# Boo Hoo, scanned to no avail...



## HydraHeaded

Hi,

Since the past few days, Internet Explorer used to start up on its own, automatically. I rarely use it; I use Firefox. In the end, I just uninstalled Internet Explorer. Now a small window comes up, asking whether I want to connect or stay offline. Zone Alarm gives a regular message of spy-site blocking, this is the full message: 

Blocked site name  89.188.16.50/css4.dll?sid=FC545C5B4F080F0F000D54585C5B585E5E4F1F545B365C365836085B51363A0C1B1F000A0C4939080A02495B4F0A000D54595D2B2D5A5F5F2C515A5A2C5D5B2D5C505C2A5A5B2D2D5B2D5E2B5B5B2D5C2B4F081D545E5A5F5C2F282B59595A5E5858582D2D502A5C51585C5B585E5E2A2F2F2F2F

I have got Zone Alarm; BitDefender; SpywareDoctor, Spybot Search & Destroy; I have already scanned with everything except the antivirus. Spyware Doctor gave three infections, but said that it was not able to clean one. Zone Alarm gave one infection, and cleaned it. But the problem is still there! 

So exactly what has got into my computer? And how is it possible, after all these softwares standing in between?

Thanx for the help.


----------



## GameMaster

*Click here* to download *HJTsetup.exe*
Save HJTsetup.exe to your desktop. 
Double click on the HJTsetup.exe icon on your desktop. 
By default it will install to C:\Program Files\Hijack This. 
Continue to click *Next* in the setup dialogue boxes until you get to the *Select Additional Tasks* dialogue. 
Put a check by *Create a desktop icon* then click *Next* again. 
Continue to follow the rest of the prompts from there. 
At the final dialogue box click *Finish* and it will launch Hijack This. 
Click on the *Do a system scan and save a log file* button. It will scan and then ask you to save the log. 
Click *Save* to save the log file and then the log will open in notepad. 
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. 
Come back here to this thread and Paste the log in your next reply. 
*DO NOT* have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


----------



## SirKenin

The easiest way to rid yourself of pests with very little interaction is the following:

Download combofix

Download Smitfraudfix

Download Super Antispyware.

Download Ccleaner.

Install them and check for updates for Super Antispyware before proceeding.

Run combofix in normal mode. After it's rebooted and given you a log, reboot into safemode.

Run Smitfraudfix in Safe Mode.

Run Ccleaner in Safe Mode (make sure you're under your own user account). Do the files and registry cleaner sections.

Run Super Antispyware in normal mode.

Then, if anything happens to be left over, which believe me when I say it will be very little, if anything, THEN run Hijackthis or Autoruns to catch the stragglers. The combofix log is very good at identifying files created recently.

I have noticed that people love to complicate things, and I've seen 10 page threads that should have been 10 posts. I do this several times a day on site and in most cases I have a computer totally cleaned out in 45 minutes or less. Very rarely (Less than 5% of the cases I address) does it take more than that.


----------



## HydraHeaded

*Should've read this earlier...*

I have just read these two replies now. If only I had read the first reply earlier...

After posting this message, I immediately started HijackThis, and it gave a whole lot of results, as possible infections, and I didn't know what to do, and I thought that since the program is anti-spyware, it probably won't harm, so _I selected everything and clicked on fix all._ What happened after this is nothing; the problem didn't go away, but the next time I restarted the computer, at the time of logging in (as user), it said that this copy of Windows needs to be activated. It would start only in Safe Mode, and Restoring to an earlier point didn't help. Then a friend of mine gave me some small kind of undo software, something called WGFix.exe (not sure about the name), and I started the computer in Safe Mode and ran that, and it said that it had fixed the problem, so I started the compu again, and this time it started up normally. I don't know what HijackThis did to my compu, but I'm never gonna use it again!

Well, I'll go over all that you have said, and will come back after some time. I have to be more careful even in spyware-removal now 

Anyway, thanx.


----------



## GameMaster

Oh great that you read what I wrote... look what I said:



> DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required



Why did you fix all the entries??

I don't know did the program your friend gave you fixed the problem, but it would be good to restore it.

Please open HijackThis again ( if you dare ) and choose *View the list of backups.*
Check all entries and click  *Restore.*
Reboot your cmputer and all will be restored.

