Jump to content

Recommended Posts

Hello, recently, i've been battling out with a few viruses that wont get deleted with Malwarebytes and a few other antiviruses. For some reason, they keep coming back and i really need to get rid of them because they are causing many problems.

Here are my DDS/GMER Logs

DDS:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Daniel at 20:36:05.18 on Mon 06/21/2010

Internet Explorer: 6.0.2900.5512

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.543 [GMT -4:00]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\msdtc.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\mqtgsvc.exe

C:\Program Files\Registry Mechanic\RegMech.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\System32\dllhost.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\System32\dllhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\TEMP.RADEK-5XEWYEN54.010\Desktop\Defogger.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\TEMP.RADEK-5XEWYEN54.010\Desktop\dds.scr

C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.runescape.com/

uSearch Page = hxxp://search.live.com

mDefault_Search_URL = hxxp://www.google.com/ie

mSearchAssistant = hxxp://search.live.com/sphome.aspx

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [EPSON Stylus Photo R200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O5 "LPT1:" /M "Stylus Photo R200"

mRun: [EPSON Stylus Photo R200 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo R200"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

dRun: [xcxnfutoke2d28xx81] c:\windows\temp\yg5247w15.exe

StartupFolder: c:\documents and settings\temp.radek-5xewyen54.010\start menu\programs\startup\PowerReg SchedulerV2.exe

uPolicies-explorer: NoSetActiveDesktop = 30

uPolicies-explorer: NoActiveDesktopChanges = 30

dPolicies-system: DisableRegistryTools = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\npjpi160_02.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265946993593

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-6-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Notification Packages = scecli c:\windows\system32\lejozimo.dll

============= SERVICES / DRIVERS ===============

R0 viaraid;viaraid;c:\windows\system32\drivers\viaraid.sys [2008-8-19 70272]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-21 11608]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-21 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-21 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-21 60936]

R4 PCTCore;PCTools KDS;c:\windows\system32\drivers\pctcore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]

S0 luxkalw;luxkalw;c:\windows\system32\drivers\gnhxqbp.sys --> c:\windows\system32\drivers\gnhxqbp.sys [?]

S1 1bbfb2a;1bbfb2a;c:\windows\system32\drivers\1bbfb2a.sys [2009-3-13 0]

S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]

S3 gunzprodrv;GunZProtect;\??\c:\program files\euro gunz v 8.5.5\gunzprotectdrv.sys --> c:\program files\euro gunz v 8.5.5\GunZProtectDrv.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 pnicII;Linksys Fast Ethernet PCI Card;c:\windows\system32\drivers\LNE100.SYS [2009-3-14 20573]

=============== Created Last 30 ================

2010-06-22 00:32:42 0 ----a-w- c:\documents and settings\temp.radek-5xewyen54.010\defogger_reenable

2010-06-22 00:26:55 54016 ----a-w- c:\windows\system32\drivers\wdvv.sys

2010-06-21 23:53:52 0 d-----w- c:\docume~1\tempra~1.010\applic~1\Avira

2010-06-21 23:35:38 0 d-----w- c:\windows\system32\NtmsData

2010-06-21 23:29:14 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-06-21 23:29:12 0 d-----w- c:\program files\Avira

2010-06-21 23:29:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-06-20 01:34:18 767952 ----a-w- c:\windows\BDTSupport.dll.old

2010-06-20 01:34:17 1652688 ----a-w- c:\windows\PCTBDCore.dll.old

2010-06-20 00:35:57 0 d-----w- c:\docume~1\alluse~1\applic~1\RegCure

2010-06-19 21:33:43 0 d-----w- c:\docume~1\tempra~1.010\applic~1\SUPERAntiSpyware.com

2010-06-19 21:33:43 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-06-19 21:33:36 0 d-----w- c:\program files\SUPERAntiSpyware

2010-06-19 21:24:48 0 d-----w- c:\program files\common files\PC Tools

2010-06-14 20:34:49 0 d--h--w- c:\windows\system32\GroupPolicy

2010-06-14 01:53:47 0 d--h--w- c:\windows\PIF

2010-06-13 16:56:03 0 d-----w- c:\docume~1\alluse~1\applic~1\SwiftKit

2010-06-13 16:56:00 0 d-----w- c:\program files\SwiftKit

2010-06-12 20:39:15 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-06-12 15:27:00 0 d-----w- c:\program files\Spyware Doctor

2010-06-12 13:55:20 0 d-----w- c:\program files\Yahoo!

