Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Comp is infected (Windows 7)


  • This topic is locked This topic is locked
2 replies to this topic

#1 FalseSheperd

FalseSheperd

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 14 July 2012 - 09:35 PM

Mod Edit:MOVED to Virus,Trojan and Malware Removal Logs ~~boopme

Dear experts,

I have problems with my computer. It runs on windows 7. It was infected by a virus. I manually removed the virus using mcafee from command prompt.
The problem is I sense that some of the virus file is still in the system since my symantec antivirus doesn't run as usual anymore.
Symantec antivirus system tray doesn't appear at the right bottom of the screen anymore eventhough the system auto-proctect is still running in the background.

I find that everytime I restart windows this registry always appear eventhough I have deleted it:

HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityCenter\Monitoring\SymantecAntiVirus\DisableMonitoring=1

If I change the value to =0, it returns to =1 everytime I restart the computer

I recently run combofix and a logfile has been generated.

ComboFix 12-07-14.01 - Nemesis 07/15/2012 2:27.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3062.1925 [GMT 7:00]
Running from: d:\download\ComboFix_1.exe
AV: SymantecAntiVirus *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: SymantecAntiVirus *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nemesis\AppData\Local\assembly\tmp
c:\windows\system32\html
c:\windows\system32\html\calendar.html
c:\windows\system32\html\calendarbottom.html
c:\windows\system32\html\calendartop.html
c:\windows\system32\html\crystalexportdialog.htm
c:\windows\system32\html\crystalprinthost.html
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
.
.
((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))
.
.
2012-07-14 19:32 . 2012-07-14 19:32 -------- d-----w- c:\users\Nemesis\AppData\Local\temp
2012-07-14 19:32 . 2012-07-14 19:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-14 13:36 . 2012-07-14 13:37 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-07-14 13:36 . 2012-07-14 13:37 -------- d-----w- c:\program files\Symantec
2012-07-14 13:36 . 2012-07-14 13:37 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-07-14 13:36 . 2012-07-14 13:36 -------- d-----w- c:\program files\Symantec AntiVirus
2012-07-14 09:32 . 2012-07-14 13:25 -------- d-----w- c:\users\Nemesis\AppData\Roaming\XYplorer
2012-07-14 09:32 . 2012-07-14 09:32 -------- d-----w- c:\program files\XYplorer
2012-07-14 03:50 . 2012-01-04 09:03 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-07-14 03:50 . 2012-01-03 05:44 478208 ----a-w- c:\windows\system32\timedate.cpl
2012-07-14 03:50 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\system32\msi.dll
2012-07-14 03:50 . 2012-05-02 04:52 163328 ----a-w- c:\windows\system32\profsvc.dll
2012-07-14 03:39 . 2012-06-12 02:44 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-07-14 03:38 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-14 03:38 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-14 03:38 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-07-14 03:38 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-14 03:38 . 2012-06-17 20:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E70633C2-844C-4FB0-B5B9-DB459AE77C9C}\mpengine.dll
2012-07-14 03:31 . 2012-06-06 05:09 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-14 03:31 . 2012-03-30 10:29 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-07-14 03:31 . 2012-04-28 03:19 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-14 03:30 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-14 03:30 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-14 03:30 . 2012-04-24 04:47 139264 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-14 03:30 . 2012-04-24 04:47 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-14 03:30 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\system32\crypt32.dll
2012-07-14 03:30 . 2012-04-02 04:41 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-07-14 03:30 . 2012-04-02 04:40 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-07-14 03:30 . 2012-04-02 04:40 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-07-14 03:30 . 2012-04-02 04:40 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-07-14 03:30 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-07-14 03:30 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-07-14 03:24 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-14 03:24 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-14 03:24 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-14 03:24 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-14 03:24 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-07-14 03:24 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-07-14 03:24 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-14 03:24 . 2012-06-02 08:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-14 03:24 . 2012-06-02 08:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-14 02:29 . 2012-07-14 02:32 -------- d-----w- c:\program files\FlashBoot
2012-07-11 12:58 . 2012-07-14 13:20 -------- d-----w- c:\program files\Registry Winner
2012-07-09 11:02 . 2012-07-09 11:03 -------- d-----w- c:\programdata\Modem EC1260-2 UI
2012-07-09 11:00 . 2012-07-09 11:03 -------- d-----w- c:\programdata\DatacardService
2012-07-06 23:23 . 2012-07-06 23:23 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-06 23:23 . 2012-07-06 23:23 -------- d-----w- c:\program files\Java
2012-07-06 23:22 . 2012-07-06 23:22 -------- d-----w- c:\programdata\McAfee
2012-07-04 16:07 . 2012-07-04 16:07 -------- d-----w- C:\737FTCBT
2012-06-29 14:20 . 2012-07-14 10:21 -------- d-----w- c:\users\Nemesis\AppData\Roaming\dvdcss
2012-06-16 00:55 . 2012-06-16 00:55 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-09 11:01 . 2012-01-14 13:01 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-07-06 23:23 . 2012-01-14 12:42 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-31 05:25 . 2012-01-27 14:24 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-10 08:56 . 2012-03-29 12:38 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-10 08:56 . 2012-01-14 11:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2010-09-21 5360232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-09-13 1873192]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"PC Auto Shutdown"="c:\program files\PC Auto Shutdown\AutoShutdown.exe" [2010-12-01 1387520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-05-04 115560]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2009-09-16 136080]
.
c:\users\Nemesis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2012-4-15 447952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 836896]
Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
R2 CDROM_Eject_H;CDROM_Eject_H;c:\program files\Smartfren Connex CE682 UI\HEject.exe [x]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x]
R2 UDisk Monitor;UDisk Monitor;c:\program files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x]
R3 USB_BusEnum_T;EVDO Telecom USB Bus Enumerator;c:\windows\system32\DRIVERS\USB_BusEnum_T.sys [x]
R3 USB_ETS_T;ZTE ETS Port FFDD;c:\windows\system32\DRIVERS\USB_ETS_T.sys [x]
R3 USB_WinMux_T;EVDO Telecom USB MUX Serial Port;c:\windows\system32\DRIVERS\USB_WinMux_T.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PCAutoShutdown_Service;PCAutoShutdown_Service;c:\program files\PC Auto Shutdown\ShutdownService.exe [x]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 USB_BusEnum_H;EVDO Telecom USB Bus Enumerator h;c:\windows\system32\DRIVERS\USB_BusEnum_H.sys [x]
S3 USB_ETS_H;EVDO Rev A Service USB port h;c:\windows\system32\DRIVERS\USB_ETS_H.sys [x]
S3 USB_WinMux_H;EVDO Telecom USB MUX Serial Port h;c:\windows\system32\DRIVERS\USB_WinMux_H.sys [x]
S3 UsbModemDriver;EVDO Rev A USB Modem h;c:\windows\system32\DRIVERS\USB_MODEM_H.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ERASERUTILDRV11210
*Deregistered* - EraserUtilDrv11210
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-14 c:\windows\Tasks\Registry Winner Schedule.job
- c:\program files\Registry Winner\RegistryWinner.exe [2012-07-11 13:00]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-15 02:33:33
ComboFix-quarantined-files.txt 2012-07-14 19:33
.
Pre-Run: 119,203,352,576 bytes free
Post-Run: 119,023,497,216 bytes free
.
- - End Of File - - B54384007317F86AC797F5CC3C91B9F3

Edited by boopme, 14 July 2012 - 09:50 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,774 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:35 AM

Posted 19 July 2012 - 09:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Nothing suspicious was found on your ComboFix log.

Have you tried to reinstall SymantecAntiVirus?

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

p.s. Are some of the files deleted by ComboFix important to you?
Do you know what they are?

They can re restored if necessary.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,774 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:35 AM

Posted 24 July 2012 - 07:24 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users