Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

Fun times with Windows Police Pro.

Thread Solved
« First 7 8

Join Date: Oct 2009
Posts: 37
Reputation: Asezat is an unknown quantity at this point 
Solved Threads: 0
Asezat Asezat is offline Offline
Light Poster
 
0
  #71
Oct 26th, 2009
DDS!


DDS (Ver_09-10-26.01) - NTFSx86
Run by Greg Rolls at 19:56:44.60 on 26/10/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2047.1270 [GMT 0:00]

AV: avast! antivirus 4.8.1229 [VPS 090103-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mail.Ru\Agent\MAgent.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Greg Rolls\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ntlworld.com/broadband
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {00000000-5736-4205-0008-781cd0e19f00} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0527.dll
uRun: [RemoteCenter] c:\program files\creative\mediasource\remotecontrol\RCMan.EXE
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDet.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_02\bin\jusched.exe
mRun: [gcasServ] "c:\program files\microsoft antispyware\gcasServ.exe"
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Motive SmartBridge] c:\progra~1\ntl\broadb~1\smartb~1\MotiveSB.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [wltray.exe] c:\windows\system32\wltray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [MAgent] c:\program files\mail.ru\agent\MAgent.exe -LM
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\broadb~1.lnk - c:\program files\ntl\broadband medic\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\KEM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {7558B7E5-7B26-4201-BEDB-00D5FF534523} - c:\program files\mail.ru\agent\magent.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0527.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215584651857
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215584643842
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Microsoft.AntiSpyware.ShellExecuteHook.1: {9ef34ff2-3396-4527-9d27-04c8c1c67806} - c:\program files\microsoft antispyware\shellextension.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gregro~1\applic~1\mozilla\firefox\profiles\gzs7vvqp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\opera\program\plugins\np32dsw.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-4 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-4 20560]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [2005-1-13 15840]

=============== Created Last 30 ================

2009-10-24 20:48:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-24 20:48:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-24 20:48:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-24 15:11:56 0 d-s---w- C:\Combo-Fix
2009-10-22 20:18:34 0 d-sha-r- C:\cmdcons
2009-10-22 00:16:07 0 d-----w- c:\docume~1\gregro~1\applic~1\Malwarebytes
2009-10-22 00:16:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-21 01:47:59 98816 ----a-w- c:\windows\sed.exe
2009-10-21 01:47:59 236544 ----a-w- c:\windows\PEV.exe
2009-10-21 01:47:59 161792 ----a-w- c:\windows\SWREG.exe
2009-10-15 06:29:40 0 d-----w- c:\program files\Spyware Doctor
2009-10-15 06:09:33 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-08 01:33:00 0 d-----w- c:\windows\pss

==================== Find3M ====================


============= FINISH: 19:57:01.48 ===============
Reply With Quote Quick reply to this message  
Join Date: Dec 2006
Posts: 968
Reputation: PhilliePhan will become famous soon enough PhilliePhan will become famous soon enough 
Solved Threads: 46
Moderator
PhilliePhan's Avatar
PhilliePhan PhilliePhan is offline Offline
Posting Snark
 
0
  #72
Oct 26th, 2009
OK - DDS looks OK (not including outdated stuff).

I would like to run one more tool - couple things I want to double-check from Root Repeal log. I'd hate to have you update Windows while a rootkit is operational, so better safe than sorry:

Please download GMER Rootkit Scanner:
http://www.gmer.net/download.php

-- DoubleClick the .exe file and allow the gmer.sys driver to load.
-- If you receive a warning about Rootkit Activity and GMER asks if you want to run a scan, Click NO

Along the Right side of the GMER GUI there will be a number of checked boxes (GMER GUI). Uncheck the following ...
- Sections
- IAT/EAT
- Drives or Partitions other than Systemdrive (usually C:\)
- Show All (be sure you don't miss this one)

-- Then, click the Scan Button
Allow the scan as long as it needs and then save the log to where you can easily find it and post it for me.

***Do not run any other programs while GMER is scanning and DO NOT take any action for any found items until I can have a look.

