| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 75642 | 2007-01-05 23:56:00 | Speedy, can you take a look at this HJT log please? Thanks! | Sick Puppy (6959) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 513111 | 2007-01-05 23:56:00 | Hey there Speedy, after nearly a year of PC ownership, the old lappy is starting to get a bit slow, and last week I ran out of virtual memory- it froze for about five minutes before telling me this though! Anyhow, I did the dangerous thing and did some reading, installed and ran ccleaner (cleared about 200Mb!), as well as removing whatever I could find that I wasn't using or planning to use. I have also scanned the lappy with AVG, Spybot and Adaware, after updating them first. Can you please take a look at this log and tell me what else I could/should get rid of? Thanks in advance for your time Speedy!:thumbs: |
Sick Puppy (6959) | ||
| 513112 | 2007-01-05 23:59:00 | Logfile of HijackThis v1.99.1 Scan saved at 12:38:44, on 06/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UStorSrv.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\ASUS\Wireless Console\wcourier.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\ASUS\NB Probe\NBProbe.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe C:\Program Files\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe" O4 - HKLM\..\Run: [EPSON Stylus Photo RX530 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA GP.EXE /P31 "EPSON Stylus Photo RX530 Series" /O6 "USB001" /M "Stylus Photo RX530" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O15 - Trusted Zone: www.wises.co.nz O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - cdn.scan.safety.live.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - download.zonelabs.com O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe |
Sick Puppy (6959) | ||
| 513113 | 2007-01-06 00:18:00 | Hmm run HJT again tick these entries and tick fix checked. Close browser/s first. O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" - unless u have a remote for this. O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - If you're only using this for reading PDF files, Foxit Reader maybe better. It's smaller O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet - I wld run this manually, Put it on the taskbar. I would also tick these, and run these manually. O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe Then reboot. See if things are any faster. |
Speedy Gonzales (78) | ||
| 513114 | 2007-01-06 01:34:00 | Sweet, have done all bar the winpatrol and spyware guard- haven't done these yet since these are on my task bar; when you say run them manually, do you mean I should open them as soon as I start up the laptop, or does the fact they're on the task bar mean they will still be working anyway? Also, just curious about these and whether they are worth keeping around on startup- they are from my multifunction printer/ scanner: O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll And just to add to the list, how about Quicktime and the PC link to my mobile? O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup Finally, I downloaded Ewido from the last time I had that nasty little virus you sorted out for me- I updated it as far as I could (until AVG bought them out), and use it every now and again, although it is not used until I activate it- should it be in the registry? O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe Reason I ask is because I got the impression that registrys were what started up when the computer is turned on, and since I only use the ones I quoted when I actually need to use them, just wondering whether they should be checked too. Have I understood this correctly? Thanks heaps Speedy! |
Sick Puppy (6959) | ||
| 513115 | 2007-01-06 01:51:00 | BTW Speedy, just rebooted, and the lappy is noticeably quicker both in starting up and opening the programs I regularly use. Cheers! | Sick Puppy (6959) | ||
| 513116 | 2007-01-06 01:56:00 | hmmmmm.......i'm wondering what use is spyware guard and winpatrol unless they ARE running automatically in the background.......you dont 'run them manually' they are SUPPOSED to run at system startup as they're 'guard' programs which offer real time protection - but only if they're running.......also how come you suggest not allowing the nvidia control panel to run ? | drcspy (146) | ||
| 513117 | 2007-01-06 01:59:00 | When you say run them manually, do you mean I should open them as soon as I start up the laptop, or does the fact they're on the task bar mean they will still be working anyway? No if its on the taskbar the install may have done that, it doesn't mean its running. By Manual I mean click on the icon on the desktop/taskbar to run it, after XP has loaded. Also, just curious about these and whether they are worth keeping around on startup- they are from my multifunction printer/ scanner: O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll I don't think these are running on bootup, they may have links/toolbars in your browser. And just to add to the list, how about Quicktime and the PC link to my mobile? O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup You can tick the Quicktime one, all that does is put an icon on the taskbar, so u have faster access to QT's options. Not to sure about the Mobile link. Depends on what it does. Does it sync or something? If not, tick that line too. And run the program manually after XP has loaded. Finally, I downloaded Ewido from the last time I had that nasty little virus you sorted out for me- I updated it as far as I could (until AVG bought them out), and use it every now and again, although it is not used until I activate it- should it be in the registry? O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe Reason I ask is because I got the impression that registrys were what started up when the computer is turned on, and since I only use the ones I quoted when I actually need to use them, just wondering whether they should be checked too. Have I understood this correctly? Thanks heaps Speedy! That 023 as it says is a service. It'll need the service so it runs properly. That entry can stay |
Speedy Gonzales (78) | ||
| 513118 | 2007-01-06 05:13:00 | Okay, have removed the Nokia entry now, removing the SG/ winpatrol ones now. I think DRCspy expressed my concern more clearly, so will check on rebooting whether they are still there. Cheers Speedy! | Sick Puppy (6959) | ||
| 1 | |||||