Jump to content

MS JUAN PROBLEM


NCMC
 Share

Recommended Posts

HI, I'M FOLLOWING INSTRUCTIONS I SAW FOR OTHERS WITH THE SAME PROB ABOUT THIS MS JUAN THAT MALWAREBYTES FINDS, DELETS AND THEN COMES RIGHT BACK. SO I'M PASTING THE LOG FILES FROM MB AND HIJACK THIS AS READ IN THE PREVIOUS FORUMS. HOPE THIS HELPS YOU HELP ME. THANKS.

Malwarebytes' Anti-Malware 1.31

Database version: 1567

Windows 5.1.2600 Service Pack 3

1/29/2009 9:17:09 PM

mbam-log-2009-01-29 (21-17-09).txt

Scan type: Quick Scan

Objects scanned: 59685

Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Delete on reboot.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:42:35 PM, on 1/29/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\system32\BrmfBAgS.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe

C:\WINDOWS\System32\nvsvc32.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\WINDOWS\system32\BRMFRSMG.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://moneycentral.msn.com/home.asp

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=50380

R3 - URLSearchHook: (no name) - {091d777d-1580-4415-8282-5975af610e18} - (no file)

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {091d777d-1580-4415-8282-5975af610e18} - (no file)

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [PPort9reminder] "C:\Program Files\ScanSoft\PaperPort\WebEreg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\9\Config\ereg.ini"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-20\..\Run: [zafimekini] Rundll32.exe "C:\WINDOWS\system32\viniyare.dll",s (User 'NETWORK SERVICE')

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Open with PDF Professional 2 - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Program Files\DATA BECKER\PDF Professional 2\pdfshell.dll

O9 - Extra 'Tools' menuitem: Open with PDF Professional 2 - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Program Files\DATA BECKER\PDF Professional 2\pdfshell.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1233029577640

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab

O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab

O20 - AppInit_DLLs: rqwvqc.dll c:\windows\system32\gasesila.dll c:\windows\system32\bufetoyo.dll ,

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NeatReceipts Database Controller - Digital Business Processes - C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

O23 - Service: WPEServ - MAUS Software - C:\Program Files\Common Files\WPE\wpeserv.exe

O23 - Service: YOICS Sharing Service - Unknown owner - C:\Program Files\Yoics\YOICS_SharingService.exe

O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--

End of file - 9314 bytes

Link to post
Share on other sites

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hi NCMC and welcome to Malwarebytes' :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.

  • The fixes are specific to your problem and should only be used for this issue on this machine!.

  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.

  • If you don't know, stop and ask! Don't keep going on.

  • Please reply to this thread. Do not start a new topic.

  • Refrain from running self fixes as this will hinder the malware removal process.

  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Extra note: Please be aware as I am still in training all of my fixes/posts require prior checking by a Expert. So some delays may be inevitable, please be patient and I will reply again asap.

In the interim would like to view a list of currently installed software applications on you're PC. How to provide as follows:

Run HiJackThis and click on Open the Misc Tools section.

  • Click Open Uninstall Manager...

  • Click Save list... and save it to your Desktop.

  • Copy and paste the file uninstall_list.txt into your next reply.

Link to post
Share on other sites

Hi NCMC and welcome to Malwarebytes' :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.

  • The fixes are specific to your problem and should only be used for this issue on this machine!.

  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.

  • If you don't know, stop and ask! Don't keep going on.

  • Please reply to this thread. Do not start a new topic.

  • Refrain from running self fixes as this will hinder the malware removal process.

  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Extra note: Please be aware as I am still in training all of my fixes/posts require prior checking by a Expert. So some delays may be inevitable, please be patient and I will reply again asap.

In the interim would like to view a list of currently installed software applications on you're PC. How to provide as follows:

Run HiJackThis and click on Open the Misc Tools section.

  • Click Open Uninstall Manager...

  • Click Save list... and save it to your Desktop.

  • Copy and paste the file uninstall_list.txt into your next reply.

Link to post
Share on other sites

THANKS SO MUCH. JUST FOLLOWED YOUR FIRST INSTRUCTION. WASN'T SURE IF I'M COPY AND PASTING CORRECTLY SO I COPIED TEXT FOR YOU AS WELL.

DON S.

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.1.2

ArcSoft MediaConverter 2

avast! Antivirus

Best Buy Digital Music Store

Best Buy Rhapsody

Brother MFL-Pro Suite

Business Cards

CCleaner (remove only)

Collection Cruiser 2.0.1

Compound Interest Calculator

Conexant SmartHSFi V.9x 56K DF PCI Modem

Costco Photo Organizer

Coupon Printer for Windows

CutePDF Writer 2.7

Dell Digital Jukebox Driver

Dell Media Experience

Dell Solution Center

Dell Support

DVD Decrypter (Remove Only)

DVD Shrink 3.2

DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.1.0

DVDFab Platinum

DVDSentry

EarthLink Setup Files

eFax Messenger 4.3

ESET NOD32 Antivirus

Exact Audio Copy 0.99pb3

Foxit PDF Editor

Go Daddy Software Photo CD

Google Earth

Google Updater

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

HP Product Detection

HSH Home Buyer's Calculator Suite, 2.2.05

Intel® PRO Network Adapters and Drivers

Intel® PROSet

Internet Explorer Default Page

Jasc Paint Shop Photo Album

Jasc Paint Shop Pro 8 Dell Edition

Java 2 Runtime Environment, SE v1.4.2

Java 6 Update 11

Java 6 Update 7

Jezzball Deluxe

JLC's Internet TV

Learn2 Player (Uninstall Only)

LimeWire 4.18.8

LocationFree Player

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft ActiveSync

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Encarta Encyclopedia Standard 2004

Microsoft Money 2006

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (NR2007)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft User-Mode Driver Framework Feature Pack 1.0

Modem Helper

Money Mastery - Master Plan 5.1

Mozilla Firefox (3.0.5)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 6.0 Parser

Musicmatch

uninstall_list.txt

uninstall_list.txt

Link to post
Share on other sites

Hi :D

I apoligise for the delay, I had some personal matters to attend to.

OK, I have a few questions first If I may, before we proceed:

  • You have several applications installed not normally associated with a Home/Personal Computer namely:
    NeatReceipts
    Cisco/Pure Networks
    PaperPort
  • Are you aware of the above and or did you install this yourself ?
  • Is this Computer used for either business related activities or just for personal use only ?
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.