HJT Log - Please help

Discussion in 'adware, spyware & hijack cleaning' started by Stefan77, Jul 5, 2004.

Thread Status:
Not open for further replies.
  1. Stefan77

    Stefan77 Registered Member

    Joined:
    Jul 5, 2004
    Posts:
    2
    Hi there, newbie here and english is not my native languages, sorry about the mistakes in advance.
    I never had problems with my computer, that is until today. Suddenlty my Windows Media Player couldn't run anymore and my virus scanner (AntiVir) told me that is infected by winwildapp.exe, the virus TR/WWBars.5. I've found out on trend micro that it is a Trojan named TROJ_STILEN.A but i can't seem to removed it. It even got worse and suddenly all sorts of trojans seemed to have infected my computer and found out (after some researche) about HJT and the log. Here it goes...really hope that someone can help me. BTW: using Windows ME in a danish version, don't know if that will cause any problems??

    Logfile of HijackThis v1.98.0
    Scan saved at 00:59:49, on 06-07-2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAMMER\PHILIPS TOUCAM CAMERA\VPROPERTY.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAMMER\FæLLES FILER\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAMMER\AVPERSONAL\AVGCTRL.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAMMER\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
    C:\PROGRAMMER\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
    C:\PROGRAMMER\WINZIP\WZQKPICK.EXE
    C:\PROGRAMMER\SONY\OPENMG JUKEBOX\OMGTRAY.EXE
    C:\PROGRAMMER\CAPLIO SOFTWARE\RGATEL.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAMMER\NETSCAPE\NETSCAPE\NETSCP.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.google.de/"); (C:\Programmer\Netscape\Users\default\prefs.js)
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.de/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\1jhvnx83.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAMMER%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\1jhvnx83.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMER\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: E.HH - {9E992732-295F-4987-8BE3-16FAC1639198} - C:\WINDOWS\ALL USERS\APPLICATION DATA\IESERVICE\IESERVICE.DLL
    O2 - BHO: VoiceIPObj Class - {00000250-0320-4DD4-BE4F-7566D2314352} - C:\WINDOWS\VOICEIP.DLL
    O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINDOWS\SYSTEM\SWIN32.DLL
    O2 - BHO: (no name) - {27AC09EE-C20B-4BA4-8E27-F1C33D263875} - C:\WINDOWS\SYSTEM\8j5a.dll (file missing)
    O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - (no file)
    O3 - Toolbar: @msdxmLC.dll,-1@1030,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmer\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
    O4 - HKLM\..\Run: [ToUcamVProperty] C:\Programmer\Philips ToUcam Camera\VProperty.exe
    O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
    O4 - HKLM\..\Run: [OmgStartup] C:\Programmer\Fælles filer\Sony Shared\OpenMG\OmgStartup.exe
    O4 - HKLM\..\Run: [RunDlI] C:\windows\systemp\server.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMMER\AVPERSONAL\AVGCTRL.EXE /min
    O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\SYSTEM\automove.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
    O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Programmer\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
    O4 - Startup: OpenMG Jukebox Startup.lnk = C:\Programmer\Sony\OpenMG Jukebox\Omgtray.exe
    O4 - Startup: RICOH Gate La.lnk = C:\Programmer\Caplio Software\RGateL.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing)
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing)
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .swf: C:\PROGRAMMER\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
    O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL
     
    Stefan77, Jul 5, 2004
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...