Jump to content

Tigerhawk247

Honorary Members
 View Profile  See their activity

  • Posts

    31

  • Joined

  • Last visited

 Content Type 

Posts posted by Tigerhawk247

    Trojan.Gen.2 infection

    in Resolved Malware Removal Logs

    Posted

    Sorry for the delay. Here is the log:

    ESETSmartInstaller@High as downloader log:

    all ok

    # version=7

    # OnlineScannerApp.exe=1.0.0.1

    # OnlineScanner.ocx=1.0.0.6419

    # api_version=3.0.2

    # EOSSerial=299c10c10055c64a89c3016e4a516df4

    # end=finished

    # remove_checked=true

    # archives_checked=false

    # unwanted_checked=true

    # unsafe_checked=false

    # antistealth_checked=true

    # utc_time=2010-12-26 05:36:04

    # local_time=2010-12-26 12:36:04 (-0500, Eastern Standard Time)

    # country="United States"

    # lang=1033

    # osver=5.1.2600 NT Service Pack 3

    # compatibility_mode=8192 67108863 100 0 0 0 0 0

    # scanned=95679

    # found=0

    # cleaned=0

    # scan_time=2767

    Thanks!

    Trojan.Gen.2 infection

    in Resolved Malware Removal Logs

    Posted

    here's the combofix log. Right before it did the first scan it crashed saying "rmbr.cfxxe has encountered a problem", modname was ntdll.dll. Once I submitted to MS, combofix continued on. The computer itself seems ok, but It seems random that I get the trojan warning. As for the 15 browsers open, I use chrome and it had multiple tabs open.

    ***log begins here***

    ComboFix 10-12-25.02 - TLECHLER 12/26/2010 8:54.2.4 - x86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2996.2173 [GMT -5:00]

    Running from: c:\documents and settings\TLECHLER\Desktop\ComboFix.exe

    AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

    FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

    .

    ((((((((((((((((((((((((( Files Created from 2010-11-26 to 2010-12-26 )))))))))))))))))))))))))))))))

    .

    2010-12-25 15:39 . 2010-12-25 15:39 -------- d-----w- c:\documents and settings\TLECHLER\Application Data\Malwarebytes

    2010-12-25 15:39 . 2010-12-25 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

    2010-12-25 15:39 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2010-12-25 15:39 . 2010-12-25 15:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2010-12-25 15:39 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

    2010-12-15 14:16 . 2010-12-15 14:16 -------- d-----w- c:\documents and settings\TLECHLER\Local Settings\Application Data\Softerra

    2010-12-15 14:16 . 2010-12-15 14:16 8704 ----a-r- c:\documents and settings\TLECHLER\Application Data\Microsoft\Installer\{520049D8-7E67-4E71-BB3E-74FDB34810AD}\Icon520049D84.exe

    2010-12-15 14:16 . 2010-12-15 14:16 13824 ----a-r- c:\documents and settings\TLECHLER\Application Data\Microsoft\Installer\{520049D8-7E67-4E71-BB3E-74FDB34810AD}\Icon520049D83.exe

    2010-12-15 14:16 . 2010-12-15 14:16 -------- d-----w- c:\program files\Softerra

    2010-12-14 21:47 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

    2010-12-14 21:46 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

    2010-12-03 19:57 . 2010-12-03 19:59 -------- d-----w- c:\windows\system32\NtmsData

    2010-12-03 19:53 . 2010-12-03 19:53 -------- d-----w- c:\program files\Western Digital Corp

    2010-12-03 19:49 . 2010-12-03 19:49 -------- d-----w- c:\documents and settings\TLECHLER\Local Settings\Application Data\Western Digital

    2010-12-01 16:39 . 2008-04-14 10:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

    2010-12-01 16:39 . 2008-04-14 10:41 21504 ----a-w- c:\windows\system32\hidserv.dll

    2010-12-01 16:39 . 2008-04-14 05:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

    2010-12-01 16:39 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

    2010-12-01 13:59 . 2010-12-01 13:59 -------- d-----w- c:\documents and settings\TLECHLER\Application Data\Windows Search

    2010-11-28 19:45 . 2010-11-28 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

    2010-11-28 19:45 . 2010-11-28 19:45 -------- d-----w- c:\program files\Common Files\Apple

    2010-11-28 19:45 . 2010-11-28 19:45 -------- d-----w- c:\documents and settings\TLECHLER\Local Settings\Application Data\Apple

    2010-11-28 19:45 . 2010-11-28 19:45 -------- d-----w- c:\program files\Apple Software Update

    2010-11-28 19:45 . 2010-11-28 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

    2010-11-28 19:45 . 2010-11-28 19:45 -------- d-----w- c:\documents and settings\TLECHLER\Local Settings\Application Data\Apple Computer

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-11-18 18:12 . 2008-07-21 22:00 81920 ----a-w- c:\windows\system32\isign32.dll

    2010-11-10 14:24 . 2010-11-10 14:24 73728 ----a-w- c:\windows\system32\javacpl.cpl

    2010-11-10 14:24 . 2010-08-09 21:28 472808 ----a-w- c:\windows\system32\deployJava1.dll

    2010-11-06 00:34 . 2008-07-21 22:50 832512 ----a-w- c:\windows\system32\wininet.dll

    2010-11-06 00:34 . 2008-07-21 22:49 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

    2010-11-06 00:34 . 2008-07-21 22:49 78336 ----a-w- c:\windows\system32\ieencode.dll

    2010-11-06 00:34 . 2008-07-21 22:49 17408 ----a-w- c:\windows\system32\corpol.dll

    2010-11-03 12:25 . 2008-07-21 22:49 389120 ----a-w- c:\windows\system32\html.iec

    2010-11-02 15:17 . 2008-07-21 22:49 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

    2010-10-28 13:13 . 2008-07-21 22:49 290048 ----a-w- c:\windows\system32\atmfd.dll

    2010-10-26 13:25 . 2008-07-21 22:50 1853312 ----a-w- c:\windows\system32\win32k.sys

    2010-10-14 15:36 . 2010-10-14 15:35 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

    2010-10-14 15:36 . 2010-10-14 15:35 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

    .

    ((((((((((((((((((((((((((((( SnapShot@2010-12-25_16.03.02 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2010-12-25 23:18 . 2010-12-25 23:18 16384 c:\windows\Temp\Perflib_Perfdata_b10.dat

    + 2010-12-26 13:56 . 2010-12-26 13:56 53248 c:\windows\Temp\catchme.dll

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

    "Google Update"="c:\documents and settings\TLECHLER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-11-09 136176]

    "Aim"="c:\program files\AIM\aim.exe" [2010-10-12 4258136]

    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

    "Cisco Unified Personal Communicator"="c:\progra~1\CISCOS~1\CISCOU~1\CUPCK9.exe" [2009-02-12 10334208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]

    "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]

    "IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-03-25 111640]

    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-16 307768]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-04 141848]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-04 174616]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-04 145432]

    "Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]

    "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-11-27 3081528]

    "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]

    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

    "CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-20 45632]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-09-23 38840]

    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]

    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-05-06 115560]

    "NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]

    "NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]

    "ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-05-18 40960]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\

    Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-2-25 607584]

    Bomgar Representative Console [help.rollins.edu].lnk - c:\program files\Bomgar\Representative\help.rollins.edu\bomgar-rep.exe [2009-6-8 9018880]

    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "CompatibleRUPSecurity"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2005-08-04 417792]

    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]

    2005-01-10 17:36 24576 ----a-w- c:\windows\system32\novell\xtnotify.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

    "c:\\Program Files\\Cisco Systems\\Cisco Unified Personal Communicator\\CUPCK9.exe"=

    "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=

    "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=

    "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

    "c:\\Program Files\\Bradford Networks\\Persistent Agent\\bndaemon.exe"=

    "c:\\Program Files\\AIM\\aim.exe"=

    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [8/10/2010 6:01 AM 21504]

    R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [4/23/2010 1:19 AM 13480]

    R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [5/23/2005 1:47 PM 6899]

    R2 BNPagent;Bradford Persistent Agent Service;c:\program files\Bradford Networks\Persistent Agent\bndaemon.exe [7/14/2010 9:30 AM 3063576]

    R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [4/23/2010 1:19 AM 45496]

    R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 10:09 PM 11032]

    R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [7/11/2005 10:33 AM 163840]

    R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [4/23/2010 1:19 AM 63928]

    R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 5:34 PM 520192]

    R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [8/10/2010 6:02 AM 2320920]

    R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [1/10/2005 12:36 PM 61440]

    R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [8/10/2010 6:02 AM 127232]

    R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [5/23/2005 1:11 PM 2773]

    R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [8/10/2010 5:55 AM 167080]

    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/14/2010 10:38 AM 102448]

    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [8/10/2010 6:02 AM 132352]

    R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [8/10/2010 6:04 AM 235520]

    R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [10/8/2009 9:52 PM 38336]

    S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 7:50 PM 360448]

    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/21/2010 6:27 AM 23888]

    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 12:25 PM 30969208]

    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 11:37 PM 4640000]

    S3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [8/10/2010 6:02 AM 816792]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - KXTDRPOW

    *Deregistered* - kxtdrpow

    .

    Contents of the 'Scheduled Tasks' folder

    2010-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-205293844-238439537-3607739544-1013Core.job

    - c:\documents and settings\TLECHLER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-09 13:55]

    2010-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-205293844-238439537-3607739544-1013UA.job

    - c:\documents and settings\TLECHLER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-09 13:55]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://r-net.rollins.edu/

    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000

    IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105

    IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

    IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    FF - ProfilePath - c:\documents and settings\TLECHLER\Application Data\Mozilla\Firefox\Profiles\al6c7gb1.default\

    FF - prefs.js: browser.startup.homepage - hxxp://www.rollins.edu

    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

    FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com

    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    FF - user.js: network.protocol-handler.warn-external.dnupdate - false

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-26 08:56

    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Cisco Unified Personal Communicator = c:\progra~1\CISCOS~1\CISCOU~1\CUPCK9.exe?????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1368)

    c:\windows\system32\NETWIN32.DLL

    c:\program files\Novell\ZENworks\ZENPOL32.DLL

    c:\windows\system32\xmlparse.dll

    - - - - - - - > 'Explorer.exe'(3800)

    c:\windows\system32\WININET.dll

    c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

    c:\progra~1\MI1933~1\Office14\1033\GrooveIntlResource.dll

    c:\windows\system32\btmmhook.dll

    c:\program files\Windows Desktop Search\deskbar.dll

    c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

    c:\program files\Windows Desktop Search\dbres.dll

    c:\program files\Windows Desktop Search\wordwheel.dll

    c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

    c:\program files\Windows Desktop Search\msnlExtRes.dll

    c:\windows\system32\NETWIN32.DLL

    c:\windows\system32\ieframe.dll

    c:\windows\system32\WPDShServiceObj.dll

    c:\windows\system32\PortableDeviceTypes.dll

    c:\windows\system32\PortableDeviceApi.dll

    .

    Completion time: 2010-12-26 08:57:36

    ComboFix-quarantined-files.txt 2010-12-26 13:57

    ComboFix2.txt 2010-12-25 16:02

    Pre-Run: 36,748,369,920 bytes free

    Post-Run: 36,726,317,056 bytes free

    - - End Of File - - 81068F6152C959801982A801203AEAEF

    Trojan.Gen.2 infection

    in Resolved Malware Removal Logs

    Posted

    Hello All,

    My Symantec endpoint protection has alerted me to this infection. Malwarebytes hasn't detected anything so I ran the gmer/dds scans as well.

    dds.txt

    DDS (Ver_10-12-12.02) - NTFSx86

    Run by TLECHLER at 18:34:27.79 on Sat 12/25/2010

    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2996.1984 [GMT -5:00]

    AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

    FW: Symantec Endpoint Protection *Enabled*

    ============== Running Processes ===============

    C:\WINDOWS\System32\Novell\XTAgent.exe

    C:\WINDOWS\system32\ibmpmsvc.exe

    C:\WINDOWS\system32\svchost -k DcomLaunch

    svchost.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs

    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

    svchost.exe

    C:\WINDOWS\System32\svchost.exe -k eapsvcs

    svchost.exe

    C:\WINDOWS\System32\svchost.exe -k dot3svc

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe

    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

    C:\WINDOWS\system32\igfxtray.exe

    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\Program Files\Lenovo\Zoom\TpScrex.exe

    C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe

    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

    C:\WINDOWS\system32\taskswitch.exe

    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\WINDOWS\system32\dpmw32.exe

    C:\WINDOWS\system32\NWTRAY.EXE

    C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe

    svchost.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Windows Media Player\WMPNSCFG.exe

    C:\Program Files\AIM\aim.exe

    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

    C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe

    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe

    C:\Program Files\Intel\WiFi\bin\EvtEng.exe

    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

    C:\WINDOWS\System32\svchost.exe -k HTTPFilter

    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

    C:\Program Files\Novell\ZENworks\nalntsrv.exe

    C:\oracle\ora92\bin\omtsreco.exe

    C:\PROGRA~1\CISCOS~1\CISCOU~1\CUPCK9.exe

    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

    C:\Program Files\Bomgar\Representative\help.rollins.edu\bomgar-rep.exe

    C:\Program Files\Windows Desktop Search\WindowsSearch.exe

    C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE

    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

    C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe

    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    C:\WINDOWS\system32\svchost.exe -k imgsvc

    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

    C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

    C:\WINDOWS\system32\SearchIndexer.exe

    C:\Program Files\Novell\ZENworks\wm.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

    C:\WINDOWS\Explorer.exe

    C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE

    C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\TLECHLER\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://r-net.rollins.edu/

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL

    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL

    BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

    uRun: [Google Update] "c:\documents and settings\tlechler\local settings\application data\google\update\GoogleUpdate.exe" /c

    uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US

    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

    uRun: [Cisco Unified Personal Communicator] c:\progra~1\ciscos~1\ciscou~1\CUPCK9.exe

    mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe

    mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe

    mRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"

    mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t

    mRun: [igfxTray] c:\windows\system32\igfxtray.exe

    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

    mRun: [Persistence] c:\windows\system32\igfxpers.exe

    mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start

    mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

    mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

    mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

    mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe

    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

    mRun: [NDPS] c:\windows\system32\dpmw32.exe

    mRun: [NWTRAY] NWTRAY.EXE

    mRun: [ZENRC Tray Icon] c:\windows\system32\zentray.exe

    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe

    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bomgar~1.lnk - c:\program files\bomgar\representative\help.rollins.edu\bomgar-rep.exe

    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

    mPolicies-system: CompatibleRUPSecurity = 1 (0x1)

    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000

    IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105

    IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

    IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

    IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program files\novell\zenworks\AxNalServer.dll

    IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

    DPF: {CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

    Notify: igfxcui - igfxdev.dll

    Notify: NetIdentity Notification - c:\windows\system32\novell\XtNotify.dll

    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL

    SEH: {763370c4-268e-4308-a60c-d8da0342be32} - c:\program files\novell\zenworks\NalShell.dll

    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\tlechler\applic~1\mozilla\firefox\profiles\al6c7gb1.default\

    FF - prefs.js: browser.startup.homepage - hxxp://www.rollins.edu

    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

    FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com

    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    ---- FIREFOX POLICIES ----

    FF - user.js: network.protocol-handler.warn-external.dnupdate - false

    ============= SERVICES / DRIVERS ===============

    R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [2010-8-10 21504]

    R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-4-23 13480]

    R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2005-5-23 6899]

    R2 BNPagent;Bradford Persistent Agent Service;c:\program files\bradford networks\persistent agent\bndaemon.exe [2010-7-14 3063576]

    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-5-6 108392]

    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-5-6 108392]

    R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-4-23 45496]

    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]

    R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\novell\zenworks\remotemanagement\rmagent\ZenRem32.exe [2005-7-11 163840]

    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-7-1 1832072]

    R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2010-4-23 63928]

    R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-11-24 520192]

    R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-8-10 2320920]

    R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [2005-1-10 61440]

    R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2010-8-10 127232]

    R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [2005-5-23 2773]

    R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-8-10 167080]

    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-14 102448]

    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-8-10 132352]

    R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-8-10 235520]

    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101225.007\NAVENG.SYS [2010-12-25 86008]

    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101225.007\NAVEX15.SYS [2010-12-25 1360760]

    R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-10-8 38336]

    S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]

    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-5-21 23888]

    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

    S3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-8-10 816792]

    =============== Created Last 30 ================

    2010-12-25 15:59:53 -------- d-sha-r- C:\cmdcons

    2010-12-25 15:56:16 98816 ----a-w- c:\windows\sed.exe

    2010-12-25 15:56:16 89088 ----a-w- c:\windows\MBR.exe

    2010-12-25 15:56:16 256512 ----a-w- c:\windows\PEV.exe

    2010-12-25 15:56:16 161792 ----a-w- c:\windows\SWREG.exe

    2010-12-25 15:39:18 -------- d-----w- c:\docume~1\tlechler\applic~1\Malwarebytes

    2010-12-25 15:39:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2010-12-25 15:39:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

    2010-12-25 15:39:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

    2010-12-25 15:39:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2010-12-15 14:16:29 -------- d-----w- c:\docume~1\tlechler\locals~1\applic~1\Softerra

    2010-12-15 14:16:14 8704 ----a-r- c:\docume~1\tlechler\applic~1\microsoft\installer\{520049d8-7e67-4e71-bb3e-74fdb34810ad}\Icon520049D84.exe

    2010-12-15 14:16:14 13824 ----a-r- c:\docume~1\tlechler\applic~1\microsoft\installer\{520049d8-7e67-4e71-bb3e-74fdb34810ad}\Icon520049D83.exe

    2010-12-15 14:16:13 -------- d-----w- c:\program files\Softerra

    2010-12-14 21:47:05 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

    2010-12-14 21:46:47 45568 -c----w- c:\windows\system32\dllcache\wab.exe

    2010-12-03 19:57:40 -------- d-----w- c:\windows\system32\NtmsData

    2010-12-03 19:53:26 -------- d-----w- c:\program files\Western Digital Corp

    2010-12-03 19:49:35 -------- d-----w- c:\docume~1\tlechler\locals~1\applic~1\Western Digital

    2010-12-01 16:39:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

    2010-12-01 16:39:20 21504 ----a-w- c:\windows\system32\hidserv.dll

    2010-12-01 16:39:20 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

    2010-12-01 16:39:20 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

    2010-12-01 13:59:38 -------- d-----w- c:\docume~1\tlechler\applic~1\Windows Search

    2010-11-28 19:45:17 -------- d-----w- c:\docume~1\tlechler\locals~1\applic~1\Apple

    2010-11-28 19:45:05 -------- d-----w- c:\docume~1\tlechler\locals~1\applic~1\Apple Computer

    ==================== Find3M ====================

    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

    2010-11-10 14:24:42 73728 ----a-w- c:\windows\system32\javacpl.cpl

    2010-11-10 14:24:42 472808 ----a-w- c:\windows\system32\deployJava1.dll

    2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll

    2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll

    2010-11-06 00:34:11 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

    2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll

    2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec

    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

    2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

    2010-10-14 15:36:03 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

    ============= FINISH: 18:34:42.82 ===============

    Thanks for helping in advance!

    Merry Christmas!!!

    ~T

    log_files.zip

    Hello Everyone

    in General Chat

    Posted

    Hi Everyone,

    I've been using Malwarebytes for several months now and just wanted to let everyone know how appreciative I am of the program. Not only that, but your forums are chock-full of good advice. I've definitely learned quite a bit just reading over the different issues and resolutions people have received.

    Thanks for everything,

    ~T

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.