Now, if you'd like us to clean your computer, post another HijackThis log and this time *don't fix any entries* without a suggestion from someone of us here.


SirKenin, I have no doubts you are great in helping people...but CommoFix should be the last tool to use ( or to be used on greatly infected computers ) and it's stupid to run it on some infections that don't need CF as a special treatment.


----------



## Punk

I want to add that smitfraudfix is a tool made for smitfraud infections *ONLY*.
Combofix is a powerful tool once you know how to read the script


----------



## SirKenin

Smitfraudfix does more than scan for smitfraud infections, actually.. And Combofix is always the first tool to use. It gets rid of a wide array of issues, and also tells you what files have recently been added to your computer, an excellent way to track down varmints.  Super Antispyware gets rid of the remainder, stuff that Spybot and Ad-aware, as useless as they are, are powerless to get rid of.

Going one by one is just plain stupid when automated tools can do it for you with a mouse click. 

Hijackthis, for instance.. 1) It can do a lot of damage in the wrong hands.. 2) A lot of malware can detect it and avoid it. 3) Malware can detect a scan and actually block portions of the scan, or disable it altogether. 4) Some malware, which combofix and Smitfraudfix take care of, can not be deleted by Hijackthis, even though HJT detected it and *said* it was removing it.

I've been doing this for a long, long time as you probably were able to tell. When you're on the clock, you don't have time to screw around like people do in this forum.


----------



## lewcent

*Trying to contact SirKenin*

Sorry for this post in the wrong area, but computerforum.com won't let me post in the "equipment for sale" area.

I just want to ask you if you still have the following for sale?

used Dell R0224 Data/fax modem, front panel dual PCMCIA and front and rear firewire port assembly $50 (Dell 2400C and 4600C)

Thanks in advance,
and most sincere apologies to those in this forum for this off-topic post.

lewcent.


----------



## SirKenin

lewcent said:


> Sorry for this post in the wrong area, but computerforum.com won't let me post in the "equipment for sale" area.
> 
> I just want to ask you if you still have the following for sale?
> 
> used Dell R0224 Data/fax modem, front panel dual PCMCIA and front and rear firewire port assembly $50 (Dell 2400C and 4600C)
> 
> Thanks in advance,
> and most sincere apologies to those in this forum for this off-topic post.
> 
> lewcent.


 
I do have another set, yes..  Maybe post a thread in O/T and I'll respond there.


----------



## Punk

SirKenin said:


> Smitfraudfix does more than scan for smitfraud infections, actually.. And Combofix is always the first tool to use. It gets rid of a wide array of issues, and also tells you what files have recently been added to your computer, an excellent way to track down varmints.  Super Antispyware gets rid of the remainder, stuff that Spybot and Ad-aware, as useless as they are, are powerless to get rid of.
> 
> Going one by one is just plain stupid when automated tools can do it for you with a mouse click.
> 
> Hijackthis, for instance.. 1) It can do a lot of damage in the wrong hands.. 2) A lot of malware can detect it and avoid it. 3) Malware can detect a scan and actually block portions of the scan, or disable it altogether. 4) Some malware, which combofix and Smitfraudfix take care of, can not be deleted by Hijackthis, even though HJT detected it and *said* it was removing it.
> 
> I've been doing this for a long, long time as you probably were able to tell. When you're on the clock, you don't have time to screw around like people do in this forum.



Yeah but by analyzing a HJT log, you can locate and know what kind of infection is on the computer. from that you can choose the tool that will remove it, without, sometimes, using combofix or smitfraud. I've been doing this for a year already, took some training at different forums and learned from Buzz and Ceewi1 here, and by making automatically downloading combofix and smitfraudfix won't fix the problem most of the time...

And smitfraudfix isn't that easy to use when you don't know how to use it... You need to give them some information about this program instead of just throwing them at victims...

Anyway if you don't have the time to help someone then why bother post here?


----------



## SirKenin

Whatever training you may or may not have had is fine, but rather immaterial.

I've seen some of the posts in this particular forum, and it's mostly done the hard way... bass ackwards.

There's a simple process to follow. I appreciate that some people waste lots of times in forums, meticulously going through hijack logs, which more often than not do not present the whole picture.. and dealing with an infestation by killing one cockroach at a time.

