Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Fake AVG virus
Message
<blockquote data-quote="donnamv" data-source="post: 123493" data-attributes="member: 2175"><p>When I clicked in the reply box I got the same pop up- Istall player.....</p><p></p><p>here is the Combo Fix Log</p><p></p><p>ComboFix 13-06-03.06 - pvidulic 06/03/2013 22:55:11.3.2 - x86</p><p>Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.606 [GMT -4:00]</p><p>Running from: c:\documents and settings\pvidulic\My Documents\Downloads\ComboFix.exe</p><p>AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {58027DB4-A7D7-4BBF-AFB5-6A5AC1AB795C}</p><p> * Resident AV is active</p><p>.</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>c:\windows\system32\TPAPSLOG.LOG</p><p>c:\windows\system32\TPHDLOG0.LOG</p><p>.</p><p>.</p><p>((((((((((((((((((((((((( Files Created from 2013-05-04 to 2013-06-04 )))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>2013-05-31 19:23 . 2013-05-31 19:23 -------- d-----w- c:\documents and settings\pvidulic\Local Settings\Application Data\Sun</p><p>2013-05-31 01:16 . 2013-05-31 01:16 -------- d-----w- c:\program files\Common Files\Java</p><p>2013-05-31 01:15 . 2013-05-31 01:14 866720 ----a-w- c:\windows\system32\npDeployJava1.dll</p><p>2013-05-31 01:15 . 2013-05-31 01:14 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll</p><p>2013-05-31 01:11 . 2013-05-31 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee</p><p>2013-05-31 00:57 . 2013-05-31 00:57 -------- d-----w- c:\program files\7-Zip</p><p>2013-05-30 02:05 . 2013-05-30 02:05 -------- d-----w- c:\windows\ERUNT</p><p>2013-05-30 02:03 . 2013-05-30 02:03 -------- d-----w- C:\JRT</p><p>2013-05-28 20:29 . 2013-05-28 20:29 -------- d-----w- c:\program files\ESET</p><p>2013-05-25 17:12 . 2013-05-25 17:12 -------- d-----w- c:\documents and settings\pvidulic\Application Data\Malwarebytes</p><p>2013-05-25 17:11 . 2013-05-25 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes</p><p>2013-05-25 17:11 . 2013-05-25 17:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware</p><p>2013-05-25 17:11 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys</p><p>2013-05-24 22:32 . 2013-05-24 22:37 -------- d-----w- c:\program files\Common Files\Research in Motion</p><p>2013-05-24 22:27 . 2013-05-24 22:27 -------- d-----w- c:\program files\TeamViewer</p><p>2013-05-20 00:23 . 2013-05-20 00:23 -------- d-----w- c:\documents and settings\pvidulic\Application Data\AdobeUM</p><p>2013-05-20 00:18 . 2013-05-20 00:18 -------- d-----w- c:\program files\Common Files\Adobe</p><p>.</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2013-06-02 03:58 . 2006-11-17 08:59 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS</p><p>2013-05-31 01:14 . 2009-12-17 19:57 144896 ----a-w- c:\windows\system32\javacpl.cpl</p><p>2013-05-31 01:14 . 2011-08-04 00:33 788896 ----a-w- c:\windows\system32\deployJava1.dll</p><p>2013-05-25 01:21 . 2006-11-17 08:58 23552 ----a-w- c:\windows\system32\drivers\psasrv.exe</p><p>2013-05-25 01:21 . 2006-07-12 00:52 17536 ----a-w- c:\windows\system32\drivers\psadd.sys</p><p>2013-05-22 23:20 . 2013-04-02 12:35 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe</p><p>2013-05-22 23:20 . 2011-07-25 00:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl</p><p>2013-05-21 01:44 . 2013-05-04 00:31 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys</p><p>2013-05-08 06:10 . 2013-03-26 19:33 770384 ----a-w- c:\windows\system32\msvcr100.dll</p><p>2013-05-08 06:10 . 2013-03-26 19:33 421200 ----a-w- c:\windows\system32\msvcp100.dll</p><p>2013-04-19 11:14 . 2013-05-04 00:30 139264 ----a-w- c:\windows\system32\bzpdfc.dll</p><p>2013-04-19 11:14 . 2013-05-04 00:29 200192 ----a-w- c:\windows\system32\bzpdf.dll</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Note* empty entries & legit default entries are not shown </p><p>REGEDIT4</p><p>.</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"ISUSPM"="c:\program files\Common Files\Installshield\UpdateService\ISUSPM.exe" [2008-10-24 206112]</p><p>"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-04-16 417792]</p><p>"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-03-17 208896]</p><p>"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-10-06 118784]</p><p>"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 1323008]</p><p>"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576]</p><p>"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]</p><p>"TpShocks"="TpShocks.exe" [2009-02-03 181536]</p><p>"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]</p><p>"TP4EX"="tp4ex.exe" [2005-10-17 65536]</p><p>"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-31 30192]</p><p>"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-01-29 185688]</p><p>"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]</p><p>"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]</p><p>"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]</p><p>"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]</p><p>"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]</p><p>"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-19 196696]</p><p>"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-08-26 409600]</p><p>"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-08-26 110592]</p><p>"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-14 41472]</p><p>"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]</p><p>"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]</p><p>"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]</p><p>"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]</p><p>"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-03 62240]</p><p>"AMSG"="c:\progra~1\THINKV~2\AMSG\amsg.exe" [2009-04-29 424512]</p><p>"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]</p><p>"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-01-29 124248]</p><p>"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]</p><p>"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2010-10-16 866592]</p><p>"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]</p><p>"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]</p><p>.</p><p>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]</p><p>"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]</p><p>"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-19 2247]</p><p>.</p><p>c:\documents and settings\All Users\Start Menu\Programs\Startup\</p><p>Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]</p><p>Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-5-31 622653]</p><p>Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-9-15 50688]</p><p>HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]</p><p>Online plug-in.lnk - c:\windows\Installer\{7681A1A9-D865-4DC0-A319-41A49F5E78DB}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [N/A]</p><p>Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</p><p>"enableinstallerdetection"= 0 (0x0)</p><p>"enablesecureuiapaths"= 0 (0x0)</p><p>.</p><p>[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]</p><p>"HideLogonScripts"= 1 (0x1)</p><p>.</p><p>[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]</p><p>"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]</p><p>2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]</p><p>2009-05-21 20:54 100104 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]</p><p>2006-09-06 20:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]</p><p>Notification Packages REG_MULTI_SZ c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll scecli</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1524525210-608246017-11539462-17652\Scripts\Logon\0\0]</p><p>"Script"=\\olf.com\SYSVOL\olf.com\scripts\asset.bat</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1524525210-608246017-11539462-1893\Scripts\Logon\0\0]</p><p>"Script"=LyncNoPrompt.bat</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1524525210-608246017-11539462-1893\Scripts\Logon\1\0]</p><p>"Script"=JunkMailImportLists.bat</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1524525210-608246017-11539462-1893\Scripts\Logon\2\0]</p><p>"Script"=startup_script.bat</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1524525210-608246017-11539462-1893\Scripts\Logon\3\0]</p><p>"Script"=\\olf.com\SYSVOL\olf.com\scripts\asset.bat</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]</p><p>"DisableMonitoring"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]</p><p>"DisableMonitoring"=dword:00000001</p><p>.</p><p>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]</p><p>"EnableFirewall"= 0 (0x0)</p><p>.</p><p>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]</p><p>"%windir%\\system32\\sessmgr.exe"=</p><p>"%windir%\\Network Diagnostic\\xpnetdiag.exe"=</p><p>"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=</p><p>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=</p><p>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=</p><p>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=</p><p>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=</p><p>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=</p><p>"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=</p><p>"c:\\Program Files\\Skype\\Phone\\Skype.exe"=</p><p>"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=</p><p>"c:\\Program Files\\iTunes\\iTunes.exe"=</p><p>"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=</p><p>"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=</p><p>.</p><p>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]</p><p>"3389:TCP"= 3389:TCP<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite112" alt=":mad:" title="Mad :mad:" loading="lazy" data-shortname=":mad:" />xpsp2res.dll,-22009</p><p>"53233:TCP"= 53233:TCP:Trend Micro OfficeScan Listener</p><p>.</p><p>R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [1/28/2009 5:57 PM 20520]</p><p>R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [5/3/2013 8:31 PM 37664]</p><p>R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/16/2010 5:22 PM 65584]</p><p>R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [9/15/2009 1:55 PM 53248]</p><p>R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/13/2006 8:05 PM 58368]</p><p>R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 7:55 PM 3968]</p><p>R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [3/13/2009 2:47 PM 12560]</p><p>R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [5/24/2013 6:27 PM 3574624]</p><p>R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2/18/2010 3:51 PM 52304]</p><p>R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXpflt.sys [9/30/2009 3:38 PM 264504]</p><p>R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\TmPreflt.sys [9/30/2009 3:37 PM 36664]</p><p>R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [5/21/2009 8:48 PM 62320]</p><p>S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [11/10/2009 3:27 PM 81920]</p><p>S2 BackupService;BackupService;c:\documents and settings\pvidulic\Application Data\HP SimpleSave Application\uUACTokenSvc.exe [8/23/2010 8:11 PM 83512]</p><p>S2 gupdate1ca568ffa5b08a4;Google Update Service (gupdate1ca568ffa5b08a4);c:\program files\Google\Update\GoogleUpdate.exe [10/26/2009 6:59 PM 133104]</p><p>S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [5/21/2009 8:48 PM 45424]</p><p>S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [5/25/2013 1:11 PM 418376]</p><p>S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/25/2013 1:11 PM 701512]</p><p>S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/17/2006 4:41 AM 30192]</p><p>S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/25/2013 1:11 PM 22856]</p><p>S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [11/10/2009 3:27 PM 100352]</p><p>S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [11/10/2009 3:27 PM 100352]</p><p>S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [11/10/2009 3:27 PM 100352]</p><p>S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [7/15/2009 6:37 PM 689416]</p><p>S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpndrv.sys --> c:\windows\system32\DRIVERS\covpndrv.sys [?]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]</p><p>HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12</p><p>hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc</p><p>.</p><p>Contents of the 'Scheduled Tasks' folder</p><p>.</p><p>2013-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job</p><p>- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-02 23:21]</p><p>.</p><p>2013-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job</p><p>- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]</p><p>.</p><p>2013-06-04 c:\windows\Tasks\PMTask.job</p><p>- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-11-17 17:41]</p><p>.</p><p>.</p><p>------- Supplementary Scan -------</p><p>.</p><p>uStart Page = hxxp://www.google.com</p><p>uInternet Settings,ProxyOverride = *.local;<local></p><p>uInternet Settings,ProxyServer = 10.7.192.2:8080</p><p>IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm</p><p>IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm</p><p>IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm</p><p>IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm</p><p>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000</p><p>IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm</p><p>Trusted Zone: google.com\www</p><p>Trusted Zone: olf.com\h2o</p><p>Trusted Zone: olf.com\oebdsn1</p><p>Trusted Zone: olf.com\oebpas1</p><p>Trusted Zone: olf.com\olfandex1.andover</p><p>Trusted Zone: olf.com\tenrox</p><p>Trusted Zone: olf.com\h2o</p><p>Trusted Zone: olf.com\tenrox</p><p>TCP: DhcpNameServer = 192.168.1.1 68.237.161.12</p><p>DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab</p><p>DPF: {D1610EA9-8DC7-4B2A-80DC-255032022E96} - hxxp://cp-txprod.olf.com/PTWeb/DTFileUploadCtrl.cab</p><p>FF - ProfilePath - c:\documents and settings\pvidulic\Application Data\Mozilla\Firefox\Profiles\1nc1d3r.default\</p><p>FF - prefs.js: network.proxy.type - 2</p><p>FF - ExtSQL: 2013-05-30 20:56; {B7245FCB-27B3-4CFC-BAC0-50BCD09BE131}; c:\documents and settings\pvidulic\Application Data\Mozilla\Firefox\Profiles\1nc1d3r.default\extensions\{B7245FCB-27B3-4CFC-BAC0-50BCD09BE131}</p><p>.</p><p>- - - - ORPHANS REMOVED - - - -</p><p>.</p><p>BHO-{878B8524-AED5-4870-9A96-A515440DAC75} - (no file)</p><p>AddRemove-sl-adk - c:\program files\OApps\sl-adk_uninstall.exe</p><p>.</p><p>.</p><p>.</p><p>**************************************************************************</p><p>.</p><p>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net</p><p>Rootkit scan 2013-06-03 23:11</p><p>Windows 5.1.2600 Service Pack 3 NTFS</p><p>.</p><p>scanning hidden processes ... </p><p>.</p><p>scanning hidden autostart entries ... </p><p>.</p><p>scanning hidden files ... </p><p>.</p><p>scan completed successfully</p><p>hidden files: 0</p><p>.</p><p>**************************************************************************</p><p>.</p><p>--------------------- LOCKED REGISTRY KEYS ---------------------</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</p><p>@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker5"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>--------------------- DLLs Loaded Under Running Processes ---------------------</p><p>.</p><p>- - - - - - - > 'winlogon.exe'(1420)</p><p>c:\windows\system32\Ati2evxx.dll</p><p>c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll</p><p>c:\program files\ThinkVantage Fingerprint Software\homefus2.dll</p><p>c:\program files\ThinkVantage Fingerprint Software\infql2.dll</p><p>c:\program files\ThinkVantage Fingerprint Software\homepass.dll</p><p>c:\program files\ThinkVantage Fingerprint Software\bio.dll</p><p>c:\program files\ThinkVantage Fingerprint Software\qlbase.dll</p><p>c:\program files\Lenovo\AwayTask\AwayNotify.dll</p><p>.</p><p>- - - - - - - > 'lsass.exe'(1476)</p><p>c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll</p><p>c:\program files\ThinkVantage Fingerprint Software\homefus2.dll</p><p>c:\program files\ThinkVantage Fingerprint Software\infql2.dll</p><p>.</p><p>Completion time: 2013-06-03 23:14:30</p><p>ComboFix-quarantined-files.txt 2013-06-04 03:14</p><p>.</p><p>Pre-Run: 3,085,787,136 bytes free</p><p>Post-Run: 3,069,640,704 bytes free</p><p>.</p><p>- - End Of File - - 3889829A29A02010A71A7A257DCD3CF6</p></blockquote><p></p>
[QUOTE="donnamv, post: 123493, member: 2175"] When I clicked in the reply box I got the same pop up- Istall player..... here is the Combo Fix Log ComboFix 13-06-03.06 - pvidulic 06/03/2013 22:55:11.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.606 [GMT -4:00] Running from: c:\documents and settings\pvidulic\My Documents\Downloads\ComboFix.exe AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {58027DB4-A7D7-4BBF-AFB5-6A5AC1AB795C} * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\TPAPSLOG.LOG c:\windows\system32\TPHDLOG0.LOG . . ((((((((((((((((((((((((( Files Created from 2013-05-04 to 2013-06-04 ))))))))))))))))))))))))))))))) . . 2013-05-31 19:23 . 2013-05-31 19:23 -------- d-----w- c:\documents and settings\pvidulic\Local Settings\Application Data\Sun 2013-05-31 01:16 . 2013-05-31 01:16 -------- d-----w- c:\program files\Common Files\Java 2013-05-31 01:15 . 2013-05-31 01:14 866720 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-05-31 01:15 . 2013-05-31 01:14 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-05-31 01:11 . 2013-05-31 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2013-05-31 00:57 . 2013-05-31 00:57 -------- d-----w- c:\program files\7-Zip 2013-05-30 02:05 . 2013-05-30 02:05 -------- d-----w- c:\windows\ERUNT 2013-05-30 02:03 . 2013-05-30 02:03 -------- d-----w- C:\JRT 2013-05-28 20:29 . 2013-05-28 20:29 -------- d-----w- c:\program files\ESET 2013-05-25 17:12 . 2013-05-25 17:12 -------- d-----w- c:\documents and settings\pvidulic\Application Data\Malwarebytes 2013-05-25 17:11 . 2013-05-25 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2013-05-25 17:11 . 2013-05-25 17:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-05-25 17:11 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-24 22:32 . 2013-05-24 22:37 -------- d-----w- c:\program files\Common Files\Research in Motion 2013-05-24 22:27 . 2013-05-24 22:27 -------- d-----w- c:\program files\TeamViewer 2013-05-20 00:23 . 2013-05-20 00:23 -------- d-----w- c:\documents and settings\pvidulic\Application Data\AdobeUM 2013-05-20 00:18 . 2013-05-20 00:18 -------- d-----w- c:\program files\Common Files\Adobe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-02 03:58 . 2006-11-17 08:59 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS 2013-05-31 01:14 . 2009-12-17 19:57 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-05-31 01:14 . 2011-08-04 00:33 788896 ----a-w- c:\windows\system32\deployJava1.dll 2013-05-25 01:21 . 2006-11-17 08:58 23552 ----a-w- c:\windows\system32\drivers\psasrv.exe 2013-05-25 01:21 . 2006-07-12 00:52 17536 ----a-w- c:\windows\system32\drivers\psadd.sys 2013-05-22 23:20 . 2013-04-02 12:35 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-22 23:20 . 2011-07-25 00:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-21 01:44 . 2013-05-04 00:31 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-05-08 06:10 . 2013-03-26 19:33 770384 ----a-w- c:\windows\system32\msvcr100.dll 2013-05-08 06:10 . 2013-03-26 19:33 421200 ----a-w- c:\windows\system32\msvcp100.dll 2013-04-19 11:14 . 2013-05-04 00:30 139264 ----a-w- c:\windows\system32\bzpdfc.dll 2013-04-19 11:14 . 2013-05-04 00:29 200192 ----a-w- c:\windows\system32\bzpdf.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\Installshield\UpdateService\ISUSPM.exe" [2008-10-24 206112] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-04-16 417792] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-03-17 208896] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-10-06 118784] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 1323008] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352] "TpShocks"="TpShocks.exe" [2009-02-03 181536] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976] "TP4EX"="tp4ex.exe" [2005-10-17 65536] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-31 30192] "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-01-29 185688] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-19 196696] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-08-26 409600] "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-08-26 110592] "PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-14 41472] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976] "LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-03 62240] "AMSG"="c:\progra~1\THINKV~2\AMSG\amsg.exe" [2009-04-29 424512] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-01-29 124248] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2010-10-16 866592] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801] "TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-19 2247] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-5-31 622653] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-9-15 50688] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Online plug-in.lnk - c:\windows\Installer\{7681A1A9-D865-4DC0-A319-41A49F5E78DB}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [N/A] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "enableinstallerdetection"= 0 (0x0) "enablesecureuiapaths"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLogonScripts"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify] 2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2009-05-21 20:54 100104 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 20:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll scecli . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1524525210-608246017-11539462-17652\Scripts\Logon\0\0] "Script"=\\olf.com\SYSVOL\olf.com\scripts\asset.bat . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1524525210-608246017-11539462-1893\Scripts\Logon\0\0] "Script"=LyncNoPrompt.bat . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1524525210-608246017-11539462-1893\Scripts\Logon\1\0] "Script"=JunkMailImportLists.bat . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1524525210-608246017-11539462-1893\Scripts\Logon\2\0] "Script"=startup_script.bat . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1524525210-608246017-11539462-1893\Scripts\Logon\3\0] "Script"=\\olf.com\SYSVOL\olf.com\scripts\asset.bat . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "53233:TCP"= 53233:TCP:Trend Micro OfficeScan Listener . R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [1/28/2009 5:57 PM 20520] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [5/3/2013 8:31 PM 37664] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/16/2010 5:22 PM 65584] R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [9/15/2009 1:55 PM 53248] R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/13/2006 8:05 PM 58368] R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 7:55 PM 3968] R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [3/13/2009 2:47 PM 12560] R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [5/24/2013 6:27 PM 3574624] R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2/18/2010 3:51 PM 52304] R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXpflt.sys [9/30/2009 3:38 PM 264504] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\TmPreflt.sys [9/30/2009 3:37 PM 36664] R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [5/21/2009 8:48 PM 62320] S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [11/10/2009 3:27 PM 81920] S2 BackupService;BackupService;c:\documents and settings\pvidulic\Application Data\HP SimpleSave Application\uUACTokenSvc.exe [8/23/2010 8:11 PM 83512] S2 gupdate1ca568ffa5b08a4;Google Update Service (gupdate1ca568ffa5b08a4);c:\program files\Google\Update\GoogleUpdate.exe [10/26/2009 6:59 PM 133104] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [5/21/2009 8:48 PM 45424] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [5/25/2013 1:11 PM 418376] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/25/2013 1:11 PM 701512] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/17/2006 4:41 AM 30192] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/25/2013 1:11 PM 22856] S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [11/10/2009 3:27 PM 100352] S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [11/10/2009 3:27 PM 100352] S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [11/10/2009 3:27 PM 100352] S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [7/15/2009 6:37 PM 689416] S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpndrv.sys --> c:\windows\system32\DRIVERS\covpndrv.sys [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-02 23:21] . 2013-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2013-06-04 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-11-17 17:41] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local;<local> uInternet Settings,ProxyServer = 10.7.192.2:8080 IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm Trusted Zone: google.com\www Trusted Zone: olf.com\h2o Trusted Zone: olf.com\oebdsn1 Trusted Zone: olf.com\oebpas1 Trusted Zone: olf.com\olfandex1.andover Trusted Zone: olf.com\tenrox Trusted Zone: olf.com\h2o Trusted Zone: olf.com\tenrox TCP: DhcpNameServer = 192.168.1.1 68.237.161.12 DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab DPF: {D1610EA9-8DC7-4B2A-80DC-255032022E96} - hxxp://cp-txprod.olf.com/PTWeb/DTFileUploadCtrl.cab FF - ProfilePath - c:\documents and settings\pvidulic\Application Data\Mozilla\Firefox\Profiles\1nc1d3r.default\ FF - prefs.js: network.proxy.type - 2 FF - ExtSQL: 2013-05-30 20:56; {B7245FCB-27B3-4CFC-BAC0-50BCD09BE131}; c:\documents and settings\pvidulic\Application Data\Mozilla\Firefox\Profiles\1nc1d3r.default\extensions\{B7245FCB-27B3-4CFC-BAC0-50BCD09BE131} . - - - - ORPHANS REMOVED - - - - . BHO-{878B8524-AED5-4870-9A96-A515440DAC75} - (no file) AddRemove-sl-adk - c:\program files\OApps\sl-adk_uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-06-03 23:11 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1420) c:\windows\system32\Ati2evxx.dll c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infql2.dll c:\program files\ThinkVantage Fingerprint Software\homepass.dll c:\program files\ThinkVantage Fingerprint Software\bio.dll c:\program files\ThinkVantage Fingerprint Software\qlbase.dll c:\program files\Lenovo\AwayTask\AwayNotify.dll . - - - - - - - > 'lsass.exe'(1476) c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infql2.dll . Completion time: 2013-06-03 23:14:30 ComboFix-quarantined-files.txt 2013-06-04 03:14 . Pre-Run: 3,085,787,136 bytes free Post-Run: 3,069,640,704 bytes free . - - End Of File - - 3889829A29A02010A71A7A257DCD3CF6 [/QUOTE]
Insert quotes…
Verification
Post reply
Top
