Problems with Trojans

my initial problem is that i have a trojan infection that has persisted even after a reset to factory settings. that infection was found by pc tools spyware doctor, and only that program for whatever reason. it is usually found on every boot up by an inteli scan from spyware dr. it says that it is in the registry(or at least that is what it relates it to when the scan is finished), the entry being:

"hkey_users\s-1-21-268814886-12911032118-2880121485-1006\software\microsoft\curentversion\internet settings\user agent\post platform, embeded web browser from: http//bsalsa.com/"

i have been in contact with a few help forums (perhaps being lazy and try to expand my options). most have asked for hijackthis logs or something of the sort, along with some free online scans like kaspersky... yet none of them found anything, or i was told that the logs showed no infections. problems, freezes, and a general slowing of my computer still persists, along with the constant finding of this infection by spyware dr.

however the most recent development is that is was instructed by someone at spykiller.co.uk to run "combofix", however when i dragged the windows sp2 bootdisk file on top of the combofix file(as shown in guide from the same site), spyware doctor popped up a warning saying it had blocked a "Trojan-PWS.Bancos". so either there was a mistake in identifying combofix as an infection or one/both of the files i got to run combofix were infected/infections. so i dont know if this sounds familiar or fishy to anyone, but i am holding off on anymore scans for now until i make sense of this.

aside from all this i am also trying to find some one to possibly inform me of how to locate and maybe delete that part of my registry that spyware dr. keeps saying is were the infection might be. since i have run regedit, but have not been able to locate any specific entries under that section besides firefox, or undefined.

 

i am not sure exaactly what to think what spyware dr finds a trojan that no one tells me is there, and then it says that combofix is another trojan... yet all forums seem to use it and say that spyware dr. is finding these as false possitives.
i did feel my computer slowing down, and even freezing at times(dispite antivirus,antispyware, mlaware,registry program, ccleaner,etc.).
i suppose it may be actualy good if i found that i payed 40$ for a program that found problems that werent there rather than one that doesnt know what its talking about and cant solve a problem.

attached are the log from combofix, and and the mgtools.zip, although i had to zip the txt's myself since for whatever reason it didnt seem to do it itself. im unaware if i did anything wrong during the process, although i didnt even move the mouse during.

 

the log/history saved as a htm, but i threw it into notepad. not sure its still easy enough to read, but the location spyware dr. keeps finding the issue with it says is in the registry. at "HKEY_USERS\S-1-5-21-268814886-1291103218-2880121485-1006\Software\Microsoft\Windows\CurrentVersion\internet settings\user agent\Post Platform, Embedded Web Browser from: http://bsalsa.com/"

also just for information, the other site i was seeking help from was "http://thespykiller.co.uk/index.php?topic=6652.new;topicseen#new"

wonder if i shouldn't just be asking for my money back from pc tools, unless i was just lucky enough to find the things that would confuse this program into thinking it was infected.

thank you again for your help.

 

also,
i am running windows liveonecare 90 day trial....so far not that nice, especially since the only problems it ever has it not subscribing to its various services.
when that 90 days is up or maybe before i need to switch to another antivirus, and somehow i doubt i will go with spyware dr. with antivirus being enough(yet know that i think about it, spyware dr. and liveonecare running at same time could be bad huh).
i had antivir previous to resetting my computer to factory setting recently, as well as avg(but that was a lot longer ago). However i dont know exactly what to use now. i would pay for something like mccafee etc again if it was worth it,but most say it takes up too much sys power and is hard to rid yourself of.
so even if it just be a personal preference, what might you recomend for a unlucky person? besides just scanning over your antivirus download page that is.

 

well,
that may mean that i need to search for another problem. everyone is telling me that i don't seem to have any infections, especially if the recommended scanners don't find anything. yet, not more than 5 minutes ago my computer completely froze.
i am not sure if there is a scan or something that can report on if i am using any contradictory programs. i probably over use protection some times rolleyes. off the top of my head i would wonder if having spyware dr w/ antivirus. livonecare running would count as running more than one protection at a time.
although i think all of the protection and programs running in bottom right are:

liveonecare,superantispyware,spyware dr. w/ antivirus,a-squared background gaurd, speeditupfree,tuneup mem optimizer,spyware gaurd, windblinds, realteck hd audio manager and desktop notes.

that might not be all that is running, but if programs arent interfeering with eachother than i cant say why my computer still seems to be having problems. although i think i recall more freezes while using firefox(maybe ie as well, but cant recall). i may opt for AVG in the future, but i dont know if that is wasting the money i spent for spyware dr. w/ antivirus.

 

i am now in contact with someone on the software issue, and am trying to get rid of a few programs and see how it goes.
yet i keep getting more and more problems with spyware doctor. including a "trojan.chm.psyme", nircmd, erdnt. the trojan being under:
"C:\documents and settings\default user\my documents\my google gadgets\weather-google inc..gg"

i am still waiting on a reply from those at pc tools, but i seem to only find things on every search to say that everyone uninstalls this program.

if you can/have a chance, maybe you can make more of thise site/thread than i did, or at least give me your thoughts.

http://www.smartcomputing.com/QABoard/QAMain.aspx?search=fq&fqid=3269454&lnqs=df&qapg=1&guid=

sadly i don't want to pay to jump on on the *bleep* pc tools bandwagon.

 

well i am going to at least temporarily get rid of spyware dr. with antivirus for avg products. i also got the recommended protection from each section of the link you gave. i got Bootzilla, which i am wondering if i should scan and send you any of the logs if i keep having any problems.

also i think i might just try to restore the quarentined things from spyware dr. and hope for the best. i am not sure it would matter since all the "infections" kept coming back, but all the searches i did showed people having troubles with the restore option being found by spyware dr. the erdnt file or whatever it was.(figures they would only have online support instead of a person on the phone to tell me why they only further screwed over my computer for 40$)

anyway i will post any results

 

perhaps mistakenly, i just installed threatfire from pc tools. it would figure that they have most of the top rated products including the one that has worked me over.
however what i am questioning is that it was antimalware, i dont know if this is something that would work alongside a antivirus and spyware programs... but at the top of the program when it starts it says spyware and virus protection is on.
i dont want to walk into another issue with programs overlapping, even if they did come from a seperate section of that downloads page.

 

advanced windows care is one of the programs that i got from the list and it had only been finding/solving a few problems here and there until just now. it said it found like 2000 infections under the security part, including trojans and spyware.

"downloader trojan-virtumonde/vundo adware related and detected by drweb antivirus as trojan.jaun
quick links/linkmaker adware variant
tencentaddressbar adware-bundled with the tencent_qq instant messaging client.
trojandownloader.wind32swizzor.ae,trojanclicker.win32.rotarran"

etc.

are these things that i am now protected from, or something my computer had as an infection?

also, do u have any idea if this program offers a log of the results? the only option besides the details option next to the results of each section was an online site that just said like hey we solved a bunch of things, no specifics.

and just as a bit more of information i am now running: avg, threatfire, spywaregaurd, winpatrol along with regseeker, registry mechanic,advanced windows care,spyware blaster, ccleaner, malwarebytes,iobit smart defrag, assasin se,seurity task manager.

 

yes i do have avg 8, but the messaging client, i have pidgin.... i dont know if that is the same thing(although i have had that for a while, would be strange it would find problems only now).

i'll try and get a malware bytes log up asap, and maybe i'll ask the question about that program in software.

 

i am not sure if you would still want the malwarebytes log if it came out clean(which i mean to say it did), but it is attached.

which is interesting since i have cut down on my programs, no scans or protection seems to have found anything.... and yet when shutting down my computer before i went to work, i cam home to find that it never did. simply freezing at the logging off screen.
perhaps my mind is far to overactive and suspicious, but things like this, the long list of potiential problems from advanced windows care, firefox freezes, slowing and even my clock in the bottom right reading different times( and i think even in millitary sytle as well)..... keep making me think of all the refrences to vundo i saw while looking for that spyware dr. false positive.

i still need to ask if this individual from the software section knows about the details of windows advanced care.... so i can find out what those results might have been and if there is a log option that i missed. as well as maybe getting rid of threatfire if i agree that it is overdoing it, and replacing windows firewall possibly.

but i also asked over there, if they knew if there was a section more specifically related to assessing problems with ones system. maybe registry or otherwise, because if it isn't malware or competing programs than i cannot think of another option.

 

i had run combofix, so that might be part of it.
as far as tasks i am not sure i would be able to spot one that is out of place and would expect the task manager to be shut down as i shut down. i freeze at the very last image before i would havew normaly shut down. which now i am afraid is something that has prevented me from not only shutting down propperly, but also i can nolonger open programs it seems. i am currently doing this from safe mode as i run scans.
i have no ideas left, and it seems that for all i know(having now gotten this bad) spyware dr. could have verywell been right(at least to some level with the infections).

i am running avg, and will try all the other scanners that i have... and i just ran the atf cleaner. it got 24 mbs, and none on firefox unless main took care of that.

as far as running a chk disk, i have in the past but cant recall now how to do it. i may simply google the process right after this to see if i recall.

