Jump to content

Recommended Posts

Please help...I've spent all morning trying to work through the numerous posts on how to use the chameleon program to remove a virus but I am still unable to complete a Malware scan without the program crashing or windows shutting down. I believe the culprit is a smart fortress virus...

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Sharpsburg Pharmacy at 15:38:58 on 2012-05-09

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2968.2010 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\DTS.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\AtService.exe

C:\WINDOWS\system32\FpLogonServ.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

C:\WINDOWS\system32\RDMSOService.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\WINDOWS\System32\TPHDEXLG.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Documents and Settings\All Users\Application Data\CAM Commerce Solutions\X-Charge\Application\XCSecurityService.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe

C:\WINDOWS\system32\TpShocks.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe

C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\hphmon05.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe

C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe

C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe

C:\WINDOWS\system32\dumprep.exe

C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AcroDist.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe

C:\Program Files\Lenovo\Client Security Solution\password_manager.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\Intuit\QuickBooks 2008\QBW32.EXE

C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&from=login

uInternet Connection Wizard,ShellNext = hxxp://www.onlineregister.com/lenovo/?PAGE=thx&LANG=EN&CTRY=United%20States&MODL=7417CTO&PRNM=Lenovo&SRNM=R819L5H

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL

BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r

mRun: [TpShocks] TpShocks.exe

mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe

mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe

mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe

mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start

mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe"

mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe

mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symant~1\VPTray.exe

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

mRun: [HPHUPD05] c:\program files\hewlett-packard\\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"

mRun: [HPHmon05] c:\windows\system32\hphmon05.exe

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [<NO NAME>]

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"

mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized

mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cardmi~1.lnk - c:\program files\pfu\scansnap\cardminder\CardLauncher.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\conver~1.lnk - c:\program files\pfu\scansnap\organizer\PfuSsOrgOcrChk.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2008\QBW32.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap\driver\PfuSsMon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

LSP: mswsock.dll

Trusted Zone: deaecom.gov

Trusted Zone: ebanking-services.com\*.centrabank

Trusted Zone: mckesson.com

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB

DPF: {570FC26E-DBF8-46A0-90B1-8B24113F6691} - hxxp://192.168.1.139/NVSWebAll.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NEP1-267/webex/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EF991872-9158-4570-A7FF-E7DBB6A4B8E9} - hxxp://192.168.1.126/iqweb.ocx

TCP: DhcpNameServer = 68.87.73.242 68.87.71.226

TCP: Interfaces\{5E525D59-24D3-486E-9A86-89107ABC94A6} : DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{7CECA18C-DB08-494A-BB1E-FF88E3D18594} : DhcpNameServer = 68.87.73.242 68.87.71.226

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Notify: ACNotify - ACNotify.dll

Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll

Notify: igfxcui - igfxdev.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

LSA: Notification Packages = scecli ACGina

.

============= SERVICES / DRIVERS ===============

.

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-1-28 20520]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-10-23 13480]

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]

R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-3-19 1680632]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808]

R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-3-19 98304]

R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2009-3-19 118784]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2012-3-23 87040]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-3-28 53248]

R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]

R2 RDMSOService;RDMSOService;c:\windows\system32\RDMSOService.exe [2012-4-9 128448]

R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]

R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-10-5 62320]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2012-5-4 520192]

R2 XCSecurity;X-Charge Security;c:\documents and settings\all users\application data\cam commerce solutions\x-charge\application\XCSecurityService.exe [2012-4-9 1646080]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2010-3-28 482176]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2010-3-28 243856]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110502.002\naveng.sys [2011-5-15 86136]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110502.002\navex15.sys [2011-5-15 1393144]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]

S1 iayvxwoc;iayvxwoc;\??\c:\windows\system32\drivers\iayvxwoc.sys --> c:\windows\system32\drivers\iayvxwoc.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-10-5 45424]

S2 mcafeeantispyware;PCTINDIS5;c:\windows\system32\svchost.exe -k netsvcs [2008-7-21 14336]

S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-3-12 1221864]

S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2012-5-4 360448]

S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-3-19 106496]

S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-2-26 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-5-9 32072]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-9 40776]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-9-24 1124848]

S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-3-12 169192]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 XCService;X-Charge Server;c:\documents and settings\all users\application data\cam commerce solutions\x-charge\application\XCService.exe [2012-4-9 462336]

.

=============== Created Last 30 ================

.

2012-05-09 18:41:21 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-05-09 15:44:33 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-05-04 19:23:35 -------- d-----w- c:\documents and settings\sharpsburg pharmacy\local settings\application data\LogMeIn Rescue Applet

2012-05-04 19:17:06 -------- d-----w- c:\documents and settings\sharpsburg pharmacy\local settings\application data\NPE

2012-05-04 19:17:06 -------- d-----w- c:\documents and settings\all users\application data\Norton

2012-05-03 22:58:36 -------- d-----w- c:\documents and settings\sharpsburg pharmacy\application data\Malwarebytes

2012-05-03 22:58:17 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-05-03 22:58:15 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-03 22:58:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-03 21:51:31 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-05-03 21:49:36 -------- d-----w- c:\documents and settings\all users\application data\F4D55F3B61AA7BAA5FDC02B2D151FC4E

2012-04-16 19:58:40 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-16 16:11:43 -------- d-sh--w- C:\found.000

.

==================== Find3M ====================

.

2012-05-07 00:44:43 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-06 00:10:18 72080 ------w- c:\documents and settings\sharpsburg pharmacy\g2mdlhlpx.exe

2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 ------w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec

2012-02-14 16:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX

.

============= FINISH: 15:41:02.20 ===============

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 3/28/2010 10:56:31 PM

System Uptime: 5/9/2012 3:22:33 PM (0 hours ago)

.

Motherboard: LENOVO | | 7417CTO

Processor: Intel Pentium III Xeon processor | None | 2393/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 227 GiB total, 173.899 GiB free.

D: is FIXED (NTFS) - 1397 GiB total, 1376.164 GiB free.

E: is CDROM ()

X: is Removable

Z: is NetworkDisk (NTFS) - 191 GiB total, 151.425 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP528: 2/17/2012 8:18:13 AM - Software Distribution Service 3.0

RP529: 2/18/2012 8:56:48 AM - Software Distribution Service 3.0

RP530: 2/20/2012 10:44:33 AM - System Checkpoint

RP531: 2/21/2012 11:22:14 AM - System Checkpoint

RP532: 2/22/2012 2:10:58 PM - System Checkpoint

RP533: 2/23/2012 4:31:48 PM - System Checkpoint

RP534: 2/25/2012 9:59:36 AM - System Checkpoint

RP535: 2/27/2012 10:28:16 AM - System Checkpoint

RP536: 2/28/2012 12:16:09 PM - System Checkpoint

RP537: 2/29/2012 12:34:38 PM - System Checkpoint

RP538: 3/1/2012 12:55:13 PM - System Checkpoint

RP539: 3/2/2012 2:50:59 PM - System Checkpoint

RP540: 3/3/2012 3:10:26 PM - System Checkpoint

RP541: 3/5/2012 11:01:13 AM - System Checkpoint

RP542: 3/6/2012 11:26:46 AM - System Checkpoint

RP543: 3/7/2012 12:09:42 PM - System Checkpoint

RP544: 3/8/2012 12:49:49 PM - System Checkpoint

RP545: 3/14/2012 11:55:02 AM - System Checkpoint

RP546: 3/15/2012 8:29:26 AM - Software Distribution Service 3.0

RP547: 3/16/2012 12:23:50 PM - System Checkpoint

RP548: 3/17/2012 12:32:22 PM - System Checkpoint

RP549: 3/19/2012 9:34:05 AM - System Checkpoint

RP550: 3/20/2012 11:07:06 AM - System Checkpoint

RP551: 3/21/2012 11:42:53 AM - System Checkpoint

RP552: 3/23/2012 10:58:10 AM - System Checkpoint

RP553: 3/24/2012 1:24:41 PM - System Checkpoint

RP554: 3/26/2012 11:27:15 AM - System Checkpoint

RP555: 3/27/2012 3:16:55 PM - System Checkpoint

RP556: 3/28/2012 5:57:56 PM - System Checkpoint

RP557: 4/2/2012 10:54:35 AM - System Checkpoint

RP558: 4/3/2012 12:01:39 PM - System Checkpoint

RP559: 4/4/2012 12:18:54 PM - System Checkpoint

RP560: 4/5/2012 12:31:03 PM - System Checkpoint

RP561: 4/6/2012 12:56:30 PM - System Checkpoint

RP562: 4/7/2012 1:03:24 PM - System Checkpoint

RP563: 4/9/2012 11:24:57 AM - System Checkpoint

RP564: 4/10/2012 12:55:38 PM - System Checkpoint

RP565: 4/11/2012 1:25:53 PM - System Checkpoint

RP566: 4/13/2012 1:24:12 PM - Software Distribution Service 3.0

RP567: 4/14/2012 2:30:53 PM - System Checkpoint

RP568: 4/16/2012 11:49:38 AM - Software Distribution Service 3.0

RP569: 4/16/2012 4:04:43 PM - Removed HTC Sync.

RP570: 4/16/2012 4:05:31 PM - Installed HTC Sync.

RP571: 4/16/2012 4:06:43 PM - Software Distribution Service 3.0

RP572: 4/16/2012 4:11:32 PM - Software Distribution Service 3.0

RP573: 4/17/2012 5:28:51 PM - System Checkpoint

RP574: 4/19/2012 4:20:42 PM - System Checkpoint

RP575: 4/20/2012 5:10:37 PM - System Checkpoint

RP576: 4/23/2012 12:14:30 PM - System Checkpoint

RP577: 4/24/2012 12:56:29 PM - System Checkpoint

RP578: 4/25/2012 1:41:43 PM - System Checkpoint

RP579: 4/27/2012 12:17:38 PM - System Checkpoint

RP580: 4/28/2012 1:11:44 PM - System Checkpoint

RP581: 5/2/2012 12:15:26 PM - System Checkpoint

RP582: 5/3/2012 1:19:21 PM - System Checkpoint

RP583: 5/4/2012 3:43:10 PM - Norton_Power_Eraser_20120504154305093

RP584: 5/5/2012 9:23:28 AM - Norton_Power_Eraser_20120505092320640

RP585: 5/7/2012 10:19:32 AM - System Checkpoint

RP586: 5/8/2012 11:05:20 AM - System Checkpoint

RP587: 5/9/2012 3:17:24 PM - Norton_Power_Eraser_20120509113601171

.

==== Installed Programs ======================

.

.

ABBYY FineReader for ScanSnap 4.1

Access Help

Acrobat.com

Adobe Acrobat X Standard - English, Français, Deutsch

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Photoshop 7.0

Adobe Reader X (10.1.3)

BlackBerry Desktop Software 6.0.1

CardMinder

CardMinder V4.1

CheckReader Files

Cisco WebEx Meetings

Client Security - Password Manager

Conexant HD Audio

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DetectorTools

DirectX 9 Runtime

Drag-to-Disc

Garmin Lifetime Updater

GoToMeeting 4.8.0.723

Help Center

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB949764)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970685)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Software Update

HTC BMP USB Driver

HTC Driver Installer

HTC Sync

Intel PROSet Wireless

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Interface

Intel® Network Connections Drivers

Intel® PROSet/Wireless WiFi Software

Intel® Trusted Platform Module

InterVideo Register Manager

InterVideo WinDVD

Java Auto Updater

Java 6 Update 26

Junk Mail filter update

Lenovo Central Audio

Lenovo Fingerprint Software

Lenovo System Interface Driver

Lenovo ThinkVantage Toolbox

LiveUpdate 2.0 (Symantec Corporation)

Malwarebytes Anti-Malware version 1.61.0.1400

Message Center

Message Center Plus

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Business 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Office XP Professional with FrontPage

Microsoft Software Update for Web Folders (English) 14

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mobile Broadband Connect

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

MSXML 6.0 Parser (KB925673)

NUUO Surveillance Client

On Screen Display

Online Data Backup

overland

Photosmart 140,240,7200,7600,7700,7900 Series

PINPadDevice Files

Presentation Director

Productivity Center Supplement for ThinkPad

PS7600

PSShortcutsP

PSUsage

QFolder

QuickBooks

QuickBooks Pro 2011

RDM Control Object

RDM USB Driver

RDMSOService

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Rescue and Recovery

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02

RICOH R5U230 Media Driver ver.2.02.02.01

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Creator Business Edition

Roxio Express Labeler 3

ScanSnap

ScanSnap Manager

ScanSnap Organizer

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Sonic CinePlayer Decoder Pack

Sonic Icons for Lenovo

SupportSoft Assisted Service

Symantec AntiVirus

System Update

TeamViewer 7

ThinkPad EasyEject Utility

ThinkPad FullScreen Magnifier

ThinkPad Hotkey Features Setup

ThinkPad Modem Adapter

ThinkPad PC Card Power Policy

ThinkPad Power Management Driver

ThinkPad Power Manager

ThinkPad UltraNav Driver

ThinkPad UltraNav Utility

ThinkVantage Access Connections

ThinkVantage Active Protection System

ThinkVantage Productivity Center

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Verizon Wireless Mobile Broadband Self Activation

VLC media player 1.0.2

Wallpapers

WebFldrs XP

Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37)

Windows Driver Package - Escort, Inc. (usbser) Ports (07/28/2010 1.0.0.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Connect

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

Windows Search 4.0

X-Charge

XML Paper Specification Shared Components Pack 1.0

XP Themes

.

==== Event Viewer Messages From Past Week ========

.

5/8/2012 4:32:47 PM, error: Service Control Manager [7023] - The Ezplay service terminated with the following error: The specified module could not be found.

5/4/2012 4:19:51 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SMR250\0000 disappeared from the system without first being prepared for removal.

5/4/2012 3:54:25 PM, error: Service Control Manager [7000] - The TVT Windows Update Monitor service failed to start due to the following error: The system cannot find the file specified.

5/4/2012 3:34:14 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

5/4/2012 3:33:39 PM, error: Service Control Manager [7023] - The PCTINDIS5 service terminated with the following error: The specified module could not be found.

5/4/2012 3:33:39 PM, error: Service Control Manager [7023] - The Ntservice1 service terminated with the following error: The specified module could not be found.

5/4/2012 3:33:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service to connect.

5/3/2012 7:56:18 PM, error: System Error [1003] - Error code 1000000a, parameter1 000000b0, parameter2 00000002, parameter3 00000000, parameter4 804ef42a.

5/3/2012 7:53:38 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

5/3/2012 6:41:35 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).

5/2/2012 9:22:58 PM, error: PlugPlayManager [12] - The device 'Printer Port Logical Interface' (LPTENUM\MicrosoftRawPort\5&8174652&0&LPT1) disappeared from the system without first being prepared for removal.

5/2/2012 9:22:58 PM, error: PlugPlayManager [12] - The device 'Printer Port (LPT1)' (ACPI\PNP0400\4&b310638&0) disappeared from the system without first being prepared for removal.

5/2/2012 9:22:58 PM, error: PlugPlayManager [12] - The device 'Communications Port (COM1)' (ACPI\PNP0501\4&b310638&0) disappeared from the system without first being prepared for removal.

5/2/2012 9:22:53 PM, error: PlugPlayManager [12] - The device 'Docking Station' (ACPI\DockDevice\_SB_.GDCK) disappeared from the system without first being prepared for removal.

5/2/2012 7:04:04 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards and......

  • There's a possibility that you'll lose your internet connections which I may not be able to correct and will require a repair install.
  • There's also a possibility that during the cleaning procedure the computer will become unusable (won't boot) which will result in a repair install or complete format and install.
  • I strongly suggest you back up all of the important items on the system before we continue.

Please let me know you have read this and agree to it.

Let me know what you decide to do. MrC

Link to post
Share on other sites

Hi,

I thought it may be something like that because it kept getting worse no matter what I tried...my internet banking is secure but should I worry about other computers on my network or flash drives and external hard drives? I have no choice but to do whatever possible to try and remove the virus. If you believe that is best accomplished by a complete reinstall of the operating system then I would be ok with that. Please let me know how to proceed.

Thanks,

-Brian

Link to post
Share on other sites

I thought it may be something like that because it kept getting worse no matter what I tried...my internet banking is secure but should I worry about other computers on my network or flash drives and external hard drives?

They should be OK

------------------------------------------

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-05-09.01 - Sharpsburg Pharmacy 05/09/2012 19:02:32.1.2 - x86

Running from: c:\documents and settings\Sharpsburg Pharmacy\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\PCDr\5849\AddOnDownloaded\d4e8c71e-49d0-4726-a0a2-a8fb0cae81f9.dll

c:\documents and settings\Sharpsburg Pharmacy\g2mdlhlpx.exe

c:\documents and settings\Sharpsburg Pharmacy\GoToAssistDownloadHelper.exe

C:\install.exe

c:\windows\$NtUninstallKB61796$\1139389069\@

c:\windows\$NtUninstallKB61796$\1139389069\cfg.ini

c:\windows\$NtUninstallKB61796$\1139389069\Desktop.ini

c:\windows\$NtUninstallKB61796$\1139389069\L\aavmayqi

c:\windows\$NtUninstallKB61796$\1139389069\oemid

c:\windows\$NtUninstallKB61796$\1139389069\U\00000001.@

c:\windows\$NtUninstallKB61796$\1139389069\U\00000002.@

c:\windows\$NtUninstallKB61796$\1139389069\U\00000004.@

c:\windows\$NtUninstallKB61796$\1139389069\U\80000000.@

c:\windows\$NtUninstallKB61796$\1139389069\U\80000004.@

c:\windows\$NtUninstallKB61796$\1139389069\U\80000032.@

c:\windows\$NtUninstallKB61796$\1139389069\version

c:\windows\$NtUninstallKB61796$\1922882169

c:\windows\system32\dds_trash_log.cmd

c:\windows\system32\lxct_device.dll

c:\windows\system32\SET297.tmp

c:\windows\system32\SET2A3.tmp

c:\windows\system32\Thumbs.db

c:\windows\system32\TPAPSLOG.LOG

c:\windows\system32\TPHDLOG0.LOG

D:\autorun.inf

c:\windows\$NtUninstallKB61796$ . . . . Failed to delete

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NETWORKLOG

-------\Legacy_yukonwlh

-------\Service_yukonwlh

.

.

((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))

.

.

2012-05-09 18:41 . 2012-05-09 18:49 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-05-09 15:44 . 2012-05-09 17:17 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-05-05 11:02 . 2012-05-05 11:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2012-05-04 19:23 . 2012-05-05 12:53 -------- d-----w- c:\documents and settings\Sharpsburg Pharmacy\Local Settings\Application Data\LogMeIn Rescue Applet

2012-05-04 19:17 . 2012-05-09 18:42 -------- d-----w- c:\documents and settings\Sharpsburg Pharmacy\Local Settings\Application Data\NPE

2012-05-04 19:17 . 2012-05-04 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2012-05-03 22:58 . 2012-05-03 22:58 -------- d-----w- c:\documents and settings\Sharpsburg Pharmacy\Application Data\Malwarebytes

2012-05-03 22:58 . 2012-05-03 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-05-03 22:58 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-03 22:58 . 2012-05-03 22:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-03 21:49 . 2012-05-03 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F3B61AA7BAA5FDC02B2D151FC4E

2012-04-16 19:58 . 2012-05-07 00:44 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-16 16:11 . 2012-04-16 16:11 -------- d-----w- C:\found.000

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-07 00:44 . 2011-06-16 14:54 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-01 11:01 . 2008-07-21 22:50 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2008-07-21 22:49 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2008-07-21 22:49 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2008-07-21 22:50 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2008-07-21 22:49 148480 ------w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2008-07-21 22:49 385024 ------w- c:\windows\system32\html.iec

2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\Installshield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]

"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-05-28 61728]

"TpShocks"="TpShocks.exe" [2009-02-03 181536]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]

"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-11 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-11 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-11 142872]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]

"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-28 185688]

"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-28 124248]

"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-10-22 421888]

"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-12-04 40960]

"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-29 425984]

"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-07-29 172032]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-03-01 66680]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-03-12 124128]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]

"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]

"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-12 296056]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]

"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]

"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-01 634880]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-28 113664]

CardMinder Viewer.lnk - c:\program files\PFU\ScanSnap\CardMinder\CardLauncher.exe [2012-1-9 77824]

Conversion to PDF with ScanSnap Organizer.lnk - c:\program files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2012-1-9 15360]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-3-28 50688]

Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-11-9 5911896]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-9 1156968]

QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2008\QBW32.EXE [2011-11-9 1178984]

ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2012-1-9 1081344]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]

2009-03-19 12:55 180224 ------w- c:\windows\system32\FpWinlogonNp.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBServerUtilityMgr.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBW32Pro.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=

"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=

.

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [1/28/2009 9:57 PM 20520]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [10/23/2008 4:15 AM 13480]

R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [3/19/2009 8:48 AM 1680632]

R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [3/19/2009 8:53 AM 98304]

R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [3/19/2009 8:55 AM 118784]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [3/23/2012 2:25 PM 87040]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [3/28/2010 10:37 PM 53248]

R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [6/30/2011 1:25 PM 1248256]

R2 RDMSOService;RDMSOService;c:\windows\system32\RDMSOService.exe [4/9/2012 1:50 PM 128448]

R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [10/5/2009 10:21 PM 62320]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [5/4/2012 4:07 PM 520192]

R2 XCSecurity;X-Charge Security;c:\documents and settings\All Users\Application Data\CAM Commerce Solutions\X-Charge\Application\XCSecurityService.exe [4/9/2012 1:48 PM 1646080]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [3/28/2010 10:28 PM 482176]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [3/28/2010 10:13 PM 243856]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 7:54 PM 37312]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]

S1 iayvxwoc;iayvxwoc;\??\c:\windows\system32\drivers\iayvxwoc.sys --> c:\windows\system32\drivers\iayvxwoc.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [10/5/2009 10:21 PM 45424]

S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/4/2012 4:07 PM 360448]

S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [3/19/2009 8:52 AM 106496]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2/26/2011 11:48 PM 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 7:01 PM 21248]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [5/9/2012 11:44 AM 32072]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/9/2012 2:41 PM 40776]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [9/24/2009 5:01 AM 1124848]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/12/2004 7:18 PM 169192]

S3 XCService;X-Charge Server;c:\documents and settings\All Users\Application Data\CAM Commerce Solutions\X-Charge\Application\XCService.exe [4/9/2012 1:48 PM 462336]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

cm102u32

de_serv

vmodem

yukonwlh

AN983

symantecantibotfilter

mcafeeantispyware

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-09 c:\windows\Tasks\HP Usg Daily.job

- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2011-02-08 04:55]

.

2012-05-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]

.

2012-05-09 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-03-29 16:04]

.

2012-05-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2875438947-3021165863-1666255072-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]

.

2012-05-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2875438947-3021165863-1666255072-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]

.

2012-05-09 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]

.

.

------- Supplementary Scan -------

.

uStart Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&from=login

uInternet Connection Wizard,ShellNext = hxxp://www.onlineregister.com/lenovo/?PAGE=thx&LANG=EN&CTRY=United%20States&MODL=7417CTO&PRNM=Lenovo&SRNM=R819L5H

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

Trusted Zone: deaecom.gov

Trusted Zone: ebanking-services.com\*.centrabank

Trusted Zone: mckesson.com

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB

DPF: {570FC26E-DBF8-46A0-90B1-8B24113F6691} - hxxp://192.168.1.139/NVSWebAll.cab

DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab

DPF: {EF991872-9158-4570-A7FF-E7DBB6A4B8E9} - hxxp://192.168.1.126/iqweb.ocx

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Notify-ACNotify - ACNotify.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-09 19:18

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1040)

c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll

c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll

c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll

c:\windows\system32\FpWinLogonNp.dll

c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll

c:\program files\Lenovo Fingerprint Software\SharedResources.dll

c:\program files\Lenovo Fingerprint Software\FPResource.dll

c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll

c:\program files\Lenovo\Client Security Solution\css_banner.dll

c:\windows\system32\cssuserdatadispatcher.dll

c:\windows\system32\tvttsp.dll

c:\windows\system32\tcsrpc.dll

.

- - - - - - - > 'explorer.exe'(3772)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Lenovo\Drag-to-Disc\Shellex.dll

c:\windows\system32\DLAAPI_W.DLL

c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\program files\Intel\WiFi\bin\S24EvMon.exe

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\windows\System32\TPHDEXLG.exe

c:\program files\Lenovo\Client Security Solution\tvttcsd.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\program files\lenovo\system update\suservice.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

c:\windows\system32\TpShocks.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\rundll32.exe

c:\program files\Synaptics\SynTP\SynTPLpr.exe

c:\windows\system32\HPZipm12.exe

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

.

**************************************************************************

.

Completion time: 2012-05-09 19:23:34 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-09 23:23

.

Pre-Run: 185,973,665,792 bytes free

Post-Run: 188,656,984,064 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 67858606D8E0F01D7262E5FBE85AD8E5

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.09.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Sharpsburg Pharmacy :: LENOVO-9E8970A7 [administrator]

5/9/2012 8:32:13 PM

mbam-log-2012-05-09 (20-32-13).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 214342

Time elapsed: 8 minute(s), 54 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

I haven't reconnected to the internet yet...should I be concerned? Were you able to learn any anything about the type of virus for the reports? I am a pharmacist and store some sensitive data on the laptop so I was extremely worried after reading the document you linked to about the ongoing security risks of this virus.

Link to post
Share on other sites

I'm running Symantec (Norton) Corporate Antivirus software and it is up and running now. I think the virus had disabled it somehow... I ran a scan with them this morning and it also came up clean. I'm going to proceed cautiously for the next couple weeks in the hopes that the threat has been removed. Thank you again for all your help!

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.