Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Hijacker/Trojan or Worm


  • This topic is locked This topic is locked
1 reply to this topic

#1 Mr. Mephisto

Mr. Mephisto

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 24 January 2009 - 01:28 PM

Hello. This is in obvious regards to an issue with what I believe is a Hijacker. Before, I also used to have a trojan run at system startup, but I have removed that. This is the log you requested, please let me know if there is an actual virus present. I have run checks with avast and Windows Defender, but they don't detect anything, but I know the problem has persisted.


DDS (Ver_09-01-19.01) - NTFSx86
Run by D. Anonymous at 13:23:14.06 on Sat 01/24/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1405 [GMT -8:00]

AV: avast! antivirus 4.8.1296 [VPS 090123-0] *On-access scanning enabled* (Updated)
FW: ActiveArmor Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
"C:\Documents and Settings\D. Anonymous\Application Data\svchost.exe"
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\D. Anonymous\Application Data\_c3ef2389ec69d994df6090a893b39151\down\im000.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\D. Anonymous\My Documents\dds.scr

============== Pseudo HJT Report ===============

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: IEButton Class: {f81d52bf-f2f1-4f49-bf5f-05664e803039} - c:\program files\unh solutions\flash saving plugin\FlashSButton.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [*svchostBoot] "c:\documents and settings\d. anonymous\application data\svchost.exe"
mRun: [Java Runtime Enviornment] c:\documents and settings\d. anonymous\application data\_c3ef2389ec69d994df6090a893b39151\down\c:\documents and settings\d. anonymous\application data\_c3ef2389ec69d994df6090a893b39151\down\chimera000.exe
StartupFolder: c:\docume~1\dcb9b~1.ano\startm~1\programs\startup\alienw~1.lnk - c:\program files\alienguise\alienwaredock\ObjectDock.exe
StartupFolder: c:\docume~1\dcb9b~1.ano\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: Save Flash - c:\program files\unh solutions\flash saving plugin\FlashSButton.dll/210
IE: Save YouTube Video - c:\program files\unh solutions\flash saving plugin\FlashSButton.dll/217
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231311653328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: WB - c:\program files\alienguise\fastload.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dcb9b~1.ano\applic~1\mozilla\firefox\profiles\q55su3zr.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\program files\daemon tools toolbar\firefoxdtt\components\DTToolbarFF.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-6 111184]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-1-6 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-1-6 352920]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-6 20560]
R4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-1-6 155160]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S4 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

=============== Created Last 30 ================

2009-01-24 13:17 <DIR> --d----- c:\program files\Trend Micro
2009-01-24 12:35 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-24 12:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-23 19:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CrucialSoft Ltd
2009-01-23 18:55 108,336 a------- c:\windows\system32\mswinsck.ocx
2009-01-23 17:11 792,381 a------- c:\docume~1\dcb9b~1.ano\applic~1\svchost.exe
2009-01-23 17:11 <DIR> --d----- c:\docume~1\dcb9b~1.ano\applic~1\_c3ef2389ec69d994df6090a893b39151
2009-01-19 10:45 <DIR> --d----- c:\program files\PhotoFiltre
2009-01-13 08:02 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-01-13 08:02 <DIR> --d----- c:\windows\Logs
2009-01-12 23:06 <DIR> --d----- c:\docume~1\dcb9b~1.ano\applic~1\DAEMON Tools Pro
2009-01-12 23:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-01-12 23:04 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-01-12 23:04 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-01-12 23:01 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-01-12 23:01 <DIR> --d----- c:\docume~1\dcb9b~1.ano\applic~1\DAEMON Tools Lite
2009-01-11 20:12 <DIR> --d----- c:\program files\VideoLAN
2009-01-09 16:37 141,612 a------- c:\windows\system32\drivers\dump_wmimmc.sys
2009-01-09 16:37 5,174 a------- c:\windows\system32\nppt9x.vxd
2009-01-09 16:37 4,682 a------- c:\windows\system32\npptNT2.sys
2009-01-09 16:26 <DIR> --d----- C:\Trickster Online
2009-01-09 13:04 31 a------- c:\documents and settings\d. anonymous\jagex_runescape_preferences.dat
2009-01-09 13:04 <DIR> --d----- c:\windows\.jagex_cache_32
2009-01-09 09:51 <DIR> --d----- c:\docume~1\dcb9b~1.ano\applic~1\Dreamlords
2009-01-09 09:50 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-01-09 09:50 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-01-09 09:50 <DIR> --d----- c:\program files\OpenAL
2009-01-08 20:08 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-01-08 19:00 <DIR> --d----- c:\docume~1\dcb9b~1.ano\applic~1\NetMedia Providers
2009-01-08 18:24 <DIR> --d----- c:\windows\system32\LogFiles
2009-01-08 10:37 <DIR> --d----- c:\windows\system32\XPSViewer
2009-01-08 10:37 14,048 -------- c:\windows\system32\spmsg2.dll
2009-01-08 10:15 361,600 ac------ c:\windows\system32\dllcache\tcpip.sys
2009-01-08 10:15 361,344 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-01-07 21:28 <DIR> --d----- c:\docume~1\dcb9b~1.ano\applic~1\OpenOffice.org
2009-01-07 18:59 <DIR> --d----- c:\program files\LimeWire
2009-01-07 16:40 221,184 a------- c:\windows\system32\wmpns.dll
2009-01-07 15:11 <DIR> --d----- c:\docume~1\dcb9b~1.ano\applic~1\LimeWire
2009-01-07 14:48 268,648 a------- c:\windows\system32\mucltui.dll
2009-01-07 14:48 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-01-07 14:02 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-07 13:50 <DIR> --d----- c:\windows\system32\AGEIA
2009-01-07 13:50 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-07 13:50 201,157 a------- c:\windows\system32\nvapps.nvb
2009-01-07 13:50 <DIR> --d----- c:\windows\NV37681584.TMP
2009-01-07 13:50 <DIR> --d----- C:\NVIDIA
2009-01-07 13:49 <DIR> --d----- c:\program files\UnH Solutions
2009-01-07 13:17 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-01-07 13:12 <DIR> --d----- c:\docume~1\dcb9b~1.ano\applic~1\BitTorrent
2009-01-07 13:08 <DIR> --d----- c:\program files\JRE
2009-01-07 13:08 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-01-07 13:08 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-07 13:04 <DIR> --d----- c:\program files\DNA
2009-01-07 13:04 <DIR> --d----- c:\program files\BitTorrent
2009-01-07 13:04 <DIR> --d----- c:\docume~1\dcb9b~1.ano\applic~1\DNA
2009-01-07 09:58 3,932,214 a------- c:\windows\AW_XenoMorph1280.bmp
2009-01-07 09:57 36,864 a------- c:\windows\system32\wbsys.dll
2009-01-07 09:57 56 a------- c:\windows\wb.ini
2009-01-07 09:57 <DIR> --d----- c:\program files\common files\Stardock
2009-01-07 09:57 <DIR> --d----- c:\program files\AlienGUIse
2009-01-07 09:18 <DIR> --d----- c:\windows\ServicePackFiles
2009-01-07 09:18 294,912 -c------ c:\windows\system32\dllcache\dlimport.exe
2009-01-07 09:15 <DIR> --d----- c:\windows\EHome
2009-01-07 00:22 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2009-01-06 23:58 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-01-06 23:58 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-01-06 23:18 138,496 -c------ c:\windows\system32\dllcache\afd.sys
2009-01-06 23:08 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-01-06 23:08 1,499,136 -c------ c:\windows\system32\dllcache\shdocvw.dll
2009-01-06 23:08 1,160,192 -c------ c:\windows\system32\dllcache\urlmon.dll
2009-01-06 23:08 826,368 -c------ c:\windows\system32\dllcache\wininet.dll
2009-01-06 23:08 3,593,216 -c------ c:\windows\system32\dllcache\mshtml.dll
2009-01-06 22:59 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-01-06 22:58 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-01-06 22:58 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-01-06 22:57 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-01-06 22:56 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-01-06 22:56 <DIR> --d----- c:\windows\system32\PreInstall
2009-01-06 19:34 13,646 a------- c:\windows\system32\wpa.bak
2009-01-06 19:24 <DIR> --dsh--- c:\documents and settings\d. anonymous\UserData
2009-01-06 19:22 1,024 a------- C:\.rnd
2009-01-06 19:22 22 a------- c:\windows\FileName
2009-01-06 19:22 <DIR> --d----- c:\program files\NVIDIA Corporation
2009-01-06 19:22 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-01-06 19:20 5,810 a----r-- c:\windows\system32\drivers\ASACPI.sys
2009-01-06 19:20 12,377 a------- c:\windows\Ascd_tmp.ini
2009-01-06 19:20 12,536 a------- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-01-06 19:16 192,016 a------- c:\windows\system32\nvapps.xml
2009-01-06 19:16 453,152 a------- c:\windows\system32\nvudisp.exe
2009-01-06 19:16 18,477 a------- c:\windows\system32\nvdisp.nvu
2009-01-06 19:16 <DIR> --d----- c:\windows\nview
2009-01-06 19:15 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-01-06 19:12 <DIR> --d----- c:\documents and settings\D. Anonymous
2009-01-06 19:11 <DIR> --ds---- c:\windows\system32\Microsoft
2009-01-06 19:11 8,192 a------- c:\windows\REGLOCS.OLD
2009-01-06 19:09 92,416 ac------ c:\windows\system32\dllcache\mga.sys
2009-01-06 19:08 23,392 a------- c:\windows\system32\nscompat.tlb
2009-01-06 19:08 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-01-06 19:08 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-01-06 19:07 <DIR> --d----- c:\program files\common files\MSSoap
2009-01-06 19:06 <DIR> --d----- c:\program files\Online Services
2009-01-06 19:06 <DIR> --d----- c:\program files\Messenger
2009-01-06 19:06 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-01-06 19:05 <DIR> --d----- c:\program files\Windows NT
2009-01-06 10:57 <DIR> --d----- c:\program files\common files\ODBC
2009-01-06 10:57 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-01-06 10:57 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-01-07 09:21 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-06 19:07 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-12-11 02:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-10-27 10:04 514,384 a------- c:\windows\system32\XAudio2_3.dll
2008-10-27 10:04 235,856 a------- c:\windows\system32\xactengine3_3.dll
2008-10-27 10:04 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2008-10-27 10:04 70,992 a------- c:\windows\system32\XAPOFX1_2.dll

============= FINISH: 13:23:37.65 ===============

Edited by Mr. Mephisto, 24 January 2009 - 01:48 PM.


BC AdBot (Login to Remove)

 


#2 Mr. Mephisto

Mr. Mephisto
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 26 January 2009 - 12:01 PM

The issue had evolved into a much more serious virus infection. As of now, you may ignore this thread, as I reformatted the computer as the issue steadily grew worse. (aka, I no longer need help)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users