Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue.Agent/Gen-Nullo


  • This topic is locked This topic is locked
3 replies to this topic

#1 bubbis

bubbis

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 24 October 2012 - 10:41 AM

Hi dev

Thanks for assisting.

I am fully aware that combofix is not a toy.

Logs in a new topic as requested.

I have not noticed any problems lately but I want to be sure that no remains of the nastie is present.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Börje at 12:42:09 on 2012-10-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1454 [GMT 2:00]
.
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Net iD\iid.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Börje\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.se/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Net iD] "c:\program files\net id\iid.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: NoFavoritesMenu = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: DhcpNameServer = 192.168.0.11
TCP: Interfaces\{29B1E043-28B1-4B94-B332-17F876521B4A} : DhcpNameServer = 192.168.0.11
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\börje\application data\mozilla\firefox\profiles\up0b595q.default\
.
============= SERVICES / DRIVERS ===============
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2012-8-30 11448]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-4-28 114984]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-6-24 810144]
R2 OODefragAgent;O&O Defrag;c:\program files\oo software\defrag\oodag.exe [2012-9-14 2019184]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2009-4-6 37376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-10-2 1258856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-4 115168]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-18 16:42:37 -------- d-----w- c:\documents and settings\börje\application data\ESET
2012-10-18 16:41:54 -------- d-----w- c:\program files\ESET
2012-10-18 12:15:35 98816 ----a-w- c:\windows\sed.exe
2012-10-18 12:15:35 518144 ----a-w- c:\windows\SWREG.exe
2012-10-18 12:15:35 256000 ----a-w- c:\windows\PEV.exe
2012-10-18 12:15:35 208896 ----a-w- c:\windows\MBR.exe
2012-10-09 19:29:26 -------- d--h--w- c:\documents and settings\börje\PrintHood
2012-10-09 00:00:42 -------- d--h--r- c:\documents and settings\börje\Recent
2012-10-05 15:29:20 -------- d-----w- c:\windows\system32\XPSViewer
2012-10-03 16:34:04 343040 -c--a-w- c:\windows\system32\dllcache\msvcrt.dll
2012-10-03 16:34:04 343040 ----a-w- c:\windows\system32\msvcrt.dll
2012-10-03 16:30:08 343040 ----a-w- c:\windows\msvcrt.dll
2012-10-03 16:22:59 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-10-03 16:21:59 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2012-10-03 16:20:58 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2012-10-03 16:19:57 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2012-10-03 16:18:53 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2012-10-03 16:17:58 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-10-03 16:16:59 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2012-10-03 16:15:58 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2012-10-03 16:14:55 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2012-10-03 16:13:58 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-10-03 16:12:59 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2012-10-03 16:11:59 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2012-10-03 16:10:58 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2012-10-03 16:09:57 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2012-10-03 16:08:59 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2012-10-03 16:07:59 70174 -c--a-w- c:\windows\system32\dllcache\el98xn5.sys
2012-10-03 16:06:59 25600 -c--a-w- c:\windows\system32\dllcache\dc210_32.dll
2012-10-03 16:05:52 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2012-10-03 16:04:57 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2012-10-02 20:06:37 -------- d-----w- c:\windows\system32\oodag
2012-10-02 20:00:49 -------- d-----w- c:\program files\OO Software
2012-10-02 19:58:39 -------- d-----w- c:\documents and settings\all users\application data\OO Software
2012-10-02 13:56:11 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation
2012-10-02 13:54:54 -------- d-----w- C:\temp
2012-10-02 13:54:14 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-02 13:54:14 5947392 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-01 23:42:50 -------- d-sh--w- c:\documents and settings\börje\PrivacIE
2012-10-01 23:42:03 -------- d-sh--w- c:\documents and settings\börje\IETldCache
2012-10-01 23:40:27 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-10-01 23:40:02 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-10-01 23:39:43 -------- d-----w- c:\windows\ie8updates
2012-10-01 23:39:29 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-10-01 23:39:29 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-10-01 23:39:29 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-10-01 23:39:29 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-10-01 23:39:29 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-10-01 23:39:29 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-10-01 23:39:29 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-10-01 23:38:37 -------- dc-h--w- c:\windows\ie8
2012-10-01 12:41:52 -------- d-----w- c:\documents and settings\börje\application data\SUPERAntiSpyware.com
2012-10-01 12:40:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-01 12:40:57 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-09-28 14:55:38 -------- d--h--w- c:\windows\PIF
.
==================== Find3M ====================
.
2012-10-12 13:44:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-12 13:44:57 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 16:22:19 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-10-10 16:22:19 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-10-10 16:22:18 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-09-14 16:42:40 206192 ----a-w- c:\windows\system32\oodbs.exe
