Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Dec 1st, 2008, 7:58pm
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   HELP-Winlogin and many more....		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: HELP-Winlogin and many more....  (Read 767 times)
maloosy
Newbie
*





   


Posts: 8
HELP-Winlogin and many more....
« on: Nov 24th, 2006, 10:02pm »		 Quote Quote  Modify Modify
I have used various virus scans- (mcafee, trojanhunter, trendmirco, Trojan remover) and once the virus is cleared from my computer they reappear in many forms,
I cleaned winlogin by the instructions that i found(i think)
Other virus that were found are:
Adong.exe
Reboot aa
 
My mcafee runs very slow also and it takes up to 4 hours to run a scan for virus. I do not know much about computers, but my brother refered me to this site because you guys did an excellent job helping him.
Please help
Thank you
IP Logged
maloosy
Newbie
*





   


Posts: 8
Re: HELP-Winlogin and many more....
« Reply #1 on: Nov 24th, 2006, 10:07pm »		 Quote Quote  Modify Modify
This is my Hijackthis log
 
Logfile of HijackThis v1.99.1
Scan saved at 10:05:40 PM, on 11/24/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\4608\SAService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\wuauclt.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\Me\Desktop\hijackthis\omghelp.exe
 
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/109939093ff25d2b5e16/netzip/RdxIE601.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O20 - AppInit_DLLs:  
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4608\SAService.exe
 
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re: HELP-Winlogin and many more....
« Reply #2 on: Nov 25th, 2006, 12:10am »		 Quote Quote  Modify Modify
Welcome to the forum maloosy,
 
The HJT scan shows nothing that is infected.  However, that does not mean that you to totally clear.  I recommend that you:  
 
A.  Run a Remote Scan using BitDefender to make sure something has not compromised McAfee.  The link below provides the link to Bit Defender remote scan.  
 
http://www.misec.net/forum/board/FAQ/1141894786
 
BE SURE to deactivate McAfee anti-virus during running the Bit Defender REMOTE scan.
 
Before running this Remote Scan,  
 
-  please clean out all your TEMP files and junk files.  Use freebie program CCleaner which will do a good cleanup for you.  It can be obtained from http://www.ccleaner.com.  Run the CLEANER component only.  Do not run the ISSUES component.
 
-  Defrag your disks if you have not done so within the last few days.  
 
B.  Run a TrojanHunter V4.6.930 scan with the latest rulesets and while your system is rebooted into SAFE MODE.  Let it clean what it finds, and post back here the resulting scan/cleaning log.  
 
Please post back here the results the Bit Defender scan, a SAFE MODE TrojanHunter scan log and a new HJT scan log.  
 
There are several things that affect the length of time that a virus scanner takes to scan your system.  Here are a few of them:
 
-  The type of computer you have, the CPU speed, and other hardware speed.  For example I have a Dell with 2.6 ghertz P4 CPU; my brother has a Dell with a .833 ghertz P4.  Norton Antivirus 2007 on his system takes almost two hours to scan; NAV 2007 on my system takes less than an hour (and he has about 65% the number of files that I have).  
 
-  Obviously the number of total files on your system as well as the types of files.  Archive and CAB files take longer to scan than most other types of files because a lot of unpacking goes on.  
 
-  The Windows OS system (along with service pack).  I notice you are running XP-SP1 and IE6.  McAfee is not able to take advantage of any improvements that were provided by upgrading to XP-SP2 which is also much more secure than XP-SP1.  Security programs today are designed to run most efficiently on XP-SP2.  Upgrading your system from XP-SP1 to XP-SP2 and also upgrading McAfee to the latest versions would, I feel sure, make your system run more efficiently and with a higher level of security.  
 
-  The quantity and types of other security programs that you have on your system that are using realtime protection.  It is not uncommon for a scan by one security program to cause the other security program to scan each file at the same time.  From your HJT log, I do not see anything on your system that might be resulting in this, however.  
 
-  A highly cluttered and fragmented System Registry is a significant performance issue on user systems.  Over time, the system registry can become very cluttered with unneeded keys and values.  Cleaning the system registry and compacting it using specially designed programs as jv16 PowerTools, Reg Supreme, Ace Utilities, or another reliable registry cleaning program very often yields great performance improvements.  HOWEVER, caution must be used when doing this because something might get deleted that should not be deleted.  
« Last Edit: Nov 25th, 2006, 12:12am by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
maloosy
Newbie
*





   


Posts: 8
Re: HELP-Winlogin and many more....
« Reply #3 on: Nov 25th, 2006, 2:31pm »		 Quote Quote  Modify Modify
Silconman thanks for the quick reply.  I did everything that you informed me to do (defraged, ran ccleaner) however, I cannot run the bitdefender.  It will scan to about 15k files then my computer reboots itself.  
Here is the log file for Highjack this:
Logfile of HijackThis v1.99.1
Scan saved at 1:48:41 PM, on 11/25/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\Userinit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
C:\Documents and Settings\Me\Desktop\woooo\omghelp.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\ati2sgag.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
 
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CPub Object - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/109939093ff25d2b5e16/netzip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O20 - AppInit_DLLs:  
O23 - Service: McAfee Application Installer Cleanup (0221081164474255) (0221081164474255mcinstcleanup) -  - (no file)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4608\SAService.exe
 
 
 
And Safeboot trojanhunter
Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
No trojans found in memory
File scan
No trojan files found
 
 
Quick scan Trojanhunter While Mcafee is running:
 
Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
No trojans found in memory
File scan (autostarted files, running executables)
Error: FileChecker.ScanFile: File C:\DOCUME~1\Me\LOCALS~1\Temp\gpyCyt.exe not found
No trojan files found
 
however, Mcafee pops up with different infected files each time Trojanhunter is ran:
Detection: Malformed Archive (Virus)
File Path: C:\Documents and Settings\Me\Local Settings\Temp\XSMr.exe
etection: Malformed Archive (Virus)
File Path: C:\Documents and Settings\Me\Local Settings\Temp\3dYuag.exe
Detection: Malformed Archive (Virus)
File Path: C:\Documents and Settings\Me\Local Settings\Temp\hj7C.exe
Detection: Malformed Archive (Virus)
File Path: C:\Documents and Settings\Me\Local Settings\Temp\gpyCyt.exe
These file names are consistently changing to something new-and never the same one when i run trojanhunter.  
 
 
IP Logged
maloosy
Newbie
*





   


Posts: 8
Re: HELP-Winlogin and many more....
« Reply #4 on: Nov 25th, 2006, 4:01pm »		 Quote Quote  Modify Modify
I finally got Bitdefender to run without rebooting my system.
 
BitDefender Online Scanner - Real Time Virus Report
   
   
 
Generated at: Sat, Nov 25, 2006 - 15:58:46
 
 
------------------------------------------------------------------------ --------
 
 
   
   
 
Scan Info
   
   
 
Scanned Files
 357728
 
Infected Files
 0
 
   
   
 
 
   
   
 
Virus Detected
   
   
 
No virus found.
 
 
   
   
 
 
   
   
 
 
 
------------------------------------------------------------------------ --------
   
   
 
This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.  
   
 
 
 
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re: HELP-Winlogin and many more....
« Reply #5 on: Nov 25th, 2006, 11:32pm »		 Quote Quote  Modify Modify
Great!
 
Thus far everything looks clean.  The McAfee popups when TrojanHunter scans is a known issue and nothing to be concerned about.  TH is unpacking things as it scans and McAfee sees some activity it does not like when the unpacked items goes into the temp file, but the files are okay.
 
Now let's check if you might have a rootkit.  Please go to the site below and download/install BLACKLIGHT.  (Be sure not to download F-Secure Internet Security....just Blacklight).
 
http://www.f-secure.com/blacklight/blacklight.html
 
Run a scan with Blacklight and post back the results log.  The scan should go fairly quickly.  
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
maloosy
Newbie
*





   


Posts: 8
Re: HELP-Winlogin and many more....
« Reply #6 on: Nov 26th, 2006, 12:14am »		 Quote Quote  Modify Modify
Silconman, I ran the blacklight rootkit eliminator- Nothing showed up on the scan.
 
11/25/06 23:46:22 [Info]: BlackLight Engine 1.0.47 initialized
11/25/06 23:46:22 [Info]: OS: 5.1 build 2600 (Service Pack 1)
11/25/06 23:46:22 [Note]: 7019 4
11/25/06 23:46:22 [Note]: 7005 0
11/25/06 23:46:47 [Note]: 7006 0
11/25/06 23:46:47 [Note]: 7011 1980
11/25/06 23:46:48 [Note]: 7026 0
11/25/06 23:46:48 [Note]: 7026 0
11/25/06 23:46:58 [Note]: FSRAW library version 1.7.1020
11/25/06 23:48:02 [Note]: 7007 0
« Last Edit: Nov 26th, 2006, 12:26am by maloosy » IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re: HELP-Winlogin and many more....
« Reply #7 on: Nov 26th, 2006, 12:33am »		 Quote Quote  Modify Modify
That is excellent.  I do not see anything that indicates you are infected.   Cheesy
 
What type of computer and what is CPU speed?  How much RAM memory do you have?  This is on the General tab of System.  (START>SETTINGS>CONTROL PANEL>SYSTEM>GENERAL tab)
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
maloosy
Newbie
*





   


Posts: 8
Re: HELP-Winlogin and many more....
« Reply #8 on: Nov 26th, 2006, 12:37am »		 Quote Quote  Modify Modify
Its an AMD athalon 3000
2.17 GH
1 gb ram
 
also, this issue is happening alot when i'm trying to play my online game EQ.  The rebooting is the major issue and slowing my computer alot.  I've looked for many fixes including installing all new drivers etc, and its a new issue (within the last 1-2 weeks) that the problems have been going on.  I know i did have reboot aa virus and nothing is finding it again.
I'm actually beginning to wonder if my Motherboard is overheating causeing the random reboots if that is possible?
« Last Edit: Nov 26th, 2006, 12:38am by maloosy » IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re: HELP-Winlogin and many more....
« Reply #9 on: Nov 26th, 2006, 12:47am »		 Quote Quote  Modify Modify
Yes, overheating could be causing the reboots... or a RAM problem.  Run a Memory test to see if RAM is stable.  The link to download MemTest86+ is here:
 
http://www.memtest86.com/
 
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
maloosy
Newbie
*





   


Posts: 8
Re: HELP-Winlogin and many more....
« Reply #10 on: Nov 26th, 2006, 1:00am »		 Quote Quote  Modify Modify
I can't figure that program out for the life of me.  However, i've been running on fan on my cpu for the last 30 minutes so far no reboot.  Will keep testing
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re: HELP-Winlogin and many more....
« Reply #11 on: Nov 26th, 2006, 1:13am »		 Quote Quote  Modify Modify
It is also possible that McAfee removed something that was infected but needed on your system when it removed the virus.  That's a rough possibility to track down and correct however.  
 
I strongly urge you to upgrade to XP-SP2 for security and performance reasons.  That, in itself, might resolve the issue.  But I qualify that if the problem is a heating or other hardware failure problem.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
maloosy
Newbie
*





   


Posts: 8
Re: HELP-Winlogin and many more....
« Reply #12 on: Nov 26th, 2006, 1:20am »		 Quote Quote  Modify Modify
I will upgrade to SP2 since that seems the most secure.  i have also loaded up Firefox instead of IE- since i know that is a major problem.  I have yet to crash still since fan is on my cpu.
 
Thank you very much for your help
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re: HELP-Winlogin and many more....
« Reply #13 on: Nov 26th, 2006, 1:25am »		 Quote Quote  Modify Modify
U B most welcome.  Just holler if you need further assistance.   Wink
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register