Tech Support banner

Status
Not open for further replies.
1 - 10 of 10 Posts

·
Registered
Joined
·
5 Posts
Discussion Starter #1
Hello all,

I've been abroad for a while, only to come back home and find my roommates have turned my PC into an - ahem - porno box. It looks pretty ugly, and there are alot of programs I'm unsure about running on the system.

The most obvious problem is that Win. explorer keeps crashing, and I have no GUI or access to the start menu. This seems to be pretty common judging by some of the threads I've read through? I thought it might be a problem with something called 'vundo', but the vundo checkers I have DL'd don't seem to identify it. I've also ran Clamwin and Bitdefender, and they come up clean.

I've ran DSS and here is the log that it gave me. If someone sees something that looks obviously faulty, please let me know.

Thanks for your time!


Mark
*****

Deckard's System Scanner v20071014.68
Run by Riz Walker on 2007-12-04 09:29:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 7.58 GiB (less than 15%) free.


-- HijackThis (run as Riz Walker.exe) ------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-04 09:31:27
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\3com_dmi\3CDMINIC.EXE
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Audio Deck\EnMixCPL.exe
C:\WINDOWS\atiptaxx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Temp\dss.exe
C:\Temp\Riz Walker.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {CB520F40-A740-454A-BE12-543FCEF526AD} - C:\WINDOWS\system32\mlljh.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\atiptaxx.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
O4 - Global Startup: Logo Calibration Loader.lnk = ?
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38011.6738194444
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINDOWS\system32\3com_dmi\3CDMINIC.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Route Access Protocol Graphics (RAPG) - Unknown owner - C:\Program Files\Intel\SVCH0ST.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


--
End of file - 8057 bytes

-- Files created between 2007-11-04 and 2007-12-04 -----------------------------

2007-12-01 09:25:21 0 dr-h----- C:\Documents and Settings\Riz Walker\Recent
2007-11-30 10:14:02 0 d-------- C:\Documents and Settings\Riz Walker\Application Data\Bitdefender
2007-11-30 10:13:27 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-11-30 10:13:26 0 d-------- C:\Program Files\BitDefender
2007-11-30 10:12:29 0 d-------- C:\Program Files\Common Files\BitDefender
2007-11-30 08:43:06 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-11-30 08:43:01 0 d-------- C:\Program Files\Security Task Manager
2007-11-30 08:03:21 0 d-------- C:\Documents and Settings\Riz Walker\.housecall6.6
2007-11-29 21:55:17 282478 --ahs---- C:\WINDOWS\system32\hjllm.ini2
2007-11-29 21:55:01 335968 --a------ C:\WINDOWS\system32\mlljh.dll
2007-11-29 21:48:50 0 d-------- C:\Program Files\WinAVI MP4 Converter


-- Find3M Report ---------------------------------------------------------------

2007-12-04 09:27:35 0 d-------- C:\Program Files\SpeedFan
2007-11-30 18:02:07 77824 --a------ C:\WINDOWS\system32\xcomm.dll <Not Verified; BitDefender; BitDefender Communicator>
2007-11-30 10:54:34 0 d-------- C:\Program Files\Intel
2007-11-30 10:12:29 0 d-a------ C:\Program Files\Common Files
2007-11-30 07:51:25 0 d-------- C:\Program Files\SpywareBlaster
2007-11-29 22:23:04 0 d-------- C:\Documents and Settings\Riz Walker\Application Data\foobar2000
2007-11-29 22:22:57 0 d-------- C:\Documents and Settings\Riz Walker\Application Data\Azureus
2007-11-29 21:50:04 0 d-------- C:\Program Files\MultiRes
2007-10-26 17:59:36 0 d-------- C:\Documents and Settings\Riz Walker\Application Data\U3
2007-10-26 17:46:06 0 d-------- C:\Documents and Settings\Riz Walker\Application Data\Adobe
2007-10-25 09:20:31 0 d-------- C:\Program Files\Winamp
2007-09-23 21:21:53 3580 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-09-22 13:59:53 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB520F40-A740-454A-BE12-543FCEF526AD}]
2007-11-29 21:55 335968 --a------ C:\WINDOWS\system32\mlljh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"RegistryMechanic"="" []
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2007-04-30 18:17]
"EnvyHFCPL"="C:\Program Files\Audio Deck\EnMixCPL.exe" [2006-02-06 11:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"AtiPTA"="C:\WINDOWS\atiptaxx.exe" [2003-06-05 11:35]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 15:14]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-11-30 18:03]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-11-23 01:15]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2003-05-30 09:42]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 19:24]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]

C:\Documents and Settings\Riz Walker\Start Menu\Programs\Startup\
SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe [2006-10-12 11:33:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-05-10 15:28:47]
Logo Calibration Loader.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2004-10-28 15:01:42]
ProfileReminder.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2004-10-28 15:01:10]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlljh.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan




-- End of Deckard's System Scanner: finished at 2007-12-04 09:32:54 ------------
 

·
TSF-Enthusiast
Joined
·
923 Posts
Apologies for the delay in responding.

The workload on this forum is intense, and sometimes it is not possible to respond to every
inquiry.

Please download ComboFix
Save it to the Desktop

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Please post the ComboFix.txt in your reply.
 

·
Registered
Joined
·
5 Posts
Discussion Starter #3
Aaflac,

Thanks for the reply. I understand how busy this forum is - it's pretty daunting when you look through the recent posts, and see how many there are on any given day.

At any rate, here is the combofix log:

ComboFix 07-12-02.6 - Riz Walker 2007-12-07 12:54:21.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.839 [GMT -5:00]
Running from: C:\Documents and Settings\Riz Walker\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\outerinfo
C:\Program Files\outerinfo\outerinfo.ico

.
((((((((((((((((((((((((( Files Created from 2007-11-07 to 2007-12-07 )))))))))))))))))))))))))))))))
.

2007-12-05 23:32 . 2007-12-05 23:32 <DIR> d-------- C:\Temp\Aqua Teen Hunger Force (iPod)
2007-12-04 15:43 . 2003-06-05 12:35 114,688 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-12-04 08:56 . 2005-02-16 11:06 218,112 --a------ C:\Temp\Riz Walker.exe
2007-12-04 08:53 . 2007-12-04 08:53 <DIR> d-------- C:\Deckard
2007-12-04 08:49 . 2007-12-04 08:49 686,630 --a------ C:\Temp\dss.exe
2007-11-30 10:55 . 2007-12-07 12:49 121 --a------ C:\WINDOWS\bdagent.INI
2007-11-30 10:14 . 2007-11-30 10:14 <DIR> d-------- C:\Documents and Settings\Riz Walker\Application Data\Bitdefender
2007-11-30 10:13 . 2007-11-30 10:13 <DIR> d-------- C:\Program Files\BitDefender
2007-11-30 10:13 . 2007-11-30 10:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-11-30 10:12 . 2007-11-30 10:13 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2007-11-30 08:43 . 2007-11-30 08:43 <DIR> d-------- C:\Program Files\Security Task Manager
2007-11-30 08:43 . 2007-11-30 08:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-11-30 08:42 . 2007-11-30 08:42 1,570,920 --a------ C:\Temp\taskmanager17.exe
2007-11-30 08:06 . 2007-11-30 08:03 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-30 08:03 . 2007-11-30 08:21 <DIR> d-------- C:\Documents and Settings\Riz Walker\.housecall6.6
2007-11-30 07:44 . 2007-11-30 07:44 3,384,910 --a------ C:\Temp\sysclean.com
2007-11-29 22:45 . 2007-11-29 22:45 118,272 --a------ C:\Temp\VundoFix.exe
2007-11-29 21:55 . 2007-11-29 21:55 335,968 --a------ C:\WINDOWS\system32\mlljh.dll
2007-11-29 21:55 . 2007-12-07 13:10 282,594 --ahs---- C:\WINDOWS\system32\hjllm.ini
2007-11-29 21:55 . 2007-12-07 13:09 282,480 --ahs---- C:\WINDOWS\system32\hjllm.ini2
2007-11-29 21:48 . 2007-11-29 21:48 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-07 17:50 221,714,464 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-07 17:50 2,600,336 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-06 13:55 --------- d-----w C:\Program Files\Winamp
2007-12-06 13:40 --------- d-----w C:\Documents and Settings\Riz Walker\Application Data\Azureus
2007-12-04 20:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 20:44 --------- d-----w C:\Program Files\ATI Technologies
2007-12-04 14:54 --------- d-----w C:\Documents and Settings\Riz Walker\Application Data\U3
2007-12-04 14:27 --------- d-----w C:\Program Files\SpeedFan
2007-11-30 15:54 --------- d-----w C:\Program Files\Intel
2007-11-30 12:51 --------- d-----w C:\Program Files\SpywareBlaster
2007-11-30 03:23 --------- d-----w C:\Documents and Settings\Riz Walker\Application Data\foobar2000
2007-11-30 02:50 --------- d-----w C:\Program Files\MultiRes
2006-11-07 22:29 104,292 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_11_06_11_29_21_small.dmp.zip
2006-11-06 12:39 101,594 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_11_05_21_04_46_small.dmp.zip
2006-10-12 01:55 92,969 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_10_09_15_53_29_small.dmp.zip
2006-10-12 01:55 90,773 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_10_09_17_04_40_small.dmp.zip
2006-09-06 11:01 17,557,795 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_08_29_11_54_03_full.dmp.zip
2006-08-07 22:12 97,008 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_08_06_22_24_16_small.dmp.zip
2006-08-07 22:12 4,407,296 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_07_23_19_57_03_full.dmp.zip
2006-04-18 01:05 4,387,929 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2005-11-09 17:22 39,762 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2005_11_09_12_15_11_small.dmp.zip
2005-11-01 01:26 45,230 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_10_31_20_20_27_small.dmp.zip
2005-11-01 01:26 42,649 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_10_31_20_20_39_small.dmp.zip
2004-10-01 19:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2004-05-03 18:20 17,144 ----a-w C:\Documents and Settings\Riz Walker\Application Data\GDIPFONTCACHEV1.DAT
2003-07-17 02:26 448,640 ----a-w C:\WINDOWS\inf\EL2K_N64.sys
2003-07-17 02:22 147,328 ----a-w C:\WINDOWS\inf\EL2K_XP.sys
2003-06-03 07:47 147,328 ----a-w C:\WINDOWS\inf\EL2K_2K.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B86AD026-D11C-499F-99CD-E4C27AAC73AB}]
2007-11-29 21:55 335968 --a------ C:\WINDOWS\system32\mlljh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{381FFDE8-2394-4F90-B10D-FC6124A40F8C}"= C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2007-11-30 18:03 86016]

