Trojan, like WinSecurityCenter, onboard

[lucky13]

Here's that 1st HJT StartupList Log -
---------------------------------------------------------------------------------------------------


StartupList report, 9/10/2010, 7:32:20 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16876)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dldtcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell V305\dldtmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell V305\dldtMsdMon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\PROGRA~1\MICROS~2\WkDStore.exe
C:\PROGRA~1\MICROS~2\wkcalrem.exe
C:\Program Files\Microsoft Works\wkswp.exe
C:\PROGRA~1\MICROS~2\wkgdcach.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Your Daddy\Start Menu\Programs\Startup]
Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Persistence = C:\WINDOWS\system32\igfxpers.exe
mcagent_exe = C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
dellsupportcenter = "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
dldtmon.exe = "C:\Program Files\Dell V305\dldtmon.exe"
dldtamon = "C:\Program Files\Dell V305\dldtamon.exe"
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
McAntiPhishingBHO - c:\PROGRA~1\mcafee\msk\mcapbho.dll - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4}
(no name) - __BHODemonDisabled (file missing) - {5C255C8A-E604-49b4-9D64-90988571CECB}
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll - {7DB2D5A0-7241-4E79-B68D-6309F01C5231}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
(no name) - C:\Program Files\Windows Live\Toolbar\wltcore.dll (disabled by BHODemon) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}
JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

McDefragTask.job

--------------------------------------------------

Enumerating Download Program Files:

[F5 Networks Dynamic Application Tunnel Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\TunnelServerX.dll
CODEBASE = https://vcuhsra.mcvh-vcu.edu/vdesk/terminal/f5tunsrv.cab#version=6031,2009,1204,1610

[F5 Networks Auto Update]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Conflict.0\InstallerControl.dll
CODEBASE = https://vcuhsra.mcvh-vcu.edu/vdesk/terminal/InstallerControl.cab#version=6031,2009,1204,1613

[{7530BFB8-7293-4D34-9923-61A11451AFC5}]
CODEBASE = http://download.eset.com/special/eos/OnlineScanner.cab

[F5 Virtual Sandbox Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\vdeskctrl.dll
CODEBASE = https://vcuhsra.mcvh-vcu.edu/vdesk/terminal/vdeskctrl.cab#version=6031,2009,1212,1610

 

[ken545]

Not seeing anything bad on your startup log

 

[lucky13]

Good, Ken. I think those things I was talking about are deselected and I can get rid of them. I don't like looking at them.
What I need to do next is get my settings right. I've had trouble with certain settings but I think I need to get as many of those that I've figured out all setup at once and saved in a restore point and better organized, with some, even a little, forethought, and it'll save me some annoyances later on. So I can move on to bigger and better annoyances!!
Well thanks for all the help. I feel like I've been driving with an empty tank on bald tires and no drivers license so long and have dodge a Mack truck so I promise I'll do better (to myself).
If there's something else to do let me know. I'm ready. Thanks for all you've done. lucky13

 

[ken545]

Hi,

Why don't you post here for any help you may need related to windows, as this forum is for malware removal only.
http://forums.pcpitstop.com/index.php?/forum/3-user-to-user-help/

• 
  How did I get infected in the first place ?
  Read these links and find out how to prevent getting infected again.
• Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
• WhattheTech
• Grinler BleepingComputer
• GeeksTo Go
• Dslreports

Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .

Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

• Spybot Search and Destroy 1.6
  Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
  
• WinPatrol Keep this fine program activated to block a lot of threats
  
• Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
  
• Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
  
• IE-Spyad
  IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  
• Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

Safe Surfn
Ken

 

[lucky13]

Thanks ken545

You've been great. I already had a list from "So how did I . . ." but this fills in some more.
I'm dumping McAfee - never liked their customer treatment or them wanting to OWN your PC. So AV and firewall are there too. The best ones in "firewall challenge" are Russian and Chinese and seem to be startups (or close to) AND they're not cheap. Guess I'll try something. Funny how the big players are way down the list.
Since OTM only remove OTC, I will uninstall the rest of the tools. I hope it's straightforward.
Well, the best to you, thanks for all you help, though I hope I don't have to call on you again (I'll try to build up my defences). My regards, lucky13

 

[ken545]

Your very welcome,

Take care,

ken

Have any issues uninstalling any programs post back please

 

[ken545]

Since this issue appears resolved this thread will be closed