Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


HijackThis log - Help please

  • Please log in to reply
4 replies to this topic

#1 jengor


  • Members
  • 3 posts
  • Local time:12:17 PM

Posted 21 June 2005 - 05:49 AM

please find below my hjt log, I would appreciate help in cleaning it up. I have done updates to both AdAware and Spybot, run scans and nothing found.
Thanks :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 11:32:03, on 21/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
K:\Program Files\BandwidthMeter\BandwidthMeter.exe
K:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
K:\Program Files\BT Broadband\Help\bin\mpbtn.exe
U:\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
I:\Ad-aware 6\Ad-watch.exe
K:\Documents and Settings\Gordon\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Spybot\SDHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client] I:\Firewall\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG_CC] I:\AVGANT~1\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] K:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServicesOnce: [washindex] I:\washer\washidx.exe "Gordon"
O4 - HKCU\..\Run: [ctfmon.exe] K:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Window Washer] I:\washer\wwDisp.exe
O4 - HKCU\..\RunServicesOnce: [washindex] I:\washer\washidx.exe
O4 - Startup: Bandwidth Meter.lnk = K:\Program Files\BandwidthMeter\BandwidthMeter.exe
O4 - Global Startup: BT Broadband Help.lnk = K:\Program Files\BT Broadband\Help\bin\matcli.exe
O8 - Extra context menu item: &Check Spelling - res://K:\Program Files\ieSpell\ieSpell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: &ieSpell Options - res://K:\Program Files\ieSpell\ieSpell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Download with GetRight - I:\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://P:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - I:\GetRight\GRbrowse.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - K:\Program Files\ieSpell\ieSpell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - K:\Program Files\ieSpell\ieSpell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - K:\Program Files\ieSpell\ieSpell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - K:\Program Files\ieSpell\ieSpell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: K:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{920B65E3-AF58-4D8B-8CDB-569AB6F88C8F}: NameServer =
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - I:\AVGANT~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - I:\AVGANT~1\avgupsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - U:\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: SmartLinkService (SLService) - Unknown owner - slserv.exe (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - U:\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - K:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - K:\WINDOWS\system32\wwSecure.exe

BC AdBot (Login to Remove)


#2 Guest_Cretemonster_*


  • Guests

Posted 22 June 2005 - 04:51 AM

Hey jengor and Welcome!

The log looks OK from here,what problems are you having?

#3 jengor

  • Topic Starter

  • Members
  • 3 posts

Posted 22 June 2005 - 08:54 AM

Thank you for your interest, where did you get that name? :thumbsup: (in the nicest possible way)

I had identified slserv.exe as Malware with 2 entries detected by HJT.

I tried to delete both. I succeded with the file itself but this service came back each time and I could not get rid of it even using Safe mode.

O23 - Service: SmartLinkService (SLService) - Unknown owner - slserv.exe (file missing)

Subsequent to the posting, I tried Task Manager to see if the service was running - but no. I have just completed a full registry search and have removed 10 instances where slserve existed.

A new HJT log shows that I have at last suceeded in a complete removal.

Again many thanks.

Jengor :flowers:

#4 Guest_Cretemonster_*


  • Guests

Posted 22 June 2005 - 06:27 PM

So you like the name HUH??

Crete comes from my profession which is Concrete!!

Cretemonster comes from the name of a piece of Heavy Equipment I use to run years ago!!!

Tell ya what you can do for the PC!!

Uninstall Ad Aware 6 completely and any plugins you may have used!

Do this via Add\Remove Programs,once all is Removed from there,restart the PC and get Ad Aware 1.06 from here

Scan the PC with that and see what it comes up with!

2 Programs which can make using Internet Explorer much safer are

Update Immediatly!

IE Spyad:
There is a direct download inside and great tutorial also!

A few excellent places to run Online Scans are






Hope all this Helps!!

#5 jengor

  • Topic Starter

  • Members
  • 3 posts
  • Local time:12:17 PM

Posted 23 June 2005 - 08:54 AM

Many thanks,

all installed plus Spyware Guard, I use TrendMicro as an online AV scan as it is compatible with Firefox, my preferred browser.

Best wishes

Jengor :thumbsup:

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users