Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Help would be appreciated... (Logfile of HijackThis)

Reply
Thread Tools

Help would be appreciated... (Logfile of HijackThis)

 
 
Rik Vosters VUB
Guest
Posts: n/a
 
      12-30-2003
Hey,

Recently, I have experienced quite some problems with my computer. Start-up
takes about thrice as long as normal, since it takes ages to load Windows;
it usually shows me my desktop background, but without the icons and without
anything happening for a minute or three. Also, it tends to crash a lot in
Windows. All this made me suspect that there might be some sort of security,
spyware, or infection issue, even though SpyBot and Norton don't find
anything. Could any of you have a look at my HijackThis logfile and tell me
what I should get rid of?

I have an Acer Aspire 1604LC, Intel IV, 2.8 GHz, 512RAM, if that can be of
any help.


Logfile of HijackThis v1.97.7
Scan saved at 9:31:38, on 30/12/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Euroglot\EuroGlot.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.standaard.be/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [ChkMail] <<
O4 - HKCU\..\Run: [quicken] C:\WINDOWS\quicken.exe
O4 - HKCU\..\Run: [editpad] C:\WINDOWS\editpad.exe
O4 - Startup: EuroGlot.lnk = C:\Program Files\Euroglot\EuroGlot.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program
Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://207.188.7.150/1537c909ea36c32...p/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.co...B?37928.204270
8333
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vub.ac.be
O17 - HKLM\Software\..\Telephony: DomainName = vub.ac.be
O17 -
HKLM\System\CCS\Services\Tcpip\..\{34212C52-2944-4EA8-BA06-2E58FDCEBDE7}:
NameServer = 134.184.250.7,134.184.15.13
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vub.ac.be
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = vub.ac.be



 
Reply With Quote
 
 
 
 
Markus Klaffke
Guest
Posts: n/a
 
      12-30-2003
Rik Vosters VUB wrote:

> O4 - HKCU\..\Run: [quicken] C:\WINDOWS\quicken.exe
> O4 - HKCU\..\Run: [editpad] C:\WINDOWS\editpad.exe


Trojan.Win32.Krepper.f

Update your Java VM (Microsoft) and your operating system at all!

Then try this tool:
http://www.spywareinfo.com/~merijn/f...shredder_u.zip

Furthermore, change to a more secure browser:

- http://mozilla.org/products/firebird/
- http://mozilla.org/products/mozilla1.x/
- http://opera.com


Best regards,
Markus
 
Reply With Quote
 
 
 
 
Rik Vosters VUB
Guest
Posts: n/a
 
      12-30-2003
Thank you ever so much for helping.
The problems seem to be solved.

Vielen Dank,

Rik Vosters

"Markus Klaffke" <(E-Mail Removed)> schreef in bericht
news:bsrmfq$84g$(E-Mail Removed)...
> Rik Vosters VUB wrote:
>
> > O4 - HKCU\..\Run: [quicken] C:\WINDOWS\quicken.exe
> > O4 - HKCU\..\Run: [editpad] C:\WINDOWS\editpad.exe

>
> Trojan.Win32.Krepper.f
>
> Update your Java VM (Microsoft) and your operating system at all!
>
> Then try this tool:
> http://www.spywareinfo.com/~merijn/f...shredder_u.zip
>
> Furthermore, change to a more secure browser:
>
> - http://mozilla.org/products/firebird/
> - http://mozilla.org/products/mozilla1.x/
> - http://opera.com
>
>
> Best regards,
> Markus



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
an oddball scary kind of thing you would think would never happen richard Computer Support 4 01-31-2010 06:34 PM
any help would be appreciated! Kreepz86 Wireless Networking 4 07-01-2005 04:55 AM
I would like help with aspnet database connection gabby tary ASP .Net 1 02-04-2004 11:56 PM
HELP! How would I beable to use the "main" method to take in two arguments? Dave Java 3 09-17-2003 08:41 PM
EXCEPTION_ACCESS_VIOLATION - Help would be appreciated Graham Parsons Java 3 09-10-2003 03:33 AM



Advertisments