View Full Version : HijackThis Log File - can someone take a wee look? :-)

12-26-2005, 05:30 PM
Mery Christmas to all on the forum!

Below I have copied my HijackThis log file after I ran it just a second ago.

It mentioned to check with experts before i deleted anything.

You may notice alot of winmx entries in my hosts file, but I have put them there and this is not something someone else has done.

Any help is appreciated.



Logfile of HijackThis v1.99.1
Scan saved at 17:24:02, on 26/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\v21\Dialler\V21.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\v21\Dialler\StatWnd.dll
C:\Documents and Settings\Gillian Young\My Documents\apps\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portal.v21.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by V21
F2 - REG:system.ini: UserInit="main3.exe" - -
O1 - Hosts: www.winmx.com
O1 - Hosts: err.winmx.com
O1 - Hosts: c3310.z1301.winmx.com
O1 - Hosts: c3311.z1301.winmx.com
O1 - Hosts: c3312.z1301.winmx.com
O1 - Hosts: c3313.z1301.winmx.com
O1 - Hosts: c3314.z1301.winmx.com
O1 - Hosts: c3315.z1301.winmx.com
O1 - Hosts: c3316.z1301.winmx.com
O1 - Hosts: c3317.z1301.winmx.com
O1 - Hosts: c3318.z1301.winmx.com
O1 - Hosts: c3319.z1301.winmx.com
O1 - Hosts: c3310.z1302.winmx.com
O1 - Hosts: c3311.z1302.winmx.com
O1 - Hosts: c3312.z1302.winmx.com
O1 - Hosts: c3313.z1302.winmx.com
O1 - Hosts: c3314.z1302.winmx.com
O1 - Hosts: c3315.z1302.winmx.com
O1 - Hosts: c3316.z1302.winmx.com
O1 - Hosts: c3317.z1302.winmx.com
O1 - Hosts: c3318.z1302.winmx.com
O1 - Hosts: c3319.z1302.winmx.com
O1 - Hosts: c3310.z1303.winmx.com
O1 - Hosts: c3311.z1303.winmx.com
O1 - Hosts: c3312.z1303.winmx.com
O1 - Hosts: c3313.z1303.winmx.com
O1 - Hosts: c3314.z1303.winmx.com
O1 - Hosts: c3315.z1303.winmx.com
O1 - Hosts: c3316.z1303.winmx.com
O1 - Hosts: c3317.z1303.winmx.com
O1 - Hosts: c3318.z1303.winmx.com
O1 - Hosts: c3319.z1303.winmx.com
O1 - Hosts: c3310.z1304.winmx.com
O1 - Hosts: c3311.z1304.winmx.com
O1 - Hosts: c3312.z1304.winmx.com
O1 - Hosts: c3313.z1304.winmx.com
O1 - Hosts: c3314.z1304.winmx.com
O1 - Hosts: c3315.z1304.winmx.com
O1 - Hosts: c3316.z1304.winmx.com
O1 - Hosts: c3317.z1304.winmx.com
O1 - Hosts: c3318.z1304.winmx.com
O1 - Hosts: c3319.z1304.winmx.com
O1 - Hosts: c3310.z1305.winmx.com
O1 - Hosts: c3311.z1305.winmx.com
O1 - Hosts: c3312.z1305.winmx.com
O1 - Hosts: c3313.z1305.winmx.com
O1 - Hosts: c3314.z1305.winmx.com
O1 - Hosts: c3315.z1305.winmx.com
O1 - Hosts: c3316.z1305.winmx.com
O1 - Hosts: c3317.z1305.winmx.com
O1 - Hosts: c3318.z1305.winmx.com
O1 - Hosts: c3319.z1305.winmx.com
O1 - Hosts: c3310.z1306.winmx.com
O1 - Hosts: c3311.z1306.winmx.com
O1 - Hosts: c3312.z1306.winmx.com
O1 - Hosts: c3313.z1306.winmx.com
O1 - Hosts: c3314.z1306.winmx.com
O1 - Hosts: c3315.z1306.winmx.com
O1 - Hosts: c3316.z1306.winmx.com
O1 - Hosts: c3317.z1306.winmx.com
O1 - Hosts: c3318.z1306.winmx.com
O1 - Hosts: c3319.z1306.winmx.com
O1 - Hosts: c3520.z1301.winmx.com
O1 - Hosts: c3521.z1301.winmx.com
O1 - Hosts: c3522.z1301.winmx.com
O1 - Hosts: c3523.z1301.winmx.com
O1 - Hosts: c3524.z1301.winmx.com
O1 - Hosts: c3525.z1301.winmx.com
O1 - Hosts: c3526.z1301.winmx.com
O1 - Hosts: c3527.z1301.winmx.com
O1 - Hosts: c3528.z1301.winmx.com
O1 - Hosts: c3529.z1301.winmx.com
O1 - Hosts: c3520.z1302.winmx.com
O1 - Hosts: c3521.z1302.winmx.com
O1 - Hosts: c3522.z1302.winmx.com
O1 - Hosts: c3523.z1302.winmx.com
O1 - Hosts: c3524.z1302.winmx.com
O1 - Hosts: c3525.z1302.winmx.com
O1 - Hosts: c3526.z1302.winmx.com
O1 - Hosts: c3527.z1302.winmx.com
O1 - Hosts: c3528.z1302.winmx.com
O1 - Hosts: c3529.z1302.winmx.com
O1 - Hosts: c3520.z1303.winmx.com
O1 - Hosts: c3521.z1303.winmx.com
O1 - Hosts: c3522.z1303.winmx.com
O1 - Hosts: c3523.z1303.winmx.com
O1 - Hosts: c3524.z1303.winmx.com
O1 - Hosts: c3525.z1303.winmx.com
O1 - Hosts: c3526.z1303.winmx.com
O1 - Hosts: c3527.z1303.winmx.com
O1 - Hosts: c3528.z1303.winmx.com
O1 - Hosts: c3529.z1303.winmx.com
O1 - Hosts: c3520.z1304.winmx.com
O1 - Hosts: c3521.z1304.winmx.com
O1 - Hosts: c3522.z1304.winmx.com
O1 - Hosts: c3523.z1304.winmx.com
O1 - Hosts: c3524.z1304.winmx.com
O1 - Hosts: c3525.z1304.winmx.com
O1 - Hosts: c3526.z1304.winmx.com
O1 - Hosts: c3527.z1304.winmx.com
O1 - Hosts: c3528.z1304.winmx.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [IEOptimizer] Kizlo.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [IEOptimizer] Kizlo.exe
O4 - HKCU\..\RunServices: [IEOptimizer] Kizlo.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O14 - IERESET.INF: START_PAGE_URL=http://portal.v21.co.uk
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6C632C8-153C-4F17-816E-EDAA637D2B62}: NameServer =
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Windows Archiver (winarc) - Unknown owner - C:\WINDOWS\windat.exe (file missing)

12-26-2005, 09:37 PM
The v21 and the partypoker items are the ones that stand out to me. Unless you play partypoker it shouldn't be on your system. v21 may be some software of yours but it doesn't seem like its necessary to run. It also looks like they tried to set your homepage for you but again this could be your doing not sure.

12-28-2005, 01:08 PM
>>>>The v21 and the partypoker items are the ones that stand out to me. Unless you play partypoker it shouldn't be on your system. v21 may be some software of yours but it doesn't seem like its necessary to run. It also looks like they tried to set your homepage for you but again this could be your doing not sure.

Thanks AeroSpace,

The v21 is (vTwoOne) the ISP. So that is 100% Safe.
The partypoker is 100% Safe as I play it.
The homepage seems to be working OK though.

I was told elsewhere to remove any that said 'File Missing', which I did.


01-05-2006, 05:11 PM
is it just the entries marked "(file missing)" that i should remove?


01-10-2006, 12:30 PM
are there any experts on HijackThis?

01-10-2006, 01:16 PM
Remove the missing file ones, and look into the kizlo.exe ones. They say its an "IE optimizer" though I've never heard of such thing and really how "optimized" can you make IE, its already bad as it is.

01-10-2006, 01:56 PM
turns out kizlo.exe is a virus. for anyone looking for info in the future - remove it.

01-10-2006, 04:43 PM
Yeah, it's some kind of trojan. Make sure you run an updated AVG virus scan or whatever to ensure that your system is malware free. Run other tools such as spybot and adaware as well.

01-11-2006, 09:39 AM
This program is malware and is not considered safe, it is part of a Malware group sometimes referred to as Covert.Sys.Exec. It should be Jailed: