Jump to content

Proxy server error virus - Please help!


Recommended Posts

ComboFix 14-11-25.01 - tmilton 27/11/2014  10:05:06.1.4 - x64

Microsoft Windows 7 Enterprise   6.1.7601.1.1252.2.1033.18.4053.2169 [GMT -5:00]

Running from: c:\users\tmilton\Desktop\ComboFix.exe

AV: McAfee VirusScan Enterprise *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\ntuser.pol

c:\users\tmilton\AppData\Local\assembly\tmp

c:\windows\msdownld.tmp

.

.

(((((((((((((((((((((((((   Files Created from 2014-10-27 to 2014-11-27  )))))))))))))))))))))))))))))))

.

.

2014-11-27 16:01 . 2014-11-27 16:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-11-27 16:01 . 2014-11-27 16:01 -------- d-----w- c:\users\admin\AppData\Local\temp

2014-11-26 14:39 . 2014-11-26 14:39 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2014-11-26 14:29 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D86C9D31-E4FF-46B6-ABE5-9CB978CBC650}\mpengine.dll

2014-11-25 16:01 . 2014-11-26 21:24 -------- d-----w- C:\FRST

2014-11-25 15:53 . 2014-11-25 15:18 24064 ----a-w- c:\windows\zoek-delete.exe

2014-11-25 15:53 . 2014-11-27 16:11 -------- d-----w- c:\users\tmilton\AppData\Local\Temp

2014-11-25 15:18 . 2014-11-25 15:47 -------- d-----w- C:\zoek_backup

2014-11-23 17:02 . 2014-11-23 17:03 -------- d-----w- c:\programdata\RogueKiller

2014-11-22 17:05 . 2014-11-22 17:05 -------- d-----w- c:\windows\SysWow64\vbox

2014-11-22 17:05 . 2014-11-22 17:05 -------- d-----w- c:\windows\system32\vbox

2014-11-22 03:38 . 2014-11-27 14:51 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-11-22 03:37 . 2014-10-01 16:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-11-22 03:37 . 2014-10-01 16:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-11-22 03:37 . 2014-11-22 03:38 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware

2014-11-22 03:31 . 2014-10-01 16:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-11-22 03:15 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll

2014-11-22 03:15 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe

2014-11-22 03:15 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll

2014-11-22 03:15 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll

2014-11-22 03:15 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll

2014-11-22 03:15 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll

2014-11-22 03:15 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll

2014-11-22 03:15 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll

2014-11-22 03:15 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll

2014-11-22 03:15 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll

2014-11-22 03:14 . 2014-05-14 14:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll

2014-11-22 03:14 . 2014-05-14 14:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe

2014-11-22 03:14 . 2014-05-14 14:23 198600 ----a-w- c:\windows\system32\wuwebv.dll

2014-11-22 03:14 . 2014-05-14 14:20 36864 ----a-w- c:\windows\system32\wuapp.exe

2014-11-22 02:49 . 2014-11-23 22:17 -------- d-----w- C:\AdwCleaner

2014-11-18 03:31 . 2014-11-20 04:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2014-11-18 03:31 . 2014-11-20 04:43 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

2014-11-18 03:24 . 2014-11-18 03:24 -------- d-----w- c:\programdata\Avira

2014-11-18 03:00 . 2014-11-20 04:43 -------- d-----w- c:\program files\HitmanPro

2014-11-18 03:00 . 2014-11-18 03:14 -------- d-----w- c:\programdata\HitmanPro

2014-11-07 03:03 . 2014-11-07 03:03 -------- d-----w- c:\users\tmilton\AppData\Roaming\Map Maker

2014-11-07 03:03 . 2014-11-07 13:45 -------- d-----w- C:\Map Maker

2014-11-07 02:56 . 2014-11-07 02:56 -------- d-----w- c:\users\tmilton\AppData\Roaming\iMapBuilder_HTML5

2014-11-07 02:56 . 2014-11-20 04:43 -------- d-----w- c:\program files (x86)\iMapHTML5

2014-11-04 04:05 . 2014-11-20 04:43 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-11-27 07:06 . 2012-08-08 19:45 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-11-27 07:06 . 2012-03-14 20:41 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-11-04 19:30 . 2012-03-14 19:15 275080 ------w- c:\windows\system32\MpSigStub.exe

2014-09-19 16:30 . 2014-09-19 16:30 96768 ----a-w- c:\windows\system32\mshtmled.dll

2014-09-19 16:30 . 2014-09-19 16:30 85504 ----a-w- c:\windows\system32\jsproxy.dll

2014-09-19 16:30 . 2014-09-19 16:30 816640 ----a-w- c:\windows\system32\jscript.dll

2014-09-19 16:30 . 2014-09-19 16:30 729088 ----a-w- c:\windows\system32\msfeeds.dll

2014-09-19 16:30 . 2014-09-19 16:30 599040 ----a-w- c:\windows\system32\vbscript.dll

2014-09-19 16:30 . 2014-09-19 16:30 55296 ----a-w- c:\windows\system32\msfeedsbs.dll

2014-09-19 16:30 . 2014-09-19 16:30 453120 ----a-w- c:\windows\system32\dxtmsft.dll

2014-09-19 16:30 . 2014-09-19 16:30 421376 ----a-w- c:\windows\SysWow64\vbscript.dll

2014-09-19 16:30 . 2014-09-19 16:30 282112 ----a-w- c:\windows\system32\dxtrans.dll

2014-09-19 16:30 . 2014-09-19 16:30 248320 ----a-w- c:\windows\system32\ieui.dll

2014-09-19 16:30 . 2014-09-19 16:30 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2014-09-19 16:30 . 2014-09-19 16:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2014-09-19 16:30 . 2014-09-19 16:30 2339328 ----a-w- c:\windows\system32\jscript9.dll

2014-09-19 16:30 . 2014-09-19 16:30 1810432 ----a-w- c:\windows\SysWow64\jscript9.dll

2014-09-19 16:30 . 2014-09-19 16:30 17868288 ----a-w- c:\windows\system32\mshtml.dll

2014-09-19 16:30 . 2014-09-19 16:30 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2014-09-19 16:30 . 2014-09-19 16:30 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2014-09-19 16:30 . 2014-09-19 16:30 1392128 ----a-w- c:\windows\system32\wininet.dll

2014-09-19 16:30 . 2014-09-19 16:30 12800 ----a-w- c:\windows\system32\mshta.exe

2014-09-19 16:30 . 2014-09-19 16:30 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2014-09-19 16:30 . 2014-09-19 16:30 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2014-09-19 16:30 . 2014-09-19 16:30 11264 ----a-w- c:\windows\system32\msfeedssync.exe

2014-09-19 16:30 . 2014-09-19 16:30 10920960 ----a-w- c:\windows\system32\ieframe.dll

2014-09-19 16:30 . 2014-09-19 16:30 237056 ----a-w- c:\windows\system32\url.dll

2014-09-19 16:30 . 2014-09-19 16:30 2156032 ----a-w- c:\windows\system32\iertutil.dll

2014-09-19 16:30 . 2014-09-19 16:30 1494016 ----a-w- c:\windows\system32\inetcpl.cpl

2014-09-19 16:30 . 2014-09-19 16:30 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2014-09-19 16:30 . 2014-09-19 16:30 1384960 ----a-w- c:\windows\system32\urlmon.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C7050823-9FEE-41db-9741-72B3562D4898}]

2014-01-29 23:31 1439048 ----a-w- c:\program files (x86)\Open Text\Enterprise Connect\HECWE.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2013-03-09 720064]

"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-08-07 688984]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2014-01-16 243560]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]

"AeXAgentLogon"="c:\program files (x86)\Altiris\Altiris Agent\AeXAgentActivate.exe" [2009-04-30 153416]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2014-01-21 443408]

"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2012-11-27 333416]

"OpenText Office Editor"="c:\program files (x86)\OpenText\Office Editor\OTEditTray.exe" [2014-01-29 1582080]

"OpenText Enterprise Connect Scheduler"="c:\program files (x86)\Open Text\Enterprise Connect\ucsync.exe" [2014-01-29 138056]

"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-10-10 707984]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-03-28 309184]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2014-09-12 3499920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-08-07 688984]

.

c:\users\tmilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-15 1133856]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-142042000-781976021-1318725885-103767\Scripts\Logoff\0\0]

"Script"=logoff_script.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-142042000-781976021-1318725885-103767\Scripts\Logon\0\0]

"Script"=User_logonscript_computerdetails.vbs

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eps.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]

R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

S0 MfeEEAlg;MfeEEAlg; [x]

S0 MfeEpeOpal;MfeEpeOpal; [x]

S0 MfeEpePc;MfeEpePc; [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]

S1 eps;eps;c:\windows\system32\drivers\eps.sys;c:\windows\SYSNATIVE\drivers\eps.sys [x]

S2 CmRcService;Configuration Manager Remote Control;c:\windows\CCM\RemCtrl\CmRcService.exe;c:\windows\CCM\RemCtrl\CmRcService.exe [x]

S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x]

S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x]

S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]

S2 LEMSS Agent;LEMSS Agent;c:\program files\Lumension\LEMSSAgent\LMAgent.exe;c:\program files\Lumension\LEMSSAgent\LMAgent.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

S2 McAfee EEGo;McAfee Endpoint Encryption Go;c:\program files (x86)\McAfee\EEGo\EegoService.exe;c:\program files (x86)\McAfee\EEGo\EegoService.exe [x]

S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\McAfee\Endpoint Encryption Agent\MfeEpeHost.exe;c:\program files\McAfee\Endpoint Encryption Agent\MfeEpeHost.exe [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]

S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe;c:\windows\SysWOW64\srvany.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys;c:\windows\SYSNATIVE\DRIVERS\accelern.sys [x]

S3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]

S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]

S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]

S3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\Microsoft Policy Platform\policyHost.exe;c:\program files\Microsoft Policy Platform\policyHost.exe [x]

S3 lppsvc;Microsoft Policy Platform Processor;c:\program files\Microsoft Policy Platform\policyHost.exe;c:\program files\Microsoft Policy Platform\policyHost.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\DRIVERS\O2MDFw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2MDFw7x64.sys [x]

S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]

S3 OTFastEdit;OTFastEdit;c:\windows\system32\DRIVERS\otfasted.sys;c:\windows\SYSNATIVE\DRIVERS\otfasted.sys [x]

S3 Patch Agent;Patch Agent;c:\program files (x86)\Lumension\Patch Agent\GravitixService.exe;c:\program files (x86)\Lumension\Patch Agent\GravitixService.exe [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-11-26 01:18 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-11-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 07:06]

.

2014-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-13 13:53]

.

2014-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-13 13:53]

.

2014-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3203448110-1706212225-1614624430-1000Core.job

- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-15 13:45]

.

2014-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3203448110-1706212225-1614624430-1000UA.job

- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-15 13:45]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7050823-9FEE-41db-9741-72B3562D4898}]

2014-01-29 23:26 1707336 ----a-w- c:\program files (x86)\Open Text\Enterprise Connect\HECWE64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{90B54763-4C78-439C-BFA5-910FF9F74AB2}"= "c:\program files (x86)\Open Text\Enterprise Connect\hecwe64.dll" [2014-01-29 1707336]

.

[HKEY_CLASSES_ROOT\CLSID\{90B54763-4C78-439C-BFA5-910FF9F74AB2}]

[HKEY_CLASSES_ROOT\HECWE.HEToolBar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EB6E037D-2EAF-4C61-B63F-AD0CF5DDEEAE}]

[HKEY_CLASSES_ROOT\HECWE.HEToolBar]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2014-01-22 00:11 2333400 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2014-01-22 00:11 2333400 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2014-01-22 00:11 2333400 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TempoSyncingOverlay]

@="{7DC31C78-EEF7-447F-964B-5483FEBDCE2A}"

[HKEY_CLASSES_ROOT\CLSID\{7DC31C78-EEF7-447F-964B-5483FEBDCE2A}]