[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"RegistryMechanic"="" []
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2007-04-30 18:17]
"EnvyHFCPL"="C:\Program Files\Audio Deck\EnMixCPL.exe" [2006-02-06 11:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"AtiPTA"="C:\WINDOWS\atiptaxx.exe" [2003-06-05 12:35]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 15:14]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-11-30 18:03]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-11-23 01:15]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2003-05-30 09:42]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 19:24]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-05-10 15:28:47]
Logo Calibration Loader.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2004-10-28 15:01:42]
ProfileReminder.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2004-10-28 15:01:10]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\mlljh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-04-27 10:25 257088 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2003-05-29 16:28 790528 --a------ C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager]

S1 atitray;atitray;\??\C:\Program Files\Radeon Omega Drivers\v3.8.360\ATI Tray Tools\atitray.sys
S1 bdftdif;bdftdif;\??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
S2 3ComDMIService;3Com DMI Agent;C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
S2 BCAITDI;3Com BCAITDI DMI TDI;C:\WINDOWS\system32\DRIVERS\BCAItdi.sys
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys
S2 PDIHWCTL;PDIHWCTL;\??\C:\WINDOWS\system32\drivers\pdihwctl.sys
S2 RAPG;Route Access Protocol Graphics;C:\Program Files\Intel\SVCH0ST.exe
S3 ASUSHWIO;ASUSHWIO;\??\C:\WINDOWS\System32\drivers\ASUSHWIO.sys
S3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys
S3 BDSelfPr;BDSelfPr;\??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys
S3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys
S3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;C:\WINDOWS\system32\drivers\Envy24HF.sys
S3 eyeonedp;eye-one display;C:\WINDOWS\system32\DRIVERS\eyeonedp.sys
S3 i1;eye-one;C:\WINDOWS\system32\DRIVERS\i1.sys
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys
S3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe -kbdx
S3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 13:10:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2007-12-07 13:11:45 - machine was rebooted
.
--- E O F ---


I hope that helps.


Thanks,


Mark
 

·
TSF-Enthusiast
Joined
·
923 Posts
Please open Notepad (Start > Run > in the Open field type: notepad)
Click: OK

Copy/ paste the blue text below to Notepad:

File::
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\hjllm.ini2

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B86AD026-D11C-499F-99CD-E4C27AAC73AB}]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Driver::
RAPG



Save as CFScript.txt <<< Important!!
Change the Save as type to: All Files
Save it to the Desktop



Referring to the screenshot above, drag CFScript.txt >>> into >>> ComboFix.exe
ComboFix runs a scan on your system, and may reboot when it finishes. This is normal.

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

When finished, a log is produced: ComboFix.txt

~~~~
Run HijackThis once again, and Scan, to obtain a new log.

~~~~
Please provide the contents of the new ComboFix log, and the new HijackThis log in your reply.
 

·
Registered
Joined
·
5 Posts
Discussion Starter #5
Aaflac,

So I did what you mentioned, and here are the two logs, first the ComboFix.txt file, then the hijackthis log.

***

ComboFix 07-12-02.6 - Riz Walker 2007-12-12 22:39:32.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.651 [GMT -5:00]
Running from: C:\Documents and Settings\Riz Walker\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Riz Walker\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\hjllm.ini2
C:\WINDOWS\system32\mlljh.dll
.


***

Logfile of HijackThis v1.99.1
Scan saved at 22:52, on 2007-12-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Audio Deck\EnMixCPL.exe
C:\WINDOWS\atiptaxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3E9BE545-85F2-4153-890C-677A9C5120EF} - C:\WINDOWS\system32\mlljh.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\atiptaxx.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)


***

One thing I do notice is that upon Combofix rebooting the PC, explorer is not currently crashing, and I do have access to the start menu / GUI. I don't know if it fixed the problem, or if it is just temporary, but it's nice to see things acting a bit more normal.

Thanks for your help,



Mark
 

·
TSF-Enthusiast
Joined
·
923 Posts
There is quite a bit of information missing from the ComboFix log. Please post the entire report.

Thanks!!
 

·
Registered
Joined
·
5 Posts
Discussion Starter #7
Aaflac,

Sorry about that - I'm not sure I ran everything correctly. I watched the process this morning, and it seems to have completed properly. At the end of the process, I was directed to a 'bleeping computer' site where a zip file from my desktop was uploaded for testing. That was the last thing I did.

Here are the (hopefully complete!) logs.

ComboFix 07-12-02.6 - Riz Walker 2007-12-13 9:48:08.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.564 [GMT -5:00]
Running from: C:\Documents and Settings\Riz Walker\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Riz Walker\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\hjllm.ini2
C:\WINDOWS\system32\mlljh.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\hjllm.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.


-------\LEGACY_RAPG
-------\RAPG


-------\LEGACY_RAPG
-------\RAPG


((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 )))))))))))))))))))))))))))))))
.

2007-12-07 15:17 . 2007-12-07 15:17 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-07 15:06 . 2007-12-07 15:07 21,216,112 --a------ C:\Temp\aaw2007(2).exe
2007-12-07 15:04 . 2007-12-07 15:04 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2007-12-07 15:03 . 2007-12-07 15:03 <DIR> d-------- C:\Program Files\MSECACHE
2007-12-07 14:56 . 2007-12-07 14:57 21,216,112 --a------ C:\Temp\aaw2007.exe
2007-12-07 13:15 . 2007-12-07 13:15 <DIR> d-------- C:\VundoFix Backups
2007-12-05 23:32 . 2007-12-05 23:32 <DIR> d-------- C:\Temp\Aqua Teen Hunger Force (iPod)
2007-12-04 15:43 . 2003-06-05 12:35 114,688 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-12-04 08:56 . 2005-02-16 11:06 218,112 --a------ C:\Temp\Riz Walker.exe
2007-12-04 08:49 . 2007-12-04 08:49 686,630 --a------ C:\Temp\dss.exe
2007-11-30 10:55 . 2007-12-13 09:54 121 --a------ C:\WINDOWS\bdagent.INI
2007-11-30 10:14 . 2007-11-30 10:14 <DIR> d-------- C:\Documents and Settings\Riz Walker\Application Data\Bitdefender
2007-11-30 10:13 . 2007-11-30 10:13 <DIR> d-------- C:\Program Files\BitDefender
2007-11-30 10:13 . 2007-11-30 10:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-11-30 10:12 . 2007-11-30 10:13 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2007-11-30 08:43 . 2007-11-30 08:43 <DIR> d-------- C:\Program Files\Security Task Manager
2007-11-30 08:43 . 2007-11-30 08:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-11-30 08:42 . 2007-11-30 08:42 1,570,920 --a------ C:\Temp\taskmanager17.exe
2007-11-30 08:06 . 2007-11-30 08:03 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-30 08:03 . 2007-11-30 08:21 <DIR> d-------- C:\Documents and Settings\Riz Walker\.housecall6.6
2007-11-30 07:44 . 2007-11-30 07:44 3,384,910 --a------ C:\Temp\sysclean.com
2007-11-29 22:45 . 2007-11-29 22:45 118,272 --a------ C:\Temp\VundoFix.exe
2007-11-29 21:48 . 2007-11-29 21:48 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 14:56 222,789,664 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-13 14:54 2,612,840 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-11 06:46 --------- d-----w C:\Program Files\SpeedFan
2007-12-08 05:50 --------- d-----w C:\Documents and Settings\Riz Walker\Application Data\foobar2000
2007-12-08 05:49 --------- d-----w C:\Program Files\Azureus
2007-12-08 05:46 --------- d-----w C:\Documents and Settings\Riz Walker\Application Data\Azureus
2007-12-07 20:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-06 13:55 --------- d-----w C:\Program Files\Winamp
2007-12-04 20:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 20:44 --------- d-----w C:\Program Files\ATI Technologies
2007-12-04 14:54 --------- d-----w C:\Documents and Settings\Riz Walker\Application Data\U3
2007-11-30 15:54 --------- d-----w C:\Program Files\Intel
2007-11-30 12:51 --------- d-----w C:\Program Files\SpywareBlaster
2007-11-30 02:50 --------- d-----w C:\Program Files\MultiRes
2006-11-07 22:29 104,292 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_11_06_11_29_21_small.dmp.zip
2006-11-06 12:39 101,594 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_11_05_21_04_46_small.dmp.zip
2006-10-12 01:55 92,969 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_10_09_15_53_29_small.dmp.zip
2006-10-12 01:55 90,773 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_10_09_17_04_40_small.dmp.zip
2006-09-06 11:01 17,557,795 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_08_29_11_54_03_full.dmp.zip
2006-08-07 22:12 97,008 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_08_06_22_24_16_small.dmp.zip
2006-08-07 22:12 4,407,296 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_07_23_19_57_03_full.dmp.zip
2006-04-18 01:05 4,387,929 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2005-11-09 17:22 39,762 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2005_11_09_12_15_11_small.dmp.zip
2005-11-01 01:26 45,230 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_10_31_20_20_27_small.dmp.zip
2005-11-01 01:26 42,649 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_10_31_20_20_39_small.dmp.zip
2004-10-01 19:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2004-05-03 18:20 17,144 ----a-w C:\Documents and Settings\Riz Walker\Application Data\GDIPFONTCACHEV1.DAT
2003-07-17 02:26 448,640 ----a-w C:\WINDOWS\inf\EL2K_N64.sys
2003-07-17 02:22 147,328 ----a-w C:\WINDOWS\inf\EL2K_XP.sys
2003-06-03 07:47 147,328 ----a-w C:\WINDOWS\inf\EL2K_2K.sys
.

((((((((((((((((((((((((((((( [email protected]_13.10.48.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-07 20:18:08 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2007-12-07 20:18:08 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2007-12-07 20:18:08 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2007-12-07 20:18:08 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
- 2007-09-24 02:21:53 3,580 ----a-w C:\WINDOWS\system32\d3d9caps.dat
+ 2007-12-07 18:42:10 4,240 ----a-w C:\WINDOWS\system32\d3d9caps.dat
- 2007-06-04 19:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 17:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
- 2007-06-04 19:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2007-08-07 17:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{381FFDE8-2394-4F90-B10D-FC6124A40F8C}"= C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2007-11-30 18:03 86016]

[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"RegistryMechanic"="" []
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2007-04-30 18:17]
"EnvyHFCPL"="C:\Program Files\Audio Deck\EnMixCPL.exe" [2006-02-06 11:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"AtiPTA"="C:\WINDOWS\atiptaxx.exe" [2003-06-05 12:35]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 15:14]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-11-30 18:03]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-11-23 01:15]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2003-05-30 09:42]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 19:24]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-05-10 15:28:47]
Logo Calibration Loader.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2004-10-28 15:01:42]
ProfileReminder.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2004-10-28 15:01:10]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-04-27 10:25 257088 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2003-05-29 16:28 790528 --a------ C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager]

