Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Stuck with a trojan.downloader program

Started by angelic76 , Aug 06 2008 09:02 AM

  • Please log in to reply

#16
angelic76
Posted 07 August 2008 - 06:49 PM

angelic76

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Posting another DSS log just incase you'll ask it of me when you wake up and log on :)





Deckard's System Scanner v20071014.68
Run by Notandi on 2008-08-08 00:37:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Notandi.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:38:57, on 8.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Notandi\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Notandi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123704469181
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A64ECAC-FF4F-4249-9D1A-8FB98F926FBC}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5579 bytes

-- Files created between 2008-07-08 and 2008-08-08 -----------------------------

2008-08-07 18:31:38 0 d-------- C:\Documents and Settings\Notandi\Application Data\Comodo
2008-08-07 18:31:37 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-07 18:31:36 0 d-------- C:\Program Files\COMODO
2008-08-07 17:55:23 91335188 --a------ C:\registrybackup.reg
2008-08-07 02:40:59 0 d-------- C:\cmdcons
2008-08-06 15:09:49 0 d-------- C:\Program Files\Sun
2008-08-06 15:06:41 0 d-------- C:\Program Files\Alwil Software
2008-08-06 14:25:19 0 d-------- C:\Program Files\Trend Micro
2008-08-06 13:50:43 0 d-------- C:\Documents and Settings\Notandi\Application Data\Malwarebytes
2008-08-06 13:50:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-06 13:50:19 0 d-------- C:\Program Files\Common Files\Download Manager
2008-08-06 03:00:32 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-05 17:22:03 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-08-05 17:22:03 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-08-05 17:22:03 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-08-05 17:22:03 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-08-05 17:22:03 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-08-05 17:22:03 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-08-05 17:22:03 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-08-05 17:22:03 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-08-05 17:22:03 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-08-05 17:22:03 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-08-05 17:22:03 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-08-05 17:22:03 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-08-05 17:22:03 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-08-05 17:22:03 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-08-05 17:22:03 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-08-05 17:22:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-08-04 22:32:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-04 22:32:20 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-04 00:06:53 0 d-------- C:\WINDOWS\system32\en
2008-08-04 00:06:53 0 d-------- C:\WINDOWS\system32\bits
2008-08-03 23:51:54 0 d-------- C:\WINDOWS\Prefetch
2008-08-03 23:17:05 0 d-------- C:\WINDOWS\system32\scripting
2008-08-03 23:17:04 0 d-------- C:\WINDOWS\l2schemas
2008-07-24 12:41:47 0 d-------- C:\Program Files\Wrath of the Lich King Beta


-- Find3M Report ---------------------------------------------------------------

2008-08-07 02:42:53 0 d-------- C:\Program Files\Common Files
2008-08-07 01:53:29 0 d-------- C:\Documents and Settings\Notandi\Application Data\Azureus
2008-08-06 15:09:43 0 d-------- C:\Program Files\Java
2008-08-06 15:05:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-05 06:13:14 0 d-------- C:\Program Files\DAEMON Tools
2008-08-04 22:48:24 0 d-------- C:\Program Files\Messenger
2008-08-04 00:05:06 0 d-------- C:\Program Files\World of Warcraft
2008-08-04 00:02:45 0 d-------- C:\Program Files\Windows NT
2008-08-04 00:02:36 0 d-------- C:\Program Files\Movie Maker
2008-07-24 13:01:42 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-07-04 14:57:33 0 d-------- C:\Program Files\Azureus


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [22.10.2006 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22.10.2006 12:22]
"SoundMan"="SOUNDMAN.EXE" [24.04.2003 16:53 C:\WINDOWS\soundman.exe]
"PD0620 STISvc"="P0620Pin.dll" [10.05.2005 17:03 C:\WINDOWS\system32\P0620Pin.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [22.10.2006 12:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10.06.2008 04:27]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [19.07.2008 14:38]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [07.08.2008 18:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18.10.2007 11:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14.04.2008 00:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARAID5.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARAID5.lnk
backup=C:\WINDOWS\pss\SATARAID5.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Notandi^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Notandi\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"StarWindService"=2 (0x2)
"NVSvc"=2 (0x2)
"MDM"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-08-08 00:39:32 ------------
  • 0

Advertisements

#17
kahdah
Posted 08 August 2008 - 02:27 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Everything is still good.
Comodo has a built in malware scanner but it is not an antivirus.

The alert you had was from Comodo as Avast frequently detects some other malware scanner compponents.

Your log is still clean. :)

If you haven't any other questions I will close this thread.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP