PDA

View Full Version : Sir Speedy: Please Tell Me What U C Here...OK?



SurferJoe46
12-01-2008, 04:33 PM
I don't find much wrong here...but this is running so slow...let me know if you see anything..I surely don't.....one that makes me suspect a problem...if there is one..is this: MSASCui.exe.

I know it's a start-up program...but should it not shut off or go away after up and running?

It shows in my Task Manager...but I don't see why it can cause any trouble here. :groan:


Logfile of HijackThis v1.99.1
Scan saved at 7:29:40 PM, on 1/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
E:\NERO SUITE\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\umonit.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\LClock\lclock.exe
D:\SECURITY AREA\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Talk\googletalk.exe
E:\Logictec_Mouse_Driver\MouseWare\system\em_exec. exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
E:\HJT.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = THIS IS INTERNET EXPLORER! BE CAREFUL!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SECURI~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (disabled by BHODemon)
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (disabled by BHODemon)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\SECURITY AREA\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://E:\IE SpellWare\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: Check &Spelling - res://E:\IE SpellWare\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Joe Vreeland\Application Data\Mozilla\Firefox\Profiles\mor7y54v.default\ext ensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Joe Vreeland\Application Data\Mozilla\Firefox\Profiles\mor7y54v.default\ext ensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SECURI~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SECURI~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113003336543
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\NERO SUITE\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Speedy Gonzales
12-01-2008, 06:51 PM
Looks ok to me.

I've never used Defender, so dont know what it does after it runs on startup

These dont have to be in startup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

If Googledesktoptop is like Google toolbar and indexes files, this can slow things down. Its similar to XP's indexing service, and Windows Desktop Search.


If you didnt set these, I would tick these too

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

SurferJoe46
12-01-2008, 06:56 PM
Kinda what I thought..I'll clean out that Explorer stuff and see what I got.

Thanks....

SurferJoe46
12-01-2008, 06:58 PM
Hmmm..I notice that in UBUNTU...my dinosaur is missing and so are the little marks to tell me that I have posted in certain posts...that's strange...and maybe another reason to not get to liking UBUNTU too much.

ALL avatars are actually missing...double hmmm.

kjaada
12-01-2008, 07:20 PM
I think it is to do with a missing cooky.I had the same problem and just put the Avatars back while using Ubuntu.

SurferJoe46
13-01-2008, 04:43 AM
I wonder what UBUNTU calls a cookie?


sc.avd?

I also wonder where the setting is to keep the font size set to where I want it...every new page I display has to have the font size jacked up two CTRL+ clicks. Every reboot, UBUNTU forgets what I wanted.

pctek
13-01-2008, 08:20 AM
Too much clutter.
I'd get rid of INCD.
And Teatimer on SPybot.
And Google Updater.
And Bonjour for windows.

SurferJoe46
13-01-2008, 10:57 AM
Too much clutter.
I'd get rid of INCD.
And Teatimer on SPybot.
And Google Updater.
And Bonjour for windows.

I killed TeaTimer.....
I never used INCD...so it's going away too.

Here's something interesting....

Once I killed TeaTimer, I noticed that I can spool/stream online radio and now when I click around on this F1 site I don't get the "broken record" or "skipping needle" effect on the stream. I guess that's a RAM situation...but thanks for that TeaTimer idea. I'll just stay further away from IE now.

I wondered about Bounjour too...let me Google it and see what it is...BRB...

Hmmmmm..will I lose the network-ability of my networked printers (3 different Canons)?

I see Bonjour is an Apple-thing and also ties into the LAN..but it's really unclear if I need it or am even using it. I DO have a few networked devices and wonder if they'll lose connectivity if I kill Bonjour?

Speedy Gonzales
13-01-2008, 11:46 AM
Its probably because teatimer can block programs adding their entries to the registry.

And if some program is failing to work properly, (or it may not install properly), teatimer if its running maybe the problem / cause.

SurferJoe46
13-01-2008, 12:16 PM
Right now, after SP-2, I am downloading 192 updates to Windows XP...and it passed the WGA this time.

Funny thing is that I got an error message, it told me that I had to remove data.dat in Documents & Settings\All Users\Application Data\Windows Genuine Advantage\data to get it to work.

I had NO Application Data entry under All Users, so I got a little confused at first.

I just hit the "Retry" button and it went OK from that point on.

Maybe we should be aware of that glitch in the future...as I've never seen it before.

This is on the Dell which failed the WGA last week and I quickly stuck UBUNTU in it to keep it running. I'd like to keep UBUNTU with this XP....possibly just to punish myself when I feel all smart and assured of my abilities.

Linux can cut me down pretty good.

PS: I am writing and posting this from my SOYO right now...just to confuse things. The Dell with the new XP installation and the COMPAQ and another Dell are all running fine right now on the LAN.

pctek
13-01-2008, 02:59 PM
Bonjour, also known as zero-configuration networking, enables automatic discovery of computers, devices, and services on IP networks. Bonjour uses industry standard IP protocols to allow devices to automatically discover each other without the need to enter IP addresses or configure DNS servers. In order to provide a true zero-configuration experience, Bonjour requires that devices implement three essential things. These devices must be able to:

* Allocate IP addresses without a DHCP server.
* Translate between names and addresses without a DNS server.
* Locate or advertise services without using a directory server.

SurferJoe46
13-01-2008, 04:31 PM
So...once I've discovered all I want, can I delete it or does it need to stay to run the LAN-ed stuff?

apsattv
13-01-2008, 05:34 PM
Look in the event viewer see if bonjour is crashing. It was crashing and causing problems on a machine i fixed recently. It Caused the machine to get bogged down due to heavy Cpu Usage. Locked up IE as well

SurferJoe46
14-01-2008, 05:10 AM
Look in the event viewer see if bonjour is crashing. It was crashing and causing problems on a machine i fixed recently. It Caused the machine to get bogged down due to heavy Cpu Usage. Locked up IE as well

Oddly, I don't see Bonjour running in the Task Manager...but it IS in the list of programs in Add/Delete.

Maybe it only gets called upon when there's LAN activity such as the wizard trying to install the PnP hardware?

Safari
14-01-2008, 06:12 AM
Bonjour requires Windows 2000/2003, Windows XP or Windows Vista
More info at this link
http://www.apple.com/support/downloads/bonjourforwindows.html