Tarheelz4life
-
Posts
4 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Tarheelz4life
-
Help removing malware/ virus
Tarheelz4life replied to Tarheelz4life's topic in Resolved Malware Removal Logs
Do I need to update all of these out of date programs? Thanks. -
Help removing malware/ virus
Tarheelz4life replied to Tarheelz4life's topic in Resolved Malware Removal Logs
I downloaded the ESST Security scanner and here is what the log.txt looks like: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK I ran the scan and it did not find any malware. I downloaded your security check and this is the checkup log: Results of screen317's Security Check version 0.99.30 Windows Vista Service Pack 1 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 8 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 Symantec AntiVirus WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Java 6 Update 7 Java version out of date! Adobe Flash Player 11.1.102.55 Adobe Reader 9 Adobe Reader out of date! Mozilla Firefox 8.0.1 Firefox out of Date! Mozilla Thunderbird 2.0.0 Thunderbird out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe Symantec AntiVirus DefWatch.exe Symantec AntiVirus SavRoam.exe Symantec AntiVirus Rtvscan.exe Symantec AntiVirus VPTray.exe ESET ESET Online Scanner OnlineCmdLineScanner.exe ``````````End of Log```````````` Thanks again for all of your help. It may be hard for me to be by my computer this weekend but if there are any further checks or scans I need to do please let me know. I appreciate your patience and information in helping me resolve this issue. Dan -
Help removing malware/ virus
Tarheelz4life replied to Tarheelz4life's topic in Resolved Malware Removal Logs
Thanks for getting back with me. Here is my MBAM log: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 911122605 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.19088 12/26/2011 10:43:04 PM mbam-log-2011-12-26 (22-43-03).txt Scan type: Quick scan Objects scanned: 194296 Time elapsed: 7 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) And here is my Combo Fix Log: ComboFix 11-12-26.03 - UNC Support 12/26/2011 22:07:49.1.2 - x86 Microsoft® Windows Vista™ Enterprise 6.0.6001.1.1252.1.1033.18.2519.1181 [GMT -5:00] Running from: c:\users\UNC Support\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RCIMGDIR.exe.lnk c:\programdata\Roaming c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini c:\windows\system32\SET2C55.tmp c:\windows\system32\SET2D32.tmp c:\windows\system32\TPAPSLOG.LOG c:\windows\system32\TPHDLOG0.LOG . . ((((((((((((((((((((((((( Files Created from 2011-11-27 to 2011-12-27 ))))))))))))))))))))))))))))))) . . 2011-12-27 02:53 . 2011-12-27 02:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-12-23 02:33 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-23 02:22 . 2011-12-27 02:55 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7DB42A7-77E0-4955-A5AE-A6B398099E42}\offreg.dll 2011-12-20 21:24 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7DB42A7-77E0-4955-A5AE-A6B398099E42}\mpengine.dll 2011-12-09 12:51 . 2011-12-09 12:51 466944 ----a-w- c:\program files\Mozilla Firefox\plugins\NPcol400.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-23 02:24 . 2011-07-17 15:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-29 00:53 . 2011-09-30 23:26 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 824616] "TpShocks"="TpShocks.exe" [2008-06-06 181536] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-06-06 487424] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-08 165208] "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-08 124248] "CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2008-08-12 16384] "RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920] "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2008-10-27 632096] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2008-10-27 214576] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-26 992816] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-12-08 107112] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-08-05 135568] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-12 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-12 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-12 154136] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-10 180269] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "RestrictWelcomeCenter"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "RestrictWelcomeCenter"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . R1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-07-11 48192] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448] R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2008-10-26 106496] R3 ICDUSB2;Sony IC Recorder (ST);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-29 39048] R3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\DRIVERS\mr97310c.sys [2008-03-27 116992] R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752] R3 vmx_svga;vmx_svga;c:\windows\system32\DRIVERS\vmx_svga.sys [2006-07-01 15744] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2008-05-14 19496] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480] S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2008-10-26 1676536] S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2008-10-26 98304] S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456] S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-10-27 66848] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032] S2 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007-08-05 121744] S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2008-03-27 58736] S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-06-06 520192] S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-05-29 2058776] S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\5U875.sys [2008-07-09 72704] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-10-03 3881472] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2008-10-03 54784] S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-10-27 482176] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-03-27 224384] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 106104] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdkmd32.sys [2008-09-02 2472448] S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-06-26 3662848] S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312] S4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-12-27 41272] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.unc.edu/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - . - - - - ORPHANS REMOVED - - - - . HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-26 22:24 Windows 6.0.6001 Service Pack 1 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2011-12-26 22:34:36 ComboFix-quarantined-files.txt 2011-12-27 03:34 . Pre-Run: 33,665,421,312 bytes free Post-Run: 40,563,470,336 bytes free . - - End Of File - - 08B84E5B1888A179473265F0E6AA87EA And lastly my DDS log: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_07 Run by UNC Support at 22:44:56 on 2011-12-26 Microsoft® Windows Vista™ Enterprise 6.0.6001.1.1252.1.1033.18.2519.697 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\DTS.exe C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\AtService.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Windows\System32\TPHDEXLG.exe C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files\Lenovo\System Update\SUService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\TpShocks.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec AntiVirus\VPTray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\RotateImage\RCIMGDIR.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\iPod\bin\iPodService.exe c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Windows\system32\wuauclt.exe c:\program files\windows defender\MpCmdRun.exe C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\notepad.exe C:\Windows\explorer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Malwarebytes' Anti-Malware\winlogon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.unc.edu/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe" mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [TpShocks] TpShocks.exe mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe mRun: [CameraApplicationLauncher] c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe mRun: [RoxioDragToDisc] "c:\program files\lenovo\drag-to-disc\DrgToDsc.exe" mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe" mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\users\uncsup~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe uPolicies-explorer: RestrictWelcomeCenter = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: DisableCAD = 1 (0x1) dPolicies-explorer: RestrictWelcomeCenter = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{4FF01E0F-6CE8-4E3F-9AF0-E3B5EBAC6F4B} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\unc support\appdata\roaming\mozilla\firefox\profiles\rpwj1a2f.default\ FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll FF - plugin: c:\users\unc support\desktop\divx\divx web player\npdivx32.dll . ============= SERVICES / DRIVERS =============== . R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496] R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480] R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2008-10-26 1676536] R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2008-10-26 98304] R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-8-7 91456] R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-12-18 66848] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032] R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-8-5 121744] R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-8-5 1966480] R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-6-29 58736] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-6-6 520192] R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2008-12-18 2058776] R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [2008-12-18 72704] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2008-10-3 3881472] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2008-10-2 54784] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-8-15 482176] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-12-18 224384] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-13 106104] R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdkmd32.sys [2008-9-2 2472448] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-6-26 3662848] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312] S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-12-18 48192] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?] S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-28 360448] S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2008-10-26 106496] S3 ICDUSB2;Sony IC Recorder (ST);c:\windows\system32\drivers\IcdUsb2.sys [2010-11-22 39048] S3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\drivers\mr97310c.sys [2008-3-27 116992] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752] S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2008-10-31 15744] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-12-27 03:35:08 -------- d-sh--w- C:\$RECYCLE.BIN 2011-12-27 03:02:13 208896 ----a-w- c:\windows\MBR.exe 2011-12-27 03:02:12 98816 ----a-w- c:\windows\sed.exe 2011-12-27 03:02:12 518144 ----a-w- c:\windows\SWREG.exe 2011-12-27 03:02:12 256000 ----a-w- c:\windows\PEV.exe 2011-12-27 03:01:38 -------- d-----w- C:\ComboFix 2011-12-27 02:53:20 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-12-23 02:33:53 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-23 02:22:21 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a7db42a7-77e0-4955-a5ae-a6b398099e42}\offreg.dll 2011-12-20 21:24:44 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a7db42a7-77e0-4955-a5ae-a6b398099e42}\mpengine.dll 2011-12-09 12:51:58 466944 ----a-w- c:\program files\mozilla firefox\plugins\NPcol400.dll . ==================== Find3M ==================== . 2011-12-23 02:24:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 22:45:39.07 =============== Thank you again for all of your help as it is greatly appreciated! Dan -
Attach.zipHello all. I have been having a problem with my computer in the last week. I ran my weekly antivirus scan with Symantec Antivirus and found multiple trojan related viruses which were either deleted, cleaned, or quarantined. After cleaning I ran MBAM (which I tend to run whenever I use my computer) and it stated that I had no objects infected. A few days later, I noticed that Mozilla Firefox would not work to check email and I could not run MBAM. I ran my antivirus scan again and it cannot find any infected objects. I then turned to the forums and re-installed MBAM, re-named the .exe file and was able to get it to update (which it updated to version 911122302). The quick scan did not find any infected objects but I am still having trouble running Firefox. Also while MBAM is open the tab at the bottom of my screen has the MBAM logo with the number 146958. Normally when I run MBAM it has the logo and Malwayrebytes name on the tab. Next I downloaded the DDS file and here is the .txt file I received after scanning: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_07 Run by UNC Support at 22:05:01 on 2011-12-22 Microsoft® Windows Vista™ Enterprise 6.0.6001.1.1252.1.1033.18.2519.517 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\DTS.exe C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\AtService.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Windows\System32\TPHDEXLG.exe C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Lenovo\System Update\SUService.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\TpShocks.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe C:\Windows\System32\rundll32.exe C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec AntiVirus\VPTray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\igfxtray.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\system32\hkcmd.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\RotateImage\RCIMGDIR.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe C:\Program Files\iPod\bin\iPodService.exe c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Malwarebytes' Anti-Malware\winlogon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Symantec AntiVirus\vpc32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.unc.edu/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe" mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [TpShocks] TpShocks.exe mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe mRun: [CameraApplicationLauncher] c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe mRun: [RoxioDragToDisc] "c:\program files\lenovo\drag-to-disc\DrgToDsc.exe" mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe" mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\users\uncsup~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rcimgd~1.lnk - c:\program files\rotateimage\RCIMGDIR.exe uPolicies-explorer: RestrictWelcomeCenter = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: DisableCAD = 1 (0x1) dPolicies-explorer: RestrictWelcomeCenter = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{4FF01E0F-6CE8-4E3F-9AF0-E3B5EBAC6F4B} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\unc support\appdata\roaming\mozilla\firefox\profiles\rpwj1a2f.default\ FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll FF - plugin: c:\users\unc support\desktop\divx\divx web player\npdivx32.dll . ============= SERVICES / DRIVERS =============== . R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496] R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480] R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2008-10-26 1676536] R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2008-10-26 98304] R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-8-7 91456] R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-12-18 66848] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032] R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-8-5 121744] R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-8-5 1966480] R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-6-29 58736] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-6-6 520192] R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2008-12-18 2058776] R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [2008-12-18 72704] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2008-10-3 3881472] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2008-10-2 54784] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-8-15 482176] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-12-18 224384] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-13 106104] R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdkmd32.sys [2008-9-2 2472448] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-6-26 3662848] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312] S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-12-18 48192] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?] S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-28 360448] S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2008-10-26 106496] S3 ICDUSB2;Sony IC Recorder (ST);c:\windows\system32\drivers\IcdUsb2.sys [2010-11-22 39048] S3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\drivers\mr97310c.sys [2008-3-27 116992] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752] S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2008-10-31 15744] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-12-23 02:44:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-12-23 02:33:53 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-23 02:22:21 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a7db42a7-77e0-4955-a5ae-a6b398099e42}\offreg.dll 2011-12-20 21:24:44 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a7db42a7-77e0-4955-a5ae-a6b398099e42}\mpengine.dll 2011-12-09 12:51:58 466944 ----a-w- c:\program files\mozilla firefox\plugins\NPcol400.dll . ==================== Find3M ==================== . 2011-12-23 02:24:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 22:06:24.27 =============== I have also attach.zip file. I have recently updated Adobe flash player but have not downloaded anything that I can think of. Any help would be greatly appreciated. Thanks!