2012-09-14 16:42:10 10096 ----a-w- c:\windows\system32\oodbsrs.dll
2012-08-31 12:43:10 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 12:43:07 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-31 12:43:06 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-31 12:43:06 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 16:44:07 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-08-30 16:43:36 164200 ----a-w- c:\windows\system32\nvsvc32.exe
2012-08-30 16:43:36 15512424 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-30 16:43:34 143720 ----a-w- c:\windows\system32\nvcolor.exe
2012-08-30 16:43:34 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 12:42:16,90 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-20 13:47:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD5000AAKS-65YGA0 rev.12.01C02
Running: gmer.exe; Driver: C:\DOCUME~1\BRJE~1\LOCALS~1\Temp\kglcrpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xB2AD1610]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xB2AD1C10]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xB2AD1730]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xB2AD14B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xB2AD1570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xB2AD16D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xB2AD1790]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xB2AD1690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xB2AD1650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xB2AD17D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xB2AD1510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xB2AD1590]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xB2AD14D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xB2AD15D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xB2AD1750]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB74233A0, 0x5CC259, 0xE8000020]
? C:\DOCUME~1\BRJE~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0149A650 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[336] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 016D7E1A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[336] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 016D7DF7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[336] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 0149EDB3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[336] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 016D7D78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[496] USER32.dll!DefWindowProcA + 11A 7E42C298 7 Bytes JMP 105DADE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[496] USER32.dll!SetWindowLongA + 19 7E42C2B6 7 Bytes JMP 105DAD6F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[496] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104247EC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[496] USER32.dll!GetMenuContextHelpId + 1A 7E465319 7 Bytes JMP 10424E1E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[816] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\OO Software\Defrag\oodag.exe[968] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 00401C50 C:\Program Files\OO Software\Defrag\oodag.exe (O&O Defrag Agent (Win32)/O&O Software GmbH)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA2 0xD3 0x6E 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x74 0xAB 0xB4 0x2B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC3 0xE1 0x52 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x29 0x31 0xCC 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x29 0x37 0xEF 0xC1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x51 0xAD 0xBA 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x1D 0x5C 0x23 0x24 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA2 0xD3 0x6E 0x1D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x74 0xAB 0xB4 0x2B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC3 0xE1 0x52 0xCF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x29 0x31 0xCC 0x05 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x29 0x37 0xEF 0xC1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x51 0xAD 0xBA 0xF9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x1D 0x5C 0x23 0x24 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG16.00.00.01PROFESSIONAL 12B9554766A55BC4F9A1B8C9DDB95C14FA0A112017DB81194F2C69F2A5A878BD4E426208D855B7EB619A688A5FCC1C9E4DC1C0E6B361E5854D36E931DF8775B4F531C6278E2A636A76799636E6806460954FC815C3857D2E95DD92EF2D700CBBD3456122AEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DA2D97226D213B555A6171C11EC38DE3DB901B196181330BF0054300622962EDCB94109397BB359D16BA47FDABEC5263DBC74DD94DAB4A6747EC0E6B51DE9C557B510D62F42058EF0397AF7D722ED0C63E4A4440760AF2D2ED10419FCB8A5C3B829EFF71DD0F40D380207D87222DB505E4C660F0B70CE7FD856ACB91F4C63FEA0544CC80CAC0BE39E02B2889897A3D798523E4E1254537DF32B7B2332B2AF6E4435C48A566441C2ACBA1B518B60CC2F9117E375E35BEEAB16B16811A04D0BB06E8FAB63AC88850103728F62DDDD51045C02C65A9759CBB064131EA12B00EB857B6D8A5C92AC3A985230954EFAF620AA1F3D09BA9C2385D99D39795CE130BA535C199C64DE6AB426E0C1E30A9E131D9917367D3534932B1511D30FA82DCB53A19624CEC9BE5EBE6D0A3AE87058A01FEA921F304C748AC1F822552452C6C0089D44E0C7C432A81853BA6B45C18E12705EF4EE5D6847E9423A4BF5B30

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:09 PM

Posted 26 October 2012 - 08:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Your DDS log is clean.

Hope all is still OK and computer running well if not please let me know of the issues.

#3 bubbis

bubbis
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 28 October 2012 - 07:20 PM

No signs of anything bad.

Thanks for your assistance.

/b

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:09 PM

Posted 29 October 2012 - 09:36 AM

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users