Hijack This - If you have a moment please have a quick look

BROS · 24-01-2009 8:08am #1

Hello and thanks for looking. I have recently loaded Hijack This. Below please find the Logfile. Could you have a look and see if you can identify any nasties that should not be there or make any recommendations. Firefox seems to take AGES to open and the latop feels sluggish in its performance.

Any suggestions or recommendations are much appreciated.

Thanks in advance,

BROS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:02:20, on 24/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal

Running processes:
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adverts.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [igfxtray] F:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] F:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] F:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] F:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [vmware-tray] F:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "F:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [THotkey] F:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SafeSpace] F:\Program Files\Artificial Dynamics\SafeSpace\SafeSpaceSysTray.exe
O4 - HKLM\..\Run: [WaveFramer] F:\Program Files\Artificial Dynamics\SafeSpace\WaveFramer.exe
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "F:\Documents and Settings\All Users\Application Data\Artificial Dynamics\VIRTUAL\SafeSpace.S-1-5-21-1229272821-1897051121-839522115-1003\Device\HarddiskVolume3\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-21-1229272821-1897051121-839522115-1003\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1229272821-1897051121-839522115-1003\..\Run: [ccleaner] "F:\Documents and Settings\All Users\Application Data\Artificial Dynamics\VIRTUAL\SafeSpace.S-1-5-21-1229272821-1897051121-839522115-1003\Device\HarddiskVolume3\Program Files\CCleaner\CCleaner.exe" /AUTO (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O4 - Global Startup: Windows Desktop Search.lnk = F:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll,AS_WAVEHook.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Artificial Dynamics SafeSpace Agent - Unknown owner - F:\Program Files\Artificial Dynamics\SafeSpace\SafeSpace_Agent.EXE
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: IsposureAgent (isposure_svc) - Epitiro Ltd. - F:\Program Files\isposure\IsposureAgent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TurboFTP Sync Service (TBFTPSyncService) - TurboSoft,Inc - F:\Program Files\TurboFTP\tftpsvc.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - F:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - F:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - F:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - F:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - F:\WINDOWS\system32\vmnat.exe
O23 - Service: Artificial Dynamics WAVE Launcher Service (WAVE Launcher Service) - Artificial Dynamics Ltd. - F:\Program Files\Artificial Dynamics\SafeSpace\LauncherService.exe

--
End of file - 8127 bytes

Ubaroo · 24-01-2009 10:40am

I couldnt find anything. Do you have 2 anti virus programs? (AVG8 and Avira)

BROS · 24-01-2009 1:56pm

Yep Ubaroo,
Two AV programmes, both have to be updated manually, so AV2 is hopefully protecting matters while AV1 is being updated & vice versa. Is this flawed thinking???

Sherifu · 24-01-2009 2:08pm

BROS wrote: »

Is this flawed thinking???

Yes.

There's security and then there's being paranoid.

Lazarus2.0 · 24-01-2009 3:28pm

You should only ever have one antivirus application . Conflicts will cause problems such as you describe .

Overheal · 24-01-2009 3:56pm

BROS wrote: »

Yep Ubaroo,
Two AV programmes, both have to be updated manually, so AV2 is hopefully protecting matters while AV1 is being updated & vice versa. Is this flawed thinking???

lolasaurous.

Pick one, uninstall the other. Operating 2 firewalls or 2 antivirus on the same machine can lead to all myriad of software conflicts.

If you dont like manual updating, I beleve Avast does automatic; and certainly pay-programs update automatically: Norton updates silently every 15 minutes.

BROS · 24-01-2009 5:01pm

Remove one you say, now which one would you remove?

From nsome of the treads on here & other forums, AVG appears to have lost the edge???

Overheal · 24-01-2009 5:27pm

I hate AVG with a fiery passion that burns through my soul, igniting the rage that flashes through my glistened eyes of pure disgust.

