ComboFix 12-09-23.03 - Domsfriend 24/09/2012 22:24:00.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.64.1033.18.4094.2642 [GMT 12:00]
Running from: c:\users\Domsfriend\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BrowserCompanion
c:\program files (x86)\BrowserCompanion\BCHelper.exe
c:\program files (x86)\BrowserCompanion\blabbers-ch.crx
c:\program files (x86)\BrowserCompanion\blabbers-ff-full.xpi
c:\program files (x86)\BrowserCompanion\jsloader.dll
c:\program files (x86)\BrowserCompanion\logo.ico
c:\program files (x86)\BrowserCompanion\sqlite3.dll
c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
c:\program files (x86)\BrowserCompanion\toolbar.dll
c:\program files (x86)\BrowserCompanion\uninstall.exe
c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll
c:\program files (x86)\BrowserCompanion\updater.ini
c:\program files (x86)\BrowserCompanion\widgetserv.exe
c:\users\Domsfriend\AppData\Roaming\fk1xxx.e2ts
.
.
((((((((((((((((((((((((( Files Created from 2012-08-24 to 2012-09-24 )))))))))))))))))))))))))))))))
.
.
2012-09-24 10:33 . 2012-09-24 10:33 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-24 10:33 . 2012-09-24 10:33 -------- d-----w- c:\users\hedev\AppData\Local\temp
2012-09-24 10:33 . 2012-09-24 10:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-24 09:10 . 2012-09-24 09:10 -------- d-----w- C:\$AVG
2012-09-24 08:47 . 2012-09-24 08:47 -------- d-----w- c:\users\Domsfriend\AppData\Roaming\AVG2012
2012-09-24 08:46 . 2012-09-24 08:46 -------- d-----w- c:\programdata\BROWSE~1
2012-09-24 08:43 . 2012-09-24 08:44 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-09-24 08:43 . 2012-09-24 08:43 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-09-24 08:43 . 2012-09-24 08:43 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-09-24 08:42 . 2012-09-24 08:49 -------- d-----w- c:\programdata\AVG2012
2012-09-24 08:42 . 2012-09-24 08:42 -------- d-----w- c:\windows\system32\drivers\AVG
2012-09-24 08:41 . 2012-09-24 08:41 -------- d-----w- c:\program files (x86)\AVG
2012-09-24 07:07 . 2012-09-24 07:07 -------- d-----w- c:\users\Domsfriend\AppData\Local\CRE
2012-09-24 07:06 . 2012-09-24 09:04 -------- d-----w- c:\program files (x86)\uTorrent
2012-09-23 09:34 . 2012-09-24 08:47 -------- d-----w- c:\programdata\MFAData
2012-09-23 09:34 . 2012-09-23 09:34 -------- d--h--w- c:\programdata\Common Files
2012-09-23 09:34 . 2012-09-23 09:34 -------- d-----w- c:\users\Domsfriend\AppData\Local\MFAData
2012-09-23 09:34 . 2012-09-23 09:34 -------- d-----w- c:\users\Domsfriend\AppData\Local\Avg2013
2012-09-23 09:16 . 2012-09-24 09:04 -------- d-----w- c:\program files\AVAST Software
2012-09-23 02:25 . 2010-07-21 11:08 1864192 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-09-23 01:49 . 2012-09-23 01:50 -------- d-----w- C:\Desktop
2012-09-23 01:19 . 2012-09-23 01:19 -------- d-----w- c:\users\Domsfriend\AppData\Roaming\Rainmeter
2012-09-23 01:19 . 2012-09-24 04:13 -------- d-----w- c:\program files\Rainmeter
2012-09-20 20:11 . 2012-09-20 20:12 -------- d-----w- c:\program files (x86)\Tunngle
2012-09-17 12:06 . 2012-09-17 12:06 -------- d-----w- c:\users\Domsfriend\AppData\Local\eSupport.com
2012-09-17 12:06 . 2012-09-17 12:06 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2012-09-17 11:50 . 2012-09-17 11:50 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-17 11:49 . 2012-09-17 11:49 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-17 06:47 . 2012-09-17 06:47 -------- d-----w- c:\users\Domsfriend\AppData\Roaming\Fatshark
2012-09-16 23:38 . 2012-09-16 23:44 -------- d-----w- c:\program files (x86)\Mount&Blade With Fire and Sword
2012-09-16 12:34 . 2012-09-16 12:34 -------- d-----w- c:\users\Domsfriend\AppData\Local\Macromedia
2012-09-15 22:39 . 2012-09-24 10:45 -------- d-----w- c:\users\Domsfriend\AppData\Roaming\uTorrent
2012-09-08 08:13 . 2012-09-08 08:13 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-09-08 04:25 . 2012-09-23 03:08 -------- d-----w- c:\users\Domsfriend\AppData\Roaming\Skype
2012-09-08 04:25 . 2012-09-08 04:25 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-08 04:25 . 2012-09-08 04:29 -------- d-----r- c:\program files (x86)\Skype
2012-09-08 04:25 . 2012-09-08 04:29 -------- d-----w- c:\programdata\Skype
2012-09-07 10:23 . 2012-09-07 10:27 -------- d-----w- c:\users\Domsfriend\AppData\Local\Facebook
2012-09-01 06:34 . 2012-09-07 03:37 -------- d-----w- c:\windows\W7SBC
2012-09-01 06:34 . 2011-12-25 11:04 2388992 ----a-w- c:\windows\explorer_edit_w7sbc.exe
2012-09-01 06:34 . 2011-12-25 11:04 2388992 ----a-w- c:\windows\explorer_backup_w7sbc.exe
2012-09-01 06:28 . 2009-07-14 01:16 2755072 ----a-w- c:\windows\SysWow64\themeui.dll.backup
2012-09-01 06:28 . 2009-12-31 05:22 1842688 ----a-w- c:\windows\system32\ExplorerFrame_backup_wti.dll
2012-09-01 06:28 . 2009-12-31 04:39 15181312 ----a-w- c:\windows\system32\shell32_backup_wti.dll
2012-09-01 06:28 . 2009-07-14 01:11 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll.backup
2012-09-01 06:28 . 2010-11-21 03:24 898560 ----a-w- c:\windows\system32\OobeFldr_backup_wti.dll
2012-09-01 06:28 . 2009-12-31 05:18 3208192 ----a-w- c:\windows\explorer_backup_wti.exe
2012-09-01 06:28 . 2012-09-05 04:18 151608 ----a-w- c:\windows\UTP.exe
2012-09-01 06:16 . 2012-09-08 03:26 -------- d-----w- c:\program files\Theme Resource Changer
2012-08-31 10:06 . 2012-09-05 05:17 -------- d-----w- c:\program files (x86)\HUD RED
2012-08-31 09:47 . 2012-09-07 03:37 -------- d-----w- c:\users\Domsfriend\AppData\Local\Korbin_Bickel
2012-08-31 09:47 . 2012-09-05 05:17 -------- d-----w- c:\program files (x86)\Theme Manager
2012-08-31 09:40 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup
2012-08-31 09:40 . 2009-07-14 01:41 2851328 ----a-w- c:\windows\system32\themeui.dll.backup
2012-08-31 09:40 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup
2012-08-31 00:32 . 2012-08-31 00:32 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-08-27 06:55 . 2012-08-27 06:55 -------- d-----w- c:\users\Domsfriend\AppData\Local\NBGI
2012-08-25 22:56 . 2012-09-11 10:50 -------- d-----w- c:\program files (x86)\PrivitizeVPN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-23 09:56 . 2011-04-22 08:49 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-09-23 09:56 . 2011-03-01 03:36 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-09-22 13:21 . 2011-03-01 03:36 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-09-22 09:44 . 2011-03-01 03:36 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-09-21 12:05 . 2012-04-07 21:33 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 12:05 . 2011-06-24 03:49 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-17 11:49 . 2011-04-12 07:09 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-01 06:28 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\SysWow64\themeui.dll
2012-09-01 06:28 . 2009-07-13 23:39 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll
2012-08-31 09:40 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2012-08-31 09:40 . 2009-07-13 23:54 2851328 ----a-w- c:\windows\system32\themeui.dll
2012-08-31 09:40 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2012-08-21 09:12 . 2011-02-15 00:29 41224 ------w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-02-15 00:29 227648 ------w- c:\windows\SysWow64\aswBoot.exe
2012-07-18 04:38 . 2012-07-18 04:37 2048 ----a-w- c:\windows\SysWow64\winver.exe
2012-07-18 04:38 . 2012-07-18 04:37 833024 ----a-w- c:\windows\SysWow64\user32.dll
2012-07-18 04:37 . 2012-07-18 04:37 410624 ----a-w- c:\windows\SysWow64\systemcpl.dll
2012-07-18 04:37 . 2012-07-18 04:37 1536 ----a-w- c:\windows\SysWow64\sppcomapi.dll
2012-07-18 04:37 . 2012-07-18 04:37 113543 ----a-w- c:\windows\SysWow64\slmgr.vbs
2012-07-18 04:37 . 2012-07-18 04:37 113543 ----a-w- c:\windows\system32\slmgr.vbs
2012-06-28 08:23 . 2012-06-01 23:47 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-29 08:31 . 2012-05-29 08:30 3993600 ----a-w- c:\program files (x86)\GUT7D7E.tmp
2012-04-04 08:24 . 2012-05-15 19:12 11986 ----a-w- c:\program files (x86)\layout.bin
2012-04-04 08:21 . 2012-05-15 19:12 587200 ----a-w- c:\program files (x86)\ISSetup.dll
2012-04-03 05:58 . 2012-05-15 19:12 3146312 ----a-w- c:\program files (x86)\pbsvc_blr.exe
2012-02-22 11:12 . 2012-05-15 19:12 8525240 ----a-w- c:\program files (x86)\Blacklight Retribution.exe
2012-02-20 06:59 . 2012-05-15 19:12 125892 ----a-w- c:\program files (x86)\config.bin
2011-09-21 03:42 . 2012-05-15 19:12 4216840 ----a-w- c:\program files (x86)\vcredist_x86.exe
2011-03-29 23:40 . 2012-05-15 19:12 517976 ----a-w- c:\program files (x86)\DXSETUP.exe
2011-03-29 23:40 . 2012-05-15 19:12 95576 ----a-w- c:\program files (x86)\DSETUP.dll
2011-03-29 23:40 . 2012-05-15 19:12 1566040 ----a-w- c:\program files (x86)\dsetup32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2011-10-22 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2012-07-18 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-24 08:43 1451336 ----a-w- c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2012-09-24 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
"Dxtory Update Checker 2.0"="c:\program files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696]
"Facebook Update"="c:\users\Domsfriend\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-07 138096]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-09-24 1022352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-02-10 2770432]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-08-18 2387296]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-09-24 218440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-09-17 21712]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-29 31800]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-07-19 738152]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-26 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-10 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-07-10 37456]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-07-10 282704]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-08-07 46672]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-07-10 375376]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-10 254528]
S1 ndistgb;TheGreenBow NDIS filter driver;c:\windows\system32\DRIVERS\ndistgb.sys [2011-07-22 28728]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-08-15 5264736]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-01 192776]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-14 382272]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 TgbIke Starter;TgbIke Starter;c:\windows\System32\tgbstarter.exe [2009-11-20 162872]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2012-09-24 246600]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-10 120400]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-10 29776]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-15 31232]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-01-11 1290752]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TgbIpSec
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 12:05]
.
