Jump to content

Trojan is beating me


Recommended Posts

I have been reading the recent posts and I think I have something similar. My computer freezes up if I log in normally. Logged into safe mode and I can at least try things. Downloaded Malwarebytes and tried to run it but wouldn't run. Changed the name to mbam2.exe and it ran. It found and removed 2 trojans.

C:\WINDOWS\system32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Unfortuanately I was running Malwarebytes' Anti-Malware 1.30, Database version: 1306. When I try to hit the 'check for updates' it downloads 4995KB of data and says, 'The latest version of Malwarebytes' Anti-Malware has been downloaded. Malwarebytes' Anti-Malware will now close and install the latest version.' It closes but I don't think it does anything after that. If I open it again and check for updates it does the same thing so I think that is getting blocked as mbam-setup.exe is just hanging up in the task manager process.

I also downloaded the ddr.src file but it seems to share associations with AutoCAD, when I double click it asks what program to use. I checked the associations but it doesn't say anything for .src but when I double click it says its an AutoCAD script.

I did the DeFogger thing and it seems to do its thing and said 'Finished!', the the notes somewhere say it will ask you to reboot and it doesn't ask that for me.

I have the GMER Rootkit Scanner and will run that next (it was 20 minutes in when my system crashed the last time I tried to log in normally).

I also tried the TDSSKiller.exe but got the following 'Driver Load Error!'

Any help is appreciated...

Link to post
Share on other sites

So I used the advice given to someone else and renamed ComboFix to Combo-Fix which allowed me to run it and I got the following. I still can't run any of the .scr files though.

ComboFix 10-01-14.02 - hildb 01/14/2010 18:59:15.1.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.3194 [GMT -8:00]

Running from: c:\documents and settings\hildb\Desktop\Combo-Fix.exe

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\recycler\S-1-5-21-0302098649-4792403997-253083816-4489

c:\recycler\S-1-5-21-1744224016-9478683340-631643241-9744

c:\recycler\S-1-5-21-2677302934-5395288813-855684148-9994

c:\recycler\S-1-5-21-4808036082-8763057759-469353545-2159

c:\recycler\S-1-5-21-5672589932-4201880630-588511372-8853

c:\recycler\S-1-5-21-6129230399-2694873288-223485965-2727

c:\recycler\S-1-5-21-7374720962-4665344024-336840812-0052

c:\recycler\S-1-5-21-7374720962-4665344024-336840812-0052\Desktop.ini

c:\recycler\S-1-5-21-7374720962-4665344024-336840812-0052\mwau.exe

c:\recycler\S-1-5-21-8113175430-1836826363-718471035-8067

c:\windows\EventSystem.log

c:\windows\system32\drivers\H8SRTpexwnlgibq.sys

c:\windows\system32\H8SRTeuwyqslqii.dll

c:\windows\system32\H8SRTiewnrruxjy.dll

c:\windows\system32\h8srtkrl32mainweq.dll

c:\windows\system32\H8SRTldobvdlyxu.dat

c:\windows\system32\h8srtshsyst.dll

c:\windows\system32\H8SRTtlnkiyybot.dll

c:\windows\system32\H8SRTumlmpikilh.dll

c:\windows\system32\lsprst7.dll

c:\windows\system32\nsprs.dll

c:\windows\system32\ssprs.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_H8SRTd.sys

-------\Legacy_H8SRTd.sys

((((((((((((((((((((((((( Files Created from 2009-12-15 to 2010-01-15 )))))))))))))))))))))))))))))))

.

2010-01-14 21:02 . 2010-01-14 21:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2

2010-01-14 20:50 . 2010-01-14 21:59 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-01-14 20:46 . 2010-01-14 20:46 -------- d-----w- c:\documents and settings\hildb\Application Data\Malwarebytes

2010-01-14 18:33 . 2010-01-14 18:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-01-14 18:33 . 2010-01-14 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-01-14 18:30 . 2010-01-14 18:31 13160 ----a-w- c:\windows\system32\Upgrd.exe

2010-01-14 17:03 . 2010-01-14 17:03 -------- d-----w- c:\program files\microsoft frontpage

2010-01-14 16:44 . 2008-10-23 00:27 15504 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-14 16:44 . 2010-01-14 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-14 16:44 . 2008-10-23 00:27 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-14 16:44 . 2010-01-14 20:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-11 17:21 . 2010-01-11 17:22 -------- d-----w- c:\program files\Common Files\Merge Modules

2010-01-11 17:21 . 2010-01-11 17:21 -------- d-----w- c:\program files\National Instruments

2010-01-11 17:20 . 2010-01-11 17:35 -------- d-----w- c:\program files\DASYLab 11.0

2010-01-11 17:18 . 2010-01-11 17:18 -------- d-----w- C:\DASYLab Downloads

2010-01-11 17:11 . 2009-05-13 18:20 188136 ----a-w- c:\windows\system32\drivers\usblddaqlib.sys

2010-01-11 17:11 . 2009-05-13 18:20 1182568 ----a-w- c:\windows\system32\drivers\usbdaqlib.sys

2010-01-11 17:01 . 2005-05-26 23:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2010-01-11 16:57 . 2010-01-11 16:58 -------- d-----w- c:\program files\Measurement Computing

2010-01-11 16:57 . 2007-10-31 18:49 53984 ----a-r- c:\windows\system32\drivers\CBUL32.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-15 03:08 . 2009-07-21 16:07 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2010-01-15 03:08 . 2009-06-23 02:29 56680 ----a-w- c:\windows\system32\rpcnet.dll

2010-01-15 03:07 . 2009-09-14 03:18 -------- d-----w- c:\program files\Google

2010-01-15 03:06 . 2009-07-21 16:06 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2010-01-14 19:13 . 2009-11-04 16:26 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-01-14 18:30 . 2006-12-01 23:37 56680 ----a-w- c:\windows\system32\rpcnet.exe

2010-01-14 18:07 . 2009-07-21 16:56 0 ----a-w- c:\documents and settings\hildb\Local Settings\Application Data\WavXMapDrive.bat

2010-01-14 17:54 . 2009-07-28 21:51 -------- d-----w- c:\program files\Taskbar Shuffle

2010-01-14 17:13 . 2009-07-20 20:16 0 ----a-w- c:\documents and settings\Administrator.MAFI-TRENCH\Local Settings\Application Data\WavXMapDrive.bat

2010-01-14 17:06 . 2009-08-04 18:06 -------- d-----w- c:\program files\Common Files\Adobe

2010-01-14 17:05 . 2009-07-20 20:41 2401 ----a-w- c:\windows\system32\drivers\AlKernel.sys

2010-01-14 16:49 . 2009-07-27 23:59 -------- d-----w- c:\program files\AspenTech

2010-01-14 16:49 . 2009-08-10 23:25 -------- d-----w- c:\program files\ElcomSoft

2010-01-14 16:49 . 2009-06-23 02:17 -------- d-----w- c:\program files\Common Files\InstallShield

2010-01-14 16:49 . 2009-07-20 20:44 -------- d-----w- c:\program files\Symantec AntiVirus

2010-01-14 16:37 . 2009-06-23 01:51 313963 ----a-w- c:\windows\system32\nvModes.dat

2010-01-12 17:10 . 2009-07-20 20:40 41 ----a-w- C:\AClient.dat

2010-01-11 21:38 . 2009-12-10 16:35 -------- d-----w- c:\documents and settings\hildb\Application Data\vlc

2010-01-11 17:22 . 2009-06-23 02:04 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-07 16:36 . 2009-07-21 20:10 -------- d-----w- c:\documents and settings\hildb\Application Data\SolidWorks

2009-12-23 16:29 . 2009-07-20 21:09 -------- d-----w- c:\program files\lotus

2009-12-10 16:33 . 2009-12-10 16:33 -------- d-----w- c:\program files\VideoLAN

2009-12-08 17:57 . 2009-07-21 20:15 -------- d-----w- c:\documents and settings\hildb\Application Data\DassaultSystemes

2009-12-08 03:34 . 2008-10-10 14:57 52120 ----a-w- c:\windows\system32\pkgmgr.dll

2009-12-08 03:29 . 2008-10-10 14:57 46488 ----a-w- c:\windows\system32\pkgslv.exe

2009-12-03 18:18 . 2009-06-23 02:01 -------- d-----w- c:\program files\Java

2009-12-03 18:17 . 2009-12-03 18:17 152576 ----a-w- c:\documents and settings\hildb\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-12-03 18:17 . 2009-12-03 18:17 79488 ----a-w- c:\documents and settings\hildb\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-11-21 01:40 . 2008-04-25 21:42 287200 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-11-16 18:36 . 2009-07-28 00:52 -------- d-----w- c:\program files\REFPROP

2009-11-09 16:18 . 2009-11-06 16:40 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2009-11-09 16:18 . 2009-11-06 16:40 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2009-10-21 16:45 . 2008-10-10 06:36 33792 ----a-w- c:\windows\system32\identprv.dll

2008-06-12 14:53 . 2009-07-20 21:21 3125248 ----a-w- c:\program files\Common Files\sapxlhelper.dll

2008-06-12 14:53 . 2009-07-20 21:21 955904 ----a-w- c:\program files\Common Files\SAPActiveXL.xlt

2008-06-12 14:53 . 2009-07-20 21:21 949760 ----a-w- c:\program files\Common Files\SAPActiveXL_nosig.xlt

2008-06-12 14:53 . 2009-07-20 21:21 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll

2008-06-12 14:53 . 2009-07-20 21:21 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll

2008-06-12 14:53 . 2009-07-20 21:21 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2009-04-22 15:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2009-04-22 15:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176]

"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-03-25 3261688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"nwiz"="nwiz.exe" [2008-08-28 1630208]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-28 115560]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]

"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-04-22 15360]

"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-04-22 656696]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

"OA001Mon"="c:\windows\OA001Mon.exe" [2009-03-30 24576]

"NvMediaCenter"="NvMCTray.dll" [2008-08-28 86016]

"NVHotkey"="nvHotkey.dll" [2008-08-28 90112]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-28 13537280]

"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-04-22 95544]

"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-03-19 667648]

"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-02-26 184320]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-06-23 2220032]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]

"AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2009-04-30 153416]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]

"AClntUsr"="c:\program files\altiris\aclient\AClntUsr.EXE" [2010-01-12 184320]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-9-9 295606]

Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]

AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2007-1-17 11000]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"disablecad"= 1 (0x1)

"HideShutdownScripts"= 0 (0x0)

"LogonType"= 0 (0x0)

"MaxGPOScriptWait"= 60 (0x3c)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"= 1 (0x1)

"NoAutoUpdate"= 1 (0x1)

"NoPublishingWizard"= 0 (0x0)

"NoWebServices"= 0 (0x0)

"NoOnlinePrintsWizard"= 1 (0x1)

"RecycleBinSize"= 10 (0xa)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]

2006-04-10 03:59 24674 ----a-w- c:\windows\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\AMInit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-844170078-1351502379-239210854-500\Scripts\Logon\0\0]

"Script"=EnableProxy.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-844170078-1351502379-239210854-500\Scripts\Logon\1\0]

"Script"=EnableProxy.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=

R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [7/20/2009 1:11 PM 2234320]

R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [7/20/2009 1:10 PM 109072]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/22/2009 8:44 PM 244368]

S1 CBUL32;Measurement Computing DataAcq;c:\windows\system32\drivers\CBUL32.sys [1/11/2010 8:57 AM 53984]

S2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 2:56 AM 133968]

S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [12/29/2008 8:07 AM 320800]

S2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [7/20/2009 1:10 PM 36400]

S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 7:19 AM 808296]

S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 7:19 AM 20840]

S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [4/9/2009 11:02 AM 447264]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/13/2009 7:18 PM 133104]

S2 Remote Solver for COSMOSFloWorks 2008;Remote Solver for COSMOSFloWorks 2008;c:\program files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe [6/4/2008 3:23 PM 237568]

S2 rpcld;Remote Procedure Call (RPC) LD;c:\documents and settings\All Users\Application Data\Rpcnet\Bin\rpcld.exe --> c:\documents and settings\All Users\Application Data\Rpcnet\Bin\rpcld.exe [?]

S2 rpcnetp;rpcnetp;c:\windows\system32\rpcnetp.exe [7/21/2009 8:06 AM 17408]

S2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [7/20/2009 1:10 PM 671472]

S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/22/2009 8:44 PM 112512]

S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [4/19/2007 2:28 AM 42832]

S3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [6/22/2009 8:45 PM 32808]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2009 7:21 AM 102448]

S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]

S3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [6/22/2009 8:44 PM 148056]

S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [6/22/2009 8:44 PM 133632]

S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [6/22/2009 8:44 PM 280096]

S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [6/22/2009 6:25 PM 232744]

S3 USBDAQLIB;USB-2500 Driver;c:\windows\system32\drivers\usbdaqlib.sys [1/11/2010 9:11 AM 1182568]

S3 USBLDDAQLIB;USB-2500 Loader Driver;c:\windows\system32\drivers\usblddaqlib.sys [1/11/2010 9:11 AM 188136]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.atlascopco.com

uInternet Settings,ProxyOverride = <local>

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)

SafeBoot-Symantec Antvirus

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-14 19:10

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-844170078-1351502379-239210854-6654\Printers\

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.