1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

My computer is slow, and writes italic. Hijack log.

Discussion in 'Malware and Virus Removal Archive' started by Aramis, 2005/01/19.

Thread Status:
Not open for further replies.
  1. 2005/01/19
    Aramis

    Aramis Inactive Thread Starter

    Joined:
    2005/01/19
    Messages:
    2
    Likes Received:
    0
    Hi.

    For a couple of days ago, my windows explorer aborted every time I tryed to start it. So was all the programs who tried to access the harddisk. I couldn't even run HijackThis. After some search I uninstalled a program from the "Add or remove programs" part throug Control Panel. A program that I have never seen or heard about.
    After this uninstallation I am now able to run Hijack This and other programs propperly. But one thing irritates me a lot. After the uninstallation my text writing is only Italic. But not all text. Mostly the programs that was installed before I got that thing. My computer is also very very slow.
    I have run Ad-aware, spyware doctor and so on, but nothing helps.
    Can enyone help me with this.
    Here is my log.


    Thank you in advance..

    Best Regards
    Aramis



    Logfile of HijackThis v1.99.0
    Scan saved at 13:13:24, on 19.01.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cba\pds.exe
    C:\WINDOWS\System32\SgLogPlayer.exe
    C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
    C:\LDClient\wuser32.exe
    C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
    C:\WINDOWS\System32\MsgSys.EXE
    C:\LDClient\meterw32.exe
    C:\LDCLIENT\SOFTMON.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\pctspk.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    C:\WINDOWS\System32\alrsvc56.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Documents and Settings\mehmet.ozdemir\Application Data\rntc.exe
    C:\Program Files\Dell TrueMobile 1150\Client Manager\CMdel.EXE
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\NetCaptor\NetCaptor.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\WISPTIS.EXE
    C:\WINDOWS\system32\??plorer.exe
    D:\Memo\adware\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Internal IT (ACN - Oslo)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\LDClient\meterw32.exe,C:\LDCLIENT\SOFTMON.EXE
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {47A1455A-9716-2E99-8403-64550DF47F19} - (no file)
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
    O2 - BHO: (no name) - {DE553F40-A0F1-8F2A-841B-8F1D821040C7} - C:\WINDOWS\System32\udtyu.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [4bfd34240017] C:\WINDOWS\System32\alrsvc56.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
    O4 - HKCU\..\Run: [Elac] C:\Documents and Settings\mehmet.ozdemir\Application Data\rntc.exe
    O4 - HKCU\..\Run: [Dkn] C:\WINDOWS\System32\??plorer.exe
    O4 - Global Startup: Inventory Scan.LNK = C:\LDClient\LDISCN32.EXE
    O4 - Global Startup: TrueMobile 1150 Client Manager.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
    O23 - Service: Symantec Client Firewall Service - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
    O23 - Service: Symantec Client Firewall Accounts Manager - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
    O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: Symantec Client Firewall Proxy Service - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
    O23 - Service: Intel Remote Control Service - LANDesk® Software Ltd. - C:\LDClient\wuser32.exe
     
    Aramis,
    #1
  2. 2005/01/21
    markp62

    markp62 Geek Member Alumni

    Joined:
    2002/05/01
    Messages:
    4,012
    Likes Received:
    16
    I suggest this link to do, I believe your Norton has been compromised.
    RAV Online Scan
     
    markp62,
    #2


  3. to hide this advert.

  4. 2005/01/25
    Aramis

    Aramis Inactive Thread Starter

    Joined:
    2005/01/19
    Messages:
    2
    Likes Received:
    0
    Hi.

    Thank you for your answer. I run RAV online, and it found 6 filest that were infected, and in cleaned them. But nothing has changed....
     
    Aramis,
    #3
  5. 2005/01/26
    markp62

    markp62 Geek Member Alumni

    Joined:
    2002/05/01
    Messages:
    4,012
    Likes Received:
    16
    Would you post it's log, and a new HJT log?
     
    markp62,
    #4
  6. 2005/01/26
    Welshjim

    Welshjim Inactive

    Joined:
    2002/01/07
    Messages:
    5,643
    Likes Received:
    0
    Welshjim,
    #5
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...