|
I'm rather new to this whole my computer starting to slow down and suck thing... and after looking around a little i found "hijackthis". i ran a scan but im not sure exactly what im looking at. the various forums i glanced at that are suggested to post hijackthis logs on all have a very lengthy process to go through
so i was just wondering, since TL has always been there for me in the past whether i asked for help or not; could anyone who has a better understanding about hijackthis let me know if any of these processes look shady? thanks in advance!
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 2:17:42 PM, on 12/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Razer\Salmosa\razerhid.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Razer\Salmosa\razerofa.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\Program Files\Razer\Salmosa\razertra.exe
C:\Program Files\AIM\aim.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081227
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081227
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Salmosa] C:\Program Files\Razer\Salmosa\razerhid.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: O2FLASH - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
--
End of file - 8077 bytes
 
|
Edit: I didn't read properly, my bad.
|
Go through the lengthy process >__>
You don't want to fuck this up lol
|
Rather than spending the time and effort salvaging this computer, why don't you just backup all the files and do a fresh install? In my experience its been much faster than going through all that bogged up stuff..
|
are you running windows desktop search and google desktop search? if you think you need one make sure you are using windows version 4 and uninstall google. (and i only recommend you use it if you use outlook, otherwise uninstall both. for most people the indexing slows them down more than the fast search saves time)
do you use groove? most people don't. uninstall by modifying office.
your system will be faster after those uninstalls.
|
i already formatted my computer, but i did it using the recovery partition because for some reason the startup disc wasnt registering. i couldnt boot from the disc either... im on a Dell Vostro 1510 with Vista. is it possible that malware or anything could have creeped into the recovery?
ive been running ad-aware, spy-bot and avast anti-virus. maximized the performance for vista, used CCleaner on the registry, and disabled a bunch of programs from booting. im running defraggler right now.
one of the main problems happens when i game. i play a little bit of HoN and about 7 mins in it starts to freeze. the freezes last maybe 30 seconds at hte most and once the first one happens they start to reoccur every few minutes. my computer specs are suitable to run the game and it has worked for months. when the game freezes ive checked the task manager and no programs are spiking, not even HoN.
the same thing happens when i play SC but not as often and it is not as severe (thank god). sometimes i can play for hours without any issues.
|
How old is the computer? Eventually these things just stop processing things as efficiently. It doesn't help that you're running Vista, you might consider upgrading to Windows 7.
As for viruses... It's possible but unlikely that a virus escaped the format, If a virus did survive, it was probably in the files you backed up. But again if you did your due diligence with virus scans, its pretty unlikely.
|
That logg looks clean to me. Consider switching operating system. Good luck!
|
|
|
No that does not look normal or clean at all. It's full of clutter and crap you don't need which is bad because it slows down your computer. My HJT log is super fucking short at home.
Not needed open/startup, can open later if you need:
Any of the Razer stuff
(imo I would just remove these below)
Any of the Dell stuff
any of the Adaware/Spybot/Avast stuff
Adobe/MS Office (lot of this shit in there)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
And everything else that starts with O23
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE'
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE'
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
Bad Stuff:
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
(this is probably not bad actually - but it is intrusive like the rest of the bonjour/apple shit)
Unsure stuff (google it, but be aware that any file can be infected. If it sounds non essential just remove it in my experience.):
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O13 - Gopher Prefix:
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
Also - Don't use internet explorer..
|
thanks to u all, much much appreciated
|
Belgium6755 Posts
google hijackthis log analyzer or something
it'll detect which entries are malicious
|
Baa?21242 Posts
|
Go
Start/Run/MSconfig > startup > uncheck basically everything unless you want it to start up when your comp boots (on my comp all I have on startup is like Dead AIM)
Start/Run/MSconfig > services > check the hide all MS services > uncheck everything here that sounds retarded (google updater service, avg email scanner, ipod service, Apple, Adobe, Dell, etc etc) You can even uncheck a lot of the microsoft services if you are like me and don't use system restore, themes, or other flashy UI bullshit.
Btw, Spybot and Adaware are oldschool and not nearly as good as they were like 5+ years ago.
I would just use something like Avast or AVG free spyware scanner if at all. (all it really does is clear cache and a few temp folders that you can do manually or set to do in firefox anyways)
I normally don't even use that; because I have firefox with noscript addon and it clears cache and most of the other private shit upon closing. And then I have all the Active X shit in IE turned off auto to instead prompt and then never use IE as much as possible.
|
On December 11 2009 05:06 inss wrote:
i already formatted my computer, but i did it using the recovery partition because for some reason the startup disc wasnt registering. i couldnt boot from the disc either... im on a Dell Vostro 1510 with Vista. is it possible that malware or anything could have creeped into the recovery?
ive been running ad-aware, spy-bot and avast anti-virus. maximized the performance for vista, used CCleaner on the registry, and disabled a bunch of programs from booting. im running defraggler right now.
one of the main problems happens when i game. i play a little bit of HoN and about 7 mins in it starts to freeze. the freezes last maybe 30 seconds at hte most and once the first one happens they start to reoccur every few minutes. my computer specs are suitable to run the game and it has worked for months. when the game freezes ive checked the task manager and no programs are spiking, not even HoN.
the same thing happens when i play SC but not as often and it is not as severe (thank god). sometimes i can play for hours without any issues.
That actually might be a CPU thing, since most comps have dual or quad cores it might be doing something weird and switching to a new core or some kind of hardware issue.
Get a free app like speedfan and keep it running while you game, see if anything gets really hot when the problem happens.
Also, it wouldn't hurt to clean all the dust and shit out of your comp, when is the last time you did that?
|
I heard deleting system32 will remove all the problems
|
On December 11 2009 06:21 SwEEt[TearS] wrote:
I heard deleting system32 will remove all the problems
QFT
|
CharlieMurphy I only looked for malware. I do agree he's stacked up with unnecessary things. However I'm not prepared to devote the time needed to figure out what he can remove or can't remove. Just telling someone they can disable a lot of services is not a safe way to give support imo.
Most of those problems would go away if he started fresh with windows 7 wouldn't you agree?
|
On December 11 2009 06:33 Patriot.dlk wrote:
CharlieMurphy I only looked for malware. I do agree he's stacked up with unnecessary things. However I'm not prepared to devote the time needed to figure out what he can remove or can't remove. Just telling someone they can disable a lot of services is not a safe way to give support imo.
Most of those problems would go away if he started fresh with windows 7 wouldn't you agree?
not really, once he reinstalls all the shit you do need that bundles and starts up all their bullshit. (office,adobe, OEM windows copy, razer mouse, itunes, etc) all that shit comes right back.
|
A lot of computer slowdown is just caused by excess unnecessary processes running. Cut down your start-up list to only the bare essentials (pretty much nothing), get rid of razer stuff, office quicklaunch, adobe speedlauncher, pretty much everything.
If you can upgrade to windows 7, it's like 10x faster than vista.
One other thing to do is clear out your harddrive (check download folders, temp folders, delete old crap you don't use anymore) and do a full defrag.
After all that you'll be running good as new.
|
|
|
|
|
|
EPT