R1 bdftdif;bdftdif;\??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
R2 3ComDMIService;3Com DMI Agent;C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
R2 BCAITDI;3Com BCAITDI DMI TDI;C:\WINDOWS\system32\DRIVERS\BCAItdi.sys
R2 PDIHWCTL;PDIHWCTL;\??\C:\WINDOWS\system32\drivers\pdihwctl.sys
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys
R3 BDSelfPr;BDSelfPr;\??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;C:\WINDOWS\system32\drivers\Envy24HF.sys
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe -kbdx
S1 atitray;atitray;\??\C:\Program Files\Radeon Omega Drivers\v3.8.360\ATI Tray Tools\atitray.sys
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys
S3 ASUSHWIO;ASUSHWIO;\??\C:\WINDOWS\System32\drivers\ASUSHWIO.sys
S3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys
S3 eyeonedp;eye-one display;C:\WINDOWS\system32\DRIVERS\eyeonedp.sys
S3 i1;eye-one;C:\WINDOWS\system32\DRIVERS\i1.sys
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys
S3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 09:56:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2007-12-13 9:58:55 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-07 13:11
.
--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 10:02:41 AM, on 13/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Audio Deck\EnMixCPL.exe
C:\WINDOWS\atiptaxx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\atiptaxx.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)


Thanks!
 

·
TSF-Enthusiast
Joined
·
923 Posts
The logs look OK.

You need to update your version of Java, though!
There are vulnerabilities in older versions.

Go to Start > Control Panel > Add/Remove Programs
In the list of Currently Installed Programs, look for all previous versions of Java:
J2SE Runtime Environment number x, etc.
Select the entry and then Remove

Next, download and install the newest version:
Java Runtime Environment (JRE) 6 Update 3


Also, the HijackThis log shows entries for ClamWin, and BitDefender Anti-Virus.


Do you have more than one AntiVirus program installed?
 

·
Registered
Joined
·
5 Posts
Discussion Starter #9
Aaflac,

I'm surprised the logs look OK. Happily surprised, I suppose. After running ComboFix with that script, the problem I was having seems to have sorted itself out. I'm not actually sure what the cause or cure was, but everything is stable right now.

I updated Java - thanks for noting that.

I only have bitdefender running as a free month long trial. I thought initially that I had a virus, and wanted a 'second opinion' to ClamWin. It picked up a few things, but nothing major. Once the month is up, I'll stop running it.

Thanks very much for your help. I appreciate the time you've spent. Super cool, really.

Cheers!


Mark
 

·
TSF-Enthusiast
Joined
·
923 Posts
Running more than one AntiVirus program is not a good idea. Having more than one of these programs active in memory opens the door to potential conflicts between the programs, uses additional resources, and may result in diminished detection capabilities, or cause false virus alerts.

The best thing to do is uninstall one of the AV programs and let the one you choose to keep do its job.

To uninstall whichever program you do not want to keep:
Go to: Start > Run, type: control
Press OK
Double-click on: Add/Remove Programs

On the list of Currently Installed Programs, look for and uninstall the program you do not want to keep by selecting the entry and clicking on Remove:

Next, search for and delete the folder related to the program. It should be in:
C:\Program Files\

Then, restart the computer.

~~~~
If you are not having malware problems, you are good to go!

Please do the following to wrap up:

  • Go to Start then Run
  • Type Combofix /u in the Open box, and click OK. (Notice the space before /u)
  • This command uninstalls ComboFix, implements some cleanup procedures, and resets System Restore points to prevent re-infection from old Restore points.




Some of the best suggestions and programs to remain malware free are contained in Tony Klein’s article:
How Did I Get Infected In The First Place

It is also a very good practice to perform an online virus scan on a regular basis.
Scanners do not have identical malware definitions, and what one misses, another one can catch.
Some of the scanners are:
BitDefender Online Scanner
ESET NOD32 Online Scanner
F-Secure Online Scanner
Panda ActiveScan
TrendMicro HouseCall

~~~~
If you have any questions or comments, post back. Otherwise...

Good luck, and safe journey through the Internet!!
 
1 - 10 of 10 Posts
Status
Not open for further replies.
Top