2010-06-12 13:55:17 0 d-----w- c:\program files\CCleaner

2010-06-10 20:59:20 1324 ----a-w- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2010-06-21 23:02:59 87 ----a-w- c:\documents and settings\temp.radek-5xewyen54.010\jagex_runescape_preferences2.dat

2010-06-21 22:51:37 41 ----a-w- c:\documents and settings\temp.radek-5xewyen54.010\jagex__preferences3.dat

2010-06-21 22:50:15 45 ----a-w- c:\documents and settings\temp.radek-5xewyen54.010\jagex_runescape_preferences.dat

2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2008-10-19 04:48:46 156 ----a-w- c:\program files\INSTALL.LOG

2003-07-17 02:26:58 448640 ----a-w- c:\windows\inf\EL2K_N64.sys

2003-07-17 02:22:10 147328 ----a-w- c:\windows\inf\EL2K_XP.sys

2003-06-03 07:47:54 147328 ----a-w- c:\windows\inf\EL2K_2K.sys

============= FINISH: 20:36:54.32 ===============

I know you guys are all busy, but help would be appreciate whenever you do get the time, thanks :]

ark.zip

Attach.txt.zip

Link to post
Share on other sites

Hello dan81828182! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Step 1

Please, uninstall the following applications:

  1. Adobe Reader 8.1.1

You can read, how to this here:

Step 2

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Step 3

Please read the following through carefully so that you understand what to do.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Step 4

Please follow these instructions:

http://www.bleepingcomputer.com/virus-remo...malware-defense

In your next reply, please include these log(s) in this sequence:

  1. JavaRa log
  2. TDSSKiller log
  3. MalwareBytes' Anti-Malware log
  4. a new fresh DDS log only

Link to post
Share on other sites

Hey..i did all the steps you asked me to. The only problem i ran into was uninstalling Adobe reader 8. 1. 1. The following error displays when im in the middle of the unistall session: "Error 1402. could not match key: HKEY_LOCAL_MACHINE/Software/microsoft/windows/currentversion/run/optional/components/msfs. Vertify that you have sufficient access to that key, or contact your suppost personnel.

I have adminitrative rights so idk why i cannot access the key.

Everything else worked, he is the correct order you told me to post in:

JavaRa:

JavaRa 1.15 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Tue Jun 22 15:03:50 2010

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\------------------------------------Finished reporting.JavaRa 1.15 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Tue Jun 22 15:17:52 2010

------------------------------------Finished reporting.JavaRa 1.15 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Tue Jun 22 15:18:20 2010

------------------------------------Finished reporting.

TDSSkiller:

15:16:09:343 3740 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48

15:16:09:343 3740 ================================================================================

15:16:09:343 3740 SystemInfo:

15:16:09:343 3740 OS Version: 5.1.2600 ServicePack: 3.0

15:16:09:343 3740 Product type: Workstation

15:16:09:343 3740 ComputerName: RADEK-5XEWYEN54

15:16:09:343 3740 UserName: Daniel

15:16:09:343 3740 Windows directory: C:\WINDOWS

15:16:09:343 3740 Processor architecture: Intel x86

15:16:09:343 3740 Number of processors: 2

15:16:09:343 3740 Page size: 0x1000

15:16:09:343 3740 Boot type: Normal boot

15:16:09:343 3740 ================================================================================

15:16:09:765 3740 Initialize success

15:16:09:765 3740

15:16:09:765 3740 Scanning Services ...

