ComboFix 11-11-12.04 - Anh 12/11/2011 20:06:04.5.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3950.2684 [GMT -5:00] Running from: c:\users\Anh\Desktop\ComboFix.exe Command switches used :: c:\users\Anh\Desktop\cfscript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_SZKG5 -------\Service_szkg5 . . ((((((((((((((((((((((((( Files Created from 2011-10-13 to 2011-11-13 ))))))))))))))))))))))))))))))) . . 2011-11-13 01:10 . 2011-11-13 01:10 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-11-13 01:10 . 2011-11-13 01:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-13 01:10 . 2011-11-13 01:10 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2011-11-07 21:35 . 2011-09-06 21:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-07 21:35 . 2011-09-06 21:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-07 21:35 . 2011-09-06 21:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-07 21:35 . 2011-09-06 21:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-07 21:35 . 2011-09-06 21:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-07 21:35 . 2011-09-06 21:45 254400 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-07 21:35 . 2011-09-06 21:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-11-07 21:34 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr 2011-11-07 21:34 . 2011-09-06 21:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-11-07 21:34 . 2011-11-07 21:34 -------- d-----w- c:\programdata\AVAST Software 2011-11-07 21:34 . 2011-11-07 21:34 -------- d-----w- c:\program files\AVAST Software 2011-11-07 21:28 . 2011-11-07 21:28 -------- d-----w- C:\_OTL 2011-11-07 01:43 . 2011-11-07 01:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-11-06 23:14 . 2011-09-01 05:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-11-06 23:14 . 2011-09-01 02:22 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-11-06 23:14 . 2011-09-01 05:35 174368 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2011-11-06 23:14 . 2011-09-01 02:41 141088 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll 2011-11-06 23:12 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys 2011-11-06 23:12 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll 2011-11-06 23:12 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax 2011-11-06 23:12 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2011-11-06 23:12 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2011-11-06 23:12 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-11-06 23:12 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-11-06 23:12 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-11-06 23:12 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-11-06 23:01 . 2011-11-06 23:01 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-11-06 20:58 . 2011-11-06 22:59 -------- d-----w- c:\programdata\STOPzilla! 2011-11-06 20:40 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31D3B26E-4264-4BD2-A836-6523604A6581}\mpengine.dll 2011-11-06 20:30 . 2011-11-06 20:30 -------- d-----w- c:\windows\Sun 2011-10-22 12:10 . 2011-10-22 12:10 -------- d-----w- c:\program files (x86)\Application Updater 2011-10-22 12:10 . 2011-10-22 12:10 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar 2011-10-22 12:10 . 2011-10-22 12:10 -------- d-----w- c:\program files (x86)\Common Files\Spigot . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-13 01:14 . 2011-11-13 01:14 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31D3B26E-4264-4BD2-A836-6523604A6581}\offreg.dll 2011-10-04 04:23 . 2011-10-04 04:23 485576 ----a-w- c:\users\Anh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe 2011-10-03 10:06 . 2010-05-03 12:25 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-09-16 18:58 . 2011-09-16 18:58 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-09-16 18:58 . 2011-09-16 18:58 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-09-16 18:58 . 2011-09-16 18:58 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-09-16 18:58 . 2011-09-16 18:58 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-09-16 18:58 . 2011-09-16 18:58 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-09-16 18:58 . 2011-09-16 18:58 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-09-16 18:58 . 2011-09-16 18:58 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-09-16 18:58 . 2011-09-16 18:58 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-09-16 18:58 . 2011-09-16 18:58 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-09-16 18:58 . 2011-09-16 18:58 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-09-16 18:58 . 2011-09-16 18:58 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-09-16 18:58 . 2011-09-16 18:58 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-09-16 18:58 . 2011-09-16 18:58 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-09-16 18:58 . 2011-09-16 18:58 448512 ----a-w- c:\windows\system32\html.iec 2011-09-16 18:58 . 2011-09-16 18:58 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-09-16 18:58 . 2011-09-16 18:58 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-09-16 18:58 . 2011-09-16 18:58 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-09-16 18:58 . 2011-09-16 18:58 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-09-16 18:58 . 2011-09-16 18:58 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-09-16 18:58 . 2011-09-16 18:58 222208 ----a-w- c:\windows\system32\msls31.dll 2011-09-16 18:58 . 2011-09-16 18:58 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-09-16 18:58 . 2011-09-16 18:58 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-09-16 18:58 . 2011-09-16 18:58 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-09-16 18:58 . 2011-09-16 18:58 160256 ----a-w- c:\windows\system32\wextract.exe 2011-09-16 18:58 . 2011-09-16 18:58 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-09-16 18:58 . 2011-09-16 18:58 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-09-16 18:58 . 2011-09-16 18:58 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-09-16 18:58 . 2011-09-16 18:58 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-09-16 18:58 . 2011-09-16 18:58 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-09-16 18:58 . 2011-09-16 18:58 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-09-16 18:58 . 2011-09-16 18:58 12288 ----a-w- c:\windows\system32\mshta.exe 2011-09-16 18:58 . 2011-09-16 18:58 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-09-16 18:58 . 2011-09-16 18:58 114176 ----a-w- c:\windows\system32\admparse.dll 2011-09-16 18:58 . 2011-09-16 18:58 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-09-16 18:58 . 2011-09-16 18:58 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-09-16 18:58 . 2011-09-16 18:58 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-08-31 22:00 . 2011-08-03 19:49 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-21 23:09 . 2011-08-03 21:01 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-08-20 20:11 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-08-20 20:11 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-08-16 18:26 . 2011-08-16 18:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((( SnapShot_2011-11-12_17.33.03 ))))))))))))))))))))))))))))))))))))))))) . + 2009-12-25 20:24 . 2011-11-12 21:55 58390 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-11-12 21:55 37372 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-05-01 01:51 . 2011-11-12 21:55 19424 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3079230850-313331458-1004908580-1001_UserData.bin + 2010-05-06 05:22 . 2011-11-12 17:40 3436 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2011-11-12 17:32 . 2011-11-12 17:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-13 01:11 . 2011-11-13 01:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-11-12 17:32 . 2011-11-12 17:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-11-13 01:11 . 2011-11-13 01:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 04:54 . 2011-11-13 01:12 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-11-12 17:33 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-05-01 06:17 . 2011-11-13 01:01 277398 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 05:01 . 2011-11-13 01:11 415640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2011-11-12 17:31 415640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-05-07 19:40 . 2011-11-13 01:11 596552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3079230850-313331458-1004908580-1001-8192.dat - 2010-05-07 19:40 . 2011-11-12 17:31 596552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3079230850-313331458-1004908580-1001-8192.dat - 2009-07-14 04:54 . 2011-11-12 17:33 5095424 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-11-13 01:12 5095424 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-11-12 17:33 3538944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-11-13 01:12 3538944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696] "SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-10-05 80384] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-12-02 05:03 98304 ------w- c:\windows\System32\VESWinlogon.dll . R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-31 135664] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-31 135664] R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104] R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952] R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304] R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048] R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TVICHW64;TVICHW64;c:\windows\system32\DRIVERS\TVICHW64.SYS [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624] R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-02 361840] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-09 110960] R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-09 1223024] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-09-28 745880] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x] S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x] S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-14 2320920] S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-15 642416] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x] S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-12-01 571248] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-31 01:53] . 2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-31 01:53] . 2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3079230850-313331458-1004908580-1001Core.job - c:\users\Anh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-06 01:22] . 2011-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3079230850-313331458-1004908580-1001UA.job - c:\users\Anh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-06 01:22] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 21:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-16 9636896] "Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU] "combofix"="c:\combofix\CF7296.3XE" [2010-11-20 345088] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Anh\AppData\Roaming\Mozilla\Firefox\Profiles\55ub4pvw.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\windows\SysWOW64\DllHost.exe c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe . ************************************************************************** . Completion time: 2011-11-12 20:19:21 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-13 01:19 ComboFix2.txt 2011-11-12 17:39 ComboFix3.txt 2011-11-07 01:23 . Pre-Run: 200,115,654,656 bytes free Post-Run: 200,042,680,320 bytes free . - - End Of File - - 54FA2AFCEC03B61667DEAA172538E2C2