That's fine, I suppose, if you have nothing better to do. The trick is to streamline the process.. People pay $65 an hour to have me clean their computers, and if I did it the way it's presented in this forum, first off many things would be missed.. Secondly the bill would be $1000.

In short, it's just done plain wrong. I clean an entire computer in 45 minutes. It takes you guys 2 weeks. Effective training, then, is focused on simplicity, efficiency and accuracy. The process, as presented throughout, is none of those.

It's your choice. Personally, I do it professionally repeatedlly, day in and day out. If this is where you got your training, it's inherantly flawed. Sorry.

edit: I'll give an example. I've seen infections that don't even show up in HJT because either a) they load themselves from other parts of the registry, or b) they detect HJT and hide from it, sometimes blocking out portions of the HJT scan.

One trick is to go into the %systemroot%, %systemroot%\System32, %root%, Application Data and Local Settings folders for all users, including the shared users, and searching for recently modified hidden files (marked as hidden and often system). Most of these HJT will not pick up on. What you've done, by following the instructions in these threads, is put a bandaid on the problem. You've dealt with a symptom, but not the root cause. They will be reinfected again within two weeks, pretty much guaranteed.

Combofix is deadly effective at finding those recently modified or added files. It's a critical component in the malware removal process and by ignoring it or not running it first you're doing your audience a huge injustice.


----------



## Punk

You're the man...


----------



## HydraHeaded

*HijackThis log.*

Woah! Big File: HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:30 AM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS.1\System32\smss.exe
C:\WINDOWS.1\system32\csrss.exe
C:\WINDOWS.1\system32\winlogon.exe
C:\WINDOWS.1\system32\services.exe
C:\WINDOWS.1\system32\lsass.exe
C:\WINDOWS.1\system32\Ati2evxx.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\System32\svchost.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\system32\ZONELABS\vsmon.exe
C:\WINDOWS.1\system32\Ati2evxx.exe
C:\WINDOWS.1\Explorer.EXE
C:\WINDOWS.1\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Spyware Doctor\svcntaux.exe
D:\Program Files\Spyware Doctor\swdsvc.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS.1\system32\wdfmgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS.1\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS.1\RTHDCPL.EXE
C:\Program Files\Huawei\MT882\dslagent.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS.1\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hijack This\HiJackThis.exe
C:\WINDOWS.1\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {826A5ED9-1316-4EFD-87F8-AA400C5D551A} - C:\WINDOWS.1\system32\mlJYPJCR.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Huawei\MT882\dslagent.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SDTray] "D:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows.1\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.1\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save page with WinMHT... - C:\Program Files\WinMHT\iewmht0.htm
O8 - Extra context menu item: Save selection with WinMHT... - C:\Program Files\WinMHT\iewmht2.htm
O8 - Extra context menu item: Use ViDown to download - C:\Program Files\ViDown\vd_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABC9AD18-99AB-4F25-8F72-629FCF281A4E}: NameServer = 218.248.240.208,61.1.96.71
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O20 - Winlogon Notify: mlJYPJCR - C:\WINDOWS.1\SYSTEM32\mlJYPJCR.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.1\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS.1\system32\ZONELABS\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: WIQ - Unknown owner - C:\DOCUME~1\Skynet\LOCALS~1\Temp\WIQ.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 8074 bytes

I hope this stuff helps, cos I can't make any sense outta all this


----------



## HydraHeaded

*Want more?*

I have got another log, something to do with Startup; actually I tried pasting it, but it is too big, and so the forum won't take it.

And one more thing: I got this thing called RapidDown (or some such name) from the net, it helps in downloading from Rapidshare, and I think Internet Explorer is trying to open its webpage. And one more thing: today I had another problem: in the morning, I just couldn't connect to the net. Then I called my net guy, and he asked me to go into the modem settings, and enter the username and password, and I did it; the strange thing is that I have been using this modem for more than a year now, and there have been different kind of problems, but the username and password never got wiped from the modem. It seems that something has got into the modem as well...

Still can't understand how stuff can install itself after all the different softs I have got running; what happens to those who don't use protection?


