Possible Trojan Activity?

Discussion in 'adware, spyware & hijack cleaning' started by Qwantum, Apr 12, 2004.

Thread Status:
Not open for further replies.
  1. Qwantum

    Qwantum Guest

    Hi there!

    I've been getting some weird activity lately with my PC. It seems like a memory leak or something. Anyways, I was hoping someone would be able to alleviate my fears and go ver my HijackThis log.

    Thanks in advance!

    ------------------------------------------------------
    Logfile of HijackThis v1.97.7
    Scan saved at 23:18:16, on 2004-04-12
    Platform: Windows 98 Gold (Win9x 4.10.199:cool:
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\SA3DSRV.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATITASK.EXE
    C:\PROGRAM\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM\DRWEB\SPIDER.EXE
    C:\PROGRAM\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    C:\PROGRAM\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
    C:\PROGRAM\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=searchbar
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=search&i=sve
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=search&i=sve
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=2c98&s=consumer&i=sve
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telia Internet Explorer
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=search&query=%s&i=enu
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy1.telia.com:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Program\FreshDevices\FreshDownload\fdcatch.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRAM\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\PROGRAM\XI\NETTRANSPORT 2\NTIEHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM\FLASHGET\FGIEBAR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] "c:\windows\scanregw.exe " /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] "Rundll32.exe " powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [EACLEAN] "C:\Program\Compaq\Easy Access Button Support\eaclean.exe " /NORESTART
    O4 - HKLM\..\Run: [AtiCwd32] "Aticwd32.exe"
    O4 - HKLM\..\Run: [AtiKey] "Atitask.exe"
    O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] "A3dInit.exe"
    O4 - HKLM\..\Run: [CPQEASYACC] "C:\PROGRAM\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe"
    O4 - HKLM\..\Run: [TaskMonitor] "c:\windows\taskmon.exe"
    O4 - HKLM\..\Run: [Aktivitetsfältet] SysTray.Exe
    O4 - HKLM\..\Run: [StillImageMonitor] "C:\WINDOWS\SYSTEM\STIMON.EXE"
    O4 - HKLM\..\Run: [SpIDer] "C:\PROGRAM\DRWEB\SPIDER.EXE"
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRAM\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Vanliga filer\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [zSPGuard] c:\program\pjw\spguard\spguard.exe /s
    O4 - HKLM\..\RunServices: [LoadPowerProfile] "Rundll32.exe " powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] "sa3dsrv.exe"
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Download with &FD - file://C:\PROGRAM\FRESHDEVICES\FRESHDOWNLOAD\fdiectx.htm
    O8 - Extra context menu item: Download &All by FD - file://C:\PROGRAM\FRESHDEVICES\FRESHDOWNLOAD\fdiectx2.htm
    O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM\FLASHGET\jc_link.htm
    O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM\FLASHGET\jc_all.htm
    O8 - Extra context menu item: Download by Net Transport - C:\Program\Xi\NetTransport 2\NTAddLink.html
    O8 - Extra context menu item: Download all by Net Transport - C:\Program\Xi\NetTransport 2\NTAddList.html
    O9 - Extra button: FlashGet (HKLM)
    O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O10 - Unknown file in Winsock LSP: c:\windows\system\drwebsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\drwebsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\drwebsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\drwebsp.dll
    O12 - Plugin for .pdf: C:\PROGRAM\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\PROGRAM\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .bcf: C:\PROGRAM\INTERN~1\Plugins\NPBelv32.dll
    O12 - Plugin for .zip: C:\Program\Opera7\PLUGINS\NPFgc1.dll
    O12 - Plugin for .exe: C:\Program\Opera7\PLUGINS\NPFgc1.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37874.5646759259
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq.com/falco/SysQuery.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://http.gamezone.tukati.com/tukati/1.7.20.20/tukati.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,082
    Location:
    North Carolina, USA
    Hi Qwantum,

    Welcome to Wilders.

    You have a few minor entries to remove but nothing serious.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    Reboot.

    Regards,
    Kent
     
  3. Qwantum

    Qwantum Guest

    Thanks a bunch for your reply, Kent! I'll be making the changes now. :)

    Regards,
    Qwantum
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.