15:16:10:218 3740 Raw services enum returned 324 services

15:16:10:234 3740

15:16:10:234 3740 Scanning Drivers ...

15:16:11:484 3740 !dthrs6

15:16:11:593 3740 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:16:11:656 3740 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

15:16:11:750 3740 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys

15:16:11:812 3740 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

15:16:11:906 3740 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

15:16:11:984 3740 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

15:16:12:156 3740 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

15:16:12:296 3740 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:16:12:343 3740 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:16:12:437 3740 ati2mtag (0a925f576ec24edbf08f9f359c3d7fbf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

15:16:12:578 3740 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:16:12:640 3740 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:16:12:812 3740 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

15:16:12:875 3740 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

15:16:12:921 3740 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys

15:16:12:968 3740 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:16:13:046 3740 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:16:13:109 3740 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:16:13:187 3740 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

15:16:13:234 3740 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:16:13:390 3740 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

15:16:13:500 3740 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

15:16:13:593 3740 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

15:16:13:625 3740 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:16:13:671 3740 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

15:16:13:750 3740 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

15:16:13:843 3740 EL2000 (d0c7f8ca97d16263d434d943b4b7004f) C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys

15:16:13:890 3740 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

15:16:13:921 3740 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

15:16:13:984 3740 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

15:16:14:046 3740 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

15:16:14:093 3740 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

15:16:14:156 3740 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:16:14:218 3740 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:16:14:296 3740 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

15:16:14:343 3740 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:16:14:578 3740 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:16:15:031 3740 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

15:16:15:203 3740 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:16:15:265 3740 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:16:15:390 3740 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

15:16:15:453 3740 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

15:16:15:515 3740 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:16:15:562 3740 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:16:15:625 3740 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:16:15:656 3740 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:16:15:718 3740 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:16:15:750 3740 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:16:15:812 3740 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:16:15:875 3740 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys

15:16:15:921 3740 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

15:16:15:984 3740 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys

15:16:16:125 3740 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys

15:16:16:203 3740 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:16:16:234 3740 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

15:16:16:296 3740 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:16:16:375 3740 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:16:16:406 3740 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

15:16:16:484 3740 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys

15:16:16:609 3740 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS

15:16:16:671 3740 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:16:16:765 3740 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:16:16:828 3740 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

15:16:16:890 3740 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:16:16:953 3740 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:16:16:984 3740 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

15:16:17:078 3740 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:16:17:093 3740 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

15:16:17:171 3740 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

15:16:17:234 3740 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:16:17:296 3740 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:16:17:328 3740 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:16:17:375 3740 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

15:16:17:453 3740 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:16:17:500 3740 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:16:17:562 3740 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

15:16:17:593 3740 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

15:16:17:640 3740 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

15:16:17:718 3740 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:16:17:765 3740 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:16:17:828 3740 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:16:17:875 3740 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

15:16:17:906 3740 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

15:16:17:953 3740 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

15:16:18:000 3740 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

15:16:18:062 3740 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

15:16:18:140 3740 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

15:16:18:187 3740 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

15:16:18:421 3740 pnicII (196a8fab5707f3881c360155798d9d88) C:\WINDOWS\system32\DRIVERS\lne100.SYS

15:16:18:500 3740 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:16:18:562 3740 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

15:16:18:625 3740 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

15:16:18:671 3740 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:16:18:718 3740 PxHelp20 (0c8da0a8b0d227319c285e0eae65defd) C:\WINDOWS\system32\Drivers\PxHelp20.sys

15:16:18:906 3740 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:16:18:968 3740 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:16:19:000 3740 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:16:19:031 3740 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:16:19:109 3740 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:16:19:140 3740 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:16:19:203 3740 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

15:16:19:265 3740 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

15:16:19:312 3740 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

15:16:19:390 3740 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys

15:16:19:515 3740 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

15:16:19:531 3740 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

15:16:19:578 3740 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:16:19:640 3740 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

15:16:19:703 3740 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

15:16:19:765 3740 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

15:16:19:875 3740 smwdm (7d9b50329af9fd94b0529282530d2cb7) C:\WINDOWS\system32\drivers\smwdm.sys

15:16:19:984 3740 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

15:16:20:015 3740 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

15:16:20:109 3740 Srv (4f8a43adef66f135564085a9dca96a26) C:\WINDOWS\system32\DRIVERS\srv.sys

15:16:20:203 3740 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

15:16:20:250 3740 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

15:16:20:296 3740 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

15:16:20:468 3740 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

15:16:20:546 3740 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:16:20:625 3740 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

15:16:20:687 3740 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

15:16:20:703 3740 TermDD (e1ebe3e84fde645e1b8419ea27792622) C:\WINDOWS\system32\DRIVERS\termdd.sys

15:16:20:718 3740 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\termdd.sys. Real md5: e1ebe3e84fde645e1b8419ea27792622, Fake md5: 88155247177638048422893737429d9e

15:16:20:718 3740 File "C:\WINDOWS\system32\DRIVERS\termdd.sys" infected by TDSS rootkit ... 15:16:21:671 3740 Backup copy found, using it..

15:16:21:687 3740 will be cured on next reboot

15:16:21:859 3740 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

15:16:21:984 3740 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

15:16:22:093 3740 USBAAPL (df38374e12e73c25b37b6f8a9b8622ef) C:\WINDOWS\system32\Drivers\usbaapl.sys

15:16:22:156 3740 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

15:16:22:218 3740 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:16:22:265 3740 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:16:22:312 3740 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

15:16:22:375 3740 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

15:16:22:421 3740 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:16:22:468 3740 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

15:16:22:531 3740 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

15:16:22:609 3740 viaraid (f44df96f00c67cea07c6a262cc3b0428) C:\WINDOWS\system32\DRIVERS\viaraid.sys

15:16:22:656 3740 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

15:16:22:718 3740 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:16:22:812 3740 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

15:16:22:906 3740 ws2ifsl (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

15:16:22:921 3740 Reboot required for cure complete..

15:16:23:234 3740 Cure on reboot scheduled successfully

15:16:23:234 3740

15:16:23:234 3740 Completed

15:16:23:234 3740

15:16:23:234 3740 Results:

15:16:23:234 3740 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

15:16:23:234 3740 File objects infected / cured / cured on reboot: 1 / 0 / 1

15:16:23:234 3740

15:16:23:250 3740 KLMD(ARK) unloaded successfully

MBAM:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4221

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

6/22/2010 5:04:37 PM

mbam-log-2010-06-22 (17-04-37).txt

Scan type: Quick scan

Objects scanned: 230688

Time elapsed: 11 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

New DDS copy

DDS (Ver_10-03-17.01) - NTFSx86

Run by Daniel at 16:00:11.40 on Tue 06/22/2010

Internet Explorer: 6.0.2900.5512

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.673 [GMT -4:00]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\TEMP.RADEK-5XEWYEN54.010\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.runescape.com/

uSearch Page = hxxp://search.live.com

mDefault_Search_URL = hxxp://www.google.com/ie

mSearchAssistant = hxxp://search.live.com/sphome.aspx

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [EPSON Stylus Photo R200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O5 "LPT1:" /M "Stylus Photo R200"

mRun: [EPSON Stylus Photo R200 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo R200"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRun: [xcxnfutoke2d28xx81] c:\windows\temp\yg5247w15.exe

StartupFolder: c:\documents and settings\temp.radek-5xewyen54.010\start menu\programs\startup\PowerReg SchedulerV2.exe

uPolicies-explorer: NoSetActiveDesktop = 30

uPolicies-explorer: NoActiveDesktopChanges = 30

dPolicies-system: DisableRegistryTools = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265946993593

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Notification Packages = scecli c:\windows\system32\lejozimo.dll

============= SERVICES / DRIVERS ===============

R0 viaraid;viaraid;c:\windows\system32\drivers\viaraid.sys [2008-8-19 70272]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-21 11608]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-21 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-21 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-21 60936]

S0 luxkalw;luxkalw;c:\windows\system32\drivers\gnhxqbp.sys --> c:\windows\system32\drivers\gnhxqbp.sys [?]

S1 1bbfb2a;1bbfb2a;c:\windows\system32\drivers\1bbfb2a.sys [2009-3-13 0]

S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]

S3 gunzprodrv;GunZProtect;\??\c:\program files\euro gunz v 8.5.5\gunzprotectdrv.sys --> c:\program files\euro gunz v 8.5.5\GunZProtectDrv.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 pnicII;Linksys Fast Ethernet PCI Card;c:\windows\system32\drivers\LNE100.SYS [2009-3-14 20573]

=============== Created Last 30 ================

2010-06-22 00:32:42 0 ----a-w- c:\documents and settings\temp.radek-5xewyen54.010\defogger_reenable

2010-06-21 23:53:52 0 d-----w- c:\docume~1\tempra~1.010\applic~1\Avira

2010-06-21 23:35:38 0 d-----w- c:\windows\system32\NtmsData

2010-06-21 23:29:14 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-06-21 23:29:12 0 d-----w- c:\program files\Avira

2010-06-21 23:29:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-06-20 01:34:18 767952 ----a-w- c:\windows\BDTSupport.dll.old

2010-06-20 01:34:17 1652688 ----a-w- c:\windows\PCTBDCore.dll.old

2010-06-20 00:35:57 0 d-----w- c:\docume~1\alluse~1\applic~1\RegCure

2010-06-19 21:33:43 0 d-----w- c:\docume~1\tempra~1.010\applic~1\SUPERAntiSpyware.com

2010-06-19 21:33:43 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-06-19 21:33:36 0 d-----w- c:\program files\SUPERAntiSpyware

2010-06-19 21:24:48 0 d-----w- c:\program files\common files\PC Tools

2010-06-14 20:34:49 0 d--h--w- c:\windows\system32\GroupPolicy

2010-06-14 01:53:47 0 d--h--w- c:\windows\PIF

2010-06-13 16:56:03 0 d-----w- c:\docume~1\alluse~1\applic~1\SwiftKit

2010-06-13 16:56:00 0 d-----w- c:\program files\SwiftKit

2010-06-12 20:39:15 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-06-12 15:27:00 0 d-----w- c:\program files\Spyware Doctor

2010-06-12 13:55:20 0 d-----w- c:\program files\Yahoo!

2010-06-12 13:55:17 0 d-----w- c:\program files\CCleaner

2010-06-10 20:59:20 1324 ----a-w- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2010-06-22 19:22:50 40840 ----a-w- c:\windows\system32\drivers\termdd.sys

2010-06-21 23:02:59 87 ----a-w- c:\documents and settings\temp.radek-5xewyen54.010\jagex_runescape_preferences2.dat

2010-06-21 22:51:37 41 ----a-w- c:\documents and settings\temp.radek-5xewyen54.010\jagex__preferences3.dat

2010-06-21 22:50:15 45 ----a-w- c:\documents and settings\temp.radek-5xewyen54.010\jagex_runescape_preferences.dat

2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2008-10-19 04:48:46 156 ----a-w- c:\program files\INSTALL.LOG

2003-07-17 02:26:58 448640 ----a-w- c:\windows\inf\EL2K_N64.sys

2003-07-17 02:22:10 147328 ----a-w- c:\windows\inf\EL2K_XP.sys

2003-06-03 07:47:54 147328 ----a-w- c:\windows\inf\EL2K_2K.sys

============= FINISH: 16:00:24.59 ===============

Hope i gave you everything i was suppose to :welcome:

Link to post
Share on other sites

When i tried manually deleting Adobe using the instructions you gave me, i ran into some problems

It said access denied when i tried going into diagnostics mode

it allowed me to go into safe mode where i tried Remove Adobe Reader 8.0 registered files using the command prompt but then when i was deleting the .dll files it would say access denied again.. this is really strange because i am logged in as a computer administrator.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.