Jump to content

MS Juan and MS Track System Recurring Registry Entries


Fleeshy

Recommended Posts

Hi,

I've been having a few problems in the last few days - random pop-ups, Firefox browser starting up on it's own and my Firewall and Automatic Updates being switched off. I ran full scans with AVG, Ad-Aware, Spybot, SuperAnti-Spyware and Mallwarebytes - this seemed to fix most of the problems but I still can't get rid of the recurring registry entries for MS Juan and MS Track System.

I've run the three programs (MBAM, Panda & HijackThis) as suggested in this forum's sticky. Here are the results -

Malwarebytes' Anti-Malware 1.31

Database version: 1533

Windows 5.1.2600 Service Pack 2

22/12/2008 23:50:23

mbam-log-2008-12-22 (23-50-23).txt

Scan type: Quick Scan

Objects scanned: 59729

Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

----------------------------------------------------------------------------------------------------------------------------------------------------------------

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-22 23:42:29

PROTECTIONS: 1

MALWARE: 17

SUSPECTS: 5

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

AVG Anti-Virus Free 8.0 Yes Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00029434 spyware/virtumonde Spyware No 1 Yes No hkey_local_machine\software\microsoft\ms track system

00029434 spyware/virtumonde Spyware No 1 Yes No hkey_local_machine\software\microsoft\ms juan

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[2].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[3].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt

00509861 Hacktool/AngryScan HackTools No 1 Yes No C:\Program Files\Bluetack\Blocklist Manager\Tools\ipscan.exe

00730748 Trj/Ldpinch.WE Virus/Trojan No 1 Yes No C:\WINDOWS\system32\Clock_Tower_3D_Screensaver.scr

03275468 Hacktool/AngryScan HackTools No 1 Yes No D:\Fleesh's Stuff\Patches Drivers and Programs\Programs\Utilities\BLMInstall277.exe

03324609 Adw_SafeNow.gen Spyware No 0 Yes No D:\Fleesh's Stuff\Patches Drivers and Programs\Programs\Utilities\Win XP Themes\Boot Screens\X-Ray XP Boot Screen.exe

03324609 Adw_SafeNow.gen Spyware No 0 Yes No D:\Fleesh's Stuff\Patches Drivers and Programs\Programs\Utilities\Win XP Themes\Boot Screens\Skull XP Boot Screen.exe

03857954 Generic Trojan Virus/Trojan No 0 Yes No D:\Fleesh's Stuff\Patches Drivers and Programs\Programs\Media Programs\CoreAVC Professional Edition\keygen.exe

04435059 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Owner\Desktop\ComboFix.exe

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

;===============================================================================

================================================================================

=

===================

No C:\WINDOWS\system32\Earth_3D_Screensaver.scr

No C:\WINDOWS\system32\eleryx.dll

No C:\WINDOWS\system32\hjctyobj.dll

No G:\Torrent Downloads\Screensavers\Screensaver(Wasime900)\3D Outer Space 1.0\3D Outer Space 1.0.rar[3D Outer Space 1.0\Keygen\keygen.exe]

No G:\Torrent Downloads\Screensavers\Screensaver__2008___Wasime900_.part1.rar[screensaver(Wasime900)\3D Outer Space 1.0\3D Outer Space 1.0.rar][3D Outer Space 1.0\Keygen\keygen.exe]

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:51:31, on 22/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AlienGUIse\wbload.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Razer\DeathAdder\razerhid.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Razer\DeathAdder\razertra.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Razer\DeathAdder\razerofa.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\CursorXP\CursorXP.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\MediaSource5\MtdAcqu.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: {9291fb81-014c-4068-da04-85c0fda6e56a} - {a65e6adf-0c58-40ad-8604-c41018bf1929} - C:\WINDOWS\system32\eleryx.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe

O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.11\RivaTuner.exe" /S

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Audio Pack Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--

End of file - 9583 bytes

Any help would be much appreciated!

:)

Link to post
Share on other sites

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***

Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please post back the following on your next reply:

C:\ComboFix.txt

New HijackThis log.

Link to post
Share on other sites

OK, here are the Combofix and new HijackThis logs -

ComboFix 08-12-23.01 - Owner 2008-12-23 20:36:04.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1449 [GMT 0:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Owner\Application Data\inst.exe

c:\windows\jestertb.dll

c:\windows\system32\eleryx.dll

c:\windows\system32\hjctyobj.dll

c:\windows\system32\qrcajjfk.dll

.

((((((((((((((((((((((((( Files Created from 2008-11-23 to 2008-12-23 )))))))))))))))))))))))))))))))

.

2008-12-22 23:50 . 2008-12-22 23:50 <DIR> d-------- c:\program files\Trend Micro

2008-12-22 22:31 . 2008-12-22 22:31 <DIR> d-------- c:\program files\Panda Security

2008-12-22 22:31 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2008-12-21 22:12 . 2008-12-21 22:12 <DIR> d-------- c:\program files\SUPERAntiSpyware

2008-12-21 22:12 . 2008-12-21 22:12 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com

2008-12-21 22:12 . 2008-12-21 22:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2008-12-21 16:16 . 2008-12-21 16:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-21 16:16 . 2008-12-21 16:16 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes

2008-12-21 16:16 . 2008-12-21 16:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-21 16:16 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-21 16:16 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-21 15:55 . 2008-12-21 15:54 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys

2008-12-21 15:54 . 2008-12-21 15:55 <DIR> d-------- c:\documents and settings\Owner\.housecall6.6

2008-12-21 04:42 . 2008-12-21 04:42 95 --a------ c:\windows\wininit.ini

2008-12-13 13:56 . 2008-12-13 13:56 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-13 13:42 . 2008-12-13 13:42 <DIR> d-------- c:\program files\iTunes

2008-12-13 13:42 . 2008-12-13 13:42 <DIR> d-------- c:\program files\iPod

2008-12-13 13:42 . 2008-12-13 13:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-12-13 13:41 . 2008-12-13 13:42 <DIR> d-------- c:\program files\QuickTime

2008-12-13 13:41 . 2008-12-13 13:41 <DIR> d-------- c:\program files\Common Files\Apple

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-21 22:12 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-21 21:28 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-21 20:34 --------- d-----w c:\program files\MKVtoolnix

2008-12-21 20:34 --------- d-----w c:\program files\Fraps

2008-12-21 20:34 --------- d-----w c:\program files\FlashGet

2008-12-21 20:34 --------- d-----w c:\program files\Dream Aquarium

2008-12-21 20:34 --------- d-----w c:\program files\DivX

2008-12-21 20:34 --------- d-----w c:\program files\AGEIA Technologies

2008-12-21 04:30 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-12-20 02:05 --------- d-----w c:\documents and settings\Owner\Application Data\M3

2008-12-14 22:47 201,352 ----a-w c:\windows\system32\PnkBstrB.exe

2008-12-14 22:47 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-12-14 22:24 --------- d-----w c:\documents and settings\Owner\Application Data\uTorrent

2008-12-13 13:42 --------- d-----w c:\program files\Bonjour

2008-12-13 13:41 --------- d-----w c:\program files\Apple Software Update

2008-12-13 13:32 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-12-08 19:40 --------- d-----w c:\program files\PeerGuardian2

2008-11-14 01:10 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2008-10-26 01:30 1,082,880 ----a-w c:\windows\system32\AutoPartNt.exe

2008-10-25 01:37 --------- d-----w c:\program files\RivaTuner v2.11

2008-10-25 01:23 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles

2008-10-24 11:39 66,872 ----a-w c:\windows\system32\PnkBstrA.exe

2008-10-24 11:39 22,328 ----a-w c:\documents and settings\Owner\Application Data\PnkBstrK.sys

2008-10-24 11:39 2,250,024 ----a-w c:\windows\system32\pbsvc.exe

2008-10-24 11:36 --------- d--h--w c:\program files\InstallShield Installation Information

2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll

2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll

2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll

2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE

2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-03-04 22:38 47,360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys

2007-05-13 18:20 1 ----a-w c:\documents and settings\Owner\SI.bin

2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll

2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.16\AsRunHelp.exe" [2006-11-14 363008]

"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-01-08 81920]

"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 1261475]

"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]

"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]

"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-05-07 159744]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.11\RivaTuner.exe" [2008-09-16 2715648]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

"CTHelper"="CTHELPER.EXE" [2006-08-17 c:\windows\CTHELPER.EXE]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 c:\windows\system32\CTXFIHLP.EXE]

"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

"NvMediaCenter"="NvMCTray.dll" [2008-10-07 c:\windows\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-20 22:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll,avgrsstx.dll eleryx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i420vfw.dll

"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"f:\\Games\\Valve\\Steam\\SteamApps\\fleeshster\\sin episodes emergence\\SinEpisodes.exe"=

"c:\\Program Files\\Xfire\\xfire.exe"=

"f:\\Games\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=

"f:\\Games\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

"f:\\Games\\Valve\\Steam\\SteamApps\\fleeshster\\day of defeat source\\hl2.exe"=

"f:\\Games\\Valve\\Steam\\SteamApps\\fleeshster\\half-life 2 deathmatch\\hl2.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\BfVietnam.exe"=

"f:\\Games\\Valve\\Steam\\SteamApps\\fleeshster\\source sdk base\\hl2.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

"f:\\Games\\Valve\\Steam\\Steam.exe"=

"f:\\Games\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"f:\\Games\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"e:\\Games 2\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

"f:\\Games\\Unreal Tournament 3\\Binaries\\UT3.exe"=

"f:\\Games\\Valve\\Steam\\SteamApps\\fleeshster\\team fortress 2\\hl2.exe"=

"m:\\Games

Link to post
Share on other sites

Please uninstall the following software:

Adobe Reader 8 Out of date and exploited...install the latest version Here.

PeerGuardian2

uTorrent

Reboot when the uninstalls complete.

Please open a blank Notepad by clicking start-->run

Then, in the run box type Notepad.exe and click "OK".

Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!

File::

c:\windows\Tasks\zlagthjt.job

Folder::

c:\documents and settings\Owner\Application Data\uTorrent

c:\program files\PeerGuardian2

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=-

"AppInit_DLLs"="wbsys.dll,avgrsstx.dll"

Link to post
Share on other sites

OK, all three programs are now uninstalled (haven't bothered re-installing Adobe Reader again - I'll do that once my system is clean).

Here's the new Combofix log -

ComboFix 08-12-23.01 - Owner 2008-12-24 17:20:39.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1449 [GMT 0:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

* Created a new restore point

FILE ::

c:\windows\Tasks\zlagthjt.job

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Owner\Application Data\uTorrent

c:\documents and settings\Owner\Application Data\uTorrent\1408[2007]DvDrip[Eng]-aXXo.torrent

c:\documents and settings\Owner\Application Data\uTorrent\8.Out.of.10.Cats.S01-S04.PDTV.XviD.torrent

c:\documents and settings\Owner\Application Data\uTorrent\BBC.Hotel.California.LA.from.the.Byrds.to.the.Eagles.2007.DVBC.XviD.MP3.MVG

roup.org.avi.torrent

c:\documents and settings\Owner\Application Data\uTorrent\Blackadder's Christmas Carol [1988].avi.torrent

c:\documents and settings\Owner\Application Data\uTorrent\Blackadder - Series 1.torrent

c:\documents and settings\Owner\Application Data\uTorrent\Blackadder - Series 2.torrent

c:\documents and settings\Owner\Application Data\uTorrent\Blackadder - Series 3.torrent

c:\documents and settings\Owner\Application Data\uTorrent\Blackadder - Series 4.torrent

c:\documents and settings\Owner\Application Data\uTorrent\Blackadder - The Cavalier Years.avi.torrent

c:\documents and settings\Owner\Application Data\uTorrent\BlackAdder Extras.torrent

c:\documents and settings\Owner\Application Data\uTorrent\dht.dat

c:\documents and settings\Owner\Application Data\uTorrent\dht.dat.old

c:\documents and settings\Owner\Application Data\uTorrent\Harry Potter And The Order Of The Phoenix 2007 DVDRip + Sub NL .srt.torrent

c:\documents and settings\Owner\Application Data\uTorrent\Have I Got News For You - Series 32 (2006) [uN (XviD)].torrent

c:\documents and settings\Owner\Application Data\uTorrent\Mary Whitehouse Experience (Comedy).torrent

c:\documents and settings\Owner\Application Data\uTorrent\Mighty Boosh Live -Brixton 2006.torrent

c:\documents and settings\Owner\Application Data\uTorrent\Mock The Week s06e05 (7th Aug 2008) [PDTV (DivX)].avi.torrent

c:\documents and settings\Owner\Application Data\uTorrent\Mock The Week s06e06.avi.torrent

c:\documents and settings\Owner\Application Data\uTorrent\Mock The Week S06E07 (21st August 2008) [WS.PDTV (XVID)].avi.torrent

c:\documents and settings\Owner\Application Data\uTorrent\Mock the Week.torrent

c:\documents and settings\Owner\Application Data\uTorrent\mock.the.week.s06e01.ws.pdtv.xvid-martyr.avi.torrent

c:\documents and settings\Owner\Application Data\uTorrent\mock.the.week.s06e02.ws.pdtv.xvid.avi.torrent

c:\documents and settings\Owner\Application Data\uTorrent\mock.the.week.s06e03.ws.pdtv.xvid.avi.torrent

c:\documents and settings\Owner\Application Data\uTorrent\mock.the.week.s06e04.ws.pdtv.xvid.avi.torrent

c:\documents and settings\Owner\Application Data\uTorrent\Never Mind the Buzzcocks - S19.torrent

c:\documents and settings\Owner\Application Data\uTorrent\Never Mind the Buzzcocks - Season 20.torrent

c:\documents and settings\Owner\Application Data\uTorrent\PerfectWorld-S1.torrent

c:\documents and settings\Owner\Application Data\uTorrent\resume.dat

c:\documents and settings\Owner\Application Data\uTorrent\resume.dat.old

c:\documents and settings\Owner\Application Data\uTorrent\settings.dat

c:\documents and settings\Owner\Application Data\uTorrent\settings.dat.old

c:\documents and settings\Owner\Application Data\uTorrent\The British Comedy Awards 2008 (6th December 2008) [PDTV(XviD)] bobuk.torrent

c:\documents and settings\Owner\Application Data\uTorrent\The Jerry @Trick Show Episode 2 (2000-2002) [TVRip (DIVX)].torrent

c:\documents and settings\Owner\Application Data\uTorrent\The Jerry Atrick Show (Unknown Episode 1) (2000-2002) [TVRip (DIVX)].torrent

c:\documents and settings\Owner\Application Data\uTorrent\The Mary Whitehouse Experience Series 1.torrent

c:\documents and settings\Owner\Application Data\uTorrent\The Mary Whitehouse Experience Series 2.torrent

c:\documents and settings\Owner\Application Data\uTorrent\The Mighty Boosh - The Complete Radio Series.torrent

c:\documents and settings\Owner\Application Data\uTorrent\The Mighty Boosh S03E04, 6th Dec 07 (TVRip) [DivX].avi.torrent

c:\documents and settings\Owner\Application Data\uTorrent\The Mighty Boosh S03E05, 13th Dec 07 (TVRip) [DivX].avi.torrent

c:\documents and settings\Owner\Application Data\uTorrent\The Mighty Boosh s03e06, 20th Dec 07 (TVRip) [DivX].avi.torrent

c:\documents and settings\Owner\Application Data\uTorrent\The People Of New York vs Jerry Sadowitz.torrent

c:\documents and settings\Owner\Application Data\uTorrent\The People vs Jerry Sadowitz (series 1, 1998).torrent

c:\documents and settings\Owner\Application Data\uTorrent\The People vs Jerry Sadowitz.torrent

c:\documents and settings\Owner\Application Data\uTorrent\The Power of Nightmares.torrent

c:\documents and settings\Owner\Application Data\uTorrent\The Unbelievable Truth.torrent

c:\documents and settings\Owner\Application Data\uTorrent\The.Mighty.Boosh.Pilot.Episode.XviD.AVI.torrent

c:\documents and settings\Owner\Application Data\uTorrent\Torchwood - S01 - E01 - Lost Souls.mp3.torrent

c:\documents and settings\Owner\Application Data\uTorrent\Torchwood.2x01.Kiss_Kiss_Bang_Bang.HDTV_XviD-FoV.torrent

c:\documents and settings\Owner\Application Data\uTorrent\utorrent.lng

c:\documents and settings\Owner\Application Data\uTorrent\W4B.torrent

c:\documents and settings\Owner\Application Data\uTorrent\WouldILieToYou.torrent

c:\windows\Tasks\zlagthjt.job

.

((((((((((((((((((((((((( Files Created from 2008-11-24 to 2008-12-24 )))))))))))))))))))))))))))))))

.

2008-12-22 23:50 . 2008-12-22 23:50 <DIR> d-------- c:\program files\Trend Micro

2008-12-22 22:31 . 2008-12-22 22:31 <DIR> d-------- c:\program files\Panda Security

2008-12-22 22:31 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2008-12-21 22:12 . 2008-12-21 22:12 <DIR> d-------- c:\program files\SUPERAntiSpyware

2008-12-21 22:12 . 2008-12-21 22:12 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com

2008-12-21 22:12 . 2008-12-21 22:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2008-12-21 16:16 . 2008-12-21 16:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-21 16:16 . 2008-12-21 16:16 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes

2008-12-21 16:16 . 2008-12-21 16:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-21 16:16 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-21 16:16 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-21 15:55 . 2008-12-21 15:54 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys

2008-12-21 15:54 . 2008-12-21 15:55 <DIR> d-------- c:\documents and settings\Owner\.housecall6.6

2008-12-21 04:42 . 2008-12-21 04:42 95 --a------ c:\windows\wininit.ini

2008-12-13 13:56 . 2008-12-13 13:56 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-13 13:42 . 2008-12-13 13:42 <DIR> d-------- c:\program files\iTunes

2008-12-13 13:42 . 2008-12-13 13:42 <DIR> d-------- c:\program files\iPod

2008-12-13 13:42 . 2008-12-13 13:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-12-13 13:41 . 2008-12-13 13:42 <DIR> d-------- c:\program files\QuickTime

2008-12-13 13:41 . 2008-12-13 13:41 <DIR> d-------- c:\program files\Common Files\Apple

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-24 17:05 --------- d-----w c:\program files\Common Files\Adobe

2008-12-21 22:12 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-21 21:28 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-21 20:34 --------- d-----w c:\program files\MKVtoolnix

2008-12-21 20:34 --------- d-----w c:\program files\Fraps

2008-12-21 20:34 --------- d-----w c:\program files\FlashGet

2008-12-21 20:34 --------- d-----w c:\program files\Dream Aquarium

2008-12-21 20:34 --------- d-----w c:\program files\DivX

2008-12-21 20:34 --------- d-----w c:\program files\AGEIA Technologies

2008-12-21 04:30 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-12-20 02:05 --------- d-----w c:\documents and settings\Owner\Application Data\M3

2008-12-14 22:47 201,352 ----a-w c:\windows\system32\PnkBstrB.exe

2008-12-14 22:47 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-12-13 13:42 --------- d-----w c:\program files\Bonjour

2008-12-13 13:41 --------- d-----w c:\program files\Apple Software Update

2008-12-13 13:32 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-11-14 01:10 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2008-10-26 01:30 1,082,880 ----a-w c:\windows\system32\AutoPartNt.exe

2008-10-25 01:37 --------- d-----w c:\program files\RivaTuner v2.11

2008-10-25 01:23 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles

2008-10-24 11:39 66,872 ----a-w c:\windows\system32\PnkBstrA.exe

2008-10-24 11:39 22,328 ----a-w c:\documents and settings\Owner\Application Data\PnkBstrK.sys

2008-10-24 11:39 2,250,024 ----a-w c:\windows\system32\pbsvc.exe

2008-10-24 11:36 --------- d--h--w c:\program files\InstallShield Installation Information

2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll

2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll

2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll

2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE

2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-03-04 22:38 47,360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys

2007-05-13 18:20 1 ----a-w c:\documents and settings\Owner\SI.bin

2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll

2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll

.

((((((((((((((((((((((((((((( snapshot@2008-12-23_20.37.24.84 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-12-23 20:19:44 243,420 ----a-w c:\windows\system32\perfc009.dat

+ 2008-12-24 16:13:45 243,884 ----a-w c:\windows\system32\perfc009.dat

- 2008-12-23 20:19:44 894,344 ----a-w c:\windows\system32\perfh009.dat

+ 2008-12-24 16:13:45 895,576 ----a-w c:\windows\system32\perfh009.dat

+ 2008-12-24 17:15:09 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1e0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.16\AsRunHelp.exe" [2006-11-14 363008]

"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-01-08 81920]

"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 1261475]

"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]

"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]

"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-05-07 159744]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.11\RivaTuner.exe" [2008-09-16 2715648]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

"CTHelper"="CTHELPER.EXE" [2006-08-17 c:\windows\CTHELPER.EXE]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 c:\windows\system32\CTXFIHLP.EXE]

"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

"NvMediaCenter"="NvMCTray.dll" [2008-10-07 c:\windows\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-20 22:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i420vfw.dll

"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"f:\\Games\\Valve\\Steam\\SteamApps\\fleeshster\\sin episodes emergence\\SinEpisodes.exe"=

"c:\\Program Files\\Xfire\\xfire.exe"=

"f:\\Games\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=

"f:\\Games\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

"f:\\Games\\Valve\\Steam\\SteamApps\\fleeshster\\day of defeat source\\hl2.exe"=

"f:\\Games\\Valve\\Steam\\SteamApps\\fleeshster\\half-life 2 deathmatch\\hl2.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\BfVietnam.exe"=

"f:\\Games\\Valve\\Steam\\SteamApps\\fleeshster\\source sdk base\\hl2.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

"f:\\Games\\Valve\\Steam\\Steam.exe"=

"f:\\Games\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"f:\\Games\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"e:\\Games 2\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

"f:\\Games\\Unreal Tournament 3\\Binaries\\UT3.exe"=

"f:\\Games\\Valve\\Steam\\SteamApps\\fleeshster\\team fortress 2\\hl2.exe"=

"m:\\Games

Link to post
Share on other sites

Excellent! Now run a manual update of mbam then a fresh quick scan. Reboot and post back THAT log along with a fresh HijackThis log. How is the system performing for you now? Are you having any other issues. Thanks!

OK, updated MBAM and and did another quick scan. Rebooted and then did the HijackThis scan.

Here they are -

Malwarebytes' Anti-Malware 1.31

Database version: 1541

Windows 5.1.2600 Service Pack 2

24/12/2008 17:59:24

mbam-log-2008-12-24 (17-59-24).txt

Scan type: Quick Scan

Objects scanned: 57627

Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:03:13, on 24/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\AlienGUIse\wbload.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Razer\DeathAdder\razerhid.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Razer\DeathAdder\razertra.exe

C:\Program Files\Razer\DeathAdder\razerofa.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\CursorXP\CursorXP.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\MediaSource5\MtdAcqu.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe

O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.11\RivaTuner.exe" /S

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Audio Pack Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--

End of file - 9076 bytes

As you can see from the MBAM scan there's no trace of the MS Juan and MS Track System registry entries now. Excellent! I also checked manually using Start/Run/regedit and they do indeed seem to be gone for good. They would usually keep coming back after a reboot or after starting either Firefox or IE. Not any more!

My system seems to be smooth and back to normal, I haven't noticed any other issues.

Thank you SO much m8. You have been extremely helpful and very quick to respond, especially at this time of year!

Anything else you need me to check?

Link to post
Share on other sites

You did good work Fleeshy...congratulations, I see a clean log!

Click start-->run...then copy and paste the Bold text below into the run box and click "OK":

ComboFix /u

Performing this function will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again for you automatically.

To assist in the prevention of spyware infections:

Immunize your browser by installing Spywareblaster. What does it do?

  • Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • Restricts the actions of potentially unwanted sites in Internet Explorer.

Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason.

You should always have at least (but not more than ) one of these types of third party firewalls running on board:

Kerio Personal Firewall

Zone Alarm

Outpost Free

Comodo

Install the free security tool "Secunia PSI" to help protect your system against software vulnerabilities. The free utility scans your system's software applications and offers a one button "Download "Solution" feature that updates the exploited software AND provides other related information/patching if warranted.

Stay updated with the most recent Windows patches as well...using Microsoft's Windows Update. Make it easy on yourself, and set this feature to Automatic.

Using an alternate browser can reduce your chance of certain infections installing themselves. I recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.

If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

Become familiar with the MalwareBytes anti-malware application. Use it often especially if you begin to notice the system performance behavior is not what it should be. Learn more about the program Here where you can also request assistance if you have some concerns about the programs findings.

***Note***

The licensed version provides real time protection and other automatic features otherwise not available.

Comodo's BOClean utility is another very good "Free" malware cleaner that runs in the background to help prevent malware intrusions.

Run CCleaner often. The Yahoo Toolbar is included by default during the installation...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option during installation setup or else just download the Slim version (no toolbar...third download link at the bottom of that page)..

Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:

Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files. Don't forget to defrag the system.

So how did I get infected in the first place?

Regards, and Happy Surfing!

...and have a Merry Christmas!!!

Link to post
Share on other sites

You did good work Fleeshy...congratulations, I see a clean log!

Thanks m8, but really you did the good work! I just followed your instructions!

I've done the Combofix uninstall now too. Also re-installed Java - I had taken it all out before I requested help. And I set a new System Restore point now that my system is clean - yay!

Thanks also for the tips on Spywareblaster and third-party firewalls - I think I'll go get those sorted out ASAP.

And I have CCleaner too - I do run it quite often, most usually after uninstalling programs etc.

Once again - thanks a million m8, you've been brilliant! If anyone I know ever has problems with malware and trojans I'll be sure to direct them to the friendly and extremely helpful guys (and gals!) on this forum!

...and have a Merry Christmas!!!

You too m8 - not long to go now!!

Have a good one!

:P

Link to post
Share on other sites

This issue appears resolved and the thread is closed to prevent others from posting here.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.