Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 179 views

    Combofix 1

    Uploaded by

    Nur Faizah Azizan
    This document provides a summary of files, registry keys, and services on a Windows 7 system. It lists recently created files, startup programs, third-party applications installed, and drivers and services loaded on startup. The system has Avira antivirus installed and is a Sony VAIO laptop.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd

    Combofix 1

    Uploaded by

    Nur Faizah Azizan
    179 views10 pages
    This document provides a summary of files, registry keys, and services on a Windows 7 system. It lists recently created files, startup programs, third-party applications installed, and drivers and services loaded on startup. The system has Avira antivirus installed and is a Sony VAIO laptop.

    Original Description:

    .....

    Original Title

    combofix1

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document provides a summary of files, registry keys, and services on a Windows 7 system. It lists recently created files, startup programs, third-party applications installed, and drivers and services loaded on startup. The system has Avira antivirus installed and is a Sony VAIO laptop.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Download as txt, pdf, or txt
    179 views10 pages

    Combofix 1

    Uploaded by

    Nur Faizah Azizan
    This document provides a summary of files, registry keys, and services on a Windows 7 system. It lists recently created files, startup programs, third-party applications installed, and drivers and services loaded on startup. The system has Avira antivirus installed and is a Sony VAIO laptop.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Download as txt, pdf, or txt
    You are on page 1of 10

    ComboFix 14-01-13.01 - pae 13/01/2014 23:54:05.3.

    4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.60.1033.18.1782.623 [GMT 8:00
    ]
    Running from: c:\users\pae\Documents\Downloads\Programs\ComboFix.exe
    AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-12-13 to 2014-01-13 )))))))
    ))))))))))))))))))))))))
    .
    .
    2014-01-13 16:06 . 2014-01-13 16:06
    -------d-----wc:\users
    \Default\AppData\Local\temp
    2014-01-13 15:44 . 2014-01-13 15:44
    75888 ----a-wc:\programdata\M
    icrosoft\Windows Defender\Definition Updates\{52E1D2F8-1048-44D8-8BB8-F5F5083AA9
    36}\offreg.dll
    2014-01-13 15:33 . 2013-12-15 17:54
    10315576
    ----a-wc:\progr
    amdata\Microsoft\Windows Defender\Definition Updates\{52E1D2F8-1048-44D8-8BB8-F5
    F5083AA936}\mpengine.dll
    2014-01-13 15:33 . 2013-11-26 04:25
    267936 ------wc:\windows\syste
    m32\MpSigStub.exe
    2013-12-23 14:06 . 2013-08-26 19:10
    87579 --sha-wc:\users\pae\App
    Data\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\foxavoatcu..vbs
    2013-12-23 14:06 . 2013-08-26 19:10
    87579 ----a-wc:\programdata\f
    oxavoatcu..vbs
    2013-12-23 13:13 . 2013-12-23 13:13
    -------d-----wc:\progr
    am files\HP
    2013-12-18 12:49 . 2013-12-18 12:49
    -------d-----wc:\users
    \pae\AppData\Local\Mendeley Ltd
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    2013-12-16 11:34 . 2010-12-06 06:38
    90708896
    ----a-wc:\windo
    ws\system32\MRT.exe
    2013-12-06 07:04 . 2013-11-20 23:25
    107416 ----a-wc:\windows\syste
    m32\drivers\avgntflt.sys
    2013-11-27 15:58 . 2013-11-20 23:32
    83160 ----a-wc:\windows\syste
    m32\drivers\avnetflt.sys
    2013-11-27 15:58 . 2013-11-20 23:25
    28600 ----a-wc:\windows\syste
    m32\drivers\avkmgr.sys
    2013-11-27 15:58 . 2013-11-20 23:25
    132600 ----a-wc:\windows\syste
    m32\drivers\avipbb.sys
    2013-10-18 11:27 . 2013-10-18 11:27
    163504 ----a-wc:\programdata\M
    icrosoft\Windows\Sqm\Manifest\Sqm10145.bin
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06
    -4e33-a59a-90c2c140cba0}]

    2009-11-25 04:47
    297808 ----a-wc:\windows\System32\mscoree.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-0601 5252408]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
    "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-09-15
    3425688]
    "NokiaPCInternetAccess"="c:\program files (x86)\Nokia\PC Internet Access\NPCIA.e
    xe" [2009-09-17 663552]
    "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-07-15 1564016
    ]
    "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR
    .exe" [2013-07-15 844656]
    "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATII2E
    .EXE" [2012-02-27 283232]
    "Browser Infrastructure Helper"="c:\users\pae\AppData\Local\Smartbar\Application
    \SnapDo.exe" [2013-10-31 21536]
    "foxavoatcu"="wscript.exe" [2009-07-14 141824]
    "EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATII2E
    .EXE" [2012-02-27 283232]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAS
    torIcon.exe" [2010-03-04 284696]
    "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOB
    uClient.exe" [2010-06-01 1155928]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Re
    ader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [20
    11-03-30 937920]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
    " [2007-05-08 54840]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.
    exe" [2009-02-26 30040]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusch
    ed.exe" [2011-06-09 254696]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [201207-08 296096]
    "MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\Mob
    ileConnect.exe" [2008-11-04 2087424]
    "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManag
    er.exe" [2012-04-02 1058912]
    "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-07
    -15 311152]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-11-27 683
    576]
    .
    c:\users\pae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    foxavoatcu..vbs [2013-8-27 87579]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9
    1128224]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\h
    pqtra08.exe [2009-5-21 275768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="userinit.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-di
    sabled]
    "PMBVolumeWatcher"=c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c
    :\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft
    .NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Int
    el\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)
    \Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:
    \program files (x86)\Skype\Updater\Updater.exe [x]
    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:
    \windows\SYSNATIVE\drivers\btwampfl.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\
    windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DR
    IVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
    R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfil
    ter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows V
    ista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVER
    S\netw5v64.sys [x]
    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\
    Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\S
    OHLib\SOHCImp.exe [x]
    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Fil
    es\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared
    \SOHLib\SOHDms.exe [x]
    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Son
    y Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib
    \SOHDs.exe [x]
    R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\So
    ny Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Comm
    on Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNAT
    IVE\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNAT
    IVE\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\S
    YSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\
    DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
    R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Sha
    red\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Son
    y Shared\VAIO Content Folder Watcher\VCFw.exe [x]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program fil
    es\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\V
    CM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\progra
    m files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program fi

    les\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]


    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Fi
    les\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony S
    hared\VcmXml\VcmXmlIfHelper64.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\W
    atAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys;c:\
    windows\SYSNATIVE\DRIVERS\ZTEusbnet.sys [x]
    R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys;c:\win
    dows\SYSNATIVE\DRIVERS\ZTEusbvoice.sys [x]
    R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir D
    esktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x
    ]
    R4 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care
    \VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRI
    VERS\avkmgr.sys [x]
    S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir
    Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
    S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\E
    PW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.E
    XE [x]
    S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\window
    s\SYSNATIVE\EscSvc64.exe [x]
    S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh
    _GirafficWatchdog.exe;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
    [x]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRI
    VERS\idmwfp.sys [x]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITE
    AD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backu
    p\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOB
    uAgent.exe SERVICE [x]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\P
    MBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.e
    xe [x]
    S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects
    2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMo
    nitor.exe [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\p
    rogram files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\pr
    ogram files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vo
    dafone Mobile Connect\Bin\VMCService.exe;c:\program files (x86)\Vodafone\Vodafon
    e Mobile Connect\Bin\VMCService.exe [x]
    S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe
    ;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\Ar
    cSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windo
    ws\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI
    x64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVER
    S\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\w
    indows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;
    c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.s

    ys [x]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\Rt
    sUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\w
    indows\SYSNATIVE\DRIVERS\SFEP.sys [x]
    S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program file
    s\Sony\VAIO Update\VUAgent.exe [x]
    .
    .
    --- Other Services/Drivers In Memory --.
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svc
    host]
    hpdevmgmt
    REG_MULTI_SZ
    hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-01-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2385676379-66702135-3
    236774627-1000Core.job
    - c:\users\pae\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-06 13:2
    2]
    .
    2014-01-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2385676379-66702135-3
    236774627-1000UA.job
    - c:\users\pae\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-06 13:2
    2]
    .
    2014-01-13 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files (x86)\Glary Utilities\initialize.exe [2010-12-16 02:47]
    .
    2014-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2385676379-66702135-323
    6774627-1000Core.job
    - c:\users\pae\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-04 05:56]
    .
    2014-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2385676379-66702135-323
    6774627-1000UA.job
    - c:\users\pae\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-04 05:56]
    .
    .
    --------- X64 Entries ----------.
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
    overlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2011-05-30 16:50
    22408 ----a-wc:\program files (x86)\Internet
    Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-11 1092055
    2]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-02 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-02 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-02 414744]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    .
    ------- Supplementary Scan -------

    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&c
    o=MY&userid=ea2f3a84-1d7f-9061-1041-64e8cf52b330&searchtype=hp&installDate={inst
    allDate}
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMo
    nYB&co=MY&userid=ea2f3a84-1d7f-9061-1041-64e8cf52b330&searchtype=ds&q={searchTer
    ms}&installDate={installDate}
    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manag
    er\IEGetAll.htm
    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.h
    tm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
    TCP: DhcpNameServer = 192.168.42.129
    FF - ProfilePath - c:\users\pae\AppData\Roaming\Mozilla\Firefox\Profiles\88wyj22
    r.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.
    aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://feed.snapdo.com/?publisher=Snap
    doEMonYB&dpid=SnapdoEMonYB&co=MY&userid=ea2f3a84-1d7f-9061-1041-64e8cf52b330&sea
    rchtype=hp&installDate=08/12/2013
    FF - prefs.js: browser.search.selectedEngine - Web Search
    FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid
    =SnapdoEMonYB&co=MY&userid=ea2f3a84-1d7f-9061-1041-64e8cf52b330&searchtype=ds&in
    stallDate=08/12/2013&q=
    FF - ExtSQL: !HIDDEN! 2011-01-02 19:03; smartwebprinting@hp.com; c:\program file
    s (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\"
    \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \
    "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Di
    sk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandc
    ounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Proce
    ssor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandco
    unter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \
    "/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS --------------------.
    [HKEY_USERS\S-1-5-21-2385676379-66702135-3236774627-1000_Classes\Wow6432Node\CLS
    ID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):73,69,72,e3,43,71,0f,ee,fc,66,db,c5,ff,8f,f6,57,9c,32,80,a2,0f,
    d8,a5,8a,31,3a,5f,81,db,80,d3,7f,b1,40,87,0e,32,4a,02,31,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-2385676379-66702135-3236774627-1000_Classes\Wow6432Node\CLS
    ID\{c716f9cb-2e0f-4fd3-a38a-dff68226780e}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:000000f4
    "Therad"=dword:0000001e
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,e1,8b,3c,e5,bb,8a,9d,df,6f,7a,aa,5b,0d,d4,2e,16,ba,85,7f,87,5f,41,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-

    872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX
    .exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"

    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B
    22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B
    22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B
    22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0008\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0009\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0010\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0011\AllUserSettings]
    @Denied: (A) (Users)

    @Denied: (A) (Everyone)


    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0012\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0013\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-01-14 00:11:28
    ComboFix-quarantined-files.txt 2014-01-13 16:11
    ComboFix2.txt 2014-01-13 14:49
    ComboFix3.txt 2014-01-12 17:50
    .
    Pre-Run: 102,844,616,704 bytes free
    Post-Run: 102,425,116,672 bytes free
    .
    - - End Of File - - EE261F2C3CADBD90B3EFBA02B741EFC1

    You might also like