Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Cleaned my computer with staff help today. Scan still found virus on my computer.

This is a discussion on Cleaned my computer with staff help today. Scan still found virus on my computer. within the Resolved HJT Threads forums, part of the Tech Support Forum category. Went though steps to clean my computer of a Trojan today. ESET scan came back clear. Then I took the


 
 
Thread Tools Search this Thread
Old 03-03-2009, 05:59 PM   #1
Guest
 
Join Date: Mar 2009
Posts: 10
OS:



Went though steps to clean my computer of a Trojan today. ESET scan came back clear. Then I took the advice and began downloading programs to protect myself when I downloaded COMODO free firewall, it did a scan for Malware and found 5 files that were a threat.

One containing the the words 'combofix' and another 'win32' which initially in my alert from windows security center saying 'Win32.Backdoor.DNM'. I chose to remove these files and my computer and restart for the firewall to install and changes to be made. When my computer rebooted I had a message from the firewall saying 'svchost.exe' is trying to connect to the internet, which was also one of the virus's that were ment to be removed when I ran Combofix.

My other thread was closed as I thought my troubles were over. Help would again be much appreciated.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Frankie at 0:51:03.03 on 04/03/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.510.126 [GMT 0:00]

AV: AVG 7.5.557 *On-access scanning enabled* (Updated)
FW: COMODO Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Frankie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [lxcrmon.exe] "c:\program files\lexmark 2400 series\lxcrmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2400 series\ezprint.exe"
mRun: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCRtime.dll,[email protected]
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SiSRaid] c:\program files\silicon integrated systems\sisraidpackage\SRaid.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SnoopFreeUI] SnoopFreeUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [COMODO SafeSurf] "c:\program files\comodo\safesurf\cssurf.exe" -s
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\frankie\startm~1\programs\startup\imvu.lnk - c:\program files\imvu\IMVUClient.exe
StartupFolder: c:\docume~1\frankie\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.0\program\quickstart.exe
StartupFolder: c:\docume~1\frankie\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\tom clancy's splinter cell double agent\support\register\Reg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
IE: &Search - https://edits.mywebsearch.com/toolbar...tml?p=ZUfox000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\frankie\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: softpedia.com\www
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://static.slide.com/uploader/SlideImageUploader.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
AppInit_DLLs: c:\windows\system32\cssdll32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\frankie\applic~1\mozilla\firefox\profiles\ggmalt2w.default\

============= SERVICES / DRIVERS ===============

R0 SnoopFree;SnoopFree Driver;c:\windows\system32\drivers\SnopFree.sys [2009-3-3 9472]
R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-7-24 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-7-24 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-7-24 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-7-24 10760]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-3-3 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-3-3 24336]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-7-24 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-7-24 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-7-24 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-7-24 4960]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-3-3 700152]
R2 SnoopFreeSvc;Snoop Free Service;System32\SnoopFreeSvc.exe --> System32\SnoopFreeSvc.exe [?]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]

=============== Created Last 30 ================

2009-03-03 23:16 253,688 a------- c:\windows\system32\cssdll32.dll
2009-03-03 23:15 <DIR> --d----- c:\program files\AskBarDis
2009-03-03 23:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-03-03 23:14 155,384 a------- c:\windows\system32\guard32.dll
2009-03-03 23:14 110,992 a------- c:\windows\system32\drivers\cmdguard.sys
2009-03-03 23:14 24,336 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-03-03 23:13 <DIR> --d----- c:\program files\COMODO
2009-03-03 22:40 <DIR> --d----- c:\docume~1\frankie\applic~1\WinPatrol
2009-03-03 22:40 <DIR> --d----- c:\program files\BillP Studios
2009-03-03 22:18 1,071,088 a------- c:\windows\system32\MSCOMCTL.OCX
2009-03-03 22:18 118,784 a------- c:\windows\system32\MSSTDFMT.DLL
2009-03-03 22:18 <DIR> --d----- c:\program files\SpywareBlaster
2009-03-03 22:02 <DIR> --d----- C:\ComboFix
2009-03-03 21:15 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-03-03 21:02 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-03 21:02 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-03 20:28 221,184 a------- c:\windows\SnoopFreeUI.exe
2009-03-03 20:28 90,112 a------- c:\windows\system32\SnoopFreeSvc.exe
2009-03-03 20:28 45,056 a------- c:\windows\SnoopFreeDll.dll
2009-03-03 20:28 9,472 a------- c:\windows\system32\drivers\SnopFree.sys
2009-03-03 18:19 <DIR> a-dshr-- C:\cmdcons
2009-03-03 03:54 250 a------- c:\windows\gmer.ini
2009-02-24 18:54 212,240 a------- c:\windows\system32\RICHTX32.OCX
2009-02-24 18:54 1,351,392 a------- c:\windows\system32\comctl32.ocx
2009-02-24 18:54 167,683 a------- c:\windows\system32\COMCT232.OCX
2009-02-24 18:54 40,960 a------- c:\windows\system32\ssubtmr6.dll
2009-02-24 18:54 <DIR> --d----- c:\program files\Smarty Uninstaller Pro
2009-02-18 12:52 <DIR> --d----- c:\docume~1\frankie\applic~1\Tesco
2009-02-18 12:47 59,264 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-02-18 12:47 59,264 a------- c:\windows\system32\drivers\USBAUDIO.sys

==================== Find3M ====================

2008-12-20 23:15 826,368 a------- c:\windows\system32\wininet.dll
2007-10-07 16:16 1 a------- c:\documents and settings\frankie\SI.bin

============= FINISH: 0:51:47.39 ===============
Attached Files
File Type: zip Attach.zip (3.4 KB, 14 views)
VeronicaMars is offline  
Sponsored Links
Advertisement
 
Old 03-03-2009, 07:37 PM   #2
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Check your PM inbox. Personally, I don't care for Comodo, and the only firewall I use is my router's hardware firewall and Windows XP's. Too many people don't know how to respond to the notifications from firewalls. I don't care for Comodo's detections, and it's overly intrusive.

If you installed this before you uninstalled ComboFix, that would explain why you were getting some hits from Comodo. It incorrectly sees parts of ComboFix as a threat. Also, there might be some quarantined files left behind if you installed this before uninstalling ComboFix.

Regarding svchost.exe, as long as it's in system32, that's fine

https://forums.comodo.com/frequently_...-t14464.0.html

I see no active infection.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:06 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts