Jump to content

Am I Trojan Free?


Recommended Posts

I think I have removed the trojans that were on my computer with a combination of MalwareBytes and ComboFix. Here are the output files from both MalwareBytes and ComboFix (note I cannot run any *.scr files like dds.scr due to what I think is a file association problem). Let me know what you guys think. Thanks for the help and support.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.44

Database version: 3569

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

1/15/2010 9:07:43 AM

mbam-log-2010-01-15 (09-07-43).txt

Scan type: Quick Scan

Objects scanned: 149500

Time elapsed: 9 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 10-01-14.02 - hildb 01/15/2010 9:22.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2729 [GMT -8:00]

Running from: c:\documents and settings\hildb\Desktop\ComboFix.exe

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2009-12-15 to 2010-01-15 )))))))))))))))))))))))))))))))

.

2010-01-14 21:02 . 2010-01-15 16:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2

2010-01-14 20:50 . 2010-01-15 16:56 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-01-14 20:46 . 2010-01-14 20:46 -------- d-----w- c:\documents and settings\hildb\Application Data\Malwarebytes

2010-01-14 18:33 . 2010-01-15 07:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-01-14 18:33 . 2010-01-14 18:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-01-14 18:30 . 2010-01-14 18:31 13160 ----a-w- c:\windows\system32\Upgrd.exe

2010-01-14 17:03 . 2010-01-14 17:03 -------- d-----w- c:\program files\microsoft frontpage

2010-01-14 16:44 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-14 16:44 . 2010-01-14 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-14 16:44 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-14 16:44 . 2010-01-15 07:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-11 17:21 . 2010-01-11 17:22 -------- d-----w- c:\program files\Common Files\Merge Modules

2010-01-11 17:21 . 2010-01-11 17:21 -------- d-----w- c:\program files\National Instruments

2010-01-11 17:20 . 2010-01-11 17:35 -------- d-----w- c:\program files\DASYLab 11.0

2010-01-11 17:18 . 2010-01-11 17:18 -------- d-----w- C:\DASYLab Downloads

2010-01-11 17:11 . 2009-05-13 18:20 188136 ----a-w- c:\windows\system32\drivers\usblddaqlib.sys

2010-01-11 17:11 . 2009-05-13 18:20 1182568 ----a-w- c:\windows\system32\drivers\usbdaqlib.sys

2010-01-11 17:01 . 2005-05-26 23:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2010-01-11 16:57 . 2010-01-11 16:58 -------- d-----w- c:\program files\Measurement Computing

2010-01-11 16:57 . 2007-10-31 18:49 53984 ----a-r- c:\windows\system32\drivers\CBUL32.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-15 16:55 . 2009-07-28 21:51 -------- d-----w- c:\program files\Taskbar Shuffle

2010-01-15 16:55 . 2009-06-23 01:51 313963 ----a-w- c:\windows\system32\nvModes.dat

2010-01-15 16:55 . 2009-07-21 16:56 0 ----a-w- c:\documents and settings\hildb\Local Settings\Application Data\WavXMapDrive.bat

2010-01-15 16:55 . 2009-07-20 20:44 -------- d-----w- c:\program files\Symantec AntiVirus

2010-01-15 16:55 . 2009-07-20 20:41 2401 ----a-w- c:\windows\system32\drivers\AlKernel.sys

2010-01-15 16:55 . 2009-07-20 20:40 41 ----a-w- C:\AClient.dat

2010-01-15 16:53 . 2009-07-21 16:06 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2010-01-15 16:53 . 2009-06-23 02:29 56680 ----a-w- c:\windows\system32\rpcnet.dll

2010-01-15 05:01 . 2009-07-21 16:07 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2010-01-15 03:07 . 2009-09-14 03:18 -------- d-----w- c:\program files\Google

2010-01-14 19:13 . 2009-11-04 16:26 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-01-14 18:30 . 2006-12-01 23:37 56680 ----a-w- c:\windows\system32\rpcnet.exe

2010-01-14 17:13 . 2009-07-20 20:16 0 ----a-w- c:\documents and settings\Administrator.MAFI-TRENCH\Local Settings\Application Data\WavXMapDrive.bat

2010-01-14 17:06 . 2009-08-04 18:06 -------- d-----w- c:\program files\Common Files\Adobe

2010-01-14 16:49 . 2009-07-27 23:59 -------- d-----w- c:\program files\AspenTech

2010-01-14 16:49 . 2009-08-10 23:25 -------- d-----w- c:\program files\ElcomSoft

2010-01-14 16:49 . 2009-06-23 02:17 -------- d-----w- c:\program files\Common Files\InstallShield