----------



## HydraHeaded

*DefenseWall HIPS*

I found this thing on the net, called DefenseWall HIPS, which claims to be better than an antivirus, and the next thing in security. Anyone tried it? Does it work?

And thanx for going through all this data; it must be tedious work.


----------



## GameMaster

> There's a simple process to follow. I appreciate that some people waste lots of times in forums, meticulously going through hijack logs, which more often than not do not present the whole picture.. and dealing with an infestation by killing one cockroach at a time.


I'll only quote this part because all the others are the same c**p.
Firstly, when you do ComboFix and SmitfraudFix ( especially automated ) you won't find all the infections and all. We ( who train(ed) ) use lot of tools and know them, because every tool has it's own power ( or targeting infection ). That way the cleaning process is much more thorough.
About the HijackThis not finding all the infection, it finds what the problem is in most of the times; for all other cases there are various scanners ( Deckard's System Scanner, F-Secure online scanner...) that won't ever fail you.

I've been taught that ComboFix is among the last tools to use. Although I see ceewi1 and other experts use it every time, that isn't their main tool and they always look deeper until the OP is completely clean. Cleaning someone's PC in 45 minutes will probably result in reinfecting...not the opposite.

Now please...

HydraHeaded, thank you for the HijackThis log. The log that was too big to post was probably the SmitfraudFix log but I don't think we'll need it this time 

Be right back in couple of minutes with a solution.


----------



## GameMaster

HydraHeaded:
Please don't talk about Rapidshire here. It's illegal downloading and it doesn't need to be mentioned in further cleaning process ( except for the uninstall list ).


Open HijackThis.
Click on *Open the Misc Tools section*.
Look under *System tools*.
Click on the *Open Uninstall Manager*... button.
Click on the *Save list*... button.
It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
Notepad will open. Please copy and paste the contents of this log in your next reply.
See in this link details.
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
We'll need the list to see what ( if any ) rogue or unecessery programs do you have installed.

Also:
Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do.  We will disable it until the machine is clean when it can be re-enabled.

_First step:_
 Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol) 
 If you have the new version 1.5, Click once on *Resident Protection*, then Right click the Spybot icon again and make sure *Resident Protection* is now *Unchecked*.  The Spybot icon in the System tray should now be now colorless. 
 If you have Version 1.4, Click on *Exit Spybot S&D Resident*
 _Second step, For Either Version :_
 Open Spybot S&D 
 Click *Mode*, choose *Advanced Mode* 
 Go To the bottom of the Vertical Panel on the Left, Click *Tools* 
 then, also in left panel, click *Resident* shows a red/white shield. 
 If your firewall raises a question, say *OK* 
 In the *Resident protection status* frame, *Uncheck* the box labeled *Resident "Tea-Timer"(Protection of over-all system settings) active* 
 *OK* any prompts. 
 Use *File, Exit* to terminate Spybot 
 *Reboot* your machine for the changes to take effect.
*Don't forget to re-enable it, when your computer is clean.*

Open your HijackThis again and choose *Do a system scan only.*
Check these entries ( if present ):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page
O2 - BHO: (no name) - {826A5ED9-1316-4EFD-87F8-AA400C5D551A} - C:\WINDOWS.1\system32\mlJYPJCR.dll
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing
O20 - Winlogon Notify: mlJYPJCR - C:\WINDOWS.1\SYSTEM32\mlJYPJCR.dll

Please close all open windows except the HijackThis and click *Fix checked.*
Reboot your computer.

*HOW TO DELETE AN NT SERVICE USING HJT* 

Open HijackThis and click on *Config*, then *Misc Tools,* and then press the *Delete an NT service*.. button. When it opens you should then enter the service name and press OK. 

*WIQ*

Close HijackThis.

To enable the viewing of Hidden files follow these steps: 
Close all programs so that you are at your desktop. 
Double-click on the* My Computer* icon. 
Select the* Tools menu* and click *Folder Options*. 
After the new window appears select the *View* tab. 
Put a checkmark in the checkbox labeled *Display the contents of system folders*. 
Under the* Hidden files and folders* section select the radio button labeled *Show hidden files and folders*. 
*Remove* the checkmark from the checkbox labeled *Hide file extensions for known file types*. 
*Remove* the checkmark from the checkbox labeled *Hide protected operating system files*. 
Press the* Apply* button and then the *OK* button and shutdown My Computer. 
Now your computer is configured to show all hidden files.

Using *Windows Explore *by right-clicking the *Start* button and left clicking *Explore* navigate to and find the following files: if found, delete them (some may not be present after previous steps): 

C:\WINDOWS.1\system32\*mlJYPJCR.dll*
(delete the bolded file/folder only! ).

Now please reboot your computer again.

In your next post please post:

New HijackThis log
Uninstall list
Tell about your problem, is it any better?

Please don't use rapidshire again and especially don't use P2P programs at least until the cleaning process is over. Some P2P programs and sites ( such as RapidShire and all the programs that go wit hit ) bring malwares and all cleaning is unuseful as you'll get reinfected again.


----------



## HydraHeaded

*The results.*

I did what all you asked:

Disabled Resident Protection, then in tools, in Resident, unchecked "Resident Tea-Timer" (earlier both were checked and active). Exited, restarted the compu.
Did a system scan only with HijackThis, and looked for the following entries:

    * R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    * R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page
    * O2 - BHO: (no name) - {826A5ED9-1316-4EFD-87F8-AA400C5D551A} - C:\WINDOWS.1\system32\mlJYPJCR.dll
    * O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing
    * O20 - Winlogon Notify: mlJYPJCR - C:\WINDOWS.1\SYSTEM32\mlJYPJCR.dll

Found all of them, and fixed them all, then restarted the computer.
After restart, went to HijackThis > Config > Misc Tools > Delete an NT service (actually I was not sure if I had to do it, but I still did it), and then typed WIQ for deletion, but got the message that the service is running, so disable it and then delete it. I could have done that (I think you go to services and do it), but wasn't sure, so didn't do anything.
Enabled viewing of hidden and protected system files, and allowed file extensions to be viewed.
Went to C:\WINDOWS.1\system32\, and found the file "mlJYPJCR.dll"; tried to delete it, but got the access denied type message, so went to BitDefender, and in AntiVirus, tried to use the quarantine feature, but that also failed (said it was not able to complete the action), so finally closed everything, opened HijackThis, and used the Tool of deleting a file, and selected "mlJYPJCR.dll". Restarted the compu.
On restart, went to C:\WINDOWS.1\system32\, and found that "mlJYPJCR.dll" was still there. 
Restarted the Spybot SD services.

The problem is still there; let me tell you what all the problems are: first, whenever the computer starts, it gives a message of New Hardware Found, which I cancel, though once I allowed it to run, but it just searched and then said that the hardware could not be installed; second, the little window keeps opening, asking whether I want to connect or work offline, I always cancel this, (and I have already uninstalled Internet Explorer from the Control Panel > Add Remove Software thing); third, Zone Alarm gives a warning every few minutes of having blocked the site 89.188.16.50. 

I am posting the logs now.

And yes, I tried to run ComboFix.exe, it changed the date time settings, and then in a command prompt window, it began a scan, saying it would typically take about ten minutes, and then all of a sudden the compu restarted on its own, and CheckDisk automatically started. I thought there might have been some other prob, so I ran ComboFix again, and again the same thing happened.

What exactly has got into my compu?

And hey, thanks for all the help that you are giving me.

uninstall_list OLD.txt:

3D Galaxy Journey Screensaver
3D World Atlas
3Planesoft Screensaver Manager 1.1
7 Wonders
7-Zip 4.57
A1Click Ultra PC Cleaner 1.01 (Registered Version)
Ad-Aware SE Professional
Adobe Flash Player Plugin
Adobe PageMaker 6.5
Adobe Reader 6.0
Age of Castles
Age Of Japan
Alchemy 1.2
Ancient Seal (remove only)
ATI Catalyst Control Center
ATI Display Driver
Atomica Deluxe 2.5
Aveyond
Beetle Bug 2 (remove only)
Bejeweled Deluxe 1.6z
Big Money Deluxe 1.11
BitDefender Internet Security v10
Bookworm Adventures Deluxe
Cablenut 4.08
Catan (remove only)
CDisplayEx 1.4
Chrysanth NETime Author [Trial]
Ciao Bella (remove only)
Codec Pack - All In 1 6.0.3.0
Combined Community Codec Pack 2008-01-24
Cradle of Rome (remove only)
DAEMON Tools
Dataone Usage Finder 2.0
Diamond Detective
Download Direct
Dynasty (remove only)
Dynomite 1.20
Ease MP3 WAV Converter 1.50
eMule
Escape From Paradise
Fairy Godmother Tycoon (remove only)
Fairy Jewels (remove only)
Fairy Treasure (remove only)
Fizzball
FLV Player 1.3.3
FTP Navigator
Google Talk (remove only)
Happy Hour
Hide IP Platinum 3.5
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Huawei MT882 USB ADSL Modem
Ice Cream Tycoon
Incrediball The Seven Sapphires (remove only)
InFlac 1.1.1
Java(TM) 6 Update 3
Jewel Quest 2
Jewels of Cleopatra
K-Lite Mega Codec Pack 1.17
Koi Fish 3D Screensaver 1.0
LaserJet 1020 series
LimeWire 4.16.6
LingvoSoft Talking Dictionary 2006 (English<->Hindi) for Windows
Luxor 2 (remove only)
Magic Ball 2 Magic Hearts (remove only)
Magic Ball 3 (remove only)
Magic ISO Maker v5.3 (build 0216)
Master of Defense (remove only)
Microsoft .NET Framework 2.0
Microsoft Office Professional Edition 2003
Microsoft Reader
Microsoft Visual C++ 2005 Redistributable
Mirror Magic Deluxe (remove only)
Mozilla Firefox (2.0)
MSXML 4.0 SP2 Parser and SDK
Mummy Maze Deluxe 1.1
Nero 7 Essentials
NingPo MahJong Deluxe 1.04
Noah's Ark Deluxe 1.1
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Passware Kit Enterprise 8.0
PC Connectivity Solution
PeerGuardian 2.0
Peggle (remove only)
Pirate Poppers (remove only)
Plantasia (remove only)
Power Voice II
QuickTime for Windows (32-bit)
Rainbow Mystery
REALTEK Gigabit and Fast Ethernet NIC Driver
Realtek High Definition Audio Driver
Reaxxion (remove only)
Registry Clean Expert
RegVac Registry Cleaner 5.01 (Registered Version)
Sandlot Games Client Services
Sandlot Games Client Services 1.2.2
SpongeBob SquarePants Bubble Rush! (remove only)
SpongeBob SquarePants Diner Dash (remove only)
SpongeBob SquarePants Obstacle Odyssey (remove only)
Spybot - Search & Destroy
Spyware Doctor 5.0
Super Granny 3 (remove only)
Sweet Home 3D version 1.2
Syberia
Tetris Game Gold
TipTop Deluxe 1.1
Tropic Ball (remove only)
Turtle Odyssey 2 (remove only)
TypingMaster Typing Test
Venice Deluxe
VideoLAN VLC media player 0.8.6c
ViDown FLV Downloader V0.8.3
Virtual Villagers - The Lost Children (remove only)
VobSub v2.23 (Remove Only)
War Chess
WAV MP3 Converter 2.3 build 733
Westward (remove only)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
WinHTTrack Website Copier 3.42
WinMHT
WinPcap 4.0
WinRAR archiver
Yahoo! Messenger
Zodiac Tower
ZoneAlarm Pro
Zune Desktop Theme

---
uninstall_list NEW.txt:

3D Galaxy Journey Screensaver
3D World Atlas
3Planesoft Screensaver Manager 1.1
7 Wonders
7-Zip 4.57
A1Click Ultra PC Cleaner 1.01 (Registered Version)
Ad-Aware SE Professional
Adobe Flash Player Plugin
Adobe PageMaker 6.5
Adobe Reader 6.0
Age of Castles
Age Of Japan
Alchemy 1.2
Ancient Seal (remove only)
ATI Catalyst Control Center
ATI Display Driver
Atomica Deluxe 2.5
Aveyond
Beetle Bug 2 (remove only)
Bejeweled Deluxe 1.6z
Big Money Deluxe 1.11
BitDefender Internet Security v10
Bookworm Adventures Deluxe
Cablenut 4.08
Catan (remove only)
CDisplayEx 1.4
Chrysanth NETime Author [Trial]
Ciao Bella (remove only)
Codec Pack - All In 1 6.0.3.0
Combined Community Codec Pack 2008-01-24
Cradle of Rome (remove only)
DAEMON Tools
Dataone Usage Finder 2.0
Diamond Detective
Download Direct
Dynasty (remove only)
Dynomite 1.20
Ease MP3 WAV Converter 1.50
eMule
Escape From Paradise
Fairy Godmother Tycoon (remove only)
Fairy Jewels (remove only)
Fairy Treasure (remove only)
Fizzball
FLV Player 1.3.3
FTP Navigator
Google Talk (remove only)
Happy Hour
Hide IP Platinum 3.5
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Huawei MT882 USB ADSL Modem
Ice Cream Tycoon
Incrediball The Seven Sapphires (remove only)
InFlac 1.1.1
Java(TM) 6 Update 3
Jewel Quest 2
Jewels of Cleopatra
K-Lite Mega Codec Pack 1.17
Koi Fish 3D Screensaver 1.0
LaserJet 1020 series
LimeWire 4.16.6
LingvoSoft Talking Dictionary 2006 (English<->Hindi) for Windows
Luxor 2 (remove only)
Magic Ball 2 Magic Hearts (remove only)
Magic Ball 3 (remove only)
Magic ISO Maker v5.3 (build 0216)
Master of Defense (remove only)
Microsoft .NET Framework 2.0
Microsoft Office Professional Edition 2003
Microsoft Reader
Microsoft Visual C++ 2005 Redistributable
Mirror Magic Deluxe (remove only)
Mozilla Firefox (2.0)
MSXML 4.0 SP2 Parser and SDK
Mummy Maze Deluxe 1.1
Nero 7 Essentials
NingPo MahJong Deluxe 1.04
Noah's Ark Deluxe 1.1
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Passware Kit Enterprise 8.0
PC Connectivity Solution
PeerGuardian 2.0
Peggle (remove only)
Pirate Poppers (remove only)
Plantasia (remove only)
Power Voice II
QuickTime for Windows (32-bit)
Rainbow Mystery
REALTEK Gigabit and Fast Ethernet NIC Driver
Realtek High Definition Audio Driver
Reaxxion (remove only)
Registry Clean Expert
RegVac Registry Cleaner 5.01 (Registered Version)
Sandlot Games Client Services
Sandlot Games Client Services 1.2.2
SpongeBob SquarePants Bubble Rush! (remove only)
SpongeBob SquarePants Diner Dash (remove only)
SpongeBob SquarePants Obstacle Odyssey (remove only)
Spybot - Search & Destroy
Spyware Doctor 5.0
Super Granny 3 (remove only)
Sweet Home 3D version 1.2
Syberia
Tetris Game Gold
TipTop Deluxe 1.1
Tropic Ball (remove only)
Turtle Odyssey 2 (remove only)
TypingMaster Typing Test
Venice Deluxe
VideoLAN VLC media player 0.8.6c
ViDown FLV Downloader V0.8.3
Virtual Villagers - The Lost Children (remove only)
VobSub v2.23 (Remove Only)
War Chess
WAV MP3 Converter 2.3 build 733
Westward (remove only)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
WinHTTrack Website Copier 3.42
WinMHT
WinPcap 4.0
WinRAR archiver
Yahoo! Messenger
Zodiac Tower
ZoneAlarm Pro
Zune Desktop Theme

