Jump to content

Tigerhawk247

Honorary Members
 View Profile  See their activity

  • Posts

    31

  • Joined

  • Last visited

 Content Type 

Everything posted by Tigerhawk247

  1. Tigerhawk247
    Sorry for the delay. Here is the log: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=299c10c10055c64a89c3016e4a516df4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-12-26 05:36:04 # local_time=2010-12-26 12:36:04 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=95679 # found=0 # cleaned=0 # scan_time=2767 Thanks!
  2. Tigerhawk247
    here's the combofix log. Right before it did the first scan it crashed saying "rmbr.cfxxe has encountered a problem", modname was ntdll.dll. Once I submitted to MS, combofix continued on. The computer itself seems ok, but It seems random that I get the trojan warning. As for the 15 browsers open, I use chrome and it had multiple tabs open. ***log begins here*** ComboFix 10-12-25.02 - TLECHLER 12/26/2010 8:54.2.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2996.2173 [GMT -5:00] Running from: c:\documents and settings\TLECHLER\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . ((((((((((((((((((((((((( Files Created from 2010-11-26 to 2010-12-26 ))))))))))))))))))))))))))))))) . 2010-12-25 15:39 . 2010-12-25 15:39 -------- d-----w- c:\documents and settings\TLECHLER\Application Data\Malwarebytes 2010-12-25 15:39 . 2010-12-25 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-12-25 15:39 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-25 15:39 . 2010-12-25 15:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-12-25 15:39 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-15 14:16 . 2010-12-15 14:16 -------- d-----w- c:\documents and settings\TLECHLER\Local Settings\Application Data\Softerra 2010-12-15 14:16 . 2010-12-15 14:16 8704 ----a-r- c:\documents and settings\TLECHLER\Application Data\Microsoft\Installer\{520049D8-7E67-4E71-BB3E-74FDB34810AD}\Icon520049D84.exe 2010-12-15 14:16 . 2010-12-15 14:16 13824 ----a-r- c:\documents and settings\TLECHLER\Application Data\Microsoft\Installer\{520049D8-7E67-4E71-BB3E-74FDB34810AD}\Icon520049D83.exe 2010-12-15 14:16 . 2010-12-15 14:16 -------- d-----w- c:\program files\Softerra 2010-12-14 21:47 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-14 21:46 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe 2010-12-03 19:57 . 2010-12-03 19:59 -------- d-----w- c:\windows\system32\NtmsData 2010-12-03 19:53 . 2010-12-03 19:53 -------- d-----w- c:\program files\Western Digital Corp 2010-12-03 19:49 . 2010-12-03 19:49 -------- d-----w- c:\documents and settings\TLECHLER\Local Settings\Application Data\Western Digital 2010-12-01 16:39 . 2008-04-14 10:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2010-12-01 16:39 . 2008-04-14 10:41 21504 ----a-w- c:\windows\system32\hidserv.dll 2010-12-01 16:39 . 2008-04-14 05:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2010-12-01 16:39 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2010-12-01 13:59 . 2010-12-01 13:59 -------- d-----w- c:\documents and settings\TLECHLER\Application Data\Windows Search 2010-11-28 19:45 . 2010-11-28 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-11-28 19:45 . 2010-11-28 19:45 -------- d-----w- c:\program files\Common Files\Apple 2010-11-28 19:45 . 2010-11-28 19:45 -------- d-----w- c:\documents and settings\TLECHLER\Local Settings\Application Data\Apple 2010-11-28 19:45 . 2010-11-28 19:45 -------- d-----w- c:\program files\Apple Software Update 2010-11-28 19:45 . 2010-11-28 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-11-28 19:45 . 2010-11-28 19:45 -------- d-----w- c:\documents and settings\TLECHLER\Local Settings\Application Data\Apple Computer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-18 18:12 . 2008-07-21 22:00 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-10 14:24 . 2010-11-10 14:24 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-11-10 14:24 . 2010-08-09 21:28 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-06 00:34 . 2008-07-21 22:50 832512 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:34 . 2008-07-21 22:49 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2010-11-06 00:34 . 2008-07-21 22:49 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-11-06 00:34 . 2008-07-21 22:49 17408 ----a-w- c:\windows\system32\corpol.dll 2010-11-03 12:25 . 2008-07-21 22:49 389120 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2008-07-21 22:49 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:13 . 2008-07-21 22:49 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25 . 2008-07-21 22:50 1853312 ----a-w- c:\windows\system32\win32k.sys 2010-10-14 15:36 . 2010-10-14 15:35 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-10-14 15:36 . 2010-10-14 15:35 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS . ((((((((((((((((((((((((((((( SnapShot@2010-12-25_16.03.02 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-25 23:18 . 2010-12-25 23:18 16384 c:\windows\Temp\Perflib_Perfdata_b10.dat + 2010-12-26 13:56 . 2010-12-26 13:56 53248 c:\windows\Temp\catchme.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] "Google Update"="c:\documents and settings\TLECHLER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-11-09 136176] "Aim"="c:\program files\AIM\aim.exe" [2010-10-12 4258136] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080] "Cisco Unified Personal Communicator"="c:\progra~1\CISCOS~1\CISCOU~1\CUPCK9.exe" [2009-02-12 10334208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568] "IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-03-25 111640] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-16 307768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-04 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-04 174616] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-04 145432] "Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-11-27 3081528] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-20 45632] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-09-23 38840] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-05-06 115560] "NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859] "NWTRAY"="NWTRAY.EXE" [2002-03-12 28672] "ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-05-18 40960] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-2-25 607584] Bomgar Representative Console [help.rollins.edu].lnk - c:\program files\Bomgar\Representative\help.rollins.edu\bomgar-rep.exe [2009-6-8 9018880] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "CompatibleRUPSecurity"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2005-08-04 417792] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification] 2005-01-10 17:36 24576 ----a-w- c:\windows\system32\novell\xtnotify.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Cisco Systems\\Cisco Unified Personal Communicator\\CUPCK9.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\\Program Files\\Bradford Networks\\Persistent Agent\\bndaemon.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [8/10/2010 6:01 AM 21504] R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [4/23/2010 1:19 AM 13480] R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [5/23/2005 1:47 PM 6899] R2 BNPagent;Bradford Persistent Agent Service;c:\program files\Bradford Networks\Persistent Agent\bndaemon.exe [7/14/2010 9:30 AM 3063576] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [4/23/2010 1:19 AM 45496] R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 10:09 PM 11032] R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [7/11/2005 10:33 AM 163840] R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [4/23/2010 1:19 AM 63928] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 5:34 PM 520192] R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [8/10/2010 6:02 AM 2320920] R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [1/10/2005 12:36 PM 61440] R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [8/10/2010 6:02 AM 127232] R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [5/23/2005 1:11 PM 2773] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [8/10/2010 5:55 AM 167080] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/14/2010 10:38 AM 102448] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [8/10/2010 6:02 AM 132352] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [8/10/2010 6:04 AM 235520] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [10/8/2009 9:52 PM 38336] S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 7:50 PM 360448] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/21/2010 6:27 AM 23888] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 12:25 PM 30969208] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 11:37 PM 4640000] S3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [8/10/2010 6:02 AM 816792] --- Other Services/Drivers In Memory --- *NewlyCreated* - KXTDRPOW *Deregistered* - kxtdrpow . Contents of the 'Scheduled Tasks' folder 2010-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-205293844-238439537-3607739544-1013Core.job - c:\documents and settings\TLECHLER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-09 13:55] 2010-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-205293844-238439537-3607739544-1013UA.job - c:\documents and settings\TLECHLER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-09 13:55] . . ------- Supplementary Scan ------- . uStart Page = hxxp://r-net.rollins.edu/ IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105 IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\documents and settings\TLECHLER\Application Data\Mozilla\Firefox\Profiles\al6c7gb1.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.rollins.edu FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - user.js: network.protocol-handler.warn-external.dnupdate - false . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-26 08:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run Cisco Unified Personal Communicator = c:\progra~1\CISCOS~1\CISCOU~1\CUPCK9.exe????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1368) c:\windows\system32\NETWIN32.DLL c:\program files\Novell\ZENworks\ZENPOL32.DLL c:\windows\system32\xmlparse.dll - - - - - - - > 'Explorer.exe'(3800) c:\windows\system32\WININET.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MI1933~1\Office14\1033\GrooveIntlResource.dll c:\windows\system32\btmmhook.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\NETWIN32.DLL c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-12-26 08:57:36 ComboFix-quarantined-files.txt 2010-12-26 13:57 ComboFix2.txt 2010-12-25 16:02 Pre-Run: 36,748,369,920 bytes free Post-Run: 36,726,317,056 bytes free - - End Of File - - 81068F6152C959801982A801203AEAEF
  3. Tigerhawk247
    Hello All, My Symantec endpoint protection has alerted me to this infection. Malwarebytes hasn't detected anything so I ran the gmer/dds scans as well. dds.txt DDS (Ver_10-12-12.02) - NTFSx86 Run by TLECHLER at 18:34:27.79 on Sat 12/25/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2996.1984 [GMT -5:00] AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Enabled* ============== Running Processes =============== C:\WINDOWS\System32\Novell\XTAgent.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Intel\WiFi\bin\S24EvMon.exe svchost.exe C:\WINDOWS\System32\svchost.exe -k eapsvcs svchost.exe C:\WINDOWS\System32\svchost.exe -k dot3svc C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\WINDOWS\system32\taskswitch.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\dpmw32.exe C:\WINDOWS\system32\NWTRAY.EXE C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe svchost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\AIM\aim.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Novell\ZENworks\nalntsrv.exe C:\oracle\ora92\bin\omtsreco.exe C:\PROGRA~1\CISCOS~1\CISCOU~1\CUPCK9.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\Bomgar\Representative\help.rollins.edu\bomgar-rep.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Novell\ZENworks\wm.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe C:\WINDOWS\Explorer.exe C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\TLECHLER\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://r-net.rollins.edu/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [Google Update] "c:\documents and settings\tlechler\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [Cisco Unified Personal Communicator] c:\progra~1\ciscos~1\ciscou~1\CUPCK9.exe mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe mRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe" mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [NDPS] c:\windows\system32\dpmw32.exe mRun: [NWTRAY] NWTRAY.EXE mRun: [ZENRC Tray Icon] c:\windows\system32\zentray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bomgar~1.lnk - c:\program files\bomgar\representative\help.rollins.edu\bomgar-rep.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe mPolicies-system: CompatibleRUPSecurity = 1 (0x1) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105 IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program files\novell\zenworks\AxNalServer.dll IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Notify: igfxcui - igfxdev.dll Notify: NetIdentity Notification - c:\windows\system32\novell\XtNotify.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL SEH: {763370c4-268e-4308-a60c-d8da0342be32} - c:\program files\novell\zenworks\NalShell.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\tlechler\applic~1\mozilla\firefox\profiles\al6c7gb1.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.rollins.edu FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false ============= SERVICES / DRIVERS =============== R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [2010-8-10 21504] R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-4-23 13480] R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2005-5-23 6899] R2 BNPagent;Bradford Persistent Agent Service;c:\program files\bradford networks\persistent agent\bndaemon.exe [2010-7-14 3063576] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-5-6 108392] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-5-6 108392] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-4-23 45496] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032] R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\novell\zenworks\remotemanagement\rmagent\ZenRem32.exe [2005-7-11 163840] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-7-1 1832072] R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2010-4-23 63928] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-11-24 520192] R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-8-10 2320920] R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [2005-1-10 61440] R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2010-8-10 127232] R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [2005-5-23 2773] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-8-10 167080] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-14 102448] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-8-10 132352] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-8-10 235520] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101225.007\NAVENG.SYS [2010-12-25 86008] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101225.007\NAVEX15.SYS [2010-12-25 1360760] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-10-8 38336] S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-5-21 23888] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-8-10 816792] =============== Created Last 30 ================ 2010-12-25 15:59:53 -------- d-sha-r- C:\cmdcons 2010-12-25 15:56:16 98816 ----a-w- c:\windows\sed.exe 2010-12-25 15:56:16 89088 ----a-w- c:\windows\MBR.exe 2010-12-25 15:56:16 256512 ----a-w- c:\windows\PEV.exe 2010-12-25 15:56:16 161792 ----a-w- c:\windows\SWREG.exe 2010-12-25 15:39:18 -------- d-----w- c:\docume~1\tlechler\applic~1\Malwarebytes 2010-12-25 15:39:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-25 15:39:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-12-25 15:39:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-25 15:39:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-12-15 14:16:29 -------- d-----w- c:\docume~1\tlechler\locals~1\applic~1\Softerra 2010-12-15 14:16:14 8704 ----a-r- c:\docume~1\tlechler\applic~1\microsoft\installer\{520049d8-7e67-4e71-bb3e-74fdb34810ad}\Icon520049D84.exe 2010-12-15 14:16:14 13824 ----a-r- c:\docume~1\tlechler\applic~1\microsoft\installer\{520049d8-7e67-4e71-bb3e-74fdb34810ad}\Icon520049D83.exe 2010-12-15 14:16:13 -------- d-----w- c:\program files\Softerra 2010-12-14 21:47:05 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-14 21:46:47 45568 -c----w- c:\windows\system32\dllcache\wab.exe 2010-12-03 19:57:40 -------- d-----w- c:\windows\system32\NtmsData 2010-12-03 19:53:26 -------- d-----w- c:\program files\Western Digital Corp 2010-12-03 19:49:35 -------- d-----w- c:\docume~1\tlechler\locals~1\applic~1\Western Digital 2010-12-01 16:39:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2010-12-01 16:39:20 21504 ----a-w- c:\windows\system32\hidserv.dll 2010-12-01 16:39:20 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2010-12-01 16:39:20 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2010-12-01 13:59:38 -------- d-----w- c:\docume~1\tlechler\applic~1\Windows Search 2010-11-28 19:45:17 -------- d-----w- c:\docume~1\tlechler\locals~1\applic~1\Apple 2010-11-28 19:45:05 -------- d-----w- c:\docume~1\tlechler\locals~1\applic~1\Apple Computer ==================== Find3M ==================== 2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-10 14:24:42 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-11-10 14:24:42 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-11-06 00:34:11 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll 2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec 2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys 2010-10-14 15:36:03 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL ============= FINISH: 18:34:42.82 =============== Thanks for helping in advance! Merry Christmas!!! ~T log_files.zip
  4. Tigerhawk247
    That's actually what I was looking for. Thanks, ~T
  5. Tigerhawk247
    Thanks so much. Quick question though, how does one become a volunteer to help out on the forums? ~T
  6. Tigerhawk247
    Hi Everyone, I've been using Malwarebytes for several months now and just wanted to let everyone know how appreciative I am of the program. Not only that, but your forums are chock-full of good advice. I've definitely learned quite a bit just reading over the different issues and resolutions people have received. Thanks for everything, ~T
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.