Possible Trojan Activity?

Hi there!

I've been getting some weird activity lately with my PC. It seems like a memory leak or something. Anyways, I was hoping someone would be able to alleviate my fears and go ver my HijackThis log.

Thanks in advance!

------------------------------------------------------
Logfile of HijackThis v1.97.7
Scan saved at 23:18:16, on 2004-04-12
Platform: Windows 98 Gold (Win9x 4.10.199
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAM\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM\DRWEB\SPIDER.EXE
C:\PROGRAM\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAM\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=search&i=sve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=search&i=sve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=2c98&s=consumer&i=sve
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telia Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=search&query=%s&i=enu
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy1.telia.com:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Program\FreshDevices\FreshDownload\fdcatch.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRAM\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\PROGRAM\XI\NETTRANSPORT 2\NTIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM\FLASHGET\FGIEBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] "c:\windows\scanregw.exe " /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] "Rundll32.exe " powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EACLEAN] "C:\Program\Compaq\Easy Access Button Support\eaclean.exe " /NORESTART
O4 - HKLM\..\Run: [AtiCwd32] "Aticwd32.exe"
O4 - HKLM\..\Run: [AtiKey] "Atitask.exe"
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] "A3dInit.exe"
O4 - HKLM\..\Run: [CPQEASYACC] "C:\PROGRAM\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe"
O4 - HKLM\..\Run: [TaskMonitor] "c:\windows\taskmon.exe"
O4 - HKLM\..\Run: [Aktivitetsfältet] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] "C:\WINDOWS\SYSTEM\STIMON.EXE"
O4 - HKLM\..\Run: [SpIDer] "C:\PROGRAM\DRWEB\SPIDER.EXE"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRAM\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Vanliga filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [zSPGuard] c:\program\pjw\spguard\spguard.exe /s
O4 - HKLM\..\RunServices: [LoadPowerProfile] "Rundll32.exe " powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] "sa3dsrv.exe"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with &FD - file://C:\PROGRAM\FRESHDEVICES\FRESHDOWNLOAD\fdiectx.htm
O8 - Extra context menu item: Download &All by FD - file://C:\PROGRAM\FRESHDEVICES\FRESHDOWNLOAD\fdiectx2.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM\FLASHGET\jc_all.htm
O8 - Extra context menu item: Download by Net Transport - C:\Program\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Download all by Net Transport - C:\Program\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\drwebsp.dll
O12 - Plugin for .pdf: C:\PROGRAM\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRAM\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .bcf: C:\PROGRAM\INTERN~1\Plugins\NPBelv32.dll
O12 - Plugin for .zip: C:\Program\Opera7\PLUGINS\NPFgc1.dll
O12 - Plugin for .exe: C:\Program\Opera7\PLUGINS\NPFgc1.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37874.5646759259
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq.com/falco/SysQuery.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://http.gamezone.tukati.com/tukati/1.7.20.20/tukati.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

 

Hi Qwantum,

Welcome to Wilders.

You have a few minor entries to remove but nothing serious.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

Reboot.

Regards,
Kent

 

Thanks a bunch for your reply, Kent! I'll be making the changes now.

Regards,
Qwantum