Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

police e-crime virus removed?


  • This topic is locked This topic is locked
2 replies to this topic

#1 87aar

87aar

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 11 April 2012 - 05:56 PM

ComboFix 12-04-11.01 - aaron 11/04/2012 23:08:12.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6051.3842 [GMT 1:00]
Running from: E:\ComboFix.exe
AV: Panda Internet Security 2012 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
FW: Panda Personal Firewall 2012 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
SP: Panda Internet Security 2012 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))
.
.
2012-04-12 00:28 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{76BB5EC9-33D1-46BA-A7B0-97C1FB1C2F5C}\mpengine.dll
2012-04-12 00:15 . 2010-06-21 16:01 839488 ----a-w- c:\windows\system32\PavSHook64.dll
2012-04-12 00:15 . 2010-06-21 16:01 546624 ----a-w- c:\windows\SysWow64\PavSHookWow.dll
2012-04-12 00:15 . 2010-06-21 16:01 87872 ----a-w- c:\windows\SysWow64\PavLspHookWow.dll
2012-04-12 00:15 . 2010-06-21 16:01 114496 ----a-w- c:\windows\system32\PavLspHook64.dll
2012-04-12 00:15 . 2009-08-10 12:46 25344 ----a-w- c:\windows\SysWow64\sysHelper32.dll
2012-04-12 00:15 . 2009-08-10 12:46 25344 ----a-w- c:\windows\system32\sysHelper64.dll
2012-04-11 22:19 . 2012-04-11 22:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-11 20:09 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 20:09 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 20:09 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 20:02 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 20:02 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 20:02 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 20:02 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 20:02 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 20:02 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 20:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 19:04 . 2012-04-11 19:04 -------- d-----w- c:\users\aaron\AppData\Local\Diagnostics
2012-04-10 20:43 . 2012-04-10 20:43 -------- d-----w- c:\windows\SysWow64\PAV
2012-04-10 20:43 . 2012-04-10 20:43 -------- d-----w- c:\users\aaron\AppData\Roaming\Panda Security
2012-04-07 18:11 . 2012-04-12 06:03 -------- d-----w- c:\users\aaron\P5JavaClientSettings
2012-04-07 18:11 . 2012-04-07 18:21 -------- d-----w- C:\Betfair
2012-04-06 16:59 . 2012-04-06 17:00 -------- d-----w- c:\program files\Dell Support Center
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-31 20:56 . 2012-03-31 21:16 -------- d-----w- c:\users\aaron\AppData\Roaming\Epson
2012-03-31 20:53 . 2012-03-31 20:53 -------- d-----w- c:\program files\EPSON
2012-03-31 20:52 . 2012-03-31 20:52 -------- d-----w- c:\program files\Common Files\EPSON
2012-03-31 20:49 . 2012-04-11 19:10 -------- d-----w- c:\programdata\ABBYY
2012-03-31 20:48 . 2012-03-31 20:48 -------- d-----w- c:\programdata\UDL
2012-03-31 20:46 . 2012-03-31 20:46 -------- d-----w- c:\program files\Epson Software
2012-03-31 20:46 . 2012-03-31 20:46 -------- d-----w- c:\users\aaron\AppData\Roaming\InstallShield
2012-03-31 20:45 . 2012-03-31 20:47 -------- d-----w- c:\program files (x86)\Epson Software
2012-03-31 20:44 . 2007-04-10 11:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL
2012-03-31 20:44 . 2008-11-12 12:00 118784 ----a-w- c:\windows\system32\E_ILMHJE.DLL
2012-03-31 20:44 . 2009-10-01 13:01 88064 ----a-w- c:\windows\system32\E_IBCBHJE.DLL
2012-03-31 20:44 . 2012-03-31 20:53 -------- d-----w- c:\programdata\EPSON
2012-03-31 20:44 . 2011-08-09 23:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll
2012-03-31 20:44 . 2009-10-15 23:00 13824 ----a-w- c:\windows\system32\esxcdev.dll
2012-03-31 20:44 . 2009-10-15 23:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2012-03-31 20:44 . 2012-03-31 20:45 -------- d-----w- c:\program files (x86)\epson
2012-03-29 18:20 . 2011-09-08 04:42 655872 ----a-w- c:\windows\system32\stapi64.dll
2012-03-29 18:20 . 2011-09-08 04:42 535040 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2012-03-29 18:20 . 2011-09-08 04:42 446464 ----a-w- c:\windows\system32\stcplx64.dll
2012-03-29 18:20 . 2011-09-08 04:42 251392 ----a-w- c:\windows\system32\st646365.dll
2012-03-29 18:20 . 2011-09-08 04:42 1966080 ----a-w- c:\windows\system32\stapo64.dll
2012-03-29 18:20 . 2011-04-20 14:28 734720 ----a-w- c:\windows\SysWow64\IMAPO32.dll
2012-03-29 18:20 . 2012-03-29 18:21 -------- d-----w- c:\program files\IDT
2012-03-29 18:13 . 2012-03-29 18:13 -------- d-----w- c:\program files\Synaptics
2012-03-29 18:13 . 2010-02-05 15:49 316464 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-03-29 18:13 . 2010-02-05 15:43 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2012-03-29 18:13 . 2010-02-05 15:43 147752 ----a-w- c:\windows\system32\SynTPCo4.dll
2012-03-29 18:13 . 2010-02-05 15:43 207144 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-03-29 18:13 . 2010-02-05 15:43 264488 ----a-w- c:\windows\system32\SynCtrl.dll
2012-03-29 18:13 . 2010-02-05 15:43 210216 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2012-03-29 18:13 . 2010-02-05 15:43 173352 ----a-w- c:\windows\SysWow64\SynCOM.dll
2012-03-29 18:13 . 2010-02-05 15:43 396584 ----a-w- c:\windows\system32\SynCOM.dll
2012-03-29 18:11 . 1998-10-29 16:45 306688 ----a-w- c:\windows\IsUninst.exe
2012-03-29 18:09 . 2012-03-29 18:09 -------- d-----w- c:\users\aaron\AppData\Roaming\Dell
2012-03-29 18:09 . 2012-03-29 18:09 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-03-29 18:08 . 2012-03-29 18:08 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-03-29 18:08 . 2012-03-29 18:08 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-29 17:58 . 2012-03-29 18:07 -------- d-----w- c:\users\aaron\AppData\Roaming\PCDr
2012-03-29 17:58 . 2012-03-29 18:10 -------- d-----w- c:\programdata\PCDr
2012-03-27 16:54 . 2012-04-12 06:03 -------- d-----w- c:\program files (x86)\PC Inspector File Recovery
2012-03-27 16:54 . 2002-02-18 17:40 6200 ----a-w- c:\windows\SysWow64\INT13EXT.VXD
2012-03-27 16:54 . 2002-12-05 13:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-03-27 16:54 . 2002-12-05 13:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-03-27 16:54 . 2002-12-02 14:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-03-27 16:54 . 2002-12-02 12:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-03-27 16:54 . 2002-12-02 12:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-03-27 16:54 . 2012-03-27 16:54 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-03-27 16:54 . 2012-03-27 16:54 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-03-27 16:37 . 2012-03-27 16:37 -------- d-----w- c:\program files\Recuva
2012-03-13 21:00 . 2012-04-12 06:03 -------- d-----w- c:\program files (x86)\Safari
2012-03-13 20:58 . 2012-04-12 06:03 -------- d-----w- c:\program files\iPod
2012-03-13 20:58 . 2012-04-12 06:03 -------- d-----w- c:\program files\iTunes
2012-03-13 20:58 . 2012-04-12 06:03 -------- d-----w- c:\program files (x86)\iTunes
2012-03-13 20:54 . 2012-03-13 20:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-03-13 20:54 . 2012-03-13 20:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-03-13 20:54 . 2012-03-13 20:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-03-13 20:54 . 2012-03-13 20:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-03-13 20:54 . 2012-03-13 20:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-03-13 20:54 . 2012-03-13 20:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-03-13 20:54 . 2012-03-13 20:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-03-13 20:54 . 2012-03-13 20:54 -------- d-----w- c:\program files (x86)\QuickTime
2012-03-13 17:20 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 17:19 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 17:19 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 17:19 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 17:19 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 17:19 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:19 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 17:19 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 17:19 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:19 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-12 00:16 . 2012-02-24 23:34 15928 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2012-02-23 09:18 . 2012-02-12 12:40 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 12:10 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-02-19 12:10 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-02-14 11:09 . 2012-02-14 11:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-08 20:51 . 2012-02-08 20:51 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-08 20:43 . 2012-02-08 20:43 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-08 20:43 . 2012-02-08 20:43 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-08 20:43 . 2012-02-08 20:43 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-08 20:43 . 2012-02-08 20:43 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-08 20:43 . 2012-02-08 20:43 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-08 20:43 . 2012-02-08 20:43 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-08 20:43 . 2012-02-08 20:43 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-08 20:43 . 2012-02-08 20:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-08 20:43 . 2012-02-08 20:43 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-08 20:43 . 2012-02-08 20:43 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-08 20:43 . 2012-02-08 20:43 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-08 20:43 . 2012-02-08 20:43 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-08 20:43 . 2012-02-08 20:43 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-08 20:43 . 2012-02-08 20:43 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-08 20:43 . 2012-02-08 20:43 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-08 20:43 . 2012-02-08 20:43 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-08 20:43 . 2012-02-08 20:43 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-08 20:43 . 2012-02-08 20:43 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-08 20:43 . 2012-02-08 20:43 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-08 20:43 . 2012-02-08 20:43 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-08 20:43 . 2012-02-08 20:43 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-08 20:43 . 2012-02-08 20:43 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-08 20:43 . 2012-02-08 20:43 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-08 20:43 . 2012-02-08 20:43 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-08 20:43 . 2012-02-08 20:43 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-08 20:43 . 2012-02-08 20:43 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-08 20:43 . 2012-02-08 20:43 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-08 20:43 . 2012-02-08 20:43 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-08 20:43 . 2012-02-08 20:43 448512 ----a-w- c:\windows\system32\html.iec
2012-02-08 20:43 . 2012-02-08 20:43 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-08 20:43 . 2012-02-08 20:43 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-08 20:43 . 2012-02-08 20:43 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-08 20:43 . 2012-02-08 20:43 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-08 20:43 . 2012-02-08 20:43 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-30 04:44 . 2012-01-30 04:44 521448 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"APVXDWIN"="c:\program files (x86)\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE" [2011-04-13 1000768]
"SCANINICIO"="c:\program files (x86)\Panda Security\Panda Internet Security 2012\Inicio.exe" [2011-02-02 70464]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-08-30 979328]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
.
c:\users\aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-03 983104]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 ShldFlt;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShldFlt.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm6460.sys [x]
S2 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT64.SYS [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
S2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys [x]
S2 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT64.SYS [x]
S2 EpsonCustomerResearchParticipation;EpsonCustomerResearchParticipation;c:\program files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [2011-09-07 608352]
S2 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetm64.SYS [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT64.SYS [x]
S2 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETTDI64.SYS [x]
S2 PskSvcRetail;Panda PSK service;c:\program files (x86)\Panda Security\Panda Internet Security 2012\PskSvc.exe [2010-08-16 28992]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT64.SYS [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\DRIVERS\n64i1644.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]
S3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-06 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]
.
2012-04-11 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-20 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-20 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-20 418328]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-12-08 592240]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-22 3666800]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
.
------- File Associations -------
.
JSEFile=c:\progra~2\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-11 23:38:57
ComboFix-quarantined-files.txt 2012-04-11 22:38
.
Pre-Run: 340,567,322,624 bytes free
Post-Run: 340,072,448,000 bytes free
.
- - End Of File - - A654EBC84E61962D2ED98CF0A64C2AE5

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:09 AM

Posted 15 April 2012 - 08:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Your ComboFix log is clean.


Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:09 AM

Posted 21 April 2012 - 10:35 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users