2012-09-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000Core.job
- c:\users\Domsfriend\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-07 10:30]
.
2012-09-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000UA.job
- c:\users\Domsfriend\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-07 10:30]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000Core.job
- c:\users\Domsfriend\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29 08:32]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000UA.job
- c:\users\Domsfriend\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29 08:32]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{E0A255E7-D6BA-4087-BABB-906270D77759}: NameServer = 208.67.222.222
TCP: Interfaces\{E0A255E7-D6BA-4087-BABB-906270D77759}\2545141303235375D2839313336373: NameServer = 208.67.222.222
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Domsfriend\AppData\Roaming\Mozilla\Firefox\Profiles\ubkywt8p.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage -
hxxp://search.babylon.com/?affID=114733 ... 7f74f75f77FF - prefs.js: keyword.URL -
hxxp://search.babylon.com/?affID=114733 ... 4f75f77&q=FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl -
hxxp://search.babylon.com/?babsrc=TB_de ... 4f75f77&q=FF - user.js: extensions.BabylonToolbar.id - 809c75b4000000000000687f74f75f77
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15601
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1210:44
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=114733&tt=120912_ccp_3812_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Browser companion helper - c:\program files (x86)\BrowserCompanion\BCHelper.exe
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-XboxStat - c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe
SharedTaskScheduler-{F791A188-699D-4FD4-955A-EB59E89B1907} - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
AddRemove-dips64 - c:\program files\DIPS64\uninstall.exe
AddRemove-FFOLKES 2142 Unlocks mod v1.01 - c:\program files\Uninstall_Unlocks_v1.01_mod.exe
AddRemove-Game Booster_is1 - c:\program files (x86)\IObit\Game Booster\unins000.exe
AddRemove-Minecraft Beta Cracked - c:\users\Domsfriend\AppData\Roaming\.minecraft\Uninstall.exe
AddRemove-{C8B4A547-DE2B-4424-8819-09724C15EAA6}_is1 - c:\program files (x86)\Facebook Hack Automator\unins000.exe
AddRemove-{EE74D039-45D7-44E9-BF95-B9CFB015964F_P1}_is1 - c:\program files (x86)\JoWooD Entertainment AG\ArcaniA - Gothic 4\unins000.exe
AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5b,fc,5f,4d,39,8f,68,a1,10,ec,50,37,81,c9,c0,ff,37,2b,cc,b4,39,25,63,
88,9a,b2,17,87,f0,2e,9c,b6,88,43,90,25,97,c4,e6,40,35,f4,ae,65,e3,bd,ee,40,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SecuROM\License information*]
"datasecu"=hex:06,8a,17,cd,f3,04,b0,68,36,2f,0e,f4,22,ac,50,d7,39,23,c4,f4,cf,
af,17,53,10,47,4c,13,71,2e,f8,78,b3,83,5b,0b,01,b5,e7,bf,6a,f2,c9,52,ae,be,\
"rkeysecu"=hex:73,31,53,0f,e6,ec,2d,a4,01,52,14,dc,c8,e9,ca,87
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\folding@homecpu\1\Fah.exe
c:\folding@homecpu\2\Fah.exe
c:\folding@homecpu\3\Fah.exe
c:\folding@homecpu\4\Fah.exe
c:\folding@homecpu\4\FahCore_a4.exe
c:\folding@homecpu\2\FahCore_a4.exe
c:\folding@homecpu\1\FahCore_a4.exe
c:\folding@homecpu\3\FahCore_a4.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
.
**************************************************************************
.
Completion time: 2012-09-24 22:50:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-24 10:50
.
Pre-Run: 361,824,296,960 bytes free
Post-Run: 361,865,105,408 bytes free
.
- - End Of File - - 78B1354EAC42BA54A0B962B8DE766BCB