Solved: Need help, multiple trojans found

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

cptrabby

Thread Starter
Joined
Jul 11, 2006
Messages
5
Hey everyone, I thought I'd give these forums a shot because I'm having some trouble getting rid of some trojans. The problem is on my little sister's computer so i don't know what she may have done to cause the problem. Anyway, McAfee found one suspect: New Malware.j infecting C:/windows/winupdate.exe. In addition, house call found 3 suspicious files: TROJ_DLOADER.AYW, TROJ_MULDROP.EO, TROJ_VB.ASL. None of them can be deleted so any help is greatly appreciated. Thank you in advance for any help
 
Joined
Sep 7, 2004
Messages
49,014
Click here to download HJTsetup.exe:
http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item5

Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

cptrabby

Thread Starter
Joined
Jul 11, 2006
Messages
5
Logfile of HijackThis v1.99.1
Scan saved at 6:08:43 PM, on 7/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\rcss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\{302702AE-05D8-1033-0918-051114200001}\Update.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Hannah Rose\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Remote Procedure Call Service (RPCS) - Unknown owner - C:\WINDOWS\rcss.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
 
Joined
Sep 7, 2004
Messages
49,014
Add remove programs remove if present toolbar888

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· Run the application
· Click on scanner
· Click Complete System Scan and the scan will begin.
· When the scan is finished, Set all items to delete
· Apply all actions
· look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
RE-Boot
Post that log and a new HiJack log
 

cptrabby

Thread Starter
Joined
Jul 11, 2006
Messages
5
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:09:56 PM 7/11/2006

+ Scan result:



C:\Program Files\ToolBar888\MyToolBar.dll -> Adware.Softomate : Cleaned.
C:\Documents and Settings\Hannah Rose\Local Settings\Temp\Temporary Directory 2 for picture17.zip\picture17.scr -> Backdoor.SdBot.aad : Cleaned.
C:\WINDOWS\rcss.exe -> Backdoor.SdBot.aad : Cleaned.
[528] C:\WINDOWS\rcss.exe -> Backdoor.SdBot.aad : Error during cleaning.
C:\WINDOWS\comserv.exe -> Downloader.Adload.ch : Cleaned.
C:\bootcmd.exe -> Downloader.Adload.ch : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\drsmart6[1].zip -> Downloader.Adload.cw : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\drsmart6[1].zip -> Downloader.Adload.cw : Cleaned.
C:\runinst.exe -> Downloader.Adload.cw : Cleaned.
C:\setup.exe -> Downloader.Adload.cw : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\load67[1].zip -> Downloader.VB.afo : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\setup[1].zip -> Downloader.VB.afo : Cleaned.
C:\setup32.exe -> Downloader.VB.afo : Cleaned.
C:\setup64.exe -> Downloader.VB.afo : Cleaned.
:mozilla.148:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.59:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.190:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.191:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.71:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.72:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.75:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.79:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.80:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.81:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.54:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.55:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.56:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.57:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.127:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.128:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.129:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.130:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.149:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.150:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.151:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.152:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.70:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.17:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.18:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.153:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.154:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.155:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.156:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.157:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.158:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.167:C:\Documents and Settings\Hannah Rose\Application Data\Mozilla\Firefox\Profiles\n7w1xeyj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end


Logfile of HijackThis v1.99.1
Scan saved at 7:17:44 PM, on 7/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Documents and Settings\Hannah Rose\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Remote Procedure Call Service (RPCS) - Unknown owner - C:\WINDOWS\rcss.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
 
Joined
Sep 7, 2004
Messages
49,014
Clean
- If you feel it is fixed, mark it solved via thread tools above - if not what is the current situation?

Restore points
Turn off restore points, boot, turn them back on – here’s how

XP
http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam
=====================

DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

Use the clear files and Unnecessary files buttons – I do not recommend
using the Duplicates files button
as many dupes are there on purpose.

Not all files will delete – that is normal.

In the unnecessary button I check the top 4 entries
 

cptrabby

Thread Starter
Joined
Jul 11, 2006
Messages
5
Not sure if it's clean. It's weird, every now and then the mcafee active protection pops up saying that the same New Malware.j, c:\windows\winupdate.exe has been detected. However, if I run a full system scan with mcafee it finds nothing. The last time the mcafee active protection popped up I chose to delete the file and it actually allowed me to delete it this time, and I haven't seen the pop up since. Also housecall shows clean, as does ewido, so is it really clean?
 

cptrabby

Thread Starter
Joined
Jul 11, 2006
Messages
5
Looks like everything is clear. Thanks a lot for the help, i appreciate it.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top