Biggins · 24-01-2009 5:58pm

Overheal wrote: »

I hate AVG with a fiery passion that burns through my soul, igniting the rage that flashes through my glistened eyes of pure disgust.

:eek:

Sleipnir · 24-01-2009 6:03pm

You have a lot of stuff running that you don't need and which are using resources, for example;

O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [THotkey] F:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"

yoyo · 24-01-2009 7:19pm

Keep Avira, ditch AVG (New version sucks), and as Sleipnir pointed out, do a cleanup in msconfig

Nick

BROS · 24-01-2009 7:37pm

Sleipnir wrote: »

You have a lot of stuff running that you don't need and which are using resources, for example;

O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [THotkey] F:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"

AHHA,now we're getting down to it! I had a feeling that might be the case.

Could I impose by asking how to rid myself of the above in a safe & simple manner???
While I'm looking for a nickle's worth of FREEadvice, how's the best way to extract AVG? Perhaps Overheal might have a view on this seeing asd AVG seems to be the bane of his/her very existance!

Overheal · 24-01-2009 7:39pm

Go uninstall it from the control panel, like everything else in life. Except norton, which has to be the weird kid playing by himself behind the jungle gym...bright kid, just very antisocial. His parents probably had a rough divorce.

BROS · 24-01-2009 7:55pm

Overheal wrote: »

Go uninstall it from the control panel, like everything else in life. Except norton, which has to be the weird kid playing by himself behind the jungle gym...bright kid, just very antisocial. His parents probably had a rough divorce.

I did as suggested above but if FAILED - Below is the failure notice!

Local machine: installation failed
Installation:
Error: Action failed for file searchshield.jar: creating backup....
Error 0x80070020 %DESTINATION% = "F:\Program Files\AVG\AVG8\Firefox\Chrome\searchshield.jar.install_backup", %SOURCE% = "F:\Program Files\AVG\AVG8\Firefox\Chrome\searchshield.jar"
Error 0x80004004

And the efforts continue...

Sleipnir · 24-01-2009 7:58pm

You don't need to uninstall the software, you just don't want it starting automatically when windows starts. For example, you want the realplayer and quicktime software, you just don't need a program that runs all the time to check for updates for each one. Do the same for java.

TO disable them from startup, go to start, run, type regedit and press enter.
In the left hand pane, browse down to hkey_local_machine/software/microsoft/windows/currentversion/run

In the right is a list of everything that starts automatically from the registry (other programs start from other areas, such as the startup folder in the start menu)

To disable things from this part of the registry, double click on the entry and put a full stop "." at the very beginning. This will prevent it from loading.

***Backup your registry first*** In regedit, goto file, export, select all, type in filename and save.

PogMoThoin · 24-01-2009 8:21pm

Sleipnir wrote: »

You don't need to uninstall the software, you just don't want it starting automatically when windows starts. For example, you want the realplayer and quicktime software, you just don't need a program that runs all the time to check for updates for each one. Do the same for java.

TO disable them from startup, go to start, run, type regedit and press enter.
In the left hand pane, browse down to hkey_local_machine/software/microsoft/windows/currentversion/run

In the right is a list of everything that starts automatically from the registry (other programs start from other areas, such as the startup folder in the start menu)

To disable things from this part of the registry, double click on the entry and put a full stop "." at the very beginning. This will prevent it from loading.

***Backup your registry first*** In regedit, goto file, export, select all, type in filename and save.

:eek: WTF, Absolutely crazy to tell someone like this to edit the registry, one wrong move and his windows is borked.

An easier and safer way to disable at startup type "msconfig" into the run box and untick the startup entry under the startup tab and reboot

This Startup Inspector is also a handy utility to do just that, without getting your hands dirty. It will aslo google each entry and state what it is.

Gyck · 24-01-2009 8:39pm

You don't need to uninstall the software, you just don't want it starting automatically when windows starts.

You seem to have Ccleaner installed, you can stop AVG running with that.

Overheal · 24-01-2009 8:47pm

stop it from running; restart; then try to remove it using ccleaner in the Tools tab.

Overheal · 24-01-2009 9:37pm

Alright im hijacking this thread..........

>_>

<_<

Family computer has identical specs as my laptop (save for a much more bitchin' GPU we added) but Im on it now and its running terribly sluggish - random freezups all over the place. Might just need a good defrag but i figured a scan couldnt hurt:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:35:03 PM, on 1/24/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Windows\sttray.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Stardock\Impulse\Impulse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ImpulseFastStart] "C:\Program Files\Stardock\Impulse\Impulse.exe" /fastload
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10504 bytes

Sherifu · 24-01-2009 10:33pm

Overheal wrote: »

Platform: Windows Vista SP1 (WinNT 6.00.1905)

Think I found the problem...

I jest, I jest. I hate needless V bashing as much as the next man.

Don't see anything obvious that'd be slowing it down. Anything in the error logs?

Your machine have a similar amount of s/w on it?

Sleipnir · 25-01-2009 12:01am

PogMoThoin wrote: »

:eek: WTF, Absolutely crazy to tell someone like this to edit the registry, one wrong move and his windows is borked.

An easier and safer way to disable at startup type "msconfig" into the run box and untick the startup entry under the startup tab and reboot

This Startup Inspector is also a handy utility to do just that, without getting your hands dirty. It will aslo google each entry and state what it is.

Ah, only if you don't know what your doing and I do. Or, you make changes to something you know nothing about, and I'm not recommending that.

Doing it through msconfig does the same thing but, yeah you can do it that way. Doing it via msconfig just disables the same registry key!

That's what he need alright, yet another utility...:rolleyes:

yoyo · 25-01-2009 12:04am

Sleipnir wrote: »

That's what he need alright, yet another utility...:rolleyes:

MSCONFIG is included in windows, so I don't see why its a inconvenience to use it, I would actually see it as more convenient to use it, than editing the Run settings of the registry, I would agree fully with PogMoThoins suggestion

Nick

Overheal · 25-01-2009 12:23am

Sherifu wrote: »

Think I found the problem...

I jest, I jest. I hate needless V bashing as much as the next man.

Don't see anything obvious that'd be slowing it down. Anything in the error logs?

Your machine have a similar amount of s/w on it?

nah mines clean - tends to get reformatted a lot. this family PC hasnt been though. I just went ahead in disabled everything through ccleaner and ran a boot-time defrag. Ill see if i get any more hangups. the only reason i care is i want to run the Dawn of War II Beta on the 4850 I so conveniently had placed on here.

Sleipnir · 25-01-2009 10:46am

yoyo wrote: »

MSCONFIG is included in windows, so I don't see why its a inconvenience to use it, I would actually see it as more convenient to use it, than editing the Run settings of the registry, I would agree fully with PogMoThoins suggestion

Nick

So is regedit! I didn't say it was more or less convenient did I? I guess I'm just used to doing things through regedit. Whichever, I don't really care how he chooses to do the same thing.

Lazarus2.0 · 25-01-2009 12:51pm

BROS wrote: »

Could I impose by asking how to rid myself of the above in a safe & simple manner???

Editing the registry with regedit doesnt fall in to the 'safe and simple' category for the majority of PC users . Windows provides a safe and simple interface , which PogMoThoin is 100% right in recommending IMO .

@ Overheal , Ccleaner , ATF Cleaner and msconfig for 'housekeeping' . You have Raxco's defragger . Defrag with smart placement and see how you're fixed after that .

Overheal · 25-01-2009 2:03pm

seems fine this morning after shutting down all but the most essential startup items through ccleaner. Its down from about 30 starup items to 4.

And even I wouldnt go tinkering around the registry on a whim - I only go in there when I'm directed. Frankly, the registry is very big, and I cant ever be arsed to browse through it, or try to understand half of it.

Hijack This - If you have a moment please have a quick look

Comments