Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Generic Backdoor.k in Vista - Please help!


  • This topic is locked This topic is locked
11 replies to this topic

#1 kalkan

kalkan

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 15 May 2009 - 04:52 AM

I have a Windows Vista and McAfee Security Centre.

I downloaded what I thought was an audio book. When I clicked on the 'folder' to open, it turned out to be an .exe file. McAfee threw up the following alerts several times:

Generic BackDoor.k (Trojan) found and deleted. It also gave the path User\AppData\Local\Temp\IXP000.TMP\Mediaplayer 1.1.exe

I then tried to delete the folder that I had downloaded - but could not. The folder just renamed itself and remained. I then restarted my computer in safe mode - and then deleted the file.

I ran Trojan Remover with my computer in safe mode. It kept saying that McAfee was also running and so it might not be able to detect the malware. I disabled McAfee and tried - but got the same message. Anyway, Trojan Remover pointed that the following suspicious file was found:

userinit.exe

HLKM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\"Userinit"

I ran McAfee after restarting my computer. It detects no malware. I also ran Microsoft Windows Malicious Software Removal Tool's Quick Scan. It detects no malware.

I then downloaded Hijack This and got the log I post at the end of this message.

Please help! Do I still have the Trojan on my computer?

I have not experiences any specific problems on my computer (so far) - no pop-ups, or slow speed or anything unusual.

Here is the Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:58:52, on 15-05-2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16830)

Boot mode: Normal



Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\DELL\MediaDirect\PCMService.exe

C:\Program Files\Xerox\Xerox WorkCentre PE220 Series\RCP\Scan2pc.exe

C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe

C:\Program Files\Speed+\Configurator\ventcfg.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe

C:\Program Files\Free Download Manager\fdm.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\DELL\QuickSet\quickset.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Windows\system32\igfxsrvc.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\kalyani\Desktop\HiJackThis.exe

C:\Users\kalyani\Desktop\HiJackis.exe

C:\Program Files\Internet Explorer\iexplore.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ap.dell.com/content/default.as...;l=en&s=gen

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell.com/content/default.as...;l=en&s=gen

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [WhitneyXerox_S2P] C:\Program Files\Xerox\Xerox WorkCentre PE220 Series\RCP\Scan2Pc.exe

O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PPort10reminder] "C:\Program Files\ScanSoft\PaperPort\EREG\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\10\Config\Ereg\ereg.ini"

O4 - HKLM\..\Run: [WHITNEY_S2P] C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe

O4 - HKLM\..\Run: [Venturi Configurator] C:\Program Files\Speed+\Configurator\ventcfg.exe -nomsgbox

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s

O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

O4 - Startup: santa.bat

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: QuickSet.lnk = ?

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1c987555c6591a0) (gupdate1c987555c6591a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Speed+\Client\ventc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe



--

End of file - 12338 bytes

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,958 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:59 AM

Posted 30 May 2009 - 01:11 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 kalkan

kalkan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 01 June 2009 - 12:04 AM

Thank you!

Here is the DDS log:


DDS (Ver_09-05-14.01) - NTFSx86
Run by kalyani at 10:22:52.39 on 01-06-2009
Internet Explorer: 7.0.6000.16830 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.91.1033.18.1014.128 [GMT 5.5:30]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Speed+\Client\ventc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Speed+\squid\ventcsquid.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\Program Files\Speed+\squid\ventcunlinkd.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\DELL\MediaDirect\PCMService.exe
C:\Program Files\Xerox\Xerox WorkCentre PE220 Series\RCP\Scan2pc.exe
C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe
C:\Program Files\Speed+\Configurator\ventcfg.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\DELL\QuickSet\quickset.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Users\kalyani\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www1.ap.dell.com/content/default.aspx?c=in&l=en&s=gen
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www1.ap.dell.com/content/default.aspx?c=in&l=en&s=gen
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: del.icio.us Toolbar Helper: {7aa07ae6-01ef-44ec-93ca-9d7cd41ccdb6} - c:\program files\del.icio.us\internet explorer buttons\dlcsIE.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: del.icio.us: {981fe6a8-260c-4930-960f-c3bc82746cb0} - c:\program files\del.icio.us\internet explorer buttons\dlcsIE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [WhitneyXerox_S2P] c:\program files\xerox\xerox workcentre pe220 series\rcp\Scan2Pc.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort10reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\10\config\ereg\ereg.ini"
mRun: [WHITNEY_S2P] c:\program files\samsung\samsung scx-4x21 series\psu\Scan2pc.exe
mRun: [Venturi Configurator] c:\program files\speed+\configurator\ventcfg.exe -nomsgbox
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
StartupFolder: c:\users\kalyani\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.2\program\quickstart.exe
StartupFolder: c:\users\kalyani\appdata\roaming\microsoft\windows\start menu\programs\startup\santa.bat
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - c:\windows\system32\ieframe.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\kalyani\appdata\roaming\mozilla\firefox\profiles\f6aw66a8.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPSqueak.dll
FF - plugin: c:\users\kalyani\program files\dna\plugins\npbtdna.dll

============= SERVICES / DRIVERS ===============

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-8-21 179712]

=============== Created Last 30 ================

2009-05-14 17:28 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-05-14 17:28 153,088 a------- c:\windows\system32\UNRAR3.dll
2009-05-14 17:28 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-05-14 17:28 75,264 a------- c:\windows\system32\unacev2.dll
2009-05-14 17:28 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-05-14 17:28 <DIR> --d----- c:\users\kalyani\appdata\roaming\Simply Super Software
2009-05-14 17:28 <DIR> --d----- c:\programdata\Simply Super Software
2009-05-14 17:28 <DIR> --d----- c:\program files\Trojan Remover
2009-05-14 17:28 <DIR> --d----- c:\progra~2\Simply Super Software

==================== Find3M ====================

2009-04-14 16:03 4 ---shr-- c:\programdata\sysqcl1129139270.dat
2009-04-14 16:03 4 ---shr-- c:\progra~2\sysqcl1129139270.dat
2009-03-17 08:46 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 08:46 14,848 a------- c:\windows\system32\apilogen.dll
2009-03-17 08:46 25,600 a------- c:\windows\system32\amxread.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-14 10:49 1,226,248 a------- c:\users\kalyani\DMSetup.exe
2008-12-11 08:32 174 a--sh--- c:\program files\desktop.ini
2008-06-12 08:46 51,200 a------- c:\windows\inf\infpub.dat
2008-06-12 08:46 665,600 a------- c:\windows\inf\drvindex.dat
2008-06-12 08:46 86,016 a------- c:\windows\inf\infstrng.dat
2008-06-12 08:46 86,016 a------- c:\windows\inf\infstor.dat
2008-02-25 12:35 32 a------- c:\programdata\ezsid.dat
2008-02-25 12:35 32 a------- c:\progra~2\ezsid.dat
2006-11-02 18:09 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 18:09 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 18:09 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 18:09 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 14:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 14:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 14:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 14:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-08-20 19:23 76 ---shr-- c:\windows\CT4CET.bin
2008-05-27 12:26 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-05-27 12:26 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-05-27 12:26 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-03-14 09:46 32,768 a--sh--- c:\windows\temp\cookies\index.dat
2008-03-14 09:46 32,768 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-03-14 09:46 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat
2007-08-21 03:06 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 10:25:33.20 ===============

Attached Files



#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:59 PM

Posted 01 June 2009 - 09:03 PM

Hello, kalkan :thumbup2:
We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it's author: Posted Image

How to run ComboFix:
  • Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  • Double click Posted Image on your desktop.
  • Read and accept (Press Yes) to the disclaimer.
  • For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  • ComboFix will run. Simply wait for it to finish.
  • When it finishes, ComboFix will produce a log. Please post that log in your next reply here :)
NOTE: If ComboFix will not run, please rename it to GlobRemover.exe and try again!

In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 kalkan

kalkan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 02 June 2009 - 01:02 AM

Thanks for your time and help!

Here is the ComboFix log:

ComboFix 09-05-31.06 - kalyani 02-06-2009 10:13.1 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.91.1033.18.1014.196 [GMT 5.5:30]

Running from: c:\users\kalyani\Desktop\ComboFix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

SP: McAfee VirusScan *disabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

* Resident AV is active



.



((((((((((((((((((((((((( Files Created from 2009-05-02 to 2009-06-02 )))))))))))))))))))))))))))))))

.



