\PuranDC.exe
2012-12-02 08:16 . 2012-08-13 22:13 256896 ----a-w- c:\windows\system32\PuranDefrag.dll
2012-12-02 08:16 . 2012-12-17 22:19 -------- d-----w- c:\program files\Puran Defrag
2012-11-28 18:05 . 2012-11-28 18:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4F59602-8B2A-425F-B1BE-F52905D61437}\gapaengine.dll
2012-11-27 21:37 . 2012-11-27 21:37 -------- d-sh--w- c:\programdata\SecuROM
2012-11-27 21:36 . 2012-11-27 21:37 -------- d-----w- c:\users\Austin\AppData\Local\Rockstar Games
2012-11-27 21:36 . 2012-11-27 21:36 -------- d--h--r- c:\users\Austin\AppData\Roaming\SecuROM
2012-11-27 21:36 . 2012-11-27 21:36 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-11-27 21:35 . 2012-11-27 21:35 -------- d-----w- c:\windows\SysWow64\xlive
2012-11-27 21:35 . 2012-11-27 21:36 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-11-27 18:02 . 2012-11-27 18:02 -------- d-----w- c:\programdata\Kaspersky Lab
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 17:54 . 2012-11-09 04:11 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-12-13 06:51 . 2011-10-27 20:18 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-11-27 22:55 . 2009-08-18 17:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-11-27 22:55 . 2009-08-18 16:24 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-11-08 17:24 . 2011-10-27 21:08 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-19 00:18 . 2012-10-19 00:18 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-19 00:18 . 2011-10-28 03:51 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-16 08:38 . 2012-11-28 00:09 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 00:09 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 00:09 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 16:26 . 2012-10-07 16:46 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-15 16:26 . 2011-10-27 22:12 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 18:17 . 2012-11-14 17:33 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 17:33 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 17:33 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 17:33 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-13 04:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-14 17:32 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 17:32 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 17:32 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 17:32 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 17:32 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 17:32 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 17:32 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 17:32 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 17:32 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 17:32 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 17:32 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 22:21 . 2012-10-25 03:56 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-02 22:21 . 2012-10-25 03:56 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-02 22:21 . 2012-10-25 03:56 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-02 22:21 . 2011-11-02 18:59 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-09-30 00:54 . 2012-11-09 17:38 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 22:47 . 2012-11-14 17:32 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 17:32 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-25 22:09 . 2012-09-25 22:09 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-09-25 22:09 . 2012-09-25 22:09 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-09-25 22:09 . 2012-09-25 22:09 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-09-25 22:09 . 2012-09-25 22:09 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"puush"="c:\program files (x86)\puush\puush.exe" [2012-04-16 565480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"VIAJDS"="c:\program files (x86)\VIA\VIAudioi\HDADeck\VIAJDS.exe" [2012-02-22 465008]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\HDADeck\HDeck.exe" [2012-02-22 41122416]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
.
c:\users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
_uninst_67280554.lnk - c:\users\Austin\AppData\Local\Temp\_uninst_67280554.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Utility.lnk - c:\program files (x86)\Edimax\Common\RaUI.exe [2012-8-21 1642496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 67280554;67280554;c:\windows\system32\DRIVERS\67280554.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AMBFilt64;AMBFilt64;c:\windows\system32\drivers\AMBFt64.sys [2009-06-30 1797120]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2009-10-21 31744]
R3 AthDfu;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2009-07-25 47616]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2009-10-23 329728]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2009-10-22 240128]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2009-10-21 126976]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2009-10-22 57344]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 MonFilt64;MonFilt64;c:\windows\system32\drivers\MonFt64.sys [2008-12-02 1854976]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-11-04 146736]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-27 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2009-06-18 14136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [2012-02-18 88688]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S2 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2012-08-13 292736]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Edimax\Common\RaRegistry64.exe [2009-12-16 212256]
S2 UCManSvc;UCManSvc;c:\program files (x86)\SoftDenchi\UCManSvc.exe [2010-03-12 241808]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-13 24168]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-13 30568]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2009-10-20 25088]
S3 LVUVC64;Logitech Webcam C260(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-02-18 2709104]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 93799512
*NewlyCreated* - 97941946
*Deregistered* - 93799512
*Deregistered* - 97941946
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-20 19:11]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-20 19:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AtherosBtStack"="c:\program files (x86)\ASUS Bluetooth Suite\BtvStack.exe" [2009-10-28 388608]
"PuranADT"="c:\program files\Puran Defrag\PuranADT.exe" [2012-08-13 443776]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\
FF - prefs.js: browser.startup.homepage - hxxp://boards.4chan.org/a/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-30 14:18; {455D905A-D37C-4643-A9E2-F6FEFAA0424A}; c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi
FF - ExtSQL: 2012-12-11 19:36; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-SecureW2 Tray - c:\program files (x86)\SecureW2\sw2_tray.exe
SafeBoot-93799512.sys
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-SecureW2 Enterprise Client - c:\program files (x86)\SecureW2\Uninstall.exe
AddRemove-majikoi - c:\games\Maji de Watashi ni Koishinasai!\Installation\マジこい!\Uninstall.exe
AddRemove-Yume Nikki 0.10 English - c:\games\Yume Nikki\Uninstal.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2986374816-1560656078-681941709-1000\Software\SecuROM\License information*]
"datasecu"=hex:35,ee,20,23,fb,b3,09,7b,10,1d,9f,45,16,ec,21,f6,b8,f8,6c,2f,f4,
aa,2c,7b,76,51,59,b4,62,e3,39,0c,37,7a,74,41,83,06,ef,43,0b,dd,52,fe,66,62,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-20 16:12:44
ComboFix-quarantined-files.txt 2012-12-20 21:12
.
Pre-Run: 160,501,231,616 bytes free
Post-Run: 160,006,328,320 bytes free
.
- - End Of File - - 0541BA46B4B5C3F1283E40572695CC14