Tigerhawk247
-
Posts
31 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Tigerhawk247
-
-
here's the combofix log. Right before it did the first scan it crashed saying "rmbr.cfxxe has encountered a problem", modname was ntdll.dll. Once I submitted to MS, combofix continued on. The computer itself seems ok, but It seems random that I get the trojan warning. As for the 15 browsers open, I use chrome and it had multiple tabs open.
***log begins here***
ComboFix 10-12-25.02 - TLECHLER 12/26/2010 8:54.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2996.2173 [GMT -5:00]
Running from: c:\documents and settings\TLECHLER\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
((((((((((((((((((((((((( Files Created from 2010-11-26 to 2010-12-26 )))))))))))))))))))))))))))))))
.
2010-12-25 15:39 . 2010-12-25 15:39 -------- d-----w- c:\documents and settings\TLECHLER\Application Data\Malwarebytes
2010-12-25 15:39 . 2010-12-25 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-25 15:39 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-25 15:39 . 2010-12-25 15:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-25 15:39 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-15 14:16 . 2010-12-15 14:16 -------- d-----w- c:\documents and settings\TLECHLER\Local Settings\Application Data\Softerra
2010-12-15 14:16 . 2010-12-15 14:16 8704 ----a-r- c:\documents and settings\TLECHLER\Application Data\Microsoft\Installer\{520049D8-7E67-4E71-BB3E-74FDB34810AD}\Icon520049D84.exe
2010-12-15 14:16 . 2010-12-15 14:16 13824 ----a-r- c:\documents and settings\TLECHLER\Application Data\Microsoft\Installer\{520049D8-7E67-4E71-BB3E-74FDB34810AD}\Icon520049D83.exe
2010-12-15 14:16 . 2010-12-15 14:16 -------- d-----w- c:\program files\Softerra
2010-12-14 21:47 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-14 21:46 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-03 19:57 . 2010-12-03 19:59 -------- d-----w- c:\windows\system32\NtmsData
2010-12-03 19:53 . 2010-12-03 19:53 -------- d-----w- c:\program files\Western Digital Corp
2010-12-03 19:49 . 2010-12-03 19:49 -------- d-----w- c:\documents and settings\TLECHLER\Local Settings\Application Data\Western Digital
2010-12-01 16:39 . 2008-04-14 10:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-12-01 16:39 . 2008-04-14 10:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-12-01 16:39 . 2008-04-14 05:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-12-01 16:39 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-12-01 13:59 . 2010-12-01 13:59 -------- d-----w- c:\documents and settings\TLECHLER\Application Data\Windows Search
2010-11-28 19:45 . 2010-11-28 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-11-28 19:45 . 2010-11-28 19:45 -------- d-----w- c:\program files\Common Files\Apple
2010-11-28 19:45 . 2010-11-28 19:45 -------- d-----w- c:\documents and settings\TLECHLER\Local Settings\Application Data\Apple
2010-11-28 19:45 . 2010-11-28 19:45 -------- d-----w- c:\program files\Apple Software Update
2010-11-28 19:45 . 2010-11-28 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-11-28 19:45 . 2010-11-28 19:45 -------- d-----w- c:\documents and settings\TLECHLER\Local Settings\Application Data\Apple Computer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2008-07-21 22:00 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-10 14:24 . 2010-11-10 14:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-10 14:24 . 2010-08-09 21:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-06 00:34 . 2008-07-21 22:50 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2008-07-21 22:49 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2008-07-21 22:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2008-07-21 22:49 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2008-07-21 22:49 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-07-21 22:49 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2008-07-21 22:49 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2008-07-21 22:50 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 15:36 . 2010-10-14 15:35 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-10-14 15:36 . 2010-10-14 15:35 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
.
((((((((((((((((((((((((((((( SnapShot@2010-12-25_16.03.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-25 23:18 . 2010-12-25 23:18 16384 c:\windows\Temp\Perflib_Perfdata_b10.dat
+ 2010-12-26 13:56 . 2010-12-26 13:56 53248 c:\windows\Temp\catchme.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Google Update"="c:\documents and settings\TLECHLER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-11-09 136176]
"Aim"="c:\program files\AIM\aim.exe" [2010-10-12 4258136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"Cisco Unified Personal Communicator"="c:\progra~1\CISCOS~1\CISCOU~1\CUPCK9.exe" [2009-02-12 10334208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-03-25 111640]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-16 307768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-04 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-04 174616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-04 145432]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-11-27 3081528]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-20 45632]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-09-23 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-05-06 115560]
"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-05-18 40960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-2-25 607584]
Bomgar Representative Console [help.rollins.edu].lnk - c:\program files\Bomgar\Representative\help.rollins.edu\bomgar-rep.exe [2009-6-8 9018880]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2005-08-04 417792]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
2005-01-10 17:36 24576 ----a-w- c:\windows\system32\novell\xtnotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Cisco Systems\\Cisco Unified Personal Communicator\\CUPCK9.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Bradford Networks\\Persistent Agent\\bndaemon.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [8/10/2010 6:01 AM 21504]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [4/23/2010 1:19 AM 13480]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [5/23/2005 1:47 PM 6899]
R2 BNPagent;Bradford Persistent Agent Service;c:\program files\Bradford Networks\Persistent Agent\bndaemon.exe [7/14/2010 9:30 AM 3063576]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [4/23/2010 1:19 AM 45496]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 10:09 PM 11032]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [7/11/2005 10:33 AM 163840]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [4/23/2010 1:19 AM 63928]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 5:34 PM 520192]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [8/10/2010 6:02 AM 2320920]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [1/10/2005 12:36 PM 61440]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [8/10/2010 6:02 AM 127232]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [5/23/2005 1:11 PM 2773]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [8/10/2010 5:55 AM 167080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/14/2010 10:38 AM 102448]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [8/10/2010 6:02 AM 132352]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [8/10/2010 6:04 AM 235520]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [10/8/2009 9:52 PM 38336]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 7:50 PM 360448]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/21/2010 6:27 AM 23888]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 12:25 PM 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 11:37 PM 4640000]
S3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [8/10/2010 6:02 AM 816792]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - KXTDRPOW
*Deregistered* - kxtdrpow
.
Contents of the 'Scheduled Tasks' folder
2010-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-205293844-238439537-3607739544-1013Core.job
- c:\documents and settings\TLECHLER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-09 13:55]
2010-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-205293844-238439537-3607739544-1013UA.job
- c:\documents and settings\TLECHLER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-09 13:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://r-net.rollins.edu/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\TLECHLER\Application Data\Mozilla\Firefox\Profiles\al6c7gb1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.rollins.edu
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-26 08:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Cisco Unified Personal Communicator = c:\progra~1\CISCOS~1\CISCOU~1\CUPCK9.exe?????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1368)
c:\windows\system32\NETWIN32.DLL
c:\program files\Novell\ZENworks\ZENPOL32.DLL
c:\windows\system32\xmlparse.dll
- - - - - - - > 'Explorer.exe'(3800)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MI1933~1\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\btmmhook.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\NETWIN32.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-26 08:57:36
ComboFix-quarantined-files.txt 2010-12-26 13:57
ComboFix2.txt 2010-12-25 16:02
Pre-Run: 36,748,369,920 bytes free
Post-Run: 36,726,317,056 bytes free
- - End Of File - - 81068F6152C959801982A801203AEAEF
-
Hello All,
My Symantec endpoint protection has alerted me to this infection. Malwarebytes hasn't detected anything so I ran the gmer/dds scans as well.
dds.txt
DDS (Ver_10-12-12.02) - NTFSx86
Run by TLECHLER at 18:34:27.79 on Sat 12/25/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2996.1984 [GMT -5:00]
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
============== Running Processes ===============
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe
svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\PROGRA~1\CISCOS~1\CISCOU~1\CUPCK9.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Bomgar\Representative\help.rollins.edu\bomgar-rep.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TLECHLER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TLECHLER\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://r-net.rollins.edu/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\documents and settings\tlechler\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Cisco Unified Personal Communicator] c:\progra~1\ciscos~1\ciscou~1\CUPCK9.exe
mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NDPS] c:\windows\system32\dpmw32.exe
mRun: [NWTRAY] NWTRAY.EXE
mRun: [ZENRC Tray Icon] c:\windows\system32\zentray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bomgar~1.lnk - c:\program files\bomgar\representative\help.rollins.edu\bomgar-rep.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program files\novell\zenworks\AxNalServer.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
Notify: NetIdentity Notification - c:\windows\system32\novell\XtNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
SEH: {763370c4-268e-4308-a60c-d8da0342be32} - c:\program files\novell\zenworks\NalShell.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\tlechler\applic~1\mozilla\firefox\profiles\al6c7gb1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.rollins.edu
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [2010-8-10 21504]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-4-23 13480]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2005-5-23 6899]
R2 BNPagent;Bradford Persistent Agent Service;c:\program files\bradford networks\persistent agent\bndaemon.exe [2010-7-14 3063576]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-5-6 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-5-6 108392]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-4-23 45496]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\novell\zenworks\remotemanagement\rmagent\ZenRem32.exe [2005-7-11 163840]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-7-1 1832072]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2010-4-23 63928]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-11-24 520192]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-8-10 2320920]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [2005-1-10 61440]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2010-8-10 127232]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [2005-5-23 2773]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-8-10 167080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-14 102448]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-8-10 132352]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-8-10 235520]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101225.007\NAVENG.SYS [2010-12-25 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101225.007\NAVEX15.SYS [2010-12-25 1360760]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-10-8 38336]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-5-21 23888]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-8-10 816792]
=============== Created Last 30 ================
2010-12-25 15:59:53 -------- d-sha-r- C:\cmdcons
2010-12-25 15:56:16 98816 ----a-w- c:\windows\sed.exe
2010-12-25 15:56:16 89088 ----a-w- c:\windows\MBR.exe
2010-12-25 15:56:16 256512 ----a-w- c:\windows\PEV.exe
2010-12-25 15:56:16 161792 ----a-w- c:\windows\SWREG.exe
2010-12-25 15:39:18 -------- d-----w- c:\docume~1\tlechler\applic~1\Malwarebytes
2010-12-25 15:39:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-25 15:39:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-25 15:39:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-25 15:39:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-15 14:16:29 -------- d-----w- c:\docume~1\tlechler\locals~1\applic~1\Softerra
2010-12-15 14:16:14 8704 ----a-r- c:\docume~1\tlechler\applic~1\microsoft\installer\{520049d8-7e67-4e71-bb3e-74fdb34810ad}\Icon520049D84.exe
2010-12-15 14:16:14 13824 ----a-r- c:\docume~1\tlechler\applic~1\microsoft\installer\{520049d8-7e67-4e71-bb3e-74fdb34810ad}\Icon520049D83.exe
2010-12-15 14:16:13 -------- d-----w- c:\program files\Softerra
2010-12-14 21:47:05 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-14 21:46:47 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-03 19:57:40 -------- d-----w- c:\windows\system32\NtmsData
2010-12-03 19:53:26 -------- d-----w- c:\program files\Western Digital Corp
2010-12-03 19:49:35 -------- d-----w- c:\docume~1\tlechler\locals~1\applic~1\Western Digital
2010-12-01 16:39:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-12-01 16:39:20 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-12-01 16:39:20 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-12-01 16:39:20 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-12-01 13:59:38 -------- d-----w- c:\docume~1\tlechler\applic~1\Windows Search
2010-11-28 19:45:17 -------- d-----w- c:\docume~1\tlechler\locals~1\applic~1\Apple
2010-11-28 19:45:05 -------- d-----w- c:\docume~1\tlechler\locals~1\applic~1\Apple Computer
==================== Find3M ====================
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-10 14:24:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-10 14:24:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34:11 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 15:36:03 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
============= FINISH: 18:34:42.82 ===============
Thanks for helping in advance!
Merry Christmas!!!
~T
-
That's actually what I was looking for.
Thanks,
~T
-
Thanks so much. Quick question though, how does one become a volunteer to help out on the forums?
~T
-
Hi Everyone,
I've been using Malwarebytes for several months now and just wanted to let everyone know how appreciative I am of the program. Not only that, but your forums are chock-full of good advice. I've definitely learned quite a bit just reading over the different issues and resolutions people have received.
Thanks for everything,
~T
Trojan.Gen.2 infection
in Resolved Malware Removal Logs
Posted
Sorry for the delay. Here is the log:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=299c10c10055c64a89c3016e4a516df4
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-26 05:36:04
# local_time=2010-12-26 12:36:04 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=95679
# found=0
# cleaned=0
# scan_time=2767
Thanks!