---
hijackthis 10.04.08.log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49, on 2008-04-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS.1\System32\smss.exe
C:\WINDOWS.1\system32\csrss.exe
C:\WINDOWS.1\system32\winlogon.exe
C:\WINDOWS.1\system32\services.exe
C:\WINDOWS.1\system32\lsass.exe
C:\WINDOWS.1\system32\Ati2evxx.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\System32\svchost.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\system32\ZONELABS\vsmon.exe
C:\WINDOWS.1\system32\Ati2evxx.exe
C:\WINDOWS.1\Explorer.EXE
C:\WINDOWS.1\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Spyware Doctor\svcntaux.exe
D:\Program Files\Spyware Doctor\swdsvc.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS.1\system32\wdfmgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS.1\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS.1\RTHDCPL.EXE
C:\Program Files\Huawei\MT882\dslagent.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS.1\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Hijack This\HiJackThis.exe
C:\WINDOWS.1\system32\wbem\wmiprvse.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {826A5ED9-1316-4EFD-87F8-AA400C5D551A} - C:\WINDOWS.1\system32\mlJYPJCR.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Huawei\MT882\dslagent.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SDTray] "D:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.1\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save page with WinMHT... - C:\Program Files\WinMHT\iewmht0.htm
O8 - Extra context menu item: Save selection with WinMHT... - C:\Program Files\WinMHT\iewmht2.htm
O8 - Extra context menu item: Use ViDown to download - C:\Program Files\ViDown\vd_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABC9AD18-99AB-4F25-8F72-629FCF281A4E}: NameServer = 218.248.240.208,61.1.96.71
O20 - Winlogon Notify: mlJYPJCR - C:\WINDOWS.1\SYSTEM32\mlJYPJCR.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.1\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS.1\system32\ZONELABS\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: WIQ - Unknown owner - C:\DOCUME~1\Skynet\LOCALS~1\Temp\WIQ.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7684 bytes
---


----------



## HydraHeaded

*What's this?*

Found this thing: 

http://www.castlecops.com/postitle214069-0-0-.html

Has anything to do with my prob, cos my firewall gives the message of denying access to this IP address.


----------



## HydraHeaded

*Date Time setting messed up with...*

Ever since I ran ComboFix.exe, and it said that it was temporarily changing my Date Time settings, and then the computer restarted on its own without ComboFix completing its work, the Date Time settings have changed. Now, the time is shown in the 24 hours format (15:12), and if I change it back to the 12 hour format (03:13), then on next restart, it has again changed to the 24 hour format; also, earlier, when I placed the mouse pointer over the icon (at the bottom right), it would display the day and date in a single line, if I remember correctly, but now it shows it as 2008-04-10, and not as Tuesday or Wednesday. 
Double-clicking and opening the properties doesn't help; every restart changes the settings. Any other way to fix this problem?

Thanx.


----------



## ceewi1

I notice that you have started a thread at http://www.bleepingcomputer.com/forums/topic140642.html.  Trying to fix your problem at two forums concurrently is dangerous, as different helpers may have different ways of fixing a problem that interfere with each other, and wastes a lot of valuable Helper time.

Please select one forum to continue receiving help from and kindly ask the other to close your thread.


----------



## SirKenin

HydraHeaded said:


> Ever since I ran ComboFix.exe, and it said that it was temporarily changing my Date Time settings, and then the computer restarted on its own without ComboFix completing its work, the Date Time settings have changed. Now, the time is shown in the 24 hours format (15:12), and if I change it back to the 12 hour format (03:13), then on next restart, it has again changed to the 24 hour format; also, earlier, when I placed the mouse pointer over the icon (at the bottom right), it would display the day and date in a single line, if I remember correctly, but now it shows it as 2008-04-10, and not as Tuesday or Wednesday.
> Double-clicking and opening the properties doesn't help; every restart changes the settings. Any other way to fix this problem?
> 
> Thanx.


 
Yeah, go into the Regional and Language options to change it back.


----------



## HydraHeaded

*Waiting...*

I started the thread in that other forum, but as you can see, I have not received any proper answers there, and I hardly view it now. 

Here, I got decent replies in the beginning, but since the past some time, there hasn't been any response.


----------



## ceewi1

Please download *VundoFix.exe* to your desktop.
 Double-click *VundoFix.exe* to run it.
Click the *Scan for Vundo* button.
 Once it's done scanning, click the *Remove Vundo* button.
 You will receive a prompt asking if you want to remove the files,  click *YES*
 Once you click yes, your desktop will go blank as it starts removing Vundo.
 When completed, it will prompt that it will reboot your computer, click *OK*.
 Please post the contents of C:\*vundofix.txt* and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from Click the *Scan for Vundo* button. when VundoFix appears at reboot.

Please download *Deckard's System Scanner (DSS)* and save it to your Desktop.
Close all other windows before proceeding.
Double-click on *dss.exe* and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads *main.txt* and *extra.txt* -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of *main.txt* and *extra.txt* in your next reply.

Please post both the VundoFix log and the DSS log.


----------

