Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Proxy Settings changing automatically - Malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 Diasflac

Diasflac

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 05 June 2014 - 02:21 AM

Hi there, before I start I would like to thank Nasdaq as following the post below, it fixed my initial problem of the proxy settings reverting.

 

http://www.bleepingcomputer.com/forums/t/523121/proxy-settings-keep-changing-infected

 

I just have a concern with a couple of the folders removed; this is my work computer and although I have the highest access possible (beyond the majority of the Indian based IT department) I worry about causing any problems within the network when folders such as C:\Windows\Microsoft are completely removed. I'll post the logs below, I just don't want an e-mail from IT saying I'm in trouble for deleting stuff I'm not supposed to.

 

[ADWCLEANER] - Didn't actually create a log after scan but didn't remove anything I would say would cause a problem.

 

[JUNKWARE REMOVAL TOOL]

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Enterprise x64
Ran by Z003611B on 05/06/2014 at  7:30:37.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/06/2014 at  7:38:56.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[COMBOFIX]

 

ComboFix 14-06-04.01 - Z003611B 05/06/2014   7:54.1.4 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.4007.1674 [GMT 1:00]
Running from: c:\users\Z003611B\Desktop\ComboFix.exe
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
SP: Trend Micro OfficeScan Anti-spyware *Enabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Z003611B\AppData\Local\assembly\tmp
c:\users\Z003611B\AppData\Local\Microsoft\Windows\Temporary Internet Files\plot.log
c:\users\Z003611B\AppData\Roaming\Origin
c:\users\Z003611B\AppData\Roaming\Origin\local.xml
c:\windows\MICROSOFT
c:\windows\MICROSOFT\SystemUpdatekb70007\Installer.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\InstallerLibrary.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\Newtonsoft.Json.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\SQLite.Interop.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\System.Data.SQLite.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\win32.reg
c:\windows\MICROSOFT\SystemUpdatekb70007\WindowsUpdater.exe
c:\windows\System32\drivers\etc\services.bak1
c:\windows\System32\drivers\etc\services.bak2
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SystemUpdatekb70007
-------\Service_SystemUpdatekb70007
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-05 to 2014-06-05  )))))))))))))))))))))))))))))))
.
.
2014-06-05 07:04 . 2014-06-05 07:04 -------- d--h--w- c:\windows\AxInstSV
2014-06-05 07:02 . 2014-06-05 07:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-05 06:45 . 2014-06-05 06:45 -------- d-----w- c:\program files (x86)\MSR
2014-06-05 06:30 . 2014-06-05 06:30 -------- d-----w- c:\windows\ERUNT
2014-06-05 06:23 . 2014-06-05 06:23 -------- d-----w- c:\programdata\Lavasoft
2014-06-04 12:46 . 2014-05-04 16:12 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-06-04 12:38 . 2014-06-04 12:43 -------- d-----w- c:\programdata\HitmanPro
2014-06-04 12:03 . 2014-06-04 12:03 -------- d-----w- c:\programdata\Malwarebytes
2014-06-04 12:03 . 2014-06-04 12:03 -------- d-----w- c:\users\Z003611B\AppData\Local\Programs
2014-06-04 10:30 . 2014-06-04 13:13 -------- d-----w- C:\Application Data
2014-05-30 15:29 . 2014-06-04 10:39 -------- d-----w- c:\programdata\Origin
2014-05-23 15:40 . 2014-05-23 15:40 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-23 12:21 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-23 12:21 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-23 12:20 . 2014-03-25 02:34 14179328 ----a-w- c:\windows\system32\shell32.dll
2014-05-23 12:20 . 2014-05-05 16:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-23 12:20 . 2014-05-05 15:50 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-23 12:20 . 2014-05-05 19:20 97792 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-23 12:20 . 2014-05-05 19:20 9073664 ----a-w- c:\windows\system32\mshtml.dll
2014-05-14 11:23 . 2014-05-14 11:23 -------- d-----w- c:\windows\SysWow64\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-04 11:32 . 2014-01-08 12:56 236568 ----a-w- c:\windows\RegBootClean64.exe
2014-04-10 09:24 . 2014-04-10 09:24 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-10 09:24 . 2014-04-10 09:24 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-31 21:46 . 2014-03-31 21:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2014-03-31 21:46 . 2014-03-31 21:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-19 12:09 . 2014-03-19 12:10 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2010-09-29 48752]
"USM"="c:\program files (x86)\Siemens\USM\USM.exe" [2007-11-07 57344]
"Communicator"="c:\program files (x86)\Microsoft Office Communicator\communicator.exe" [2013-04-10 5164712]
"EMET Notifier"="c:\program files (x86)\EMET\EMET_notifier.exe" [2012-05-09 152152]
"CfgDownload"="c:\program files (x86)\IXOS\bin\CfgDownload.exe" [2009-10-31 212992]
"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" [2013-07-24 2295992]
"SBUSGUI"="c:\program files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe" [2012-06-04 138240]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-10 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Greenshot"="c:\program files (x86)\Greenshot\Greenshot.exe" [2012-02-22 548864]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-4-11 1133856]
Netprofile.lnk - c:\windows\system32\wscript.exe "%Programfiles%\Autodesk\DWG TrueView 2011\_Siemens\Netprofile.vbs [2013-12-19 168960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 4 (0x4)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
"enablelinkedconnections"= 1 (0x1)
"HideFastUserSwitching"= 1 (0x1)
"DisableStartupSound"= 1 (0x1)
"MaxGPOScriptWait"= 1800 (0x708)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"NoPublishingWizard"= 1 (0x1)
"NoWebServices"= 1 (0x1)
"NoOnlinePrintsWizard"= 1 (0x1)
"NoAutorun"= 1 (0x1)
"NoMSAppLogo5ChannelNotify"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMyGames"= 1 (0x1)
"DisallowCpl"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 NMSAccess64;NMSAccess64;c:\program files\CDBURNERXP\NMSAccessU.exe;c:\program files\CDBURNERXP\NMSAccessU.exe [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 BTWAMPFL;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FscBapi;FscBapi;c:\windows\system32\DRIVERS\FscBapi.sys;c:\windows\SYSNATIVE\DRIVERS\FscBapi.sys [x]
R3 FscEfDmi;FscEfDmi;c:\windows\system32\DRIVERS\FscEfDmi.sys;c:\windows\SYSNATIVE\DRIVERS\FscEfDmi.sys [x]
R3 FscGabi;FscGabi;c:\windows\system32\DRIVERS\FscGabi.sys;c:\windows\SYSNATIVE\DRIVERS\FscGabi.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDRw7x64.sys [x]
R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7x64.sys;c:\windows\SYSNATIVE\drivers\o2sdjw7x64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rimspci;rimspci;c:\windows\system32\drivers\rimspe64.sys;c:\windows\SYSNATIVE\drivers\rimspe64.sys [x]
R3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe64.sys;c:\windows\SYSNATIVE\drivers\risdpe64.sys [x]
R3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe64.sys;c:\windows\SYSNATIVE\drivers\rixdpe64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\drivers\RtsUIR.sys;c:\windows\SYSNATIVE\drivers\RtsUIR.sys [x]
R3 sit-WinVNC4;VNC Server Version 4 for Siemens IT;c:\program files (x86)\RealVNC4GAIN\VNC4\winvnc4.exe;c:\program files (x86)\RealVNC4GAIN\VNC4\winvnc4.exe [x]
R3 STCFUx64;STC DFU Driver;c:\windows\system32\drivers\STCFUx64.SYS;c:\windows\SYSNATIVE\drivers\STCFUx64.SYS [x]
R3 swg3kflt00;Sierra Wireless USB Composite Device Filter Driver 00;c:\windows\system32\drivers\swg3kflt00.sys;c:\windows\SYSNATIVE\drivers\swg3kflt00.sys [x]
R3 swg3knmea00;Sierra Wireless QMI NMEA Serial Communication;c:\windows\system32\drivers\swg3knmea00.sys;c:\windows\SYSNATIVE\drivers\swg3knmea00.sys [x]
R3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\drivers\swg3kser00.sys;c:\windows\SYSNATIVE\drivers\swg3kser00.sys [x]
R3 swibus00;Sierra Wireless Bus Enumerator 00;c:\windows\system32\drivers\swibus00.sys;c:\windows\SYSNATIVE\drivers\swibus00.sys [x]
R3 swibusflt00;Sierra Wireless Bus Enumerator Filter 00;c:\windows\system32\drivers\swibusflt00.sys;c:\windows\SYSNATIVE\drivers\swibusflt00.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys;c:\windows\SYSNATIVE\drivers\tihub3.sys [x]
R3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys;c:\windows\SYSNATIVE\drivers\tixhci.sys [x]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe;c:\program files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 Sierra Wireless QDL Service;Sierra Wireless QDL Service;c:\program files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe;c:\program files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys;c:\program files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [x]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [x]
S2 UCMS;UCMS;c:\program files\Siemens\UCMS\core\ucms.exe;c:\program files\Siemens\UCMS\core\ucms.exe [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys;c:\windows\SYSNATIVE\DRIVERS\FUJ02E3.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-10 09:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-20 11663464]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2010-06-08 45680]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2010-08-16 273256]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2010-07-16 162416]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2010-07-09 21616]
"CardOS API"="c:\program files\CardOS API\bin\cardoscp.exe" [2012-10-30 169472]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 137.223.164.47 137.223.62.133 137.223.164.48 137.223.62.136
FF - ProfilePath - c:\users\Z003611B\AppData\Roaming\Mozilla\Firefox\Profiles\gj6hg6r4.default-1389612936652\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Z003611B\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-fst_de_26 - c:\program files (x86)\fst_de_26\fst_de_26.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
c:\windows\SysWOW64\CCM\CcmExec.exe
.
**************************************************************************
.
Completion time: 2014-06-05  08:09:01 - machine was rebooted
ComboFix-quarantined-files.txt  2014-06-05 07:09
.
Pre-Run: 103,369,080,832 bytes free
Post-Run: 103,068,291,072 bytes free
.
- - End Of File - - DDF8904E0FD89E9AE09CE58AA946867F
A36C5E4F47E84449FF07ED3517B43A31
 



BC AdBot (Login to Remove)

 


#2 Diasflac

Diasflac
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 05 June 2014 - 04:34 AM

Nevermind, apparently yes it had. IT now know and my laptop is being rebuilt.



#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:46 AM

Posted 05 June 2014 - 07:28 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users