August 21, 200619 yr Nothing in particular has gone wrong with my computer but I thought I'd post a HJT log if someone on here could check it over and tell me if there is anything that needs doing I would be very grateful. Thanks. Logfile of HijackThis v1.99.1 Scan saved at 08:57:14, on 21/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: Executable File] C:\WINDOWS\system32\winlogon[Caution: Executable File] C:\WINDOWS\system32\services[Caution: Executable File] C:\WINDOWS\system32\lsass[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\Program Files\Intel\Wireless\Bin\EvtEng[Caution: Executable File] C:\Program Files\Intel\Wireless\Bin\S24EvMon[Caution: Executable File] C:\WINDOWS\Explorer[Caution: Executable File] C:\Program Files\Intel\Wireless\Bin\WLKeeper[Caution: Executable File] C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: Executable File] C:\WINDOWS\system32\spoolsv[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: Executable File] C:\Program Files\Dell\QuickSet\NICCONFIGSVC[Caution: Executable File] C:\Program Files\Intel\Wireless\Bin\RegSrvc[Caution: Executable File] C:\WINDOWS\system32\hkcmd[Caution: Executable File] C:\WINDOWS\system32\igfxpers[Caution: Executable File] C:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File] C:\WINDOWS\stsystra[Caution: Executable File] C:\Program Files\Synaptics\SynTP\SynTPEnh[Caution: Executable File] C:\Program Files\Dell\QuickSet\quickset[Caution: Executable File] C:\Program Files\Intel\Wireless\bin\ZCfgSvc[Caution: Executable File] C:\WINDOWS\system32\igfxsrvc[Caution: Executable File] C:\Program Files\Intel\Wireless\Bin\ifrmewrk[Caution: Executable File] C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: Executable File] C:\WINDOWS\system32\dla\tfswctrl[Caution: Executable File] C:\Program Files\Common Files\InstallShield\UpdateService\issch[Caution: Executable File] C:\Program Files\Real\RealPlayer\RealPlay[Caution: Executable File] C:\Program Files\QuickTime\qttask[Caution: Executable File] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect[Caution: Executable File] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag[Caution: Executable File] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: Executable File] C:\Program Files\Dell Support\DSAgnt[Caution: Executable File] C:\Program Files\Messenger\msmsgs[Caution: Executable File] C:\PROGRA~1\WHATPU~1\WHATPU~1[Caution: Executable File] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\Program Files\Digital Line Detect\DLG[Caution: Executable File] C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg[Caution: Executable File] C:\PROGRA~1\MOZILL~1\FIREFOX[Caution: Executable File] C:\Program Files\MSN Messenger\msnmsgr[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: Executable File] C:\Documents and Settings\Tom\Desktop\hijackthis\HijackThis[Caution: Executable File] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&c ... channel=uk R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/hws/sb/dell-usu ... channel=uk R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usu ... channel=uk R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/defau ... l=en&s=gen R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=en&s=gen R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk/hws/sb/dell-usu ... channel=uk R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&c ... channel=uk R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.homecallbroadband.com/customer/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray[Caution: Executable File] O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd[Caution: Executable File] O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers[Caution: Executable File] O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File] O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra[Caution: Executable File] O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh[Caution: Executable File] O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset[Caution: Executable File] O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc[Caution: Executable File]" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk[Caution: Executable File]" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: Executable File]" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution: Executable File] O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm[Caution: Executable File]" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch[Caution: Executable File]" -start O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay[Caution: Executable File] SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect[Caution: Executable File] O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag[Caution: Executable File]" /icon O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct[Caution: Executable File] /uninstall O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: Executable File]" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: Executable File] /STARTUP O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt[Caution: Executable File]" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: Executable File]" /background O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1[Caution: Executable File] O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen[Caution: Executable File] /nosplash O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: Executable File] O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2779309546 O17 - HKLM\System\CCS\Services\Tcpip\..\{CD8AD8C4-80C2-49F6-A339-9B089B6E58F9}: NameServer = 80.225.254.178 80.225.254.186 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc[Caution: Executable File] O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: Executable File] O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: Executable File] O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: Executable File] O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng[Caution: Executable File] O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC[Caution: Executable File] O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc[Caution: Executable File] O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon[Caution: Executable File] O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: Executable File] O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper[Caution: Executable File] [/bads]
August 21, 200619 yr Nothing really raised a "red flag" in your log. Not sure why you would want WhatPulse installed, unless you actually care how many keys you pressed and how many times you clicked your mouse :P I guess the google entries in your IE start and search page dont really NEED the dell references , but it wouldnt matter regardless This is the only entry that i would be worried about O17 - HKLM\System\CCS\Services\Tcpip\..\{CD8AD8C4-80C2-49F6-A339-9B089B6E58F9}: NameServer = 80.225.254.178 80.225.254.186 Custom NameServer entries are usually not a good sign unless you are on some sort of a business network that requires them , or a specific application needs to resolve to those domains/ip's. I like to fart silently but deadly in movie theatersArd Choille says (11:41 PM):I wouldn't dare tell you what to do m'dear
August 21, 200619 yr Author Thanks, I'm not on a business network or anything like that so do you reckon I should get rid of it or just leave it? [/bads]
August 21, 200619 yr i wouldent get rid of that without consulting your ISP first, allthough i belive you will be fine either with or without that entry it may have been set when you suscribed to your Internet service provider Current Goals80/80 Fletching60/75 Woodcutting97/100 Combat
August 21, 200619 yr Author It resolves to Tiscali, so I am assuming it's their ISP -> so leave it. Correctomundo mon ami. :) Thanks [/bads]
Create an account or sign in to comment