PP
Last edited by PhilliePhan; Oct 26th, 2009 at 6:10 pm.
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer

ASAP
Reply With Quote Quick reply to this message  
Join Date: Oct 2009
Posts: 37
Reputation: Asezat is an unknown quantity at this point 
Solved Threads: 0
Asezat Asezat is offline Offline
Light Poster
 
0
  #73
Oct 26th, 2009
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-27 00:13:30
Windows 5.1.2600 Service Pack 2
Running: s0y1fq2r.exe; Driver: C:\DOCUME~1\GREGRO~1\LOCALS~1\Temp\awxyraod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAAFE7618]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAAFE74D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAAFE79B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAAFE70AC]
SSDT sptd.sys ZwEnumerateKey [0xB9ED3A92]
SSDT sptd.sys ZwEnumerateValueKey [0xB9ED3E20]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAAFE75AE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAAFE6FEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAAFE7050]
SSDT sptd.sys ZwQueryKey [0xB9ED3EF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAAFE76CE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAAFE768E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAAFE780E]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89E4B1E8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-0 890CA980
Device \Driver\usbuhci \Device\USBPDO-1 890CA980
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DE11E8
Device \Driver\dmio \Device\DmControl\DmConfig 89DE11E8
Device \Driver\dmio \Device\DmControl\DmPnP 89DE11E8
Device \Driver\dmio \Device\DmControl\DmInfo 89DE11E8
Device \Driver\usbuhci \Device\USBPDO-2 890CA980
Device \Driver\PCI_NTPNP0044 \Device\00000053 sptd.sys
Device \Driver\usbuhci \Device\USBPDO-3 890CA980
Device \Driver\PCI_NTPNP0044 \Device\00000054 sptd.sys
Device \Driver\usbehci \Device\USBPDO-4 89051560

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 89E4E1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6E5763C7-ED84-4506-8AA5-C70E0B4FF8B6} 87C981E8
Device \Driver\Cdrom \Device\CdRom0 891963C0
Device \Driver\Cdrom \Device\CdRom1 891963C0
Device \Driver\atapi \Device\Ide\IdePort0 89E4D1E8
Device \Driver\atapi \Device\Ide\IdePort1 89E4D1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e 89E4D1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 89E4D1E8
Device \Driver\Cdrom \Device\CdRom2 891963C0
Device \Driver\Cdrom \Device\CdRom3 891963C0
Device \Driver\NetBT \Device\NetBt_Wins_Export 87C981E8
Device \Driver\NetBT \Device\NetbiosSmb 87C981E8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 890CA980
Device \Driver\usbuhci \Device\USBFDO-1 890CA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 87C35980
Device \Driver\usbuhci \Device\USBFDO-2 890CA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector 87C35980
Device \Driver\usbuhci \Device\USBFDO-3 890CA980
Device \Driver\usbehci \Device\USBFDO-4 89051560
Device \Driver\Ftdisk \Device\FtControl 89E4E1E8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 8904D4E0
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port4Path0Target0Lun0 8904D4E0
Device \Driver\viamraid \Device\Scsi\viamraid1 89DE01E8
Device \Driver\addsrupj \Device\Scsi\addsrupj1 891E13B8
Device \Driver\viamraid \Device\Scsi\viamraid1Port2Path0Target0Lun0 89DE01E8
Device \Driver\addsrupj \Device\Scsi\addsrupj1Port5Path0Target0Lun0 891E13B8
Device \Driver\UlSata \Device\Scsi\UlSata1 89E4C1E8
Device \FileSystem\Cdfs \Cdfs 87C39980

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1686824868
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1698483869
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x88 0xBD 0xF8 0x01 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x86 0x69 0xD0 0x7C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB9 0x25 0xC7 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x09 0x4B 0x77 0x7C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x78 0xE1 0x9E 0xB0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD7 0xE2 0xB5 0xE4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x88 0xBD 0xF8 0x01 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x86 0x69 0xD0 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB9 0x25 0xC7 0xA4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x09 0x4B 0x77 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x78 0xE1 0x9E 0xB0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD7 0xE2 0xB5 0xE4 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----


