Thread: Hijackthis Help. Trojans, and Popups
View Single Post
Old 12-04-2008, 03:16 PM   #1 (permalink)
nicoantique
Registered User
 
Join Date: Dec 2008
Posts: 5
OS: xp


Hijackthis Help. Trojans, and Popups
Hey. Thanks for your help! I'm sure I started having problems after downloading a bittorrent off Limewire. I have uninstalled Limewire and the bittorrent but I'm still experiencing trojans and 2 blank windows explorer popups coming up when I navigate to any new internet page. I ran spywaredoctor before knowing about hijackthis and it came up with

1: Trojan-Downloader .Agent!sd6 in C:\System Volume Information\_restore(46DE8921-1D39-44D2-A9E9-64119261F211)\RP250\A0027676.exe
2: Trojan-Downloader .Agent!sd6 in C:\WINDOWS\system32\GroupPolicyManifest\2.crack.zip
3: Trojan-Downloader .Agent!sd6 in C:WINDOWS\System32\devmgr32.dll

Also I noticed a decrease in overall speed. Sounds crazy, but sometimes over the last day it seems like someone else is controlling my mouse and keyboard! Interesting note...I had to use another uninfected computer to post this, as the infected one would not let me. The login screen for the forum just kept coming up! Thanks again for your help!


The DDS:


DDS (Version 1.0) - NTFSx86
Run by stephenj young at 16:22:02.62 on Thu 12/04/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1368 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\lxdfcoms.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\stephenj young\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080131
uSearch Bar =
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080131
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
TB: {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [DellAutomatedPCTuneUp] "c:\program files\dellautomatedpctuneup\PTAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "%ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [EstimateReview]
mRun: [lxdfmon.exe] "c:\program files\lexmark 6500 series\lxdfmon.exe"
mRun: [lxdfamon] "c:\program files\lexmark 6500 series\lxdfamon.exe"
mRun: [Lexmark 6500 Series Fax Server] "c:\program files\lexmark 6500 series\fm3032.exe" /s
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: 28663152509 - c:\windows\system32\devmgr32.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll,c:\windows\system32\devmgr32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2007-8-21 108648]
R2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2007-8-21 108648]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-8-23 5376]
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\RaInfo.sys [2008-2-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2008-7-11 47640]
R2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe -service []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-7 99376]
R3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-12-1 40840]
R3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-12-1 66952]
R3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-12-1 81288]
R3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20081204.003\NAVENG.SYS [2008-12-4 89104]
R3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20081204.003\NAVEX15.SYS [2008-12-4 876112]
R3 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" [2008-1-30 1251720]
S2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\\lxdfserv.exe [2008-3-19 99248]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\google\google desktop search\GoogleDesktop.exe" [2008-1-30 29744]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-12-1 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-12-1 1079176]
S4 LMIRfsClientNP;LMIRfsClientNP; []

=============== Created Last 30 ================

2008-12-04 16:16 <DIR> --d-h--- c:\windows\PIF
2008-12-04 16:03 250 a------- c:\windows\gmer.ini
2008-12-04 15:28 <DIR> --d----- c:\program files\Trend Micro
2008-12-04 07:54 373,760 a--sh--- c:\windows\system32\28.tmp
2008-12-03 11:54 373,760 a--sh--- c:\windows\system32\10.tmp
2008-12-02 12:50 <DIR> --d----- c:\windows\pss
2008-12-02 11:52 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-02 11:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-02 11:15 373,248 a--sh--- c:\windows\system32\53.tmp
2008-12-01 16:08 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2008-12-01 16:08 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2008-12-01 16:08 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2008-12-01 16:08 29,576 a------- c:\windows\system32\drivers\kcom.sys
2008-12-01 16:08 <DIR> --d----- c:\program files\Spyware Doctor
2008-12-01 16:08 <DIR> --d----- c:\docume~1\stephe~1\applic~1\PC Tools
2008-11-30 23:27 4,516 a------- c:\windows\GnuHashes.ini
2008-11-30 23:19 1,714 a--sh--- c:\windows\system32\GroupPolicy000.dat
2008-11-30 23:19 <DIR> --dsh--- c:\windows\system32\GroupPolicyManifest
2008-11-30 23:19 373,248 a--sh--- c:\windows\system32\2.tmp
2008-11-30 20:20 135,168 a------- c:\windows\system32\devmgr32.dll
2008-11-12 09:09 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 09:09 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 13:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\kinoma

==================== Find3M ====================

2008-12-04 15:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2008-12-04 13:16 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-12-02 16:33 <DIR> --d----- c:\program files\Digital Line Detect
2008-12-01 23:57 <DIR> --d----- c:\docume~1\stephe~1\applic~1\LimeWire
2008-12-01 16:34 <DIR> --d----- c:\program files\TomTom HOME 2
2008-11-17 15:29 <DIR> --d----- c:\program files\LogMeIn
2008-10-23 00:34 <DIR> --d----- c:\program files\Netflix
2008-10-21 10:10 87,352 a------- c:\windows\system32\LMIinit.dll
2008-10-21 10:10 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2008-10-21 10:10 28,984 a------- c:\windows\system32\LMIport.dll
2008-10-21 10:10 23,736 a------- c:\windows\system32\lmimirr.dll
2008-10-21 10:10 10,040 a------- c:\windows\system32\lmimirr2.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-06 21:46 <DIR> --d----- c:\program files\Yahoo!
2008-10-03 12:41 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-17 13:58 88,319 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-15 07:12 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2008-09-14 15:31 60,800 a------- c:\windows\system32\S32EVNT1.DLL
2008-09-09 20:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-09 20:14 1,307,648 -------- c:\windows\system32\dllcache\msxml6.dll
2008-09-08 20:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2008-09-08 05:41 333,824 -------- c:\windows\system32\dllcache\srv.sys
2008-09-07 14:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ThumbnailCache4R
2008-09-05 23:30 241,704 -------- c:\windows\system32\dllcache\wgaLogon.dll
2008-09-05 23:29 917,032 -------- c:\windows\system32\dllcache\WgaTray.exe
2008-07-11 09:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LogMeIn
2008-04-20 14:38 <DIR> --d----- c:\docume~1\stephe~1\applic~1\Automotix
2008-03-20 15:57 <DIR> --d----- c:\docume~1\stephe~1\applic~1\TomTom
2008-03-19 17:08 <DIR> --d----- c:\docume~1\stephe~1\applic~1\6500 Series
2008-03-19 16:56 <DIR> --d----- c:\docume~1\stephe~1\applic~1\Lexmark Productivity Studio
2008-03-19 16:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\6500 Series
2008-02-18 18:14 <DIR> --d----- c:\docume~1\stephe~1\applic~1\MSNInstaller
2008-02-08 22:05 <DIR> --d----- c:\docume~1\stephe~1\applic~1\Stamps.com Internet Postage
2008-02-07 07:17 <DIR> --d----- c:\docume~1\stephe~1\applic~1\Symantec
2008-02-06 14:27 <DIR> --d----- c:\docume~1\stephe~1\applic~1\McAfee
2008-02-06 14:10 <DIR> --d----- c:\docume~1\stephe~1\applic~1\Dell
2008-01-30 22:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SingleClick Systems
2008-01-30 22:35 <DIR> --d----- c:\docume~1\stephe~1\applic~1\Intel
2004-08-11 18:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI

============= FINISH: 16:24:32.45 ===============
Attached Files
File Type: txt Attach.txt (11.8 KB, 1 views)
File Type: txt Gmer.txt (15.4 KB, 2 views)
nicoantique is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here