Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I have been infected with the 007Gaurd


  • Please log in to reply

#16
maverick1965

maverick1965

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 93.24 0 K 24 K
procexp.exe 2304 2.87 19,676 K 40,684 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
dwm.exe 2856 1.52 44,640 K 55,232 K Desktop Window Manager Microsoft Corporation
System 4 0.77 188 K 68,880 K
Interrupts n/a 0.69 0 K 0 K Hardware Interrupts and DPCs
iexplore.exe 2808 0.29 70,640 K 108,184 K Internet Explorer Microsoft Corporation
explorer.exe 2884 0.24 32,012 K 73,732 K Windows Explorer Microsoft Corporation
iexplore.exe 3732 0.16 56,388 K 96,768 K Internet Explorer Microsoft Corporation
csrss.exe 512 0.06 7,120 K 10,616 K Client Server Runtime Process Microsoft Corporation
svchost.exe 1016 0.05 65,336 K 72,180 K Host Process for Windows Services Microsoft Corporation
FlashUtil10u_ActiveX.exe 3996 0.04 1,408 K 4,900 K Adobe® Flash® Player Installer/Uninstaller 10.3 r181 Adobe Systems, Inc.
bdagent.exe 2668 0.02 13,704 K 1,760 K BitDefender Agent BitDefender S.R.L.
vsserv.exe 904 0.02 172,400 K 9,004 K BitDefender Security Service BitDefender S.R.L.
svchost.exe 1048 0.02 23,000 K 35,168 K Host Process for Windows Services Microsoft Corporation
taskhost.exe 2636 < 0.01 11,532 K 13,396 K Host Process for Windows Tasks Microsoft Corporation
iexplore.exe 1436 < 0.01 15,924 K 34,824 K Internet Explorer Microsoft Corporation
svchost.exe 1452 < 0.01 12,532 K 11,928 K Host Process for Windows Services Microsoft Corporation
updatesrv.exe 1984 < 0.01 8,332 K 12,744 K BitDefender Update Service BitDefender S.R.L.
svchost.exe 1192 < 0.01 4,584 K 7,944 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1148 < 0.01 10,108 K 12,308 K Host Process for Windows Services Microsoft Corporation
csrss.exe 460 < 0.01 1,380 K 3,580 K Client Server Runtime Process Microsoft Corporation
iexplore.exe 3924 < 0.01 8,720 K 25,188 K Internet Explorer Microsoft Corporation
WUDFHost.exe 2316 1,576 K 5,100 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation
wuauclt.exe 3272 1,480 K 5,272 K Windows Update Microsoft Corporation
WmiPrvSE.exe 2168 2,068 K 4,856 K WMI Provider Host Microsoft Corporation
winlogon.exe 568 2,100 K 5,252 K Windows Logon Application Microsoft Corporation
wininit.exe 520 1,308 K 3,768 K Windows Start-Up Application Microsoft Corporation
svchost.exe 1928 2,500 K 42,816 K Host Process for Windows Services Microsoft Corporation
svchost.exe 732 2,944 K 7,416 K Host Process for Windows Services Microsoft Corporation
svchost.exe 820 3,156 K 6,208 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1680 7,120 K 10,260 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1876 812 K 2,828 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1936 1,116 K 4,124 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2232 1,536 K 4,396 K Host Process for Windows Services Microsoft Corporation
spoolsv.exe 1652 5,032 K 9,256 K Spooler SubSystem App Microsoft Corporation
smss.exe 316 268 K 824 K Windows Session Manager Microsoft Corporation
services.exe 616 4,032 K 7,024 K Services and Controller app Microsoft Corporation
rundll32.exe 3144 1,680 K 5,412 K Windows host process (Rundll32) Microsoft Corporation
pchooklaunch32.exe 2752 1,144 K 3,688 K BitDefender S.R.L.
mbamservice.exe 2384 1,796 K 5,432 K Malwarebytes' Anti-Malware Malwarebytes Corporation
M-AudioTaskBarIcon.exe 3464 1,940 K 5,976 K M-Audio Task Bar Icon Applet Avid Technology, Inc.
lsm.exe 636 1,432 K 3,212 K Local Session Manager Service Microsoft Corporation
lsass.exe 624 3,380 K 8,136 K Local Security Authority Process Microsoft Corporation
jusched.exe 3492 972 K 3,704 K Java™ Update Scheduler Sun Microsystems, Inc.
IPROSetMonitor.exe 1820 856 K 3,240 K Intel® PROSet Monitoring Service Intel Corporation
BelkinService.exe 1764 1,812 K 6,332 K BelkinService Affinegy, Inc.
audiodg.exe 4044 13,868 K 13,516 K Windows Audio Device Graph Isolation Microsoft Corporation

Attached File  Procexp.txt   4.01KB   175 downloads
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,725 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\System32\drivers\iffkq.sys
c:\program files\Systweak\Advanced System Protector\sasprot32.sys
c:\windows\system32\drivers\rdvgkmd.sys
c:\windows\system32\drivers\WPRO_40_1340.sys
c:\windows\system32\drivers\synth3dvsc.sys
c:\windows\Tasks\ParetoLogic Registration.job
c:\windows\Tasks\ParetoLogic Update Version2.job

Driver::
xsyicbp
BCASPROT
VGPU
WPRO_40_1340
Synth3dVsc

Folder::
c:\program files\Alwil Software

RegLock::
[HKEY_USERS\.Default\Software\SetId\Internal]

Registry::
[HKEY_USERS\.Default\Software\SetId\Internal]
"DEVICE2"=-
"DATA2"=-
******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

This error (and many more):

Log: 'System' Date/Time: 28/09/2011 3:26:41 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'bdfsfltr' (Version 6.1, ?2010?-?06?-?25T06:37:20.000000000Z) failed to attach to volume '\Device\CdRom1'. The filter returned a non-standard final status of 0xc0000013. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.


is from BitDefender. Don't know what is wrong with it but it's not happy. There are reports on the BitDefender forum about it causing IE to crash but no answers. If a reinstall of Bitdefender with the latest version doesn't help then you need to contact them. Or uninstall it and go back to the free Avast.
http://www.avast.com...ivirus-download (The latest version is much improved over the version you had.)

These errors:

Log: 'Application' Date/Time: 28/09/2011 3:02:36 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-3745904780-917009718-934944832-1000:
Process 908 (\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\BitDefender\BitDefender Total Security 2011
Process 908 (\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\BitDefender\BitDefender Total Security 2011
Process 908 (\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\BitDefender\BitDefender Total Security 2011
Process 908 (\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\BitDefender\BitDefender Total Security 2011
Process 908 (\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\BitDefender\BitDefender Total Security 2011


are also caused by BitDefender. Doesn't look like it's really ready for Windows 7.


Ron
  • 0

#18
maverick1965

maverick1965

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Attached File  combofix.txt   18.96KB   150 downloads
  • 0

#19
maverick1965

maverick1965

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I uninstalled bitdefender
  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,725 posts
  • MVP
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.

Then run Vino's again as before and post the logs.

Ron
  • 0

#21
maverick1965

maverick1965

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Attached File  VEW.txt1.txt   12.29KB   155 downloads

Attached File  VEW.txt2.txt   7.69KB   193 downloads
  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,725 posts
  • MVP
You gave me the same vino logs as before. I need new ones. Delete the old ones before you run Vino's.

Going to bed now.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP