Can someone review my hijackthis log please

reefoid

reefoid

reefoid

Associate
Joined
18 Oct 2002
Posts
2,055
Location
Southend-on-Sea
I'm having problems with my PC - random lockups, crashes when opening My Computer, and its taking an age to boot up. I've run S&D which picked up a few things, but it still doesn't seem right. Could some kind folk review this log and let me know what's bad. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 11:27:04, on 07/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\WINDOWS\system32\CTsvcCDA.EXE
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\CyberLink\Shared files\RichVideo.exe
D:\WINDOWS\system32\UAService7.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Common Files\{C04A025D-07D0-2057-1101-05082305002c}\Update.exe
D:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\WINDOWS\system32\taskmgr.exe
D:\WINDOWS\system32\SearchFilterHost.exe
D:\WINDOWS\system32\SearchProtocolHost.exe
D:\Documents and Settings\keith\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - D:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6D42672E-8DFC-7584-21BC-09AE34A76902} - D:\WINDOWS\system32\ldhnjzj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - D:\WINDOWS\system32\irxupwqf.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - D:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe D:\WINDOWS\system32\drvsov.dll,startup
O4 - HKLM\..\Run: [pssmvog.dll] D:\WINDOWS\system32\rundll32.exe D:\WINDOWS\system32\pssmvog.dll,rzsrovc
O4 - HKCU\..\Run: [MailCtrl] "D:\Program Files\Kerio\MailServer\mailctrl.exe"
O4 - HKCU\..\Run: [EA Core] D:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.5.1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150235475328
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/ballistik/sis/slgwebinstall.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: pmnlj - D:\WINDOWS\system32\pmnlj.dll
O20 - Winlogon Notify: WB - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio MailServer (KerioMailServer) - Kerio Technologies - D:\Program Files\Kerio\MailServer\mailserver.exe
O23 - Service: KService - Kontiki Inc. - D:\Program Files\KService\KService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - D:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
this site is very handy

http://hijackthis.de/


see the little attatchment icons next to the filenames, you can do a virus scan using their site ;)


that page has picked up a few nasties, so def worth looking at it!

that site should be stickied on its own with a guide :p
 
Last edited:
Do not rely on Hijackthis.de entirely as it is not 100% fool proof.

Instead paste the log at one of the sites listed here, or the one in my signature.

HiJackThis will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
 
You must log in or register to reply here.
Back
Top Bottom