I don't know if it found anything or not.
Reply With Quote Quick reply to this message  
Join Date: Dec 2006
Posts: 968
Reputation: PhilliePhan will become famous soon enough PhilliePhan will become famous soon enough 
Solved Threads: 46
Moderator
PhilliePhan's Avatar
PhilliePhan PhilliePhan is offline Offline
Posting Snark
 
0
  #74
Oct 26th, 2009
Originally Posted by Asezat View Post
I don't know if it found anything or not.
That looks OK to me - A couple items I do not know, but doubt they are bad.

Well . . . At this point I believe we have gotten your computer as clean as we possibly can in a Forum setting.

Long road, huh?

Anyhoo, now you can probably remove any important data safely.

You will also need to decide whether you want to then reinstall Windows or merely proceed with the necessary updates.
Bear in mind that you are going to need the updates in both cases.

Besides the Windows updates, you'll need AV / Java / and others.
I can give suggestions if you need them.

Let me know how you want to go forward.

PP
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer

ASAP
Reply With Quote Quick reply to this message  
Join Date: Oct 2009
Posts: 37
Reputation: Asezat is an unknown quantity at this point 
Solved Threads: 0
Asezat Asezat is offline Offline
Light Poster
 
0
  #75
Oct 26th, 2009
Excellent! Thank you very much for all your help!

Well, for now, I'm going to take all my stuff off, back it up, but not reformat yet. I will inside the next month or so... but honestly I don't have it in me to dig around deep just now . If you could give me a list of the updates I'll need, I'd be most appreciative.
Reply With Quote Quick reply to this message  
Join Date: Dec 2006
Posts: 968
Reputation: PhilliePhan will become famous soon enough PhilliePhan will become famous soon enough 
Solved Threads: 46
Moderator
PhilliePhan's Avatar
PhilliePhan PhilliePhan is offline Offline
Posting Snark
 
0
  #76
Oct 26th, 2009
Originally Posted by Asezat View Post
Excellent! Thank you very much for all your help!
You're welcome - Happy to help!

Let's remove Combofix and the files/folders it created:
• Click Start > Run
• Type or Copy&Paste Combofix /u into the Run box. (Be sure there is a space between the x and the / if you type it)
• Click OK

This will remove Combofix and it’s components from your machine.
It will also reset your clock, re-hide System and Hidden Files and hide File Extensions.
Last, but certainly not least, doing this will reset System Restore.


Originally Posted by Asezat View Post
If you could give me a list of the updates I'll need, I'd be most appreciative.
First and Foremost - Get Your Windows Updates. They are the first line of defense!
Windows Updates


In ADD/REMOVE Programs:

Uninstall Adobe Reader 7.0 and install Adobe Reader 9.2

Uninstall or Update avast! Antivirus
I suggest Removing avast! and installing Comodo Firewall + AntiVirus for Windows - It's FREE!

Uninstall J2SE Runtime Environment 5.0 Update 2
Then Install the latest Java from here ---> http://java.com/en/

Uninstall Microsoft AntiSpyware and replace it with Windows Defender for it's "real time" protection. Alternately, you might try Winpatrol, but it is not free....

Uninstall or Update Spybot - Search & Destroy
Personally, I prefer SpywareBlaster which operates much in the same way as SpyBot's Immunize feature.
I'd go with SpywareBlaster and keep MBAM handy for "on demand" scanning.

Uninstall Viewpoint Media Player if you so desire - It's foistware.

That's pretty much it off the top of my head. Any questions or further issues, let me know.
Otherwise, I think you can mark this thread as "solved . . . at long last."

Cheers
PP
Last edited by PhilliePhan; Oct 26th, 2009 at 10:18 pm.
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer

ASAP
Reply With Quote Quick reply to this message  
Reply
« First 7 8

Quick Reply to Thread
This thread has been marked solved.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gtaiv gumblar hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn news obama paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista volume warning windows worm
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC