bryandamon

Members
  • Content count

    5
  • Joined

  • Last visited

About bryandamon

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. My works IT guy recommended a reformat and reinstall. With your help I was back up and going easily. Cheers and thankss again.

  2. No, I don't seem to have any problems any more. Thank you very much for your support! I don't believe it's Malware that was doing it, it seemed to be a file association with AutoCAD. I did go to the file types and viewed associations and did not see AutoCAD (or anything) associated with .scr but when I double clicked the dds.scr file it would try and open with AutoCAD. Anyway, I don't think it matters much if I am clean now. Thanks again for your time! Cheers, Bryan
  3. I think I have removed the trojans that were on my computer with a combination of MalwareBytes and ComboFix. Here are the output files from both MalwareBytes and ComboFix (note I cannot run any *.scr files like dds.scr due to what I think is a file association problem). Let me know what you guys think. Thanks for the help and support. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Malwarebytes' Anti-Malware 1.44 Database version: 3569 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 1/15/2010 9:07:43 AM mbam-log-2010-01-15 (09-07-43).txt Scan type: Quick Scan Objects scanned: 149500 Time elapsed: 9 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ComboFix 10-01-14.02 - hildb 01/15/2010 9:22.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2729 [GMT -8:00] Running from: c:\documents and settings\hildb\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-12-15 to 2010-01-15 ))))))))))))))))))))))))))))))) . 2010-01-14 21:02 . 2010-01-15 16:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2 2010-01-14 20:50 . 2010-01-15 16:56 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-14 20:46 . 2010-01-14 20:46 -------- d-----w- c:\documents and settings\hildb\Application Data\Malwarebytes 2010-01-14 18:33 . 2010-01-15 07:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-01-14 18:33 . 2010-01-14 18:50 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-01-14 18:30 . 2010-01-14 18:31 13160 ----a-w- c:\windows\system32\Upgrd.exe 2010-01-14 17:03 . 2010-01-14 17:03 -------- d-----w- c:\program files\microsoft frontpage 2010-01-14 16:44 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-14 16:44 . 2010-01-14 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-14 16:44 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-14 16:44 . 2010-01-15 07:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-11 17:21 . 2010-01-11 17:22 -------- d-----w- c:\program files\Common Files\Merge Modules 2010-01-11 17:21 . 2010-01-11 17:21 -------- d-----w- c:\program files\National Instruments 2010-01-11 17:20 . 2010-01-11 17:35 -------- d-----w- c:\program files\DASYLab 11.0 2010-01-11 17:18 . 2010-01-11 17:18 -------- d-----w- C:\DASYLab Downloads 2010-01-11 17:11 . 2009-05-13 18:20 188136 ----a-w- c:\windows\system32\drivers\usblddaqlib.sys 2010-01-11 17:11 . 2009-05-13 18:20 1182568 ----a-w- c:\windows\system32\drivers\usbdaqlib.sys 2010-01-11 17:01 . 2005-05-26 23:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2010-01-11 16:57 . 2010-01-11 16:58 -------- d-----w- c:\program files\Measurement Computing 2010-01-11 16:57 . 2007-10-31 18:49 53984 ----a-r- c:\windows\system32\drivers\CBUL32.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-15 16:55 . 2009-07-28 21:51 -------- d-----w- c:\program files\Taskbar Shuffle 2010-01-15 16:55 . 2009-06-23 01:51 313963 ----a-w- c:\windows\system32\nvModes.dat 2010-01-15 16:55 . 2009-07-21 16:56 0 ----a-w- c:\documents and settings\hildb\Local Settings\Application Data\WavXMapDrive.bat 2010-01-15 16:55 . 2009-07-20 20:44 -------- d-----w- c:\program files\Symantec AntiVirus 2010-01-15 16:55 . 2009-07-20 20:41 2401 ----a-w- c:\windows\system32\drivers\AlKernel.sys 2010-01-15 16:55 . 2009-07-20 20:40 41 ----a-w- C:\AClient.dat 2010-01-15 16:53 . 2009-07-21 16:06 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2010-01-15 16:53 . 2009-06-23 02:29 56680 ----a-w- c:\windows\system32\rpcnet.dll 2010-01-15 05:01 . 2009-07-21 16:07 17408 ----a-w- c:\windows\system32\rpcnetp.dll 2010-01-15 03:07 . 2009-09-14 03:18 -------- d-----w- c:\program files\Google 2010-01-14 19:13 . 2009-11-04 16:26 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-14 18:30 . 2006-12-01 23:37 56680 ----a-w- c:\windows\system32\rpcnet.exe 2010-01-14 17:13 . 2009-07-20 20:16 0 ----a-w- c:\documents and settings\Administrator.MAFI-TRENCH\Local Settings\Application Data\WavXMapDrive.bat 2010-01-14 17:06 . 2009-08-04 18:06 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-14 16:49 . 2009-07-27 23:59 -------- d-----w- c:\program files\AspenTech 2010-01-14 16:49 . 2009-08-10 23:25 -------- d-----w- c:\program files\ElcomSoft 2010-01-14 16:49 . 2009-06-23 02:17 -------- d-----w- c:\program files\Common Files\InstallShield 2010-01-11 21:38 . 2009-12-10 16:35 -------- d-----w- c:\documents and settings\hildb\Application Data\vlc 2010-01-11 17:22 . 2009-06-23 02:04 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-07 16:36 . 2009-07-21 20:10 -------- d-----w- c:\documents and settings\hildb\Application Data\SolidWorks 2009-12-23 16:29 . 2009-07-20 21:09 -------- d-----w- c:\program files\lotus 2009-12-10 16:33 . 2009-12-10 16:33 -------- d-----w- c:\program files\VideoLAN 2009-12-08 17:57 . 2009-07-21 20:15 -------- d-----w- c:\documents and settings\hildb\Application Data\DassaultSystemes 2009-12-08 03:34 . 2008-10-10 14:57 52120 ----a-w- c:\windows\system32\pkgmgr.dll 2009-12-08 03:29 . 2008-10-10 14:57 46488 ----a-w- c:\windows\system32\pkgslv.exe 2009-12-03 18:18 . 2009-06-23 02:01 -------- d-----w- c:\program files\Java 2009-12-03 18:17 . 2009-12-03 18:17 152576 ----a-w- c:\documents and settings\hildb\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-03 18:17 . 2009-12-03 18:17 79488 ----a-w- c:\documents and settings\hildb\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-21 01:40 . 2008-04-25 21:42 287200 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-11-16 18:36 . 2009-07-28 00:52 -------- d-----w- c:\program files\REFPROP 2009-11-09 16:18 . 2009-11-06 16:40 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-11-09 16:18 . 2009-11-06 16:40 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-10-21 16:45 . 2008-10-10 06:36 33792 ----a-w- c:\windows\system32\identprv.dll 2008-06-12 14:53 . 2009-07-20 21:21 3125248 ----a-w- c:\program files\Common Files\sapxlhelper.dll 2008-06-12 14:53 . 2009-07-20 21:21 955904 ----a-w- c:\program files\Common Files\SAPActiveXL.xlt 2008-06-12 14:53 . 2009-07-20 21:21 949760 ----a-w- c:\program files\Common Files\SAPActiveXL_nosig.xlt 2008-06-12 14:53 . 2009-07-20 21:21 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll 2008-06-12 14:53 . 2009-07-20 21:21 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll 2008-06-12 14:53 . 2009-07-20 21:21 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx . ((((((((((((((((((((((((((((( SnapShot@2010-01-15_03.10.40 ))))))))))))))))))))))))))))))))))))))))) . + 2010-01-15 16:52 . 2010-01-15 16:52 16384 c:\windows\temp\Perflib_Perfdata_700.dat + 2010-01-15 17:02 . 2010-01-15 17:02 16384 c:\windows\temp\Perflib_Perfdata_2dc.dat - 2008-04-25 16:16 . 2010-01-14 16:38 79436 c:\windows\system32\perfc009.dat + 2008-04-25 16:16 . 2010-01-15 05:05 79436 c:\windows\system32\perfc009.dat + 2009-07-20 19:50 . 2010-01-15 05:06 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2009-07-20 19:50 . 2010-01-15 02:44 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2009-07-20 19:50 . 2010-01-15 02:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-07-20 19:50 . 2010-01-15 05:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2010-01-15 05:05 . 2010-01-15 05:06 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-07-20 19:50 . 2010-01-15 02:44 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-11-09 16:18 . 2009-11-09 16:18 21446 c:\windows\Installer\{2EFCC193-D915-4CCB-9201-31773A27BC06}\ARPPRODUCTICON.exe + 2010-01-15 05:05 . 2010-01-15 05:05 21446 c:\windows\Installer\{2EFCC193-D915-4CCB-9201-31773A27BC06}\ARPPRODUCTICON.exe + 2008-04-25 16:16 . 2010-01-15 05:05 464578 c:\windows\system32\perfh009.dat - 2008-04-25 16:16 . 2010-01-14 16:38 464578 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay] @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}" [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}] 2009-04-22 15:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay] @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}" [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}] 2009-04-22 15:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176] "SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-03-25 3261688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "nwiz"="nwiz.exe" [2008-08-28 1630208] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-28 115560] "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408] "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-04-22 15360] "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-04-22 656696] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232] "OA001Mon"="c:\windows\OA001Mon.exe" [2009-03-30 24576] "NvMediaCenter"="NvMCTray.dll" [2008-08-28 86016] "NVHotkey"="nvHotkey.dll" [2008-08-28 90112] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-28 13537280] "EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-04-22 95544] "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-03-19 667648] "ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-02-26 184320] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-06-23 2220032] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704] "AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2009-04-30 153416] "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152] "AClntUsr"="c:\program files\altiris\aclient\AClntUsr.EXE" [2010-01-15 184320] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-9-9 295606] Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872] AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2007-1-17 11000] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "disablecad"= 1 (0x1) "HideShutdownScripts"= 0 (0x0) "LogonType"= 0 (0x0) "MaxGPOScriptWait"= 60 (0x3c) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLogonScripts"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) "NoAutoUpdate"= 1 (0x1) "NoPublishingWizard"= 0 (0x0) "NoWebServices"= 0 (0x0) "NoOnlinePrintsWizard"= 1 (0x1) "RecycleBinSize"= 10 (0xa) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify] 2006-04-10 03:59 24674 ----a-w- c:\windows\system32\ckpNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\AMInit.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-844170078-1351502379-239210854-500\Scripts\Logon\0\0] "Script"=EnableProxy.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-844170078-1351502379-239210854-500\Scripts\Logon\1\0] "Script"=EnableProxy.bat [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"= "c:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE"= R1 CBUL32;Measurement Computing DataAcq;c:\windows\system32\drivers\CBUL32.sys [1/11/2010 8:57 AM 53984] R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [7/20/2009 1:11 PM 2234320] R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 2:56 AM 133968] R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [12/29/2008 8:07 AM 320800] R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [7/20/2009 1:10 PM 36400] R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 7:19 AM 808296] R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 7:19 AM 20840] R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [4/9/2009 11:02 AM 447264] R2 Remote Solver for COSMOSFloWorks 2008;Remote Solver for COSMOSFloWorks 2008;c:\program files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe [6/4/2008 3:23 PM 237568] R2 rpcld;Remote Procedure Call (RPC) LD;c:\documents and settings\All Users\Application Data\Rpcnet\Bin\rpcld.exe --> c:\documents and settings\All Users\Application Data\Rpcnet\Bin\rpcld.exe [?] R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [7/20/2009 1:10 PM 109072] R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [7/20/2009 1:10 PM 671472] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/22/2009 8:44 PM 112512] R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [6/22/2009 8:45 PM 32808] R3 e1yexpress;IntelĀ® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/22/2009 8:44 PM 244368] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2009 7:21 AM 102448] R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [6/22/2009 8:44 PM 148056] R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [6/22/2009 8:44 PM 133632] R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [6/22/2009 8:44 PM 280096] R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [6/22/2009 6:25 PM 232744] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/13/2009 7:18 PM 133104] S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [4/19/2007 2:28 AM 42832] S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?] S3 USBDAQLIB;USB-2500 Driver;c:\windows\system32\drivers\usbdaqlib.sys [1/11/2010 9:11 AM 1182568] S3 USBLDDAQLIB;USB-2500 Loader Driver;c:\windows\system32\drivers\usblddaqlib.sys [1/11/2010 9:11 AM 188136] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.atlascopco.com uInternet Settings,ProxyOverride = <local> IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-15 09:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-844170078-1351502379-239210854-6654\Printers\ mbam_log_2010_01_15__09_07_43_.txt ComboFix_log_2010_01_15__09_22_.txt
  4. Is there a way for me to download and get the latest updates for MalwareBytes on one computer and transfer the updates to another computer via a flash drive if the infected computer can't go online?
  5. So I used the advice given to someone else and renamed ComboFix to Combo-Fix which allowed me to run it and I got the following. I still can't run any of the .scr files though. ComboFix 10-01-14.02 - hildb 01/14/2010 18:59:15.1.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.3194 [GMT -8:00] Running from: c:\documents and settings\hildb\Desktop\Combo-Fix.exe AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-0302098649-4792403997-253083816-4489 c:\recycler\S-1-5-21-1744224016-9478683340-631643241-9744 c:\recycler\S-1-5-21-2677302934-5395288813-855684148-9994 c:\recycler\S-1-5-21-4808036082-8763057759-469353545-2159 c:\recycler\S-1-5-21-5672589932-4201880630-588511372-8853 c:\recycler\S-1-5-21-6129230399-2694873288-223485965-2727 c:\recycler\S-1-5-21-7374720962-4665344024-336840812-0052 c:\recycler\S-1-5-21-7374720962-4665344024-336840812-0052\Desktop.ini c:\recycler\S-1-5-21-7374720962-4665344024-336840812-0052\mwau.exe c:\recycler\S-1-5-21-8113175430-1836826363-718471035-8067 c:\windows\EventSystem.log c:\windows\system32\drivers\H8SRTpexwnlgibq.sys c:\windows\system32\H8SRTeuwyqslqii.dll c:\windows\system32\H8SRTiewnrruxjy.dll c:\windows\system32\h8srtkrl32mainweq.dll c:\windows\system32\H8SRTldobvdlyxu.dat c:\windows\system32\h8srtshsyst.dll c:\windows\system32\H8SRTtlnkiyybot.dll c:\windows\system32\H8SRTumlmpikilh.dll c:\windows\system32\lsprst7.dll c:\windows\system32\nsprs.dll c:\windows\system32\ssprs.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_H8SRTd.sys -------\Legacy_H8SRTd.sys ((((((((((((((((((((((((( Files Created from 2009-12-15 to 2010-01-15 ))))))))))))))))))))))))))))))) . 2010-01-14 21:02 . 2010-01-14 21:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2 2010-01-14 20:50 . 2010-01-14 21:59 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-14 20:46 . 2010-01-14 20:46 -------- d-----w- c:\documents and settings\hildb\Application Data\Malwarebytes 2010-01-14 18:33 . 2010-01-14 18:50 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-01-14 18:33 . 2010-01-14 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-01-14 18:30 . 2010-01-14 18:31 13160 ----a-w- c:\windows\system32\Upgrd.exe 2010-01-14 17:03 . 2010-01-14 17:03 -------- d-----w- c:\program files\microsoft frontpage 2010-01-14 16:44 . 2008-10-23 00:27 15504 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-14 16:44 . 2010-01-14 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-14 16:44 . 2008-10-23 00:27 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-14 16:44 . 2010-01-14 20:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-11 17:21 . 2010-01-11 17:22 -------- d-----w- c:\program files\Common Files\Merge Modules 2010-01-11 17:21 . 2010-01-11 17:21 -------- d-----w- c:\program files\National Instruments 2010-01-11 17:20 . 2010-01-11 17:35 -------- d-----w- c:\program files\DASYLab 11.0 2010-01-11 17:18 . 2010-01-11 17:18 -------- d-----w- C:\DASYLab Downloads 2010-01-11 17:11 . 2009-05-13 18:20 188136 ----a-w- c:\windows\system32\drivers\usblddaqlib.sys 2010-01-11 17:11 . 2009-05-13 18:20 1182568 ----a-w- c:\windows\system32\drivers\usbdaqlib.sys 2010-01-11 17:01 . 2005-05-26 23:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2010-01-11 16:57 . 2010-01-11 16:58 -------- d-----w- c:\program files\Measurement Computing 2010-01-11 16:57 . 2007-10-31 18:49 53984 ----a-r- c:\windows\system32\drivers\CBUL32.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-15 03:08 . 2009-07-21 16:07 17408 ----a-w- c:\windows\system32\rpcnetp.dll 2010-01-15 03:08 . 2009-06-23 02:29 56680 ----a-w- c:\windows\system32\rpcnet.dll 2010-01-15 03:07 . 2009-09-14 03:18 -------- d-----w- c:\program files\Google 2010-01-15 03:06 . 2009-07-21 16:06 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2010-01-14 19:13 . 2009-11-04 16:26 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-14 18:30 . 2006-12-01 23:37 56680 ----a-w- c:\windows\system32\rpcnet.exe 2010-01-14 18:07 . 2009-07-21 16:56 0 ----a-w- c:\documents and settings\hildb\Local Settings\Application Data\WavXMapDrive.bat 2010-01-14 17:54 . 2009-07-28 21:51 -------- d-----w- c:\program files\Taskbar Shuffle 2010-01-14 17:13 . 2009-07-20 20:16 0 ----a-w- c:\documents and settings\Administrator.MAFI-TRENCH\Local Settings\Application Data\WavXMapDrive.bat 2010-01-14 17:06 . 2009-08-04 18:06 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-14 17:05 . 2009-07-20 20:41 2401 ----a-w- c:\windows\system32\drivers\AlKernel.sys 2010-01-14 16:49 . 2009-07-27 23:59 -------- d-----w- c:\program files\AspenTech 2010-01-14 16:49 . 2009-08-10 23:25 -------- d-----w- c:\program files\ElcomSoft 2010-01-14 16:49 . 2009-06-23 02:17 -------- d-----w- c:\program files\Common Files\InstallShield 2010-01-14 16:49 . 2009-07-20 20:44 -------- d-----w- c:\program files\Symantec AntiVirus 2010-01-14 16:37 . 2009-06-23 01:51 313963 ----a-w- c:\windows\system32\nvModes.dat 2010-01-12 17:10 . 2009-07-20 20:40 41 ----a-w- C:\AClient.dat 2010-01-11 21:38 . 2009-12-10 16:35 -------- d-----w- c:\documents and settings\hildb\Application Data\vlc 2010-01-11 17:22 . 2009-06-23 02:04 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-07 16:36 . 2009-07-21 20:10 -------- d-----w- c:\documents and settings\hildb\Application Data\SolidWorks 2009-12-23 16:29 . 2009-07-20 21:09 -------- d-----w- c:\program files\lotus 2009-12-10 16:33 . 2009-12-10 16:33 -------- d-----w- c:\program files\VideoLAN 2009-12-08 17:57 . 2009-07-21 20:15 -------- d-----w- c:\documents and settings\hildb\Application Data\DassaultSystemes 2009-12-08 03:34 . 2008-10-10 14:57 52120 ----a-w- c:\windows\system32\pkgmgr.dll 2009-12-08 03:29 . 2008-10-10 14:57 46488 ----a-w- c:\windows\system32\pkgslv.exe 2009-12-03 18:18 . 2009-06-23 02:01 -------- d-----w- c:\program files\Java 2009-12-03 18:17 . 2009-12-03 18:17 152576 ----a-w- c:\documents and settings\hildb\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-03 18:17 . 2009-12-03 18:17 79488 ----a-w- c:\documents and settings\hildb\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-21 01:40 . 2008-04-25 21:42 287200 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-11-16 18:36 . 2009-07-28 00:52 -------- d-----w- c:\program files\REFPROP 2009-11-09 16:18 . 2009-11-06 16:40 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-11-09 16:18 . 2009-11-06 16:40 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-10-21 16:45 . 2008-10-10 06:36 33792 ----a-w- c:\windows\system32\identprv.dll 2008-06-12 14:53 . 2009-07-20 21:21 3125248 ----a-w- c:\program files\Common Files\sapxlhelper.dll 2008-06-12 14:53 . 2009-07-20 21:21 955904 ----a-w- c:\program files\Common Files\SAPActiveXL.xlt 2008-06-12 14:53 . 2009-07-20 21:21 949760 ----a-w- c:\program files\Common Files\SAPActiveXL_nosig.xlt 2008-06-12 14:53 . 2009-07-20 21:21 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll 2008-06-12 14:53 . 2009-07-20 21:21 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll 2008-06-12 14:53 . 2009-07-20 21:21 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay] @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}" [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}] 2009-04-22 15:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay] @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}" [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}] 2009-04-22 15:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176] "SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-03-25 3261688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "nwiz"="nwiz.exe" [2008-08-28 1630208] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-28 115560] "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408] "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-04-22 15360] "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-04-22 656696] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232] "OA001Mon"="c:\windows\OA001Mon.exe" [2009-03-30 24576] "NvMediaCenter"="NvMCTray.dll" [2008-08-28 86016] "NVHotkey"="nvHotkey.dll" [2008-08-28 90112] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-28 13537280] "EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-04-22 95544] "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-03-19 667648] "ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-02-26 184320] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-06-23 2220032] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704] "AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2009-04-30 153416] "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152] "AClntUsr"="c:\program files\altiris\aclient\AClntUsr.EXE" [2010-01-12 184320] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-9-9 295606] Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872] AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2007-1-17 11000] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "disablecad"= 1 (0x1) "HideShutdownScripts"= 0 (0x0) "LogonType"= 0 (0x0) "MaxGPOScriptWait"= 60 (0x3c) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLogonScripts"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) "NoAutoUpdate"= 1 (0x1) "NoPublishingWizard"= 0 (0x0) "NoWebServices"= 0 (0x0) "NoOnlinePrintsWizard"= 1 (0x1) "RecycleBinSize"= 10 (0xa) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify] 2006-04-10 03:59 24674 ----a-w- c:\windows\system32\ckpNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\AMInit.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-844170078-1351502379-239210854-500\Scripts\Logon\0\0] "Script"=EnableProxy.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-844170078-1351502379-239210854-500\Scripts\Logon\1\0] "Script"=EnableProxy.bat [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"= R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [7/20/2009 1:11 PM 2234320] R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [7/20/2009 1:10 PM 109072] R3 e1yexpress;IntelĀ® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/22/2009 8:44 PM 244368] S1 CBUL32;Measurement Computing DataAcq;c:\windows\system32\drivers\CBUL32.sys [1/11/2010 8:57 AM 53984] S2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 2:56 AM 133968] S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [12/29/2008 8:07 AM 320800] S2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [7/20/2009 1:10 PM 36400] S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 7:19 AM 808296] S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 7:19 AM 20840] S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [4/9/2009 11:02 AM 447264] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/13/2009 7:18 PM 133104] S2 Remote Solver for COSMOSFloWorks 2008;Remote Solver for COSMOSFloWorks 2008;c:\program files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe [6/4/2008 3:23 PM 237568] S2 rpcld;Remote Procedure Call (RPC) LD;c:\documents and settings\All Users\Application Data\Rpcnet\Bin\rpcld.exe --> c:\documents and settings\All Users\Application Data\Rpcnet\Bin\rpcld.exe [?] S2 rpcnetp;rpcnetp;c:\windows\system32\rpcnetp.exe [7/21/2009 8:06 AM 17408] S2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [7/20/2009 1:10 PM 671472] S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/22/2009 8:44 PM 112512] S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [4/19/2007 2:28 AM 42832] S3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [6/22/2009 8:45 PM 32808] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2009 7:21 AM 102448] S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?] S3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [6/22/2009 8:44 PM 148056] S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [6/22/2009 8:44 PM 133632] S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [6/22/2009 8:44 PM 280096] S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [6/22/2009 6:25 PM 232744] S3 USBDAQLIB;USB-2500 Driver;c:\windows\system32\drivers\usbdaqlib.sys [1/11/2010 9:11 AM 1182568] S3 USBLDDAQLIB;USB-2500 Loader Driver;c:\windows\system32\drivers\usblddaqlib.sys [1/11/2010 9:11 AM 188136] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.atlascopco.com uInternet Settings,ProxyOverride = <local> IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . - - - - ORPHANS REMOVED - - - - Notify-NavLogon - (no file) SafeBoot-Symantec Antvirus ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-14 19:10 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-844170078-1351502379-239210854-6654\Printers\
  6. I have been reading the recent posts and I think I have something similar. My computer freezes up if I log in normally. Logged into safe mode and I can at least try things. Downloaded Malwarebytes and tried to run it but wouldn't run. Changed the name to mbam2.exe and it ran. It found and removed 2 trojans. C:\WINDOWS\system32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully. Unfortuanately I was running Malwarebytes' Anti-Malware 1.30, Database version: 1306. When I try to hit the 'check for updates' it downloads 4995KB of data and says, 'The latest version of Malwarebytes' Anti-Malware has been downloaded. Malwarebytes' Anti-Malware will now close and install the latest version.' It closes but I don't think it does anything after that. If I open it again and check for updates it does the same thing so I think that is getting blocked as mbam-setup.exe is just hanging up in the task manager process. I also downloaded the ddr.src file but it seems to share associations with AutoCAD, when I double click it asks what program to use. I checked the associations but it doesn't say anything for .src but when I double click it says its an AutoCAD script. I did the DeFogger thing and it seems to do its thing and said 'Finished!', the the notes somewhere say it will ask you to reboot and it doesn't ask that for me. I have the GMER Rootkit Scanner and will run that next (it was 20 minutes in when my system crashed the last time I tried to log in normally). I also tried the TDSSKiller.exe but got the following 'Driver Load Error!' Any help is appreciated...