 

my problems were at the time that the computer started up slowly and then when i tried to open andything, including programs they simply would start at all. not even the processes weere listed in the task manager. as well as starting a new task or using "run" wouldnt open a program...

i cant exactly say how my computer may have fixed itself....especially since this morning i couldn't open any programs and it would free on shutdown...
perhaps its all this fantastic leadership from the MG's.
after scanning and downloading things in safe mode, i seem to be functioning as normally as its ever been(not too say that vry great but...
but i am now running comodo firewall, threatfire, and avir antivirus. i finally found a number to call for pc tools, although they said they just got the log i sent them about 3 days ago. she also said it was flagged a critical, but we shall see how long it takes to answer.
yet in the end, it may just be deciding if i want avir or spyware dr., because after speaking in the software section...it does seem as though they may be about equal, and it simply may be working around false positives. as they say that most programs, "paid" or not are probably bound to have false positives.

it may have been the waiting for two weeks for pc tools, with no answer and all google searches leading me to people saying get rid of spyware doctor. except for those in software .

so i guess i will give it a little time, and just cross my fingers, and hope that my computer doesn't decide to get sick and cranky with me again.

 

well, it says cannot find 'c/documents'
at least the one file is no longer on my desktop, i am not sure what level of this combo fix is left on my computer...however i am not surprised that i or a program/scanner would have moved if not removed part of it unfortunately. in truth i am not sure it ever felt as though i installed anything. i am not sure if there are any files that i can replace, on my desktop or otherwise, that will get me back to where i should have been in this process. or if i have only made the process that much more difficult to finish. if so, sry. rolleyes
i guess i just need to know what if anything can be done to remove this if i have to do it as an incomplete set of these files...and hopefully i haven't made it too much more difficult.

i guess on the up side rolleyes i did get the computer to start up ok, although i have not yet run a chkdsk.

 

the 'documents part was the error that came up after i tired copy pasting that one part into "run". i think i didnt copt past it all, however on a second try i still got an error. this time it was "windows cannot fin 'c:\documents and settings\michael bassett\desktop\cf'. make sure you typed the name correctly, and then try again. to search for a file, click the start button, and then click search."
i imagine this is in some connection that i didnt know i installed anything or that i would need to do these last few actions to reset all this(or whatever we are after). at least the combofix is not on the desktop i dont know if copy pasting one there might make it work. i think i will actually try that right after this.

and as far as the chkdsk, it did its 5 checks and came up clean.

 

i copied combofix to the desktop, again and the error still came up the same. i tried renaming it as the directions had said when i ran combofix, as "combo-fix".:confused

i am not sure if i did more than simply moving or deleting the combofix from my desktop. perhaps i didnt know what one of those warnings/false positives were from earlier and i let one of my programs quarantine or clean part of the program or something it did.

 

do you mean there was no record shown of combofix in any of the records that i gave you? or that i did not tell you were i found it. i think i got one download of it from the other forum that i was speaking with, but that was back when i was paraoid as hell. so i got rid of that. however when i got combofix from here i put it in another folder and then copied it to the desktop with a different name like the instructions said. entering a "-" between the combo and fix.

i tried putting that combofix(and combo-fix) files back on the desktop and running that function again but it still came up saying that it could find whatever that was asking for on the desktop. is the 'cf" /u' part short for combo fix? i thought that maybe since it didnt say something like desktop/combo-fix /u that maybe that was a possibility why it couldn't find it. unless it is simply confused because it is not the same combo fix file that i ran originally(and only a copy).

could you tell me a general explanation for what ""%userprofile%\Desktop\cf" /u" is trying to do(besides uninstall i mean), how its trying to do it, and with what files from where. so maybe i can try and pick up the pieces.

 

also, i am not sure if it makes any difference, but combofix.exe from my desktop(the one i placed there again) was mentioned in comodos pending files section.
i dont know if that would halt the run function you gave me from starting or not.

 

ok, well instead of trying to change that command so the uninstall would work i just got rid of the folders and .txt's

well, once again, fingers crossed rolleyes ...but hopefully i am out of the woods. guess i will just continue to wait a little while and see if i get a response of any kind, and then decide if i want to keep spyware doctor with anitivirus.

thanks again for all your help.:-D
least after all this i can now PM lol :major