Jump to content


Photo

Analyzing the HIJACKTHIS log


  • This topic is locked This topic is locked
17 replies to this topic

#1 Sunny Kraf

Sunny Kraf

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 04 April 2008 - 01:33 AM

I just want to get my HIJACK THIS log checked for anything suspicious.

I am particularly concerned about item O20: AppInit_DLLS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:39 AM, on 4/4/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

Thanks

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 06 April 2008 - 02:16 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 07 April 2008 - 01:22 AM

Hi SunnyKraf,


Your log looks clean. :thumbup:

The O20: AppInit_DLLS entry is benign and isn't causing any harm.


Please take the following steps to help prevent infection in the future:

1) Download and install Spybot-Search & Destroy, which has great features (specifically Immunization and TeaTimer) that help prevent malware from getting on your computer. Also a great scanner for weekly checks of the health of your system.

2) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

3) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

4) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

5) Be sure to update your Antivirus and Antispyware programs often!


Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?




Safe surfing,

-screen317

Please consider donating to help support the continued prompt and excellent services of this site.


#4 Sunny Kraf

Sunny Kraf

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 07 April 2008 - 10:02 PM

Hi SunnyKraf,


Your log looks clean. :thumbup:

The O20: AppInit_DLLS entry is benign and isn't causing any harm.


Please take the following steps to help prevent infection in the future:

1) Download and install Spybot-Search & Destroy, which has great features (specifically Immunization and TeaTimer) that help prevent malware from getting on your computer. Also a great scanner for weekly checks of the health of your system.

2) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

3) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

4) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

5) Be sure to update your Antivirus and Antispyware programs often!


Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?




Safe surfing,

-screen317


Thanks so much.

I did all you said but I am not able to install the ie-spyad.

Also, I haven't been downloading windows vista updates since 2 months (2 months back when i downloaded the updates my system froze and won't boot and i had to do a factory restore). Plus now I have heard that vista sp1 is not that good. So, do you think i should still go ahead and download the updates?

Sunny

Edited by Sunny Kraf, 07 April 2008 - 10:20 PM.


#5 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 08 April 2008 - 04:59 PM

Hi Sunny,

I did all you said but I am not able to install the ie-spyad.

Sorry about that; IE-SpyAd doesn't work with Internet Explorer 7. Don't worry about it. :)


Also, I haven't been downloading windows vista updates since 2 months (2 months back when i downloaded the updates my system froze and won't boot and i had to do a factory restore). Plus now I have heard that vista sp1 is not that good. So, do you think i should still go ahead and download the updates?

I would hold off on installing SP1 for a little while (I'd say a month or two), as there are still bugs to hammer out that I wouldn't want you to experience. :)

Though, definitely download the other updates; they patch security holes that criminals can use to exploit your computer for malicious purposes.


Let me know if you have any other concerns.


-screen317

Please consider donating to help support the continued prompt and excellent services of this site.


#6 Sunny Kraf

Sunny Kraf

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 08 April 2008 - 11:31 PM

Thanks. I'll do that.

My issue has been resolved but I have 1 last question. I am listing all the security/spyware related software I have on my system (I am pretty finicky about security).

Ad-Aware
Avast Antivirus
CCleaner
Hijack This
Mcafee Site Advisor
Spyware Blaster
Spyware Guard
Spybot Search and Destroy
Privacy Mantra
WinPatrol
Zone Alarm Firewall

Do you have comments/suggestions on the above.

Should I add anything else to my arsenal? Does spybot SD have real time spyware scanning? Is Comodo Firewall better than Zone Alarm?

Also, I deleted "Browser Address Error Redirector" after doing some research online. But after I deleted it, Spybot SD warned me that "an important entry has been deleted from the registry". Did I do something wrong by removing that entry?

Sunny

Edited by Sunny Kraf, 09 April 2008 - 04:14 AM.


#7 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 09 April 2008 - 01:01 PM

Hi Sunny,


Do you have comments/suggestions on the above.

Should I add anything else to my arsenal?

You are running a good set of security programs, with multiple layers of protection; very good.

I have never heard of Privacy Mantra though; could you tell me what it does?

Also, SpywareGuard hasn't been updated in quite some time, and is considered to be obsolete. I do not recommend it anymore.


Does spybot SD have real time spyware scanning?

Could you elaborate on what you mean by "realtime spyware scanning" ? Spybot does have realtime protection aspects, such as Immunization, which protects you from inbound threats, and TeaTimer, which prevents harmful Registry changes. In addition I believe Spybot can block bad downloads (right click the icon in the tray, and you should see some sort of option for that).


Is Comodo Firewall better than Zone Alarm?

In terms of resource usage, I would rank Comodo higher than Zone Alarm. I personally use Comodo, and have never had any problems with it. Though if not causing you any problems, I don't see an immediate need to switch.

Also, I deleted "Browser Address Error Redirector" after doing some research online. But after I deleted it, Spybot SD warned me that "an important entry has been deleted from the registry". Did I do something wrong by removing that entry?

No, you did nothing wrong. Spybot was only doing its job by alerting you that a Registry entry had been deleted (from Browser Address Error Redirector). To prevent this in the future, temporarily disable Spybot's realtime protection before performing uninstallations.


-screen317

Please consider donating to help support the continued prompt and excellent services of this site.


#8 Sunny Kraf

Sunny Kraf

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 09 April 2008 - 07:26 PM

Privacy Mantra (cleans my online tracks,cookies,temp files,cache,etc) is almost the same as CCleaner. I try to use them alternately.

By "realtime spyware scanning" I meant Active Scanning, the same stuff what Avast Realtime scan does i.e scanning files for infections before they actually come into the system. But I wasn't sure if avast could detect spywares too ( thats the reason I downloaded spyware guard). I wanted to download spyware terminator but the reviews didn't impress me and avg antispyware has a trial period of 30 days.I read what you wrote about Spybot and I am still confused whether you can call that "active scanning".

I used to love comodo but its defense+ became very irritating for me and so i switched to zone alarm.

Also, are there any separate anti phishing filters for mozilla?

Thanks

Sunny

PS: I uninstalled spyware guard

#9 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 11 April 2008 - 11:05 PM

Hi Sunny,

By "realtime spyware scanning" I meant Active Scanning, the same stuff what Avast Realtime scan does i.e scanning files for infections before they actually come into the system. But I wasn't sure if avast could detect spywares too ( thats the reason I downloaded spyware guard). I wanted to download spyware terminator but the reviews didn't impress me and avg antispyware has a trial period of 30 days.I read what you wrote about Spybot and I am still confused whether you can call that "active scanning".

Yes, avast should be adequate at detecting spyware in downloads (most likely via its heuristic scanner). If you are unsure of a file you downloaded, you can always upload it to VirusTotal, and it will be scanned with 30 antivirus programs for free.


Also, are there any separate anti phishing filters for mozilla?

Firefox has built-in phishing protection; see this link for information about it.

Please consider donating to help support the continued prompt and excellent services of this site.


#10 Sunny Kraf

Sunny Kraf

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 14 April 2008 - 08:22 AM

Hi screen317

I opened another topic for my problem but now I guess its better to just ask it here. (I am not able to delete that new thread, can you tell me how to delete that thread?)

I have a laptop with Vista 32bit OS.

I turned my "Show hidden files" on and found that I have a hidden folder named "$$DeleteMe.$$DeleteMe.$$DeleteMe..01c89d37f587cb2a.0000.01c89d3825032223.0000.01c89d3e2b67f4ae.0000" in the C:/ drive.

The folder is empty and the date of creation is 11/2/2006. I purchased my laptop from dell in feb 2008.I scanned the folder using avast antivirus and found no infections.

I am not sure what this folder does and the name of the folder is confusing and suspicious. What should I do? Should I just delete it?

Also, I installed windows updated last week and I noticed that my boot time increased to about 2 mins. I was pretty sure this was because of the updates so I tried to rollback by using system restore. The system restore started, it restarted my system and said "restoring the system". But when it actually rebooted I got an error message that "system restore not completed".

I usually clean out the shadow copies of system restore once in a while. Can this be the problem?

Thanks

Sunny

Edited by Sunny Kraf, 14 April 2008 - 08:29 AM.


#11 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 14 April 2008 - 07:40 PM

Hi Sunny,

Is this the same laptop as the one you originally came here for? If not, please stick with that other topic. We prefer to keep separate computers in separate topics for organizational reasons.

Please consider donating to help support the continued prompt and excellent services of this site.


#12 Sunny Kraf

Sunny Kraf

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 14 April 2008 - 10:11 PM

Yes, this is the same laptop. At first I thought that its a different problem so I started a new topic.

Also, here is the link to that topic ( you can delete it as I am not able to )

http://forums.spywar...howtopic=115750

Sunny

#13 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 15 April 2008 - 11:59 PM

Hi Sunny,

The topic has been deleted.



I usually clean out the shadow copies of system restore once in a while. Can this be the problem?

Yes, that is why the System Restore failed.


I turned my "Show hidden files" on and found that I have a hidden folder named "$$DeleteMe.$$DeleteMe.$$DeleteMe..01c89d37f587cb2a.0000.01c89d3825032223.0000.01c89d3e2b67f4ae.0000" in the C:/ drive.

The folder is harmless and is on most, if not all, Vista 32bit computers. Not sure what it does though; your guess is as good as mine. I can assure you that it's harmless though; I wouldn't delete it.


-screen317

Please consider donating to help support the continued prompt and excellent services of this site.


#14 Sunny Kraf

Sunny Kraf

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 21 April 2008 - 10:42 PM

Hi

Sorry for replying late.

My boot-time has become real bad. Its about 3 mins now. It used to be under 1 min before the updates. Is there anything I can do?

Considering the specs I have (T7500, 3GB RAM, very selective startup) 3 mins is irritating me.

Thanks

Sunny

#15 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 23 April 2008 - 07:25 PM

Have you installed any new programs recently?

Post a fresh HijackThis log, and we'll take it from there.

Also, please register (it's free, don't worry) with PCPitStop and run the full tests here. When the tests are complete, a results page will pop up. Click "Share these results with TechExpress" on the right-hand side. Then copy the URL provided and post it here for me.

-screen317

Please consider donating to help support the continued prompt and excellent services of this site.


#16 Sunny Kraf

Sunny Kraf

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 24 April 2008 - 12:22 AM

I installed Ashampoo startup tuner.

I will be formatting my HDD in a couple of weeks coz I want to dual boot Ubuntu 8.04 with Vista, so it doesn't matter, but still, I am posting my Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:04 AM, on 4/24/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\DivX\DivX Player\DivX Player.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: IntelŽ PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IntelŽ PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 7831 bytes

Edited by Sunny Kraf, 24 April 2008 - 12:38 AM.


#17 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 25 April 2008 - 12:19 AM

Hi Sunny,

I installed Ashampoo startup tuner.

Was performance like this before you installed Ashampoo startup tuner?


I will be formatting my HDD in a couple of weeks coz I want to dual boot Ubuntu 8.04 with Vista, so it doesn't matter,

Okay, thanks for the heads-up.

Please consider donating to help support the continued prompt and excellent services of this site.


#18 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 08 May 2008 - 05:50 PM

Hi Sunny,

Just wanted to see how things were coming along, or if you wanted to have this topic closed.

Please consider donating to help support the continued prompt and excellent services of this site.





Member of UNITE
Support SpywareInfo Forum - click the button