2013-01-18 03:03 1597440 ----a-w- c:\program files\OpenText\OpenText Tempo Box\Overlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TempoErrorOverlay]

@="{D8E0B198-8BC1-485D-A369-9082065A5E01}"

[HKEY_CLASSES_ROOT\CLSID\{D8E0B198-8BC1-485D-A369-9082065A5E01}]

2013-01-18 03:03 1597440 ----a-w- c:\program files\OpenText\OpenText Tempo Box\Overlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TempoSyncedOverlay]

@="{9DF84394-9201-4F3D-B3B6-3EAA936DD7A4}"

[HKEY_CLASSES_ROOT\CLSID\{9DF84394-9201-4F3D-B3B6-3EAA936DD7A4}]

2013-01-18 03:03 1597440 ----a-w- c:\program files\OpenText\OpenText Tempo Box\Overlays.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-02-15 7469568]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 611192]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]

"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-11 1694016]

"MfeEpePcMonitor"="c:\program files\McAfee\Endpoint Encryption\EpePcMonitor.exe" [2013-04-05 272416]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]

"EpeFprTrainer"="c:\program files\McAfee\Endpoint Encryption\EpeFprTrainer.exe" [2013-04-05 2549792]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-28 558496]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: globalmeet.com

Trusted Zone: opentext.com

Trusted Zone: opentext.net\wlsccmapppr01

Trusted Zone: peopleclick.com

Trusted Zone: safenet-inc.com

Trusted Zone: xactlycorp.com\www

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL

DPF: {36F17E17-AC00-42BC-A6D9-294AD4E7DCD6} - hxxp://wlprditamwrk01.opentext.net/Altiris/NS/NSCap/Bin/Win32/x86/AeXClientBootstrap.cab

DPF: {41520880-8342-3431-3684-140032321000} - hxxps://intranet.opentext.com/intranet/cs.dll?func=webdav.webdavxpi&filename=otdavview101.cab

DPF: {BD596A5F-C74E-4E08-8249-E17A1C14589A} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_8/PhotoCenter_ActiveX_Control.cab

DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} - hxxp://aquire-codebase.vipasuite.com/codebase101/OrgPubX.cab

DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://vpn-wl.opentext.com/CACHE/stc/1/binaries/vpnweb.cab

DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} - hxxps://knowledge.opentext.com/imgkc/webedit/lledit.cab

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-OpenText Tempo - c:\program files\OpenText\OpenText Tempo\OpenText_Tempo.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

SafeBoot-21192447.sys

ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)

AddRemove-{b43ffffb-1adc-4bcb-b277-7844ebff94da} - c:\programdata\Package Cache\{b43ffffb-1adc-4bcb-b277-7844ebff94da}\GarminExpressInstaller.exe

AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.15"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Altiris\Altiris Agent\AeXNSAgent.exe

c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe

c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files (x86)\McAfee\VirusScan Enterprise\mfeann.exe

c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe

c:\windows\system32\DRIVERS\o2flash.exe

c:\windows\sysWOW64\SDIOAssist.exe

c:\program files (x86)\Lumension\Patch Agent\NotificationManager.exe

c:\windows\CCM\SCNotification.exe

c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

c:\windows\SysWOW64\RunDll32.exe

c:\program files (x86)\Altiris\Altiris Agent\AeXAgentUIHost.exe

c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe

c:\program files (x86)\Lumension\LEMSSAgent\epui\epui.exe

c:\program files (x86)\McAfee\Common Framework\McTray.exe

c:\program files (x86)\Open Text\Enterprise Connect\ucscore.exe

.

**************************************************************************

.

Completion time: 2014-11-27  11:23:43 - machine was rebooted

ComboFix-quarantined-files.txt  2014-11-27 16:23

.

Pre-Run: 115,835,392,000 bytes free

Post-Run: 114,982,453,248 bytes free

.

- - End Of File - - 4D9F46CA0B54E800B5E96FA7ECA7E6E9

8F11CC2AA7A89589AC1843294EDC5FB5
Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.