HijackThis log if someone could check it please. :)

[magictv]

Nothing in particular has gone wrong with my computer but I thought I'd post a HJT log if someone on here could check it over and tell me if there is anything that needs doing I would be very grateful.

 

 

 

Thanks.

 

 

 

Logfile of HijackThis v1.99.1

 

Scan saved at 08:57:14, on 21/08/2006

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

Running processes:

 

C:\WINDOWS\System32\smss[Caution: Executable File]

 

C:\WINDOWS\system32\winlogon[Caution: Executable File]

 

C:\WINDOWS\system32\services[Caution: Executable File]

 

C:\WINDOWS\system32\lsass[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\System32\svchost[Caution: Executable File]

 

C:\Program Files\Intel\Wireless\Bin\EvtEng[Caution: Executable File]

 

C:\Program Files\Intel\Wireless\Bin\S24EvMon[Caution: Executable File]

 

C:\WINDOWS\Explorer[Caution: Executable File]

 

C:\Program Files\Intel\Wireless\Bin\WLKeeper[Caution: Executable File]

 

C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: Executable File]

 

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: Executable File]

 

C:\Program Files\Dell\QuickSet\NICCONFIGSVC[Caution: Executable File]

 

C:\Program Files\Intel\Wireless\Bin\RegSrvc[Caution: Executable File]

 

C:\WINDOWS\system32\hkcmd[Caution: Executable File]

 

C:\WINDOWS\system32\igfxpers[Caution: Executable File]

 

C:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File]

 

C:\WINDOWS\stsystra[Caution: Executable File]

 

C:\Program Files\Synaptics\SynTP\SynTPEnh[Caution: Executable File]

 

C:\Program Files\Dell\QuickSet\quickset[Caution: Executable File]

 

C:\Program Files\Intel\Wireless\bin\ZCfgSvc[Caution: Executable File]

 

C:\WINDOWS\system32\igfxsrvc[Caution: Executable File]

 

C:\Program Files\Intel\Wireless\Bin\ifrmewrk[Caution: Executable File]

 

C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: Executable File]

 

C:\WINDOWS\system32\dla\tfswctrl[Caution: Executable File]

 

C:\Program Files\Common Files\InstallShield\UpdateService\issch[Caution: Executable File]

 

C:\Program Files\Real\RealPlayer\RealPlay[Caution: Executable File]

 

C:\Program Files\QuickTime\qttask[Caution: Executable File]

 

C:\Program Files\Corel\Corel Photo Album 6\MediaDetect[Caution: Executable File]

 

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag[Caution: Executable File]

 

C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: Executable File]

 

C:\Program Files\Dell Support\DSAgnt[Caution: Executable File]

 

C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

C:\PROGRA~1\WHATPU~1\WHATPU~1[Caution: Executable File]

 

C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\Program Files\Digital Line Detect\DLG[Caution: Executable File]

 

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg[Caution: Executable File]

 

C:\PROGRA~1\MOZILL~1\FIREFOX[Caution: Executable File]

 

C:\Program Files\MSN Messenger\msnmsgr[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: Executable File]

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: Executable File]

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: Executable File]

 

C:\Documents and Settings\Tom\Desktop\hijackthis\HijackThis[Caution: Executable File]

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&c ... channel=uk

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/hws/sb/dell-usu ... channel=uk

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usu ... channel=uk

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/defau ... l=en&s=gen

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=en&s=gen

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk/hws/sb/dell-usu ... channel=uk

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&c ... channel=uk

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.homecallbroadband.com/customer/

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

 

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

 

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

 

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

 

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

 

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray[Caution: Executable File]

 

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd[Caution: Executable File]

 

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers[Caution: Executable File]

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File]

 

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra[Caution: Executable File]

 

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh[Caution: Executable File]

 

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset[Caution: Executable File]

 

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc[Caution: Executable File]"

 

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk[Caution: Executable File]" /tf Intel PROSet/Wireless

 

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: Executable File]"

 

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution: Executable File]

 

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm[Caution: Executable File]" -startup

 

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch[Caution: Executable File]" -start

 

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay[Caution: Executable File] SYSTEMBOOTHIDEPLAYER

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime

 

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect[Caution: Executable File]

 

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag[Caution: Executable File]" /icon

 

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct[Caution: Executable File] /uninstall

 

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: Executable File]"

 

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: Executable File] /STARTUP

 

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt[Caution: Executable File]" /startup

 

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: Executable File]" /background

 

O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1[Caution: Executable File]

 

O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen[Caution: Executable File] /nosplash

 

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: Executable File]

 

O4 - Global Startup: Digital Line Detect.lnk = ?

 

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

 

O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

 

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

 

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

 

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

 

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

 

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab

 

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2779309546

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{CD8AD8C4-80C2-49F6-A339-9B089B6E58F9}: NameServer = 80.225.254.178 80.225.254.186

 

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

 

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

 

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

 

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

 

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc[Caution: Executable File]

 

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: Executable File]

 

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: Executable File]

 

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: Executable File]

 

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng[Caution: Executable File]

 

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC[Caution: Executable File]

 

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc[Caution: Executable File]

 

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon[Caution: Executable File]

 

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: Executable File]

 

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper[Caution: Executable File]

 

 

 

[Albosky]

Nothing really raised a "red flag" in your log.

 

 

 

 

 

Not sure why you would want WhatPulse installed, unless you actually care how many keys you pressed and how many times you clicked your mouse :P

 

 

 

I guess the google entries in your IE start and search page dont really NEED the dell references , but it wouldnt matter regardless

 

 

 

This is the only entry that i would be worried about

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{CD8AD8C4-80C2-49F6-A339-9B089B6E58F9}: NameServer = 80.225.254.178 80.225.254.186

 

 

 

Custom NameServer entries are usually not a good sign unless you are on some sort of a business network that requires them , or a specific application needs to resolve to those domains/ip's.

[magictv]

Thanks, I'm not on a business network or anything like that so do you reckon I should get rid of it or just leave it?

[tunaboy692004]

i wouldent get rid of that without consulting your ISP first, allthough i belive you will be fine either with or without that entry it may have been set when you suscribed to your Internet service provider

[n65uk]

It resolves to Tiscali, so I am assuming it's their ISP -> so leave it.

[magictv]

It resolves to Tiscali, so I am assuming it's their ISP -> so leave it.

 

 

 

Correctomundo mon ami. :)

 

 

 

Thanks