Results 1 to 8 of 8

Thread: HijackThis Help

  1. June 29th, 2004, 08:09 PM #1
    Art Today
    Art Today is offline
    Junior Member
    Join Date
    Jun 2004
    Posts
    2

    HijackThis Help

    I've recently noticed that my laptop is taking longer and longer to start up. Assuming spyware, I cleaned out the computer with Spybot and AdAware, scanned for viruses, and made sure I was up to date on Microsoft's patches. Unfortunately, it was still taking longer than it should to start up. I ran HijackThis, but I'm no computer expert and am unable to determine which running processes are necessary and which are not. Any help deciphering the log would be appreciated, but moreover I was wondering if any good sites are out there that explain what each process does so that in the future I can fix this myself.

    Here's the log: Some of these look unnecessary (like the quicktime process or the real.com button, but I don't know for sure.)

    Logfile of HijackThis v1.97.7
    Scan saved at 2:04:42 PM, on 6/29/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\00THotkey.exe
    C:\WINDOWS\System32\TFNF5.exe
    C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\WINDOWS\System32\TPSMain.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
    C:\toshiba\ivp\ism\pinger.exe
    C:\Program Files\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\TPSBattM.exe
    C:\Documents and Settings\Scott\Desktop\HijackThis v1.97.7.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Speed Disk\nopdb.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.toshiba.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NDSTray.exe] C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...134.6198032407
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
    Reply With Quote Reply With Quote
  2. June 29th, 2004, 08:52 PM #2
    hjack
    hjack is offline
    The Recidivist
    Join Date
    Nov 2002
    Posts
    460
    Umm without knowing what os your running I am going to assume XP here is a link of most services and what they do. http://www.blackviper.com/WinXP/service411.htm
    For all the other services what you can do is search for their name using the start menu search and find out in what folder the program resides from that you should be able to determine what services you need and dont need.
    Once that is done goto start menu and then run, type msconfig hit enter.
    Click on startup and uncheck the services and apps which you dont want to run at boot. You can also uncheck uneeded services in the services tab at the top as well. Hit ok and reboot, it should boot a bit faster now.
    "Where the tree of knowledge stands, there is always paradise": thus speak the oldest and the youngest serpents.
    - Friedrich Nietzsche
    Reply With Quote Reply With Quote
  3. June 29th, 2004, 10:29 PM #3
    xierox
    xierox is offline
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662
    If you're running Windows XP, go to Start -> Run -> type msconfig and click OK. Go to the Startup tab. This shows a list of everything set to startup on your computer. Check that perhaps. You can generally Google the file names of what's starting up and find out what it is or you can look at where the program's stored and that will clue you in, too. Hope this helps.
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard
    Reply With Quote Reply With Quote
  4. June 29th, 2004, 10:30 PM #4
    foxyloxley
    foxyloxley is offline
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,534
    http://www.antionline.com/showthread...hreadid=255989

    The above is a link to the tut by Soda_Popinsky. On HJT use.
    Read it, and use the knowledge to progress your problem. There has been quite a few of these HJT threads recently, and you may find by searching through the forums some more info.

    http://www.antionline.com/showthread...hreadid=259063
    This one was recent, and has posts by meeeeee, and Groovicus, both of whom would normally have appeared by now.
    Read and see if there is anything that they mention that you haven't tried yet.

    Sorry that I am not able to help out more.
    Oh, and one more thing. Welcome to AO, and remember,

    [pong]THIS IS THE FUN BIT OF PC's [/pong]
    so now I'm in my SIXTIES FFS
    WTAF, how did that happen, so no more alterations to the sig, it will remain as is now

    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone
    Reply With Quote Reply With Quote
  5. June 29th, 2004, 10:45 PM #5
    groovicus
    groovicus is offline
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,018
    Umm without knowing what os your running I am going to assume XP
    lol..no need to assume, it's right at the top of the log

    Your log looks good. Here are some entries you can remove from startup to help your system boot faster:

    First, please put HijackThis in its own folder. It makes backups,
    and it is best to keep them all in one place.

    * Click My Computer, then C:\
    * In the menu bar, File->New->Folder.

    That will create a folder named New Folder.

    * Right click on the file and select 'rename'
    * Rename to something like 'HJT' , and put Hijackthis in there.

    ***********************************************************************
    Put a checkmark next to the following entries in HijackThis. Make sure all
    other windows and browsers are closed before clicking on “Fix Checked”    .

    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
     ***********************************************************************

    When was the last time you defragged or cleaned out your prefetch file??

    You have a nice and clean system though. It's good to see that once in awhile.
    HijackThis Team
    Reply With Quote Reply With Quote
  6. June 29th, 2004, 10:50 PM #6
    Negative
    Negative is offline
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    Just a little note on pinger.exe: pinger.exe is Toshiba's software-/driver update checker.
    On my laptop, it checks for updates on start-up, and that's it.
    If you remove that entry, you'll loose your auto-update check capabilities (and they issue a lot of updates)...

    The other values look normal for a Toshiba-laptop.
    Reply With Quote Reply With Quote
  7. June 30th, 2004, 12:26 AM #7
    Art Today
    Art Today is offline
    Junior Member
    Join Date
    Jun 2004
    Posts
    2
    Thanks for your help everyone. I'll remove the quicktime and nero processes to see if those help, and I'll defrag the hard drive once I get some down time. I'll also take a look at some of the HijackThis tutorials so I can identify suspicious processes in the future.

    As an aside, while researching the problem I came across a site that appears to have a database for a lot of the common processes out there and provides descriptions as to their function:

    http://www.kephyr.com/filedb/index.php

    Their bazooka adware and spyware scanner is intriguing, and their database (at least from the entries I typed in) appears to be on the level. Has anyone had any luck with this site?
    Reply With Quote Reply With Quote
  8. June 30th, 2004, 12:36 AM #8
    groovicus
    groovicus is offline
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,018
    Thanks negative..I neglected to mention that is an optional fix, meant only to help system resources. My bad.

    Grinler has a really good HJT tutorial over at Bleeping Computer..
    How to use HijackThis to remove Browser Hijackers & Spyware
    HijackThis Team
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules