Virus help I think?

unknownmasterofnothing · April 18, 2006

ehh I'm an idiot, someone imed me a zip and in it was a .scr. Didn't know what it was. And now my internet is really slow and performance is somewhat slow.

I tried Mcafee but it stops after a while. The last thing it shows is svchost and that it's infected. And the name is New Malware.J . There were some other trojans that it deleted before that.

Heres a hijackthis log, if it helps.

________________________________

Logfile of HijackThis v1.99.1

Scan saved at 12:09:29 AM, on 4/18/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss[Caution: Executable File]

C:\WINDOWS\system32\csrss[Caution: Executable File]

C:\WINDOWS\system32\winlogon[Caution: Executable File]

C:\WINDOWS\system32\services[Caution: Executable File]

C:\WINDOWS\system32\lsass[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

C:\WINDOWS\System32\svchost[Caution: Executable File]

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

C:\PROGRA~1\Pensoft\KeyBtn[Caution: Executable File]

C:\Program Files\Executive Software\Diskeeper\DkService[Caution: Executable File]

c:\PROGRA~1\mcafee.com\vso\mcvsrte[Caution: Executable File]

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM[Caution: Executable File]

C:\WINDOWS\svchost[Caution: Executable File]

C:\WINDOWS\System32\svchost[Caution: Executable File]

C:\WINDOWS\system32\wdfmgr[Caution: Executable File]

C:\WINDOWS\wanmpsvc[Caution: Executable File]

c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: Executable File]

C:\WINDOWS\Explorer[Caution: Executable File]

C:\PROGRA~1\mcafee.com\vso\mcvsshld[Caution: Executable File]

c:\progra~1\mcafee.com\vso\mcvsescn[Caution: Executable File]

C:\PROGRA~1\mcafee.com\agent\mcagent[Caution: Executable File]

C:\WINDOWS\system32\kmw_run[Caution: Executable File]

C:\WINDOWS\system32\hkcmd[Caution: Executable File]

C:\WINDOWS\System32\DSentry[Caution: Executable File]

C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray[Caution: Executable File]

C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: Executable File]

C:\WINDOWS\system32\KMW_SHOW[Caution: Executable File]

C:\WINDOWS\system32\atwtusb[Caution: Executable File]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA[Caution: Executable File]

C:\Program Files\Micro Innovations\Keyboard\kbdap32a[Caution: Executable File]

C:\Program Files\Micro Innovations\Mouse\mouse32a[Caution: Executable File]

C:\Program Files\Messenger\msmsgs[Caution: Executable File]

C:\WINDOWS\system32\ctfmon[Caution: Executable File]

C:\WINDOWS\system32\TBLMOUSE[Caution: Executable File]

C:\Program Files\Dell Support\DSAgnt[Caution: Executable File]

C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray[Caution: Executable File]

C:\Program Files\Parsons Technology\Atomic Clock 6\Atomic Clock 6.0[Caution: Executable File]

C:\Program Files\Classic PhoneTools\Phontool[Caution: Executable File]

C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

C:\Program Files\Digital Line Detect\DLG[Caution: Executable File]

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim[Caution: Executable File]

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag[Caution: Executable File]

c:\progra~1\mcafee.com\vso\mcvsftsn[Caution: Executable File]

C:\Program Files\AIM\aim[Caution: Executable File]

C:\WINDOWS\system32\SNDVOL32[Caution: Executable File]

C:\Program Files\Mozilla Firefox\firefox[Caution: Executable File]

C:\Documents and Settings\Andrew\My Documents\download\ping pongetc\FixWelch[Caution: Executable File]

C:\WINDOWS\system32\rundll32[Caution: Executable File]

C:\WINDOWS\System32\JASCPA~1.SCR

C:\WINDOWS\System32\logon.scr

C:\WINDOWS\system32\taskmgr[Caution: Executable File]

C:\Program Files\WinRAR\WinRAR[Caution: Executable File]

C:\DOCUME~1\Andrew\LOCALS~1\Temp\Rar$EX02.828\HijackThis[Caution: Executable File]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\Andrew\Application Data\Mozilla\Profiles\default\14tysbzy.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Andrew\Application Data\Mozilla\Profiles\default\14tysbzy.slt\prefs.js)

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: optionsXpress Toolbar - {63CC63C6-1AE1-491C-B96A-812A7950A1EC} - C:\Program Files\optionsXpress\optionsXpress Toolbar\optionsXpressToolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate[Caution: Executable File]

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck[Caution: Executable File]

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr[Caution: Executable File]" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld[Caution: Executable File]"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: Executable File]" /r

O4 - HKLM\..\Run: [RCScheduleCheck] C:\Program Files\VCOM\Recovery Commander\RCSCHED[Caution: Executable File] -CHECK

O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck[Caution: Executable File]

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl[Caution: Executable File]

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask[Caution: Executable File]

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent[Caution: Executable File]

O4 - HKLM\..\Run: [kmw_run[Caution: Executable File]] kmw_run[Caution: Executable File]

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray[Caution: Executable File]

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd[Caution: Executable File]

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry[Caution: Executable File]

O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol[Caution: Executable File]

O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray[Caution: Executable File]

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: Executable File]" -osboot

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr[Caution: Executable File]

O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr[Caution: Executable File]"

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot[Caution: Executable File]

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime

O4 - HKLM\..\Run: [atwtusb] atwtusb[Caution: Executable File] beta

O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA[Caution: Executable File] /P26 "EPSON Stylus CX4800 Series" /O6 "USB003" /M "Stylus CX4800"

O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Keyboard\kbdap32a[Caution: Executable File]

O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Mouse\mouse32a[Caution: Executable File]

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager[Caution: Executable File] -quiet

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper[Caution: Executable File]" /0

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim[Caution: Executable File] -cnetwait.odl

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: Executable File]" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: Executable File]" /background

O4 - HKCU\..\Run: [PromoClock_axIbZm_eZpnll] "C:\Program Files\Market Toolbox Messaging Tool\PromoAlerts[Caution: Executable File]" -L

O4 - HKCU\..\Run: [ctfmon[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File]

O4 - HKCU\..\Run: [boost XP Service] C:\Program Files\Boost XP\bxservice[Caution: Executable File]

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt[Caution: Executable File]" /startup

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares[Caution: Executable File]" -h

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire[Caution: Executable File]

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire[Caution: Executable File]

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray[Caution: Executable File]

O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray[Caution: Executable File]

O4 - Global Startup: Atomic Clock.lnk = C:\Program Files\Parsons Technology\Atomic Clock 6\Atomic Clock 6.0[Caution: Executable File]

O4 - Global Startup: Classic PhoneTools.lnk = C:\Program Files\Classic PhoneTools\Phontool[Caution: Executable File]

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright[Caution: Executable File]

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: Executable File]

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

O16 - DPF: DigiChat Applet - http://host14.digichat.com/DigiChat/Dig ... ent_IE.cab

O16 - DPF: Pristine RTR Client - http://chat.pristine.com/rtr/Packages/PristineRTR.CAB

O16 - DPF: Sametime JNI Loader ST30SP1 - http://chat.pristine.com/RTR/Packages/S ... Loader.cab

O16 - DPF: Sametime Meeting Toolkit ST30SP1 - http://chat.pristine.com/RTR/Packages/S ... eeting.cab

O16 - DPF: SCV - https://www.omnovia.com/pages/sc2/image/SCV.CAB

O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/c ... /ct2_x.cab

O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/c ... grt5_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... pote_x.cab

O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/c ... ywt0_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/07d784d8f6d04ca357 ... xIE601.cab

O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} (WTDMMPVersion Class) - http://install.wildtangent.com/bgn/part ... nstall.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0745033328

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/hitthepr ... wtinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab

O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: MsMsgSrv - C:\WINDOWS\SYSTEM32\MsMsgSrv.DLL

O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue[Caution: Executable File]

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService[Caution: Executable File]

O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms[Caution: Executable File]

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing[Caution: Executable File]

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: Executable File]

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr[Caution: Executable File]) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr[Caution: Executable File]

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte[Caution: Executable File]

O23 - Service: Network DDE DSMA (NetDDEdsma) - Unknown owner - C:\WINDOWS\svchost[Caution: Executable File]

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc[Caution: Executable File]

weezcake · April 18, 2006

Seeing that you have mcafee on your computer, did you try scanning with that first?

unknownmasterofnothing · April 18, 2006

Yea but after a while, it gets stuck on a file and doesn't scan anymore, but it looks like its scanning. And the only thing thats found is c:\WINDOWS\svchost[Caution: Executable File] , status= infected , scan information= Memory Trojan Name: New Malware.j

I downloaded a program called Trojan remover, but it says theres no malicious processes running, and it scanned downloaded files, and still nothing.

____

Also I've quarantined the svchost[Caution: Executable File]. I was thinking of deleting it. But it might not be good, since windows needs it.

Mementh · April 21, 2006

C:\PROGRA~1\Pensoft\KeyBtn[Caution: Executable File]

C:\WINDOWS\svchost[Caution: Executable File] (reboot into safemode and delete.. this file is probabbly a source since its supposed to be in the system32 sub dir)

C:\Program Files\Classic PhoneTools\Phontool[Caution: Executable File]

C:\Documents and Settings\Andrew\My Documents\download\ping pongetc\FixWelch[Caution: Executable File]

R3 - Default URLSearchHook is missing

O4 - HKCU\..\Run: [PromoClock_axIbZm_eZpnll] "C:\Program Files\Market Toolbox Messaging Tool\PromoAlerts[Caution: Executable File]" -L

O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

O16 - DPF: DigiChat Applet - http://host14.digichat.com/DigiChat/Dig ... ent_IE.cab

O16 - DPF: Pristine RTR Client - http://chat.pristine.com/rtr/Packages/PristineRTR.CAB

O16 - DPF: Sametime JNI Loader ST30SP1 - http://chat.pristine.com/RTR/Packages/S ... Loader.cab

O16 - DPF: Sametime Meeting Toolkit ST30SP1 - http://chat.pristine.com/RTR/Packages/S ... eeting.cab

O16 - DPF: SCV - https://www.omnovia.com/pages/sc2/image/SCV.CAB

O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} (WTDMMPVersion Class) - http://install.wildtangent.com/bgn/part ... nstall.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/hitthepr ... wtinst.cab

O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab

O20 - Winlogon Notify: MsMsgSrv - C:\WINDOWS\SYSTEM32\MsMsgSrv.DLL

O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms[Caution: Executable File]

Those put into quarinteen and see if that helps.. but you might have to reinstall to a fresh copy :(

Phil · April 21, 2006

Yes, C:windows\svchost[Caution: Executable File] is a trojan. Remove it with your anti-virus. You said it keeps hanging though? Tried scanning in safe mode?

As mementh said, the original svchost[Caution: Executable File] file should be found in the

C:\Windows\System32 folder.

Sign In

Virus help I think?

Recommended Posts

unknownmasterofnothing

Link to comment

Share on other sites

weezcake

Link to comment

Share on other sites

unknownmasterofnothing

Link to comment

Share on other sites

Mementh

Link to comment

Share on other sites

Phil

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Browse

Activity

Important Information