also @ TechSpot: Updated Microsoft EULA prohibits class action lawsuits

TechSpot

[Solved] Cpu running at 100% am i infected

Discussion in 'Virus and Malware Removal' started by vogelrok, Feb 26, 2011.

Thread Status:
Not open for further replies.
Page 2 of 2

  1. vogelrok Newcomer, in training

    managed to get rid of it.

    had to use combofix in safemode. I know i shouldn't have done it without instruction sorry.

    here is the log.

    will remove the software and apps now,

    Edit: have removed them all as far as i can tell.

    thank you for your help.

    ComboFix 11-02-28.01 - lee vogelrok 02/03/2011 10:36:15.4.2 - x86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3326.3063 [GMT 0:00]
    Running from: c:\documents and settings\lee vogelrok\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\mAbLoKm06300
    c:\documents and settings\All Users\Application Data\mAbLoKm06300\mAbLoKm06300
    c:\documents and settings\All Users\Application Data\mAbLoKm06300\mAbLoKm06300.exe

    .
    ((((((((((((((((((((((((( Files Created from 2011-02-02 to 2011-03-02 )))))))))))))))))))))))))))))))
    .

    2011-03-01 08:53 . 2011-03-01 08:53 -------- d-----w- C:\_OTM
    2011-02-26 12:59 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-26 12:59 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-26 11:29 . 2011-02-26 12:23 -------- d-----w- c:\windows\system32\NtmsData
    2011-02-26 11:27 . 2011-02-26 11:27 -------- d-----w- c:\documents and settings\lee vogelrok\Application Data\Avira
    2011-02-26 11:24 . 2011-01-10 14:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-02-26 11:24 . 2011-01-10 14:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-02-26 11:24 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-02-26 11:24 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-02-26 11:24 . 2011-02-26 11:24 -------- d-----w- c:\program files\Avira
    2011-02-26 11:24 . 2011-02-26 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-02-25 20:36 . 2011-02-25 20:36 -------- d-----w- c:\program files\ESET
    2011-02-25 19:42 . 2011-02-25 19:42 -------- d-----w- c:\documents and settings\lee vogelrok\Application Data\Malwarebytes
    2011-02-25 19:41 . 2011-02-25 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-02-25 19:41 . 2011-02-26 12:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-02-25 19:20 . 2011-02-28 21:03 -------- d-----w- c:\program files\hyjackthis
    2011-02-25 02:06 . 2011-02-25 02:06 -------- d-----w- c:\program files\backups
    2011-02-25 00:39 . 2011-02-25 00:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
    2011-02-25 00:39 . 2011-02-25 00:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
    2011-02-25 00:39 . 2011-02-25 00:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2011-02-25 00:39 . 2011-02-25 00:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2011-02-25 00:39 . 2011-02-25 00:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2011-02-25 00:39 . 2011-02-25 00:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2011-02-25 00:39 . 2011-02-25 00:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2011-02-25 00:31 . 2011-02-25 00:31 -------- d-----w- c:\program files\Common Files\Java
    2011-02-24 01:04 . 2011-02-24 01:08 -------- d-----w- c:\documents and settings\lee vogelrok\Application Data\Mozilla-Cache
    2011-02-24 01:03 . 2011-02-25 02:01 -------- d-----w- c:\program files\PartyGaming
    2011-02-03 20:49 . 2011-02-03 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
    2011-02-03 20:49 . 2011-02-03 20:49 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-02-03 20:49 . 2011-02-03 20:49 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-02-03 20:49 . 2011-02-03 20:49 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-02-03 20:49 . 2011-02-03 20:50 -------- d-----w- c:\program files\NVIDIA Corporation
    2011-02-03 20:29 . 2011-02-03 20:30 -------- d-----w- c:\program files\Windows Live Safety Center

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-02 21:40 . 2010-09-21 09:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 19:19 . 2009-07-13 12:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-01-21 14:44 . 2008-04-14 08:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2008-04-14 08:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2008-04-14 08:00 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34 . 2008-04-14 08:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59 . 2008-04-23 00:16 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59 . 2008-07-12 19:10 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59 . 2008-04-23 00:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26 . 2008-04-14 08:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2008-07-12 19:09 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-09 15:15 . 2008-04-14 08:00 718336 ----a-w- c:\windows\system32\ntdll.dll
    2010-12-09 14:30 . 2008-04-14 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2010-12-09 13:42 . 2008-04-14 08:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-12-09 13:07 . 2008-04-14 04:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    .

    ------- Sigcheck -------

    [-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-30 262144]
    "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2005-05-04 01:43 69632 ----a-r- c:\windows\ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-03-16 20:58 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
    2009-05-07 19:05 75048 ----a-w- c:\program files\CyberLink\Shared Files\brs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-09-01 07:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
    2009-11-11 10:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
    2009-04-27 16:50 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
    2009-04-27 19:41 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2008-04-10 23:52 16861184 ----a-r- c:\windows\RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-10-29 14:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
    2008-10-21 12:18 2154496 ----a-w- c:\program files\Vtune\TBPANEL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2010-06-24 14:41 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
    2010-12-19 21:37 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/08/06 12:12];c:\program files\CyberLink\PowerDVD9\000.fcl [07/05/2009 20:05 87536]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26/02/2011 11:24 135336]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 14:41 92008]
    S3 FoxAwdWINFLASH;FoxAwdWINFLASH;\??\c:\progra~1\AFox\AFOXLI~1\FoxAwdWINFLASH.SYS --> c:\progra~1\AFox\AFOXLI~1\FoxAwdWINFLASH.SYS [?]
    S3 INFUSB;INFUSB;c:\windows\system32\drivers\infusb.sys [30/09/2002 16:16 15904]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [18/10/2010 19:40 137344]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [18/10/2010 19:40 8320]
    .
    Contents of the 'Scheduled Tasks' folder

    2011-03-01 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ntlworld.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-02 10:41
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2011-03-02 10:42:50
    ComboFix-quarantined-files.txt 2011-03-02 10:42
    ComboFix2.txt 2011-02-28 19:54
    ComboFix3.txt 2011-02-28 19:46
    ComboFix4.txt 2011-02-27 23:13

    Pre-Run: 138,048,823,296 bytes free
    Post-Run: 138,136,449,024 bytes free

    - - End Of File - - F1F461E68468DAD04492BA2EC3405088
    vogelrok, Mar 2, 2011
    #21

  2. vogelrok Newcomer, in training

    Hi Bobbye

    i have deleted all the pirated software i can find on my pc.

    have also downloaded comdo firewall and geekbuddy. as noticed in a few other posts that the windows firewall is only one way not bi-directional

    if this was a mistake please advise

    thank you.
    vogelrok, Mar 2, 2011
    #22

  3. vogelrok Newcomer, in training

    heres the latest Eset scan to show i have removed the pirated software from my pc.

    but it is still showing two of them remaining even thought they are uninstalled and deleted.

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6425
    # api_version=3.0.2
    # EOSSerial=09cce9760078d94c84dfbb0c80ba045a
    # end=stopped
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-02-25 08:40:52
    # local_time=2011-02-25 08:40:52 (+0000, GMT Standard Time)
    # country="United Kingdom"
    # lang=9
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=1280 16777175 100 0 46855509 46855509 0 0
    # compatibility_mode=2560 16777215 100 0 0 0 0 0
    # compatibility_mode=8192 67108863 100 0 3680 3680 0 0
    # scanned=5187
    # found=0
    # cleaned=0
    # scan_time=163
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6425
    # api_version=3.0.2
    # EOSSerial=09cce9760078d94c84dfbb0c80ba045a
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-02-28 08:32:24
    # local_time=2011-02-28 08:32:24 (+0000, GMT Standard Time)
    # country="United Kingdom"
    # lang=9
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=1797 16775141 100 93 202747 35456532 203993 0
    # compatibility_mode=8192 67108863 100 0 260972 260972 0 0
    # scanned=81581
    # found=2
    # cleaned=0
    # scan_time=1563
    C:\Documents and Settings\lee vogelrok\My Documents\Downloads\DivX7+Keygen\Universal Keygen.exe a variant of Win32/Keygen.AJ application (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\lee vogelrok\My Documents\Downloads\IsoBuster.v2.5.5.1-AGAiN\Keygen.EXE a variant of Win32/Keygen.AF application (unable to clean) 00000000000000000000000000000000 I
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6425
    # api_version=3.0.2
    # EOSSerial=09cce9760078d94c84dfbb0c80ba045a
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-03-03 08:43:15
    # local_time=2011-03-03 08:43:15 (+0000, GMT Standard Time)
    # country="United Kingdom"
    # lang=9
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=1797 16775141 100 93 462494 35716279 105643 0
    # compatibility_mode=3073 16777213 80 75 119415 5600024 0 0
    # compatibility_mode=8192 67108863 100 0 520719 520719 0 0
    # scanned=76094
    # found=3
    # cleaned=0
    # scan_time=1667
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\mAbLoKm06300\mAbLoKm06300.exe.vir a variant of Win32/Kryptik.LFO trojan (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{754642D3-1915-4355-981C-527A3385A415}\RP600\A0069866.exe a variant of Win32/Keygen.AJ application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{754642D3-1915-4355-981C-527A3385A415}\RP600\A0069867.EXE a variant of Win32/Keygen.AF application (unable to clean) 00000000000000000000000000000000 I
    vogelrok, Mar 3, 2011
    #23

  4. vogelrok Newcomer, in training

    i take it im not getting anymore help then because i had the cracked software. i have removed it all and as far as i can see none is left.

    if my help is over with how do i remove the stuff from the desktop safely and not messing up my system.


    i only ask as last reply was couple of days ago now, i know you have other people to help i know you are doing this for free,
    but i hope you are not judging me for having downloaded a bit of pirated software.

    if the above comment offends im sorry, but your last comment sort of told me to do one in my books your help is ended, so im asking.
    vogelrok, Mar 4, 2011
    #24

  5. Bobbye Helper on the Fringe

    A sudden and tragic death in the family took me away for a while. I am catching up now.

    The Eset log shows no new infections. Perhaps you would be kind enough to let me know if there has been any improvement in the system.
    =========================================
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result.
    • A reboot is required after disinfection.
    ====================
    Yes, downloading Geekbuddy was a mistake. It is to get remote help. If you plan on using that, you don't need me. However, be advised that the remote help will cost $$$.
    ==============================================
    What is the status of the system please? Why did you run Combofix in Safe Mode?
    Bobbye, Mar 4, 2011
    #25

  6. vogelrok Newcomer, in training

    Hi Bobbye sorry about the tragic death and apologise if i was being abrupt at all. giving up smoking here and have found im being a bit short with people.


    will remove Geekbuddy from pc

    hi system seems to be ok at present. not had anymore popups telling me my pc is infected.

    i ran the Combofix in safe mode. as couldn't get anything to work after i got hit with the System Tool program landed on my pc.
    couldnt use any antivirus software. couldn't load task manager. only thing i could load was IE and after a while it kept closing down and giving me the blue screen of death. but not just once it gave me two times. which made me realise it wasn't a real blue screen of death. it was the program that told me i had a virus or viruses, when i tried to open a program from the desktop it told me it was infected.
    i know i shouldn't have done it without help. but was fedup with the constant false bluescreens and reboots.



    will download TDSSKiller now and run.
    vogelrok, Mar 4, 2011
    #26

  7. vogelrok Newcomer, in training

    Ran TDSSKiller nothing found did you want me to post the log for it.
    vogelrok, Mar 4, 2011
    #27

  8. Bobbye Helper on the Fringe

    I'm a bit lost on what you're going to do. You had decided to reinstall or upgrade to Win7. Then you posted you had fixed the problem. Then you said you couldn't do anything, but you ran TDSSKiller anyway.

    Post the log please and tell me what you plan to do and what the system status is.

    Please see System Tool and screen shots HERE.
    Bobbye, Mar 5, 2011
    #28

  9. vogelrok Newcomer, in training

    Sorry taking my time to reply. Wife walked out on me and things just been up in the air past two days.

    i wont be upgrading to win7 i like the layout of xp and im used to it.

    the system is running fine at present. pc usage is all ok nothing using up the cpu power anymore.

    heres the TDSSKiller log.

    2011/03/06 19:10:03.0796 3316 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
    2011/03/06 19:10:04.0109 3316 ================================================================================
    2011/03/06 19:10:04.0109 3316 SystemInfo:
    2011/03/06 19:10:04.0109 3316
    2011/03/06 19:10:04.0109 3316 OS Version: 5.1.2600 ServicePack: 3.0
    2011/03/06 19:10:04.0109 3316 Product type: Workstation
    2011/03/06 19:10:04.0109 3316 ComputerName: LEE-B3CF0EE4DAF
    2011/03/06 19:10:04.0109 3316 UserName: lee vogelrok
    2011/03/06 19:10:04.0109 3316 Windows directory: C:\WINDOWS
    2011/03/06 19:10:04.0109 3316 System windows directory: C:\WINDOWS
    2011/03/06 19:10:04.0109 3316 Processor architecture: Intel x86
    2011/03/06 19:10:04.0109 3316 Number of processors: 2
    2011/03/06 19:10:04.0109 3316 Page size: 0x1000
    2011/03/06 19:10:04.0109 3316 Boot type: Normal boot
    2011/03/06 19:10:04.0109 3316 ================================================================================
    2011/03/06 19:10:04.0281 3316 Initialize success
    2011/03/06 19:10:08.0250 3632 ================================================================================
    2011/03/06 19:10:08.0250 3632 Scan started
    2011/03/06 19:10:08.0250 3632 Mode: Manual;
    2011/03/06 19:10:08.0250 3632 ================================================================================
    2011/03/06 19:10:09.0031 3632 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/03/06 19:10:09.0062 3632 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/03/06 19:10:09.0093 3632 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/03/06 19:10:09.0140 3632 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
    2011/03/06 19:10:09.0218 3632 AFD (4d43e74f2a1239d53929b82600f1971c) C:\WINDOWS\System32\drivers\afd.sys
    2011/03/06 19:10:09.0375 3632 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/03/06 19:10:09.0390 3632 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/03/06 19:10:09.0468 3632 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/03/06 19:10:09.0500 3632 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/03/06 19:10:09.0546 3632 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    2011/03/06 19:10:09.0546 3632 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    2011/03/06 19:10:09.0562 3632 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    2011/03/06 19:10:09.0593 3632 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/03/06 19:10:09.0687 3632 BlueletAudio (31ff5b87c1dd907613cc613224b8e303) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
    2011/03/06 19:10:09.0734 3632 BT (9da8abc4885aff4793d4aa420e40bb12) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
    2011/03/06 19:10:09.0781 3632 Btcsrusb (95a061d5217cbb6642e73a8fd9aa9734) C:\WINDOWS\system32\Drivers\btcusb.sys
    2011/03/06 19:10:09.0812 3632 BTHidEnum (083ad7f6ff500d0a93c0bea2cf298c93) C:\WINDOWS\system32\DRIVERS\vbtenum.sys
    2011/03/06 19:10:09.0890 3632 BTHidMgr (f408264f6ad1dc7e7bdd4837440f115d) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
    2011/03/06 19:10:09.0921 3632 Cardex (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPANEL.SYS
    2011/03/06 19:10:09.0984 3632 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/03/06 19:10:10.0015 3632 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/03/06 19:10:10.0093 3632 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/03/06 19:10:10.0125 3632 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/03/06 19:10:10.0140 3632 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/03/06 19:10:10.0281 3632 cmdGuard (dd530ee7d9efbb0ec42aebe7226b8a93) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
    2011/03/06 19:10:10.0328 3632 cmdHlp (07cbbe993ed08a52dafac1e6cf27b6a5) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
    2011/03/06 19:10:10.0421 3632 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/03/06 19:10:10.0453 3632 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/03/06 19:10:10.0468 3632 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/03/06 19:10:10.0484 3632 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/03/06 19:10:10.0515 3632 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/03/06 19:10:10.0593 3632 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/03/06 19:10:10.0609 3632 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/03/06 19:10:10.0625 3632 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/03/06 19:10:10.0640 3632 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/03/06 19:10:10.0671 3632 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/03/06 19:10:10.0687 3632 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2011/03/06 19:10:10.0812 3632 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/03/06 19:10:10.0828 3632 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/03/06 19:10:10.0859 3632 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/03/06 19:10:10.0890 3632 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/03/06 19:10:10.0906 3632 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/03/06 19:10:10.0984 3632 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/03/06 19:10:11.0031 3632 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/03/06 19:10:11.0078 3632 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/03/06 19:10:11.0125 3632 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/03/06 19:10:11.0156 3632 INFUSB (1029c62982ddc1b6237c39a55f14e358) C:\WINDOWS\system32\drivers\infusb.sys
    2011/03/06 19:10:11.0281 3632 Inspect (8154a2c13b72b08db11157673c60c3eb) C:\WINDOWS\system32\DRIVERS\inspect.sys
    2011/03/06 19:10:11.0421 3632 IntcAzAudAddService (b2957d6c1226f029230dac2c46d34286) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2011/03/06 19:10:11.0546 3632 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/03/06 19:10:11.0562 3632 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2011/03/06 19:10:11.0578 3632 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/03/06 19:10:11.0593 3632 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/03/06 19:10:11.0625 3632 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/03/06 19:10:11.0687 3632 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/03/06 19:10:11.0734 3632 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
    2011/03/06 19:10:11.0765 3632 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/03/06 19:10:11.0781 3632 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
    2011/03/06 19:10:11.0796 3632 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/03/06 19:10:11.0812 3632 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/03/06 19:10:11.0875 3632 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/03/06 19:10:11.0906 3632 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/03/06 19:10:11.0953 3632 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/03/06 19:10:11.0984 3632 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/03/06 19:10:12.0015 3632 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/03/06 19:10:12.0093 3632 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/03/06 19:10:12.0109 3632 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/03/06 19:10:12.0125 3632 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/03/06 19:10:12.0156 3632 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/03/06 19:10:12.0203 3632 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/03/06 19:10:12.0234 3632 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/03/06 19:10:12.0265 3632 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/03/06 19:10:12.0328 3632 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/03/06 19:10:12.0343 3632 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/03/06 19:10:12.0390 3632 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/03/06 19:10:12.0406 3632 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/03/06 19:10:12.0421 3632 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/03/06 19:10:12.0500 3632 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/03/06 19:10:12.0515 3632 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/03/06 19:10:12.0546 3632 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/03/06 19:10:12.0562 3632 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/03/06 19:10:12.0578 3632 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/03/06 19:10:12.0609 3632 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/03/06 19:10:12.0625 3632 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/03/06 19:10:12.0656 3632 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/03/06 19:10:12.0734 3632 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
    2011/03/06 19:10:12.0781 3632 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
    2011/03/06 19:10:12.0812 3632 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
    2011/03/06 19:10:12.0859 3632 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
    2011/03/06 19:10:12.0937 3632 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/03/06 19:10:13.0046 3632 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/03/06 19:10:13.0234 3632 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/03/06 19:10:13.0562 3632 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/03/06 19:10:13.0781 3632 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/03/06 19:10:13.0796 3632 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/03/06 19:10:13.0843 3632 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    2011/03/06 19:10:13.0859 3632 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/03/06 19:10:13.0890 3632 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/03/06 19:10:13.0968 3632 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
    2011/03/06 19:10:14.0000 3632 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/03/06 19:10:14.0015 3632 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/03/06 19:10:14.0046 3632 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/03/06 19:10:14.0125 3632 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/03/06 19:10:14.0140 3632 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/03/06 19:10:14.0203 3632 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/03/06 19:10:14.0281 3632 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/03/06 19:10:14.0343 3632 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
    2011/03/06 19:10:14.0359 3632 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/03/06 19:10:14.0375 3632 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/03/06 19:10:14.0390 3632 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/03/06 19:10:14.0406 3632 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/03/06 19:10:14.0421 3632 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/03/06 19:10:14.0437 3632 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/03/06 19:10:14.0453 3632 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/03/06 19:10:14.0484 3632 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/03/06 19:10:14.0546 3632 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    2011/03/06 19:10:14.0640 3632 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    2011/03/06 19:10:14.0687 3632 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/03/06 19:10:14.0765 3632 Ser2pl (2ec41a96d0dc98bd119bf325e0b9f392) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
    2011/03/06 19:10:14.0828 3632 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/03/06 19:10:14.0828 3632 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/03/06 19:10:14.0859 3632 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/03/06 19:10:14.0906 3632 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/03/06 19:10:15.0203 3632 SNPSTD3 (6008db6459e53e5d734dc4236eda1bfe) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
    2011/03/06 19:10:15.0578 3632 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/03/06 19:10:15.0593 3632 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/03/06 19:10:15.0609 3632 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/03/06 19:10:15.0656 3632 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    2011/03/06 19:10:15.0687 3632 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/03/06 19:10:15.0765 3632 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/03/06 19:10:15.0796 3632 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/03/06 19:10:15.0843 3632 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/03/06 19:10:15.0875 3632 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPanel.sys
    2011/03/06 19:10:15.0906 3632 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/03/06 19:10:15.0937 3632 Tcpip6 (f4a3c6abe7818b1b53f58fa1adb605cd) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
    2011/03/06 19:10:16.0000 3632 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/03/06 19:10:16.0015 3632 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/03/06 19:10:16.0031 3632 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/03/06 19:10:16.0093 3632 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
    2011/03/06 19:10:16.0171 3632 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/03/06 19:10:16.0187 3632 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/03/06 19:10:16.0234 3632 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
    2011/03/06 19:10:16.0265 3632 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2011/03/06 19:10:16.0312 3632 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/03/06 19:10:16.0390 3632 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/03/06 19:10:16.0421 3632 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/03/06 19:10:16.0437 3632 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/03/06 19:10:16.0468 3632 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/03/06 19:10:16.0500 3632 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/03/06 19:10:16.0593 3632 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
    2011/03/06 19:10:16.0625 3632 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
    2011/03/06 19:10:16.0640 3632 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/03/06 19:10:16.0671 3632 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/03/06 19:10:16.0718 3632 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    2011/03/06 19:10:16.0812 3632 VComm (9ebee4a060c5364a31aeaa04eac2af1e) C:\WINDOWS\system32\DRIVERS\VComm.sys
    2011/03/06 19:10:16.0843 3632 VcommMgr (ef0d45ed806b0c9ae9756bfeecb077ed) C:\WINDOWS\system32\Drivers\VcommMgr.sys
    2011/03/06 19:10:16.0890 3632 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/03/06 19:10:16.0906 3632 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/03/06 19:10:16.0937 3632 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/03/06 19:10:16.0984 3632 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    2011/03/06 19:10:17.0093 3632 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/03/06 19:10:17.0156 3632 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2011/03/06 19:10:17.0234 3632 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/03/06 19:10:17.0312 3632 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/03/06 19:10:17.0328 3632 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/03/06 19:10:17.0437 3632 ================================================================================
    2011/03/06 19:10:17.0437 3632 Scan finished
    2011/03/06 19:10:17.0437 3632 ================================================================================
    vogelrok, Mar 6, 2011
    #29

  10. Bobbye Helper on the Fringe

    Okay, this looks good. Let's remove the cleaning tools:

    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin

    If the problem starts up again, please begin a new thread with reference to this one: http://www.techspot.com/vb/topic161732-2.html     if it's same problem.
    Bobbye, Mar 6, 2011
    #30
Page 2 of 2
Thread Status:
Not open for further replies.