Help would be appreciated... (Logfile of HijackThis)

Discussion in 'Computer Security' started by Rik Vosters VUB, Dec 30, 2003.

  1. Hey,

    Recently, I have experienced quite some problems with my computer. Start-up
    takes about thrice as long as normal, since it takes ages to load Windows;
    it usually shows me my desktop background, but without the icons and without
    anything happening for a minute or three. Also, it tends to crash a lot in
    Windows. All this made me suspect that there might be some sort of security,
    spyware, or infection issue, even though SpyBot and Norton don't find
    anything. Could any of you have a look at my HijackThis logfile and tell me
    what I should get rid of?

    I have an Acer Aspire 1604LC, Intel IV, 2.8 GHz, 512RAM, if that can be of
    any help.


    Logfile of HijackThis v1.97.7
    Scan saved at 9:31:38, on 30/12/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\htpatch.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Launch Manager\PowerKey.exe
    C:\Program Files\Launch Manager\CtrlVol.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\TPPALDR.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\Euroglot\EuroGlot.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\unzipped\hijackthis[1]\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.standaard.be/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
    files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
    Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
    O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
    Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [ChkMail] Ð<<
    O4 - HKCU\..\Run: [quicken] C:\WINDOWS\quicken.exe
    O4 - HKCU\..\Run: [editpad] C:\WINDOWS\editpad.exe
    O4 - Startup: EuroGlot.lnk = C:\Program Files\Euroglot\EuroGlot.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program
    Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: officejet 6100.lnk = ?
    O8 - Extra context menu item: &Google Search - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
    Control) - http://active.macromedia.com/director/cabs/sw.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    http://207.188.7.150/1537c909ea36c329a122/netzip/RdxIE601.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
    http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37928.204270
    8333
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vub.ac.be
    O17 - HKLM\Software\..\Telephony: DomainName = vub.ac.be
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{34212C52-2944-4EA8-BA06-2E58FDCEBDE7}:
    NameServer = 134.184.250.7,134.184.15.13
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vub.ac.be
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = vub.ac.be
    Rik Vosters VUB, Dec 30, 2003
    #1
    1. Advertising

  2. Markus Klaffke, Dec 30, 2003
    #2
    1. Advertising

  3. Thank you ever so much for helping.
    The problems seem to be solved.

    Vielen Dank,

    Rik Vosters

    "Markus Klaffke" <> schreef in bericht
    news:bsrmfq$84g$...
    > Rik Vosters VUB wrote:
    >
    > > O4 - HKCU\..\Run: [quicken] C:\WINDOWS\quicken.exe
    > > O4 - HKCU\..\Run: [editpad] C:\WINDOWS\editpad.exe

    >
    > Trojan.Win32.Krepper.f
    >
    > Update your Java VM (Microsoft) and your operating system at all!
    >
    > Then try this tool:
    > http://www.spywareinfo.com/~merijn/files/cwshredder_u.zip
    >
    > Furthermore, change to a more secure browser:
    >
    > - http://mozilla.org/products/firebird/
    > - http://mozilla.org/products/mozilla1.x/
    > - http://opera.com
    >
    >
    > Best regards,
    > Markus
    Rik Vosters VUB, Dec 30, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Cynthia K.

    Help analyze HijackThis logfile, Please

    Cynthia K., Jul 12, 2004, in forum: Computer Support
    Replies:
    7
    Views:
    520
    °Mike°
    Jul 15, 2004
  2. Lord Retsudo

    608180.net problem - hijackthis logfile help req!

    Lord Retsudo, Aug 8, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    1,188
    °Mike°
    Aug 9, 2004
  3. Bob D

    Hijackthis logfile help

    Bob D, Aug 12, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    425
    °Mike°
    Aug 12, 2004
  4. CHUNTY

    Hijackthis logfile.

    CHUNTY, Oct 14, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    466
    The Tech Guy
    Oct 15, 2004
  5. Hachabarata

    Please Help - HijackThis Logfile!

    Hachabarata, Dec 11, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    556
    Spoonman
    Feb 22, 2005
Loading...

Share This Page