2009-05-14 11:58 . 2006-06-19 07:31 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2009-05-14 11:58 . 2006-05-25 10:22 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2009-05-14 11:58 . 2005-08-25 20:20 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2009-05-14 11:58 . 2003-02-02 14:36 153088 ----a-w- c:\windows\system32\UNRAR3.dll

2009-05-14 11:58 . 2002-03-05 19:30 75264 ----a-w- c:\windows\system32\unacev2.dll

2009-05-14 11:58 . 2009-05-14 12:03 -------- d-----w- c:\program files\Trojan Remover

2009-05-14 11:58 . 2009-05-14 11:58 -------- d-----w- c:\users\kalyani\AppData\Roaming\Simply Super Software

2009-05-14 11:58 . 2009-05-14 11:58 -------- d-----w- c:\programdata\Simply Super Software

2009-05-14 05:08 . 2009-05-14 05:08 202 ---h--w- c:\users\kalyani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\santa.bat



.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-02 04:50 . 2007-11-26 03:54 -------- d-----w- c:\users\kalyani\AppData\Roaming\Free Download Manager

2009-06-01 04:31 . 2009-02-05 05:02 -------- d-----w- c:\programdata\Google Updater

2009-05-29 03:35 . 2007-09-04 15:29 -------- d-----w- c:\users\kalyani\AppData\Roaming\OpenOffice.org2

2009-05-28 12:31 . 2007-08-20 13:43 836 ----a-w- c:\windows\bthservsdp.dat

2009-05-24 23:53 . 2008-08-25 05:18 -------- d-----w- c:\users\kalyani\AppData\Roaming\BitTorrent

2009-05-21 09:12 . 2007-08-20 14:01 -------- d-----w- c:\programdata\Roxio

2009-05-19 12:04 . 2008-05-14 12:31 -------- d-----w- c:\program files\Google

2009-05-14 03:39 . 2007-08-20 13:51 -------- d-----w- c:\program files\Java

2009-05-13 12:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-05-05 08:42 . 2008-07-11 11:34 -------- d-----w- c:\program files\Little Bits Multimedia

2009-05-05 08:40 . 2008-07-26 06:58 -------- d-----w- c:\program files\Cinderella

2009-04-25 09:16 . 2007-09-20 08:37 6324 ----a-w- c:\users\kalyani\AppData\Local\d3d9caps.dat

2009-04-24 03:57 . 2009-04-24 03:57 -------- d-----w- c:\program files\UnH Solutions

2009-04-22 11:00 . 2009-04-22 11:00 -------- d-----w- c:\users\kalyani\AppData\Roaming\DivX

2009-04-22 11:00 . 2009-04-22 10:59 -------- d-----w- c:\program files\DivX

2009-04-22 10:59 . 2009-04-22 10:59 -------- d-----w- c:\program files\Common Files\DivX Shared

2009-04-22 10:53 . 2009-04-22 10:52 -------- d-----w- c:\users\kalyani\AppData\Roaming\PeaZip

2009-04-22 10:48 . 2009-04-22 10:48 -------- d-----w- c:\program files\PeaZip

2009-04-16 22:47 . 2008-03-14 04:07 -------- d-----w- c:\program files\McAfee

2009-04-14 10:33 . 2009-04-14 10:33 4 --sh--r- c:\programdata\sysqcl1129139270.dat

2009-03-25 05:36 . 2008-03-14 04:08 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys

2009-03-25 05:36 . 2008-03-14 04:08 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2009-03-25 05:36 . 2008-03-14 04:08 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2009-03-25 05:36 . 2008-03-14 04:08 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2009-03-25 05:35 . 2008-03-14 04:08 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys

2009-03-17 03:16 . 2009-04-16 08:23 14848 ----a-w- c:\windows\system32\apilogen.dll

2009-03-17 03:16 . 2009-04-16 08:23 25600 ----a-w- c:\windows\system32\amxread.dll

2009-03-08 23:49 . 2009-01-21 03:10 410984 ----a-w- c:\windows\system32\deploytk.dll

2008-05-21 09:43 . 2008-05-21 09:44 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2007-08-20 13:53 . 2007-08-20 13:53 76 --sh--r- c:\windows\CT4CET.bin

2007-08-20 21:36 . 2007-08-20 21:33 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

"DELL Webcam Manager"="c:\program files\DELL\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784]

"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2007-11-20 2445359]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-05 39408]

"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-26 2356088]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-05-11 159744]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-02-02 36864]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-27 405504]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]

"WhitneyXerox_S2P"="c:\program files\Xerox\Xerox WorkCentre PE220 Series\RCP\Scan2Pc.exe" [2005-08-16 69632]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-09-28 36864]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-09-28 40960]

"PPort10reminder"="c:\program files\ScanSoft\PaperPort\EREG\Ereg.exe" [2005-06-03 729088]

"WHITNEY_S2P"="c:\program files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2007-01-08 274432]

"Venturi Configurator"="c:\program files\Speed+\Configurator\ventcfg.exe" [2007-08-16 959880]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-21 29744]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-08 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-08 154392]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-08 133912]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]

"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-05-10 1059208]



c:\users\pani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]



c:\users\prakriti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]



c:\users\kalyani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

santa.bat [2009-5-14 202]



c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-20 50688]

QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-8-20 45056]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"



[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001



[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001



[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{5EDB135F-2F5F-453F-A635-BD5D6B590B41}"= c:\program files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema

"{723700FB-8169-4267-87CF-B1D3B3324A32}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{BA3658AB-6A7A-46A8-9371-38D714699D40}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{35F4970C-A3F2-49F6-BCCD-337DD8895173}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"{19E03F0C-F6AC-4A81-B9EF-60BFE37D3584}"= c:\program files\Speed+\squid\ventcsquid.exe:ventcsquid

"{EDD2BDEB-F2CD-48A2-981E-E767AD5398DD}"= c:\program files\Speed+\squid\ventcdnsserver.exe:ventcdnsserver

"{47AADF10-5082-4594-884C-3C01E8F02D25}"= c:\program files\Speed+\Configurator\ventcfg.exe:ventcfg

"{94A97601-94B3-4E75-9CC6-EDC7F69BB6D5}"= c:\program files\Speed+\Configurator\VClientUpdate.exe:VClientUpdate

"{DB36F4EA-BA1D-4656-BE7C-7F7EECBB7658}"= c:\program files\Speed+\Client\VentC.exe:ventc

"{2DDF411B-DA9A-4A53-B4CB-555BC87836A8}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent

"{F30C1227-DE90-489B-BE60-1F242B60BFCF}"= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent

"{B88DF719-C3A7-4493-A4E3-853BE4D1A3EB}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{997F98F3-48D4-4237-9F8B-1B02BE18A806}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{691EB46D-8F19-4E9F-9C82-A47A7549CD33}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{02956762-DD10-48E7-84AD-899552D9C743}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{5EE80D5B-6C70-404E-BC45-532F024ADA42}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{9362EF05-ABAE-4D8B-A451-B3A3FC75BC14}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"TCP Query User{9CC5AB45-C692-463D-8F91-3C587F3845B0}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:µTorrent

"UDP Query User{E4B496E0-30FE-4B62-95BC-0D105FD4B631}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:µTorrent



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent



R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [23-03-2009 09:12 210216]

R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.sys [08-09-2007 16:07 5120]

R2 VenturiClient;Venturi Client;c:\program files\Speed+\Client\VentC.exe [21-12-2007 11:06 2475360]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21-08-2007 03:06 179712]

R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [21-08-2007 03:06 234496]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [21-08-2007 03:06 7424]

R3 vwinter;Venturi Wireless Intercepter;c:\windows\System32\drivers\vwinter.sys [21-12-2007 11:06 47392]

R3 vwredir;Venturi Wireless Redirector;c:\windows\System32\drivers\vwredir.sys [21-12-2007 11:06 85792]

S2 gupdate1c987555c6591a0;Google Update Service (gupdate1c987555c6591a0);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2009 11:18 133104]

S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [21-05-2008 15:13 29744]

S3 sit_bus;SIT_1x_usbmodem Device;c:\windows\System32\drivers\sit_bus.sys [17-04-2007 12:21 22144]

S3 sit_flt;SUNGIL USB Filter Service;c:\windows\System32\drivers\sit_flt.sys [18-04-2007 15:57 4352]

S3 sit_mdm;SIT_1x_usbmodem ;c:\windows\System32\drivers\sit_mdm.sys [17-04-2007 14:52 39680]

S3 sit_prt;SIT_1x_usbmodem Port;c:\windows\System32\drivers\sit_prt.sys [17-04-2007 12:28 38656]



--- Other Services/Drivers In Memory ---



*Deregistered* - sptd



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

.

Contents of the 'Scheduled Tasks' folder



2009-06-02 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-05 06:37]



2009-06-02 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 05:47]



2008-03-14 c:\windows\Tasks\McDefragTask.job

- c:\program files\mcafee\mqc\QcConsol.exe [2009-03-04 05:23]



2008-03-14 c:\windows\Tasks\McQcTask.job

- c:\program files\mcafee\mqc\QcConsol.exe [2009-03-04 05:23]



2009-06-01 c:\windows\Tasks\User_Feed_Synchronization-{6D5DD35A-0994-4747-81D1-A8CE8C6216C2}.job

- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]

.

- - - - ORPHANS REMOVED - - - -



SafeBoot-procexp90.Sys





.

------- Supplementary Scan -------

.

uStart Page = hxxp://www1.ap.dell.com/content/default.aspx?c=in&l=en&s=gen

IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\users\kalyani\AppData\Roaming\Mozilla\Firefox\Profiles\f6aw66a8.default\

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSqueak.dll

FF - plugin: c:\users\kalyani\Program Files\DNA\plugins\npbtdna.dll

.



**************************************************************************



catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-02 10:21

Windows 6.0.6000 NTFS



scanning hidden processes ...



scanning hidden autostart entries ...



scanning hidden files ...



scan completed successfully

hidden files: 0



**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------



[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000



[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000



[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000



[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------



- - - - - - - > 'Explorer.exe'(4860)

c:\program files\McAfee\SiteAdvisor\saHook.dll

.

Completion time: 2009-06-02 10:25

ComboFix-quarantined-files.txt 2009-06-02 04:55



Pre-Run: 19,516,354,560 bytes free

Post-Run: 19,444,436,992 bytes free



240 --- E O F --- 2009-05-29 06:40

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:59 PM

Posted 02 June 2009 - 06:39 AM

Hello, kalkan :thumbup2:
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 kalkan

kalkan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 04 June 2009 - 07:10 AM

Thank you for your continued help. Here is the ESET Online Scan's Log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=c05e0337af114a4aaac927a58e665f0c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-06-04 10:26:33
# local_time=2009-06-04 03:56:33 (+0530, India Standard Time)
# country="India"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=5121 21 100 88 54356274304000
# compatibility_mode=5889 61 66 100 564655210543957
# scanned=191972
# found=0
# cleaned=0
# scan_time=14785

I must also mention this:

While the scan was going on, McAfee detected the following:
Detection name: Artemis!DA4C66DCIC25 (Trojan), Artemis!DA4C66DCIC25 (Trojan)
File: C:\Users....\ComboFix.exe
Process: C:\Program Files\ESET\ESET Online Scanner\Online Cmd Line Scanner.exe
Process description: Same as above

Please advise. Thanks for your help.

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:59 PM

Posted 06 June 2009 - 03:02 AM

Hello, kalkan :step4:
You're very welcome :D

The McAfee detections are false alarms.

Congratulations! You now appear clean! :thumbup2:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware
We Need to Remove ComboFix
  • Please go to Start -> Run
  • Enter "ComboFix /u" (without quotes). Note the space betwen "ComboFix" and "/u", it needs to be there.
    Posted Image
  • Press OK (Or hit enter).
  • Allow ComboFix to remove itself.
We Need to Clean Up Our Mess
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 kalkan

kalkan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 08 June 2009 - 12:30 AM

Thank you so much!

I tried to remove ComboFix. But I get the message 'Windows cannot find 'ComboFix'... Please advise.

Also the 2 links you provided for downloading OTCleanIt do not seem to be working.

Regards,

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:59 PM

Posted 08 June 2009 - 08:26 PM

Redownload the file and save it to your desktop. Then try ComboFix /u again ... it relies on the downloaded file to uninstall itself.

OTCleanIt can be downloaded from here http://oldtimer.geekstogo.com/OTC.exe.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 kalkan

kalkan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 10 June 2009 - 04:36 AM

I did both as suggested - it worked.

I really appreciate you time, effort and expertise. Thank you so much for the good work.

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:59 PM

Posted 10 June 2009 - 07:11 AM

Hello, kalkan :thumbup2:
You're very welcome :D

Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users