Bd Not Removing Malware / Virus

BobHelms

I've read Conrad's post and I also have the same problem he does. Would I need to also send a deep scan log. I ran one and it didn't find anything. Thanks

Bob Helms

csalgau

Attach the log regardless, along with an AVIS scan log and AVIS Complete System Log.

Any data that might be in the log could be relevant.

BobHelms

Attach the log regardless, along with an AVIS scan log and AVIS Complete System Log.

Any data that might be in the log could be relevant.

I have uploaded the Deep Scan log file I don't know or understand what a AVIS file is, please advise. Thanks

/applications/core/interface/file/attachment.php?id=2666" data-fileid="2666" rel="">1212364220_1_00.xml

csalgau

AVIS can be found here

Please run extract and run the program.

On the System Information tab select Complete and then Create log.

After it has finished, access the Scan Tab, select Deep Scan, Ignore object, leave the others to their default settings, and click Start Scan.

The first log will be generated in a zip on your desktop. The other will be available in AVIS's foder, after you close the scan window, as scan.log.

Please attach the files in their original, unmodified form, to your next post.

BobHelms

AVIS can be found here

Please run extract and run the program.

On the System Information tab select Complete and then Create log.

After it has finished, access the Scan Tab, select Deep Scan, Ignore object, leave the others to their default settings, and click Start Scan.

The first log will be generated in a zip on your desktop. The other will be available in AVIS's foder, after you close the scan window, as scan.log.

Please attach the files in their original, unmodified form, to your next post.

I attempted to follow your instructions as best I could but be advised that the following steps were done:

I did not see an opportunity to Create log on the System Infomation Tab

I ran the Deep scan with Ignore Object, other options were unchanged

There wasn't an option to Close after the scan, just Cancel or Minimize, I chose Cancel

There were 2 files created to the Desktop after Sending files, Create Log & Compress log were executed

I hopefully have attached both of those to this post

Please Advise, Thank you.

/applications/core/interface/file/attachment.php?id=2684" data-fileid="2684" rel="">1212364220_1_00.xml

/applications/core/interface/file/attachment.php?id=2685" data-fileid="2685" rel="">BitDefender_AVIS.rar

BobHelms

Further symptoms:

It causes CTFMON.exe not close properly. Causes IE7 to launch with BLANK screen and no Tool Bars. Also causing errors in Logitech mouse driver.

csalgau

Unfortunately both files are useless. The first is the same log you provided before. The second file is the file you downloaded from the forum.

I'll try and explain the steps again.

First extract the archive somewhere on your drive.

Once you start the program, make sure you're using the English interface by ensuring you see "En" in the top right corner. If you see Ro, click the text and select English.

On the left side you will see 5(five) tabs. Select the second tab - Scan. Check Deep Scan and Ignore object. Click start Scan in the lower right corner. Once the scan is over, click Cancel and search for scan.log in the folder you unpacked AVIS to. So in case you unpacked AVIS to c:\AVIS\, you should attach c:\AVIS\scan.log.

Next switch to the System Info tab. On this tab you should select Complete under System log type and leave the other settings as they are. Click Create log in the lower right corner of the window. Once the process is finished the small window should close and you should be back at the AVIS main window. Close the program and upload the new file on your desktop. It should be named bd_sys_log.xml.zip(you might not see the .zip extension)

Please ask if I missed anything.

BobHelms

I'm not doing a very good job of following your directions, sorry.

Did another execution of AVIS. When I click on the AVIS.exe it does a build of some sort and places a BD icon in the 'System Tray'. I clicked on that icon and the AVIS app starts up. It does the scan and when it finishes I clicked on cancel and it then sends a file? somewhere over my internet connection. I did a search for 'scan.log' and no files by that name were found. I hope I've created the 'System Log' correctly this time, it is attached. Thanks again for your time and help.

BobHelms

For whatever reason(s) I'm unable to attach bd_sys_log.xml.zip. When I click on upload it just spins without any result. Please asdvise.

AndreiASM

We may have problems with attachementes. Please retry again later, if it still doesn`t work, please send it via a PM to Catalin and to me.

Best regards!

BobHelms

I tried PM, could not get that to upload either, it's 23:50:00 EDT. I'll try again 08/26 10:00:00 EDT. Is there an email solution available? Thanks for your help.

AndreiASM

You can try sending it to me : andrei_vlad_smen [AT] yahoo dot com. (you replace [AT] with and dot with .).

Best regards!

BobHelms

You can try sending it to me : andrei_vlad_smen [AT] yahoo dot com. (you replace [AT] with and dot with .).

Best regards!

I have not heard from you since resending the AVIS log via private email, so I trust you have received it. Please advise if this is not the case. Thanks again for your help.

Bob Helms

BobHelms

Hi Andrei;

Were the logs I supplied to you and help? The BD Support Team hasn't come up with any help so far. I'm leaning toward a reinstall of IE7 and moving all my browser traffic to Firefox. In the meanwhile I'm using Netscape 7.2 and getting by. Thanks again for your help.

BobHelms

Hello Andrei and or Catalin;

My need to remove this "whatever it is" has escalated somewhat. I only encounterd this problem when I used IE7 so I've been using my Netscape 7.2 browser but I have found that my finanicial software (Microsoft Money) uses IE7 to do some of it's online functions, imagine that, and I'm running into the same symptoms / problems. They are:

No toolbars after initial launch of IE7. After relaunching IE7 I get unwanted pop up windows for antivirus ads. After closing IE7 I experience CTF Loader errors, power monitor errors (I'm using a Thinkpad) and my Logitech Setpoint Event Manager (wireless USB mouse) breaks.

Other than the AVIS log I've sent Andrei what else can I do to help in this cause? I running XP Pro SP2. I'm current on BD updates and I've been running a full system scans every day with no problems found. Thank you.

Niels

Hello BHelms,

Can you please download combofix you will find it here. Print the following instructions and read them carefully. Please post the output of the scan into your next post. So I or someone else can see if there is still some infections.

Kind regards,

Niels

BobHelms

Hello BHelms,

Can you please download combofix you will find it here. Print the following instructions and read them carefully. Please post the output of the scan into your next post. So I or someone else can see if there is still some infections.

Kind regards,

Niels

Hi Niels;

Here is the ComboFix log. Thank you.

ComboFix 08-09-05.14 - Bob 2008-09-10 11:01:34.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894 [GMT -4:00]

Running from: C:\Documents and Settings\Bob\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Bob\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Bob\Cookies\bob@2o7[2].txt

C:\Documents and Settings\Bob\Cookies\bob@a.macworld[1].txt

C:\Documents and Settings\Bob\Cookies\bob@a.timewarnercable[1].txt

C:\Documents and Settings\Bob\Cookies\bob@a12.bellsouth[2].txt

C:\Documents and Settings\Bob\Cookies\bob@ad.yieldmanager[2].txt

C:\Documents and Settings\Bob\Cookies\bob@ads.pointroll[1].txt

C:\Documents and Settings\Bob\Cookies\bob@ads.revsci[2].txt

C:\Documents and Settings\Bob\Cookies\bob@advertising[1].txt

C:\Documents and Settings\Bob\Cookies\bob@bellsouth.inq[2].txt

C:\Documents and Settings\Bob\Cookies\bob@bluestreak[1].txt

C:\Documents and Settings\Bob\Cookies\bob@ehg-bellsouth.hitbox[2].txt

C:\Documents and Settings\Bob\Cookies\bob@ehg-dig.hitbox[2].txt

C:\Documents and Settings\Bob\Cookies\bob@ehg-oreilly.hitbox[1].txt

C:\Documents and Settings\Bob\Cookies\bob@ehg-verizon.hitbox[2].txt

C:\Documents and Settings\Bob\Cookies\bob@ehg.fedex[1].txt

C:\Documents and Settings\Bob\Cookies\bob@hb.pcworld[1].txt

C:\Documents and Settings\Bob\Cookies\bob@indextools[2].txt

C:\Documents and Settings\Bob\Cookies\bob@insightexpressai[2].txt

C:\Documents and Settings\Bob\Cookies\bob@main.ebayrtm[2].txt

C:\Documents and Settings\Bob\Cookies\bob@phg.hitbox[2].txt

C:\Documents and Settings\Bob\Cookies\bob@questionmarket[2].txt

C:\Documents and Settings\Bob\Cookies\bob@revsci[1].txt

C:\Documents and Settings\Bob\Cookies\bob@ringrockstarz[2].txt

C:\Documents and Settings\Bob\Cookies\bob@statcounter[1].txt

C:\Documents and Settings\Bob\Cookies\bob@track.bestbuy[2].txt

C:\Documents and Settings\Bob\Cookies\bob@www.onlineeei[2].txt

C:\Documents and Settings\Bob\Cookies\bob@www35.vzw[1].txt

C:\WINDOWS\Downloaded Program Files\ODCTOOLS

C:\WINDOWS\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab

C:\WINDOWS\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab

C:\WINDOWS\jestertb.dll

C:\WINDOWS\system32\__c00A0B12.dat

C:\xcrashdump.dat

.

((((((((((((((((((((((((( Files Created from 2008-08-10 to 2008-09-10 )))))))))))))))))))))))))))))))

.

2008-09-07 01:12 . 2008-09-10 10:38 <DIR> d-------- C:\Documents and Settings\Bob\Cache

2008-08-24 00:33 . 2008-08-24 00:32 410,976 --a------ C:\WINDOWS\system32\deploytk.dll

2008-08-24 00:33 . 2008-08-24 00:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-24 00:10 . 2008-08-24 00:12 15,336,856 --a------ C:\temp\jre-6u10-beta-windows-i586-p.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-05 05:00 --------- d-----w C:\Program Files\Ares Ultra

2008-08-24 04:32 --------- d-----w C:\Program Files\Java

2008-08-11 06:05 --------- d-----w C:\Documents and Settings\Bob\Application Data\U3

2008-08-05 14:41 --------- d-----w C:\Program Files\FrRefEng

2008-08-01 05:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir

2008-07-31 14:43 --------- d-----w C:\Program Files\Common Files\Adobe

2008-07-31 14:42 --------- d-----w C:\Documents and Settings\Bob\Application Data\AdobeUM

2008-07-19 17:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-07-12 18:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd

2008-07-12 18:56 --------- d-----w C:\Documents and Settings\Bob\Application Data\Logitech

2008-07-12 18:55 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-07-12 18:55 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2008-07-12 18:53 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-12 18:53 --------- d-----w C:\Program Files\Logitech

2008-07-12 18:53 --------- d-----w C:\Program Files\Common Files\Logishrd

2008-07-12 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech

2008-07-12 18:52 --------- d-----w C:\Documents and Settings\Bob\Application Data\InstallShield

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-03 68856]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2003-12-25 20480]

"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2003-12-25 394752]

"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 208896]

"QCTRAY"="C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2004-03-12 663552]

"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2003-12-25 106496]

"HP Lamp"="C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe" [1998-11-24 42496]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-19 196608]

"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-07-03 368640]

"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-08-24 136600]

"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-04 C:\WINDOWS\system32\irprops.cpl]

"TpShocks"="TpShocks.exe" [2003-12-17 C:\WINDOWS\system32\TpShocks.exe]

"TP4EX"="tp4ex.exe" [2002-09-04 C:\WINDOWS\system32\TP4EX.exe]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-08-03 24576]

HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2004-09-01 282624]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-12 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 02:42 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]

path=C:\Documents and Settings\Bob\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk

backup=C:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2004-02-11 00:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

--a------ 2003-10-22 04:04 114741 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IBM Warranty Notification]

--a------ 2004-03-12 18:24 106496 C:\Program Files\IBM\acp\ERTS0749\ERTS0749.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]

--a------ 2004-01-20 17:28 581632 C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IBMPRC]

--a------ 2004-03-19 15:12 90112 C:\IBMTOOLS\utils\ibmprc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QCWLICON]

--a------ 2004-03-12 06:10 49152 C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

--a------ 2003-11-19 12:56 512000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]

--a------ 2003-11-19 12:56 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]

--a------ 2004-03-10 13:10 94208 C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]

--a------ 2003-10-24 02:39 897024 C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UC_Start]

--a------ 2003-09-30 18:39 36864 C:\Program Files\IBM\Updater\ucstartup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

--a------ 2003-08-19 04:01 110592 c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]

--a------ 2001-09-04 19:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3TRAY2]

--a------ 2001-10-12 02:32 69632 C:\WINDOWS\system32\S3Tray2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2003-12-17 58568]

R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2004-03-12 9728]

R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2004-03-12 2295]

R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2003-12-25 15360]

R2 ibmfilter;ibmfilter;C:\WINDOWS\System32\drivers\ibmfilter.sys [2004-03-19 63872]

R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-08-24 147456]

R2 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2003-12-15 4433]

S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2004-03-12 12288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c5fd613-9983-11dc-b499-000d60f83559}]

\Shell\AutoRun\command - G:\LaunchU3.exe -a

.

Contents of the 'Scheduled Tasks' folder

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-IBM RecordNow! - (no file)

HKLM-Run-UC_SMB - (no file)

Notify-__c002B606 - C:\WINDOWS\system32\__c002B606.dat

Notify-__c00A0B12 - C:\WINDOWS\system32\__c00A0B12.dat

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = about:blank

O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: {BE415DD9-C50D-46AA-9B5D-37F2EEBBBFE6} - hxxps://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab

C:\WINDOWS\Downloaded Program Files\acpcontroller.inf

C:\WINDOWS\system32\capicom.dll

C:\WINDOWS\Downloaded Program Files\acpcontroller2.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-10 11:08:45

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]

"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]

"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\Ati2evxx.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\S24EvMon.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\WINDOWS\system32\QCONSVC.EXE

C:\WINDOWS\system32\RegSrvc.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\TpKmpSvc.exe

C:\PROGRA~1\ThinkPad\CONNEC~1\QCTRAY.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2008-09-10 11:17:24 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-10 15:17:14

Pre-Run: 23,272,140,800 bytes free

Post-Run: 23,315,861,504 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

231

Niels

Hello BHelms,

Do you still have any problems? I couldn't find anything suspicious in your logfile.

Kind regards,

Niels

BobHelms

Hello BHelms,

Do you still have any problems? I couldn't find anything suspicious in your logfile.

Kind regards,

Niels

Hi Niels,

I've been using IE7 for a while this afternoon, no problems encountered so far. Can I leave the ComboFix as is or is any followup deinstall required? I noticed it did a lot of updates to my registry and I'm trusting all that was OK. During the ComboFix scan I didn't see anything that would indicate that some undesirable malware or virus was removed. Is that the norm? Also was any information gained out of this event that allowed BD to distribute updates that would prevent others from dealing with what ever I was infected with? Thank you, Andrei and Catalin for all your collective help!

Best wishes,

Bob Helms

Niels

Hello BHelms,

Normally the detection should be added because you send it to Andrei.

But to be sure can you please send me a personal message with the attachment on this forum. Or try to uploading it again. Be sure that the file size don't exceed 2 MB.

To uninstall Combofix please do this press the windows button together with r now type this

ComboFix /u press enter.

That is absolutely normal that during the scan you will not see if anything is removed. That is only visible in the scanreport.

Kind regards,

Niels