HJT Log

[SenutyEnool]

Been a while, mind checking this for me Tarun.

Cheers

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:45:43, on 19/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ProShowGold\ScsiAccess.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Razer\Reclusa\razerhid.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\LClock\lclock.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Razer\Reclusa\razertra.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe

C:\Program Files\Samurize\Client.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Firefox\firefox.exe

C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe

C:\PROGRA~1\SIMU\WIZARD\WIZARD.EXE

C:\Program Files\Genie2\Crutch.exe

C:\Program Files\Genie3\Genie.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - (disabled by BHODemon)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Reclusa] C:\Program Files\Razer\Reclusa\razerhid.exe

O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Start OpdiTracker.lnk = C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://www.woolff-tiggra.com

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132910925265

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O17 - HKLM\System\CS1\Services\Tcpip\..\{3D624CC7-338B-4834-B417-C2783E4DF6CF}: NameServer = 69.50.188.178,69.31.80.244

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\ProShowGold\ScsiAccess.exe

--

End of file - 7899 bytes

[Tarun]

Everything is clean and up to date.

I'm not sure which you may be using, but I will make some recommendations.

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [Reclusa] C:\Program Files\Razer\Reclusa\razerhid.exe

Depending on the mouse you're using, you may want to uninstall Razer's software or Intellipoint. Assuming you have a Microsoft keyboard, you may need Intellitype for the extra features, though if you're not using a Microsoft keyboard you should be fine with uninstalling the software.

Another item that caught my attention was this from your running process list:

C:\Program Files\Genie2\Crutch.exe

C:\Program Files\Genie3\Genie.exe

Is there any reason why you have a v2 and v3 running?

It seems there are a lot of items running (including at startup) so maybe you'll want to trim those down. But don't worry, we can trim them down safely if you like. :D

[SenutyEnool]

Everything is clean and up to date.

I'm not sure which you may be using, but I will make some recommendations.

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [Reclusa] C:\Program Files\Razer\Reclusa\razerhid.exe

Depending on the mouse you're using, you may want to uninstall Razer's software or Intellipoint. Assuming you have a Microsoft keyboard, you may need Intellitype for the extra features, though if you're not using a Microsoft keyboard you should be fine with uninstalling the software.

Another item that caught my attention was this from your running process list:

C:\Program Files\Genie2\Crutch.exe

C:\Program Files\Genie3\Genie.exe

Is there any reason why you have a v2 and v3 running?

It seems there are a lot of items running (including at startup) so maybe you'll want to trim those down. But don't worry, we can trim them down safely if you like.

All the 04....run settings are currently in use. I have a Reclusa/Microsoft keyboard which uses Razer software. Use this for WoW as the key responses fire faster than a normal keyboard. Mouse is a MS Optical Mouse.

The Genie programs are 2 different versions of the software, V3 is a Release Candidate which I'm helping with by reporting bugs and crashes.

As to the startup items, can you provide a list and I'll see what I can cull out. Haven't played with MSConfig for a while and may need to update what I let loose on boot.

Cheers :hmm:

[Tarun]

You can use MSConfig or Autoruns. I prefer Autoruns unless I'm permanently removing something.

TeaTimer is up to you, and if there are any in here that you absolutely need, then keep them. I'm sure some of them look pretty, but base it on how much you really use them.

Like LClock, sure it looks nice; but you can do without it right? Plus I believe it's not even a Vista clock emulator anymore. I think Vista has the time displayed just like XP, etc. but anyone with Vista please correct me if this isn't accurate.

Generated by Tarun of Lunarsoft's HijackThis Converter v0.53 Beta.

Default-color items are optional, red are known to be malicious.

Enumeration of suspicious auto-loading registry entries

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Start OpdiTracker.lnk = C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe

[SenutyEnool]

Thanks for that Tarun,

have made appropriate changes.

Cheers :hmm:

[Tarun]

A few more things you can do to see some performance increases are to clean your registry with CCleaner's Issues scan, then use RegCompact.NET 2.0 to compact the registry.

[Ultimate Predator]

A few more things you can do to see some performance increases are to clean your registry with CCleaner's Issues scan, then use RegCompact.NET 2.0 to compact the registry.

Does that even make much of a peformance difference? I thought CCleaner's reg scan was unstable.

[Tarun]

The only OS I've ever seen CCleaner's registry scanner have problems on was a Windows 2000 machine. Since the program has been remade with C++ it seems to have improved considerably.

[Ultimate Predator]

The only OS I've ever seen CCleaner's registry scanner have problems on was a Windows 2000 machine. Since the program has been remade with C++ it seems to have improved considerably.

Hmmm. But pefromance wise, I mean, of course once ina while, but I really don;t think it needs to be done often.

[Tarun]

Correct, there's not much need to run it.

[SenutyEnool]

I run CCleaner and Uniblue Registry Booster (picks up extra stuff that CCleaner 'missed') once a month regardless of usage of my PC.

Same goes for my on-demand malware programs.

In essence, once a month I run a detailed clean-up of my system to ensure that everything hums along nicely, and if I've been surfing 'questionable' sites, I run a full malware scan that day, hasn't failed me yet.

Cheers :hmm: