i noticed my laptop became alot laggier recently...
i have attached the log
Full Version: My HijackThis log
thanks.
i got the results:
Full Image:
Unknown "threats"?:
do i Fix checked? what do u think? something like
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
seems like nLite? ... mmm... but i didn't install nLite, but this XP is nLited
i got the results:
Full Image:
Unknown "threats"?:
do i Fix checked? what do u think? something like
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
seems like nLite? ... mmm... but i didn't install nLite, but this XP is nLited
I would not trust HijackThis.de. It's better to have an actual person analyze the results.
I would definitely recommend getting rid of Comodo AntiVirus, switch to Avast or AVG. You mentioned your install has had nLite used on it. I would also highly recommend backing up everything, formatting and reinstalling with a normal Windows install. If you need a download manager, try using DownThemAll!, the Firefox extension instead of the free download manager program. Those kind of programs are often bundled with malware.
Generated by Tarun of Lunarsoft's HijackThis Converter v0.53 Beta.
Default-color items are optional, red are known to be malicious.
Created registry value
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Changed registry value
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
Created registry value
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Changed registry value
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
Created registry value
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
Enumeration of existing IE's BHO's
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
Enumeration of existing IE's toolbars
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
Enumeration of suspicious auto-loading registry entries
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
Extra IE context menu items
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
I would definitely recommend getting rid of Comodo AntiVirus, switch to Avast or AVG. You mentioned your install has had nLite used on it. I would also highly recommend backing up everything, formatting and reinstalling with a normal Windows install. If you need a download manager, try using DownThemAll!, the Firefox extension instead of the free download manager program. Those kind of programs are often bundled with malware.
Generated by Tarun of Lunarsoft's HijackThis Converter v0.53 Beta.
Default-color items are optional, red are known to be malicious.
Created registry value
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Changed registry value
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
Created registry value
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Changed registry value
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
Created registry value
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
Enumeration of existing IE's BHO's
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
Enumeration of existing IE's toolbars
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
Enumeration of suspicious auto-loading registry entries
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
Extra IE context menu items
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
QUOTE (Tarun @ Mar 22 2008, 11:31 PM) 
I would definitely recommend getting rid of Comodo AntiVirus, switch to Avast or AVG. You mentioned your install has had nLite used on it. I would also highly recommend backing up everything, formatting and reinstalling with a normal Windows install. If you need a download manager, try using DownThemAll!, the Firefox extension instead of the free download manager program. Those kind of programs are often bundled with malware.
so remove COMODO Anti-Virus, OK. its annoying anyway. what abt CFP3? this version is annoying too... but is it good, for security?
dont use nLite? why is nLite bad?
OK use DownThemAll! as my Download Manager, it does not have malware i suppose. but does the Firefox extension has stop/resume capabilities?
QUOTE (Tarun @ Mar 22 2008, 11:31 PM)
Generated by Tarun of Lunarsoft's HijackThis Converter v0.53 Beta.
...
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
...
...
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
...
how do i make sense of this?
and
QUOTE
Enumeration of suspicious auto-loading registry entries
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
...
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
...
are from NVIDIA drivers, neros etc looks safe to me?
thanks
QUOTE (iceangel89 @ Mar 23 2008, 01:39 AM)
so remove COMODO Anti-Virus, OK. its annoying anyway. what abt CFP3? this version is annoying too... but is it good, for security?
dont use nLite? why is nLite bad?
OK use DownThemAll! as my Download Manager, it does not have malware i suppose. but does the Firefox extension has stop/resume capabilities?
dont use nLite? why is nLite bad?
OK use DownThemAll! as my Download Manager, it does not have malware i suppose. but does the Firefox extension has stop/resume capabilities?
For an anti-virus, I would say use Avast or AVG, both have very high detection rates. I personally prefer avast as you can customize it a bit more. AVG is customizable as well, though finding some settings is a bit of a hassle for many users.
I use Comodo Firewall Pro 3 but I only use the Firewall feature, none of that Defense+ stuff. Works great in my opinion.
nLite is used to remove services and other necessary things from your Windows install. While people believe that this improves their performance, they are actually hurting their Windows install and reducing performance. People even go as far as to claim they are getting more RAM back. Idle RAM is wasted RAM, and when there are services that are idle, you're not losing any performance at all. Also, with the size of hard drives now you have plenty of disk space; even with notebook computers. Trimming off a few megabytes to get "better performance" doesn't really happen at all. These things have been debunked on many websites and forums, yet many users still believe in this myth.
Microsoft has even said to CNet News, "Microsoft does not recommend using any tool to strip out applications from Windows prior to installing it on your system, as it may affect your ability to download future Windows updates and service packs, and may cause your system to become unstable."
DownThemAll! is a Firefox extension that allows pausing, resuming and many more things. It's perfectly safe to use. You can find out more about it on http://downthemall.net
QUOTE (iceangel89 @ Mar 23 2008, 01:39 AM)
how do i make sense of this?
are from NVIDIA drivers, neros etc looks safe to me?
thanks
are from NVIDIA drivers, neros etc looks safe to me?
thanks
They're items not needed to startup with your computer. While they are safe, you don't need them at startup and removing them will not cause any issues.
oic thanks
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.