Hello,
Bitfrost <-- Are you aware that this program is installed and do you use it??
You also have entries on your Combofix log for these, although it does not look like the programs are installed, did you uninstall these at one time??
uTorrent
BearShare
Please read our policy
We have noticed that many people seeking help from us are coming with infections contracted from the use of P2P programs.
Because of this, we changed our malware forum's policy on the use of P2P file sharing programs.
- If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.
- If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programs, volunteer analysts will refuse their help.
We do not ask you to do this without reason.
P2P (File Sharing ) programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P program is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.
Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
This article from InfoWorld illustrates the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/06/...ID-theft_1.html
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.
You also have marker on your Combofix log for the Lop Infection
Lets proceed like this, if uTorrent and Bearshare are in your Add Remove Programs than uninstall them.
Please Download No Lop to your desktop
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.
- First close any other programs you have running as this will require a reboot
- Double click NoLop.exe to run it
- Now click the button labeled "Search and Destroy"
<<your computer will now be scanned for infected files>>- When scanning is finished you will be prompted to reboot only if infected, Click OK
- Now click the "REBOOT" Button.
- A Message should pop-up from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log after completing the next steps.
Drag Combofix to the trash and grab a fresh copy via the links I provided earlier, its updated on a regular basis, download it to your desktop but don't run it yet
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::
Save this as CFScript to your desktop.Code:File:: C:\WINDOWS\system32\prxfnsdc.dll Folder:: C:\Documents and Settings\Administrator\Application Data\uTorrent C:\Documents and Settings\Administrator\Application Data\Thinking Minds Budiling Bytes C:\Program Files\BearShare Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "BM5b7b2d32"=-
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Post the NoLop log, the new Combofix log and a new HJT log please, if they won't fit all in one reply take as many replies as you need to post them all