2010-01-11 21:38 . 2009-12-10 16:35 -------- d-----w- c:\documents and settings\hildb\Application Data\vlc

2010-01-11 17:22 . 2009-06-23 02:04 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-07 16:36 . 2009-07-21 20:10 -------- d-----w- c:\documents and settings\hildb\Application Data\SolidWorks

2009-12-23 16:29 . 2009-07-20 21:09 -------- d-----w- c:\program files\lotus

2009-12-10 16:33 . 2009-12-10 16:33 -------- d-----w- c:\program files\VideoLAN

2009-12-08 17:57 . 2009-07-21 20:15 -------- d-----w- c:\documents and settings\hildb\Application Data\DassaultSystemes

2009-12-08 03:34 . 2008-10-10 14:57 52120 ----a-w- c:\windows\system32\pkgmgr.dll

2009-12-08 03:29 . 2008-10-10 14:57 46488 ----a-w- c:\windows\system32\pkgslv.exe

2009-12-03 18:18 . 2009-06-23 02:01 -------- d-----w- c:\program files\Java

2009-12-03 18:17 . 2009-12-03 18:17 152576 ----a-w- c:\documents and settings\hildb\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-12-03 18:17 . 2009-12-03 18:17 79488 ----a-w- c:\documents and settings\hildb\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-11-21 01:40 . 2008-04-25 21:42 287200 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-11-16 18:36 . 2009-07-28 00:52 -------- d-----w- c:\program files\REFPROP

2009-11-09 16:18 . 2009-11-06 16:40 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2009-11-09 16:18 . 2009-11-06 16:40 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2009-10-21 16:45 . 2008-10-10 06:36 33792 ----a-w- c:\windows\system32\identprv.dll

2008-06-12 14:53 . 2009-07-20 21:21 3125248 ----a-w- c:\program files\Common Files\sapxlhelper.dll

2008-06-12 14:53 . 2009-07-20 21:21 955904 ----a-w- c:\program files\Common Files\SAPActiveXL.xlt

2008-06-12 14:53 . 2009-07-20 21:21 949760 ----a-w- c:\program files\Common Files\SAPActiveXL_nosig.xlt

2008-06-12 14:53 . 2009-07-20 21:21 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll

2008-06-12 14:53 . 2009-07-20 21:21 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll

2008-06-12 14:53 . 2009-07-20 21:21 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx

.

((((((((((((((((((((((((((((( SnapShot@2010-01-15_03.10.40 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-01-15 16:52 . 2010-01-15 16:52 16384 c:\windows\temp\Perflib_Perfdata_700.dat

+ 2010-01-15 17:02 . 2010-01-15 17:02 16384 c:\windows\temp\Perflib_Perfdata_2dc.dat

- 2008-04-25 16:16 . 2010-01-14 16:38 79436 c:\windows\system32\perfc009.dat

+ 2008-04-25 16:16 . 2010-01-15 05:05 79436 c:\windows\system32\perfc009.dat

+ 2009-07-20 19:50 . 2010-01-15 05:06 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-20 19:50 . 2010-01-15 02:44 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-20 19:50 . 2010-01-15 02:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2009-07-20 19:50 . 2010-01-15 05:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2010-01-15 05:05 . 2010-01-15 05:06 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2009-07-20 19:50 . 2010-01-15 02:44 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2009-11-09 16:18 . 2009-11-09 16:18 21446 c:\windows\Installer\{2EFCC193-D915-4CCB-9201-31773A27BC06}\ARPPRODUCTICON.exe

+ 2010-01-15 05:05 . 2010-01-15 05:05 21446 c:\windows\Installer\{2EFCC193-D915-4CCB-9201-31773A27BC06}\ARPPRODUCTICON.exe

+ 2008-04-25 16:16 . 2010-01-15 05:05 464578 c:\windows\system32\perfh009.dat

- 2008-04-25 16:16 . 2010-01-14 16:38 464578 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2009-04-22 15:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2009-04-22 15:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176]

"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-03-25 3261688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"nwiz"="nwiz.exe" [2008-08-28 1630208]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-28 115560]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]

"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-04-22 15360]

"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-04-22 656696]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

"OA001Mon"="c:\windows\OA001Mon.exe" [2009-03-30 24576]

"NvMediaCenter"="NvMCTray.dll" [2008-08-28 86016]

"NVHotkey"="nvHotkey.dll" [2008-08-28 90112]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-28 13537280]

"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-04-22 95544]

