PDA

View Full Version : Hijackthis Log File.



Poppa John
22-12-2006, 10:30 AM
Logfile of HijackThis v1.99.1
Scan saved at 10:11:04 a.m., on 22/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\PJ\Local Settings\Temporary Internet Files\Content.IE5\UJUURRNG\hijackthis_199[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.xtramsn.co.nz/0SEENNZ/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.xtramsn.co.nz/0SEENNZ/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

This is my first attempt at this. I don't know if I have done it right. If you are there Speedy, cann you help, Please. PJ

Speedy Gonzales
22-12-2006, 10:37 AM
Looks fine to me PJ. What probs are u having??

Altho, I wouldn't run Teatimer in the background / on startup.

This entry

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

As it may block entries (so they go into the registry), that maybe required when u install programs.

Poppa John
22-12-2006, 10:46 AM
Looks fine to me PJ. What probs are u having??

Altho, I wouldn't run Teatimer in the background / on startup.

This entry

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

As it may block entries (so they go into the registry), that maybe required when u install programs.

My M/c is Ok. I did this to practice. How do I get rid of the "04" above, simple steps would be better.

It is Maryann's M/c that is the problem, it seems to be running slow. It's specs are not much different to mine. Maybe I have a slightly faster processor. I will do hers next if that is ok with you ? PJ

Speedy Gonzales
22-12-2006, 10:58 AM
My M/c is Ok. I did this to practice. How do I get rid of the "04" above, simple steps would be better.

It is Maryann's M/c that is the problem, it seems to be running slow. It's specs are not much different to mine. Maybe I have a slightly faster processor. I will do hers next if that is ok with you ? PJ

Just run HJT again, tick the teatimer entry (close browser/s) and tick fix checked. Thats it.

Or if u have ccleaner, run this and go to the tools / startup tab, find the teatimer entry and delete it.

Poppa John
22-12-2006, 11:17 AM
Have done it with CC, Thanks for that. Will try maryann's now PJ

Metla
22-12-2006, 11:37 AM
hmmm...Pj, see if you can let me have the PC for a couple of days and Ill insert the "upgrades" I have handy.
'

Poppa John
22-12-2006, 11:37 AM
Logfile of HijackThis v1.99.1
Scan saved at 11:23:13 a.m., on 22/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements

3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Photoshop Elements

3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4

I3K2.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Gmail

Notifier\gnotify.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program

Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Desktop

Search\WindowsSearch.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Windows Desktop

Search\WindowsSearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Desktop

Search\WindowsSearchFilter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Derene\My

Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/defaults/sb

/msgr8/*http://www.yahoo.com/ext/search/search.

html
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ie/defaults/sp

/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://us.rd.yahoo.com/customize/ie/defaults/su

/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/defaults/sb

/msgr8/*http://www.yahoo.com/ext/search/search.

html
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ie/defaults/sp

/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://us.rd.yahoo.com/customize/ie/defaults/su

/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,First Home Page =

http://go.microsoft.com/fwlink/?LinkId=54843
R3 - URLSearchHook: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper -

{02478D38-C3F9-4EFB-9B51-7695ECA05670} -

C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class -

{2F85D76C-0569-466F-A488-493E6BD0E955} -

C:\Program Files\Windows Desktop

Search\dsWebAllow.dll
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Toolbar Helper -

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint -

{327C2873-E90D-4c37-AA9D-10AC9BABA46C} -

C:\Program

Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar -

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVG7_CC]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus Photo RX510]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4

I3K2.EXE /P24 "EPSON Stylus Photo RX510" /O6

"USB002" /M "Stylus Photo RX510"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run:

[{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]

C:\Program Files\Google\Gmail

Notifier\gnotify.exe
O4 - HKLM\..\Run: [Windows Defender]

"C:\Program Files\Windows Defender\MSASCui.exe"

-hide
O4 - HKLM\..\Run: [Picasa Media Detector]

C:\Program

Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SPAMfighter Agent]

"C:\Program Files\SPAMfighter\SFAgent.exe"

update delay 60
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager]

"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE"

-quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program

Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Daily Text] C:\Program

Files\DailyText\DailyText.exe
O4 - HKCU\..\Run: [NBJ]

"C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk =

C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma

Loader.lnk.disabled
O4 - Global Startup: Adobe Reader Speed

Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed

Launch.lnk.disabled
O4 - Global Startup: Exif Launcher.lnk.disabled
O4 - Global Startup: Microsoft

Office.lnk.disabled
O4 - Global Startup: Microsoft Works Calendar

Reminders.lnk.disabled
O4 - Global Startup: Windows Desktop Search.lnk

= C:\Program Files\Windows Desktop

Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet

Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet

Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live

Search - res://C:\Program Files\Windows Live

Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows

&Live Favorites -

http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download using

LeechGet - file://C:\Program Files\LeechGet

2004\\AddUrl.html
O8 - Extra context menu item: Download using

LeechGet Wizard - file://C:\Program

Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: E&xport to

Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3

000
O8 - Extra context menu item: Parse with

LeechGet - file://C:\Program Files\LeechGet

2004\\Parser.html
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher -

{9455301C-CF6B-11D3-A266-00C04F689C50} -

C:\Program Files\Common Files\Microsoft

Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%\Network Diagnostic\xpnetdiag.exe (file

missing)
O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%\Network Diagnostic\xpnetdiag.exe (file

missing)
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger

- {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL]

International*
O16 - DPF:

{0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl

Class) -

http://www.lizardtech.com/download/files/win/dj

vuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF:

{17492023-C23A-453E-A040-C7C580BBF700} (Windows

Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF:

{2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo!

Audio Conferencing) -

http://us.chat1.yimg.com/us.yimg.com/i/chat/app

let/v45/yacscom.cab
O16 - DPF:

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

(YInstStarter Class) - C:\Program

Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF:

{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN

Photo Upload Tool) -

http://by14fd.bay14.hotmail.msn.com/resources/M

snPUpld.cab
O16 - DPF:

{5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows

Live Safety Center Base Module) -

http://cdn.scan.safety.live.com/resource/downlo

ad/scanner/wlscbase8460.cab
O16 - DPF:

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/

V5Controls/en/x86/client/muweb_site.cab?1144823

218187
O16 - DPF:

{7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo!

Audio UI1) -

http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF:

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}

(MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerS

tatsClient.cab31267.cab
O16 - DPF:

{9122D757-5A4F-4768-82C5-B4171D8556A7}

(PhotoPickConvert Class) -

http://appdirectory.messenger.msn.com/AppDirect

ory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF:

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerS

etupDownloader.cab
O16 - DPF:

{D27CDB6E-AE6D-11CF-96B8-444553540000}

(Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave

/cabs/flash/swflash.cab
O18 - Protocol: msnim -

{828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file

missing)
O20 - Winlogon Notify: WgaLogon -

C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj -

{AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor

(AdobeActiveFileMonitor) - Unknown owner -

C:\Program Files\Adobe\Photoshop Elements

3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG7 Alert Manager Server

(Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc)

- GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) -

GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8

(CCALib8) - Canon Inc. - C:\Program

Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) -

Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: Photoshop Elements Device

Connect (PhotoshopElementsDeviceConnect) -

Unknown owner - C:\Program

Files\Adobe\Photoshop Elements

3.0\PhotoshopElementsDeviceConnect.exe

Speedy.This is maryann's M/c PJ

Metla
22-12-2006, 11:41 AM
hmmm...Pj, see if you can let me have the PC for a couple of days and Ill insert the "upgrades" I have handy.
'


and tune that mess.

Poppa John
22-12-2006, 11:52 AM
hmmm...Pj, see if you can let me have the PC for a couple of days and Ill insert the "upgrades" I have handy.
'

Heyup Mate....Thought you had gone back to Aussie to get warm again. Will let The Boss know what you said. PJ

Speedy Gonzales
22-12-2006, 11:58 AM
Repost the log. It's too messy to try and figure out.

Metla
22-12-2006, 12:03 PM
Heyup Mate....Thought you had gone back to Aussie to get warm again. Will let The Boss know what you said. PJ


Nearly, Danniverke was my last stop.....

Poppa John
22-12-2006, 12:21 PM
Repost the log. It's too messy to try and figure out.

Speedy.....Let me wait till Maryann gets home to see if she will part with HER computer !!!!! PJ

SolMiester
22-12-2006, 02:36 PM
PJ, I can tell you right now why it is slow......Maryann has Google search toolbar installed which index's your hard drive for pic's, doc's etc.

I have to uninstall that crap from peoples pc's all the time!

Murray P
22-12-2006, 02:44 PM
Looks fine to me PJ. What probs are u having??

Altho, I wouldn't run Teatimer in the background / on startup.

This entry

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

As it may block entries (so they go into the registry), that maybe required when u install programs.

Ummm, that is one of Teatimers core functions, to block registry changes that could do harm. You need it running in verbose mode so that you can allow changes that are legit. In my experience it doesn't query every registry change, just those it deems as worthy of enquiry.

FoxyMX
22-12-2006, 04:16 PM
PJ, I can tell you right now why it is slow......Maryann has Google search toolbar installed which index's your hard drive for pic's, doc's etc.

I have to uninstall that crap from peoples pc's all the time!

They will end up as loathed as Nortons soon if they don't watch it. :(