Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


HJT log - xbulletholes

  • Please log in to reply
1 reply to this topic

#1 xbulletholes


  • Members
  • 1 posts
  • Local time:05:18 AM

Posted 05 February 2005 - 04:33 PM

Included here is a HijackThis! log that i recently took as I have been having problems with reacurring spyware/trojans/virii or something.
Something/s seem to be pushing my computer to 100%, slowing everything to a crawl, and also using my bandwidth. Files being sent through MSN are crawling at around 3kbps on a 512kbps broadband. :thumbsup:
Any help on what I need to do?
I've ran Ad-Aware SE, A2, Microsoft Anti-Spyware and now have a firewall.

All help is greatly appreciated.


Logfile of HijackThis v1.99.0
Scan saved at 21:31:47, on 05/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Scott\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Windows_Protect] winsystem32.exe
O4 - HKLM\..\Run: [Microsofts media] wingtp.exe
O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 - HKLM\..\Run: [Microsoft Windows Storage Machine Service] winms.exe
O4 - HKLM\..\Run: [Windows Update Auto Update] wuaumgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Windows Support Center] msnmsgr.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\
O4 - HKLM\..\Run: [Boot Manager] bootmng.exe
O4 - HKLM\..\Run: [wV9Vn] C:\WINDOWS\pieubcdl.exe
O4 - HKLM\..\RunServices: [Windows_Protect] winsystem32.exe
O4 - HKLM\..\RunServices: [NvCplScan] winasp.exe
O4 - HKLM\..\RunServices: [Microsofts media] wingtp.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Storage Machine Service] winms.exe
O4 - HKLM\..\RunServices: [Windows Update Auto Update] wuaumgr.exe
O4 - HKLM\..\RunServices: [Windows Support Center] msnmsgr.exe
O4 - HKLM\..\RunServices: [Boot Manager] bootmng.exe
O4 - HKCU\..\Run: [NvCplScan] winasp.exe
O4 - HKCU\..\Run: [Windows_Protect] winsystem32.exe
O4 - HKCU\..\Run: [Boot Manager] bootmng.exe
O4 - HKCU\..\Run: [Windows Update Auto Update] wuaumgr.exe
O4 - HKCU\..\Run: [Windows Support Center] msnmsgr.exe
O4 - HKCU\..\RunServices: [Windows Support Center] msnmsgr.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://advnt01.com/dialer/internazionale_ver4.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4B2347F-206B-41D0-A597-D63DE632C1C1}: NameServer =
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

BC AdBot (Login to Remove)


#2 don77


    Forum Regular

  • Members
  • 3,212 posts
  • Gender:Male
  • Location:Boston Mass
  • Local time:05:18 AM

Posted 06 February 2005 - 07:15 PM

Hi xbulletholes

Lets see if we can't clean some of this up
Please run these two online scans. Make sure they are set to clean automatically:

TrendMicro's HouseCall

You should try to delete any files that these scanners are unable to clean. Then let us know if its working better and what the scans found.

Then scan again with HijackThis and post another log.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users