"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-03-19 667648]

"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-02-26 184320]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-06-23 2220032]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]

"AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2009-04-30 153416]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]

"AClntUsr"="c:\program files\altiris\aclient\AClntUsr.EXE" [2010-01-15 184320]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-9-9 295606]

Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]

AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2007-1-17 11000]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"disablecad"= 1 (0x1)

"HideShutdownScripts"= 0 (0x0)

"LogonType"= 0 (0x0)

"MaxGPOScriptWait"= 60 (0x3c)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"= 1 (0x1)

"NoAutoUpdate"= 1 (0x1)

"NoPublishingWizard"= 0 (0x0)

"NoWebServices"= 0 (0x0)

"NoOnlinePrintsWizard"= 1 (0x1)

"RecycleBinSize"= 10 (0xa)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]

2006-04-10 03:59 24674 ----a-w- c:\windows\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\AMInit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-844170078-1351502379-239210854-500\Scripts\Logon\0\0]

"Script"=EnableProxy.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-844170078-1351502379-239210854-500\Scripts\Logon\1\0]

"Script"=EnableProxy.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=

"c:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE"=

R1 CBUL32;Measurement Computing DataAcq;c:\windows\system32\drivers\CBUL32.sys [1/11/2010 8:57 AM 53984]

R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [7/20/2009 1:11 PM 2234320]

R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 2:56 AM 133968]

R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [12/29/2008 8:07 AM 320800]

R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [7/20/2009 1:10 PM 36400]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 7:19 AM 808296]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 7:19 AM 20840]

R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [4/9/2009 11:02 AM 447264]

R2 Remote Solver for COSMOSFloWorks 2008;Remote Solver for COSMOSFloWorks 2008;c:\program files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe [6/4/2008 3:23 PM 237568]

R2 rpcld;Remote Procedure Call (RPC) LD;c:\documents and settings\All Users\Application Data\Rpcnet\Bin\rpcld.exe --> c:\documents and settings\All Users\Application Data\Rpcnet\Bin\rpcld.exe [?]

R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [7/20/2009 1:10 PM 109072]

R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [7/20/2009 1:10 PM 671472]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/22/2009 8:44 PM 112512]

R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [6/22/2009 8:45 PM 32808]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/22/2009 8:44 PM 244368]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2009 7:21 AM 102448]

R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [6/22/2009 8:44 PM 148056]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [6/22/2009 8:44 PM 133632]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [6/22/2009 8:44 PM 280096]

R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [6/22/2009 6:25 PM 232744]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/13/2009 7:18 PM 133104]

S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [4/19/2007 2:28 AM 42832]

S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]

S3 USBDAQLIB;USB-2500 Driver;c:\windows\system32\drivers\usbdaqlib.sys [1/11/2010 9:11 AM 1182568]

S3 USBLDDAQLIB;USB-2500 Loader Driver;c:\windows\system32\drivers\usblddaqlib.sys [1/11/2010 9:11 AM 188136]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.atlascopco.com

uInternet Settings,ProxyOverride = <local>

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-15 09:25

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-844170078-1351502379-239210854-6654\Printers\

mbam_log_2010_01_15__09_07_43_.txt

ComboFix_log_2010_01_15__09_22_.txt

Link to post
Share on other sites

  • Staff

Hi,

I can't see anything suspicious anymore here.

Are you still having problems?

note I cannot run any *.scr files like dds.scr due to what I think is a file association problem
Yes, that's possible, some tools (like systemmechanic) disable the execution of scr files and by changing the association to a txt file instead. Malwarebytes detects this change as well and reports it when you perform a scan. Since your mbam scan comes up clean here, I assume the fileassociaton to run scr files is fixed again (unless no association is currently set for scr files in your case).
Link to post
Share on other sites

I can't see anything suspicious anymore here.

Are you still having problems?

No, I don't seem to have any problems any more. Thank you very much for your support!

Yes, that's possible, some tools (like systemmechanic) disable the execution of scr files and by changing the association to a txt file instead. Malwarebytes detects this change as well and reports it when you perform a scan. Since your mbam scan comes up clean here, I assume the fileassociaton to run scr files is fixed again (unless no association is currently set for scr files in your case).

I don't believe it's Malware that was doing it, it seemed to be a file association with AutoCAD. I did go to the file types and viewed associations and did not see AutoCAD (or anything) associated with .scr but when I double clicked the dds.scr file it would try and open with AutoCAD. Anyway, I don't think it matters much if I am clean now.

Thanks again for your time!

Cheers,

Bryan

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.