'hijackthis' : Which Lines Can I Safely Delete?

[Trevor]

Please expand the attachment in order to advise me what junk I can safely delete. Many thanks.

[Trevor]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:34:01, on 19/09/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

C:\WINDOWS\system32\imapi.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\WINDOWS\System32\dmadmin.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Documents and Settings\T\Desktop\PC UTILITIES\diskscanner12.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\mmc.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-4048959269-2500585390-2325301517-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

[onethailand]

There's nothing there you need to delete, if that's what you mean.

If you want to remove unnecessary files, however, one would have to know your usage habits.

[Tywais]

I also don't know what you are trying to do. HiJackThis logs are normally used to look for problems and yours look normal.

[Trevor]

Thanks. But wouldn't boot time and hard drive space be saved if I removed -- Hijackthis calls it 'Fix' -- stuff I don't use?

What is the purpose of Hijackthis anyway?

[NanLaew]

So you installed and executed a program and you haven't a clue what it's supposed to do?

It's users like you that compelled Microsoft to make that dumbed-down, hold-my-hand I think I have a virus, piece of rubbish called Vista!

Your machine is squeaky clean btw.

Edited September 20, 2008 by NanLaew

[Trevor]

So you installed and executed a program and you haven't a clue what it's supposed to do?

It's users like you that compelled Microsoft to make that dumbed-down, hold-my-hand I think I have a virus, piece of rubbish called Vista!

Your machine is squeaky clean btw.

Actually one of you nerds here recommended Hijack This to help me improve boot speed (it didn't). It's one of those pieces of software written by computerheads which admits users have to seek 'expert advice' to analyse.

If you're so smart, why don't you invent and sell us all a good, simple yet stable operating system instead of Bill Gates' 1980s DOS-based garbage? I'll be the first in line.

Edited September 20, 2008 by Trevor

[Tywais]

What is the purpose of Hijackthis anyway?

HijackThis is used primarily for diagnosis of spyware, as blind use of its removal facilities can cause significant software damage to a computer.

"HijackThis can generate a plain text logfile detailing all entries it finds, and most entries can be removed or disabled by HijackThis. Inexperienced users are often advised to exercise caution, or to seek help when using the latter option[1], as HijackThis does not discriminate between legitimate and unwanted items, with the exception of a small whitelist of legitimate entries — thus allowing a user to unintentionally prevent important programs from running, which may cause their system or its peripherals to stop working.

A common approach is to post the logfile to a forum where more experienced users will help decipher which entries need to be removed."

There are many forums, usually under the various spyware software houses, that these logs are put up for evaluation and feedback of problems or symptoms a computer user may be experiencing. It is not normally meant as a means to streamline the operating system or services, though it does give details of many of them.

[NanLaew]

Alright Trev, I have had my rant.

If you read a thread with a HijackThis referral, it would be in response to someone with some serious speed, internet browser hijacking, pop-ups and the like; probably a machine with malware or spyware running rampant. How serious is your boot slowdown?

Maybe you can look at your running processes (using Task Manager, the analysis program built-in to Windows) and see if there's any processes hogging your memory or 'memory bleed' in nerdspeak. For example, I installed an update to WebRoot Spysweeper that recommended I also install a new free add-on called WebRoot Desktop Firewall. After that my bootup was marginally longer but my RAM usage was almost doubled when up and running (I use a freebie called FreeRAM XP Pro to monitor that). A quick look at the processes running using Windows Task Manager showed that this new program was eating up well over half a Gb of RAM. Using another freebie called Startup Control Panel, I disabled this program from autoloading at boot and my laptop is back to it's former quickness. I opted to disable rather than uninstall as they may sort out the memory problem in a later update since my experience with WebRoot products has been all good so far.

You have not lost anything by installing and running HijackThis; it has shown normal processes running and deleting what that program determines as unused isn't recommended. It's like the annoying Windows pop-up offering to clean up your unused desktop icons. Just because you haven't looked at it today doesn't mean it's garbage like the desktop cleanup utility is. Ignore it.

We aren't all total experts here but collectively there's a fair knowledge base. However, I also back up my problem solving with a google search as that will show you some PC specific forums which may help you decide whether you need to install a program or not. Quite often I find the exact same problem I have and the fix works first time without resorting to pot-luck with program installations.

DOS by the way was and still is awesome. It's what has succeeded it that sucks. We feel your pain. Pity Microsoft doesn't!

[Indi]

Please expand the attachment in order to advise me what junk I can safely delete. Many thanks.

--

You could copy your HJT log here: httpp://www.hijackthis.de

They run scripts to tell you what maybe wrong.

Dont take it as 100% sure(as nothing is 100% sure).

Indi

[Trevor]

Please expand the attachment in order to advise me what junk I can safely delete. Many thanks.

--

You could copy your HJT log here: httpp://www.hijackthis.de

They run scripts to tell you what maybe wrong.

Dont take it as 100% sure(as nothing is 100% sure).

Indi

Thanks. I had one 'Nasty' which was PalTalk, and I deleted it.

Still can't download Java though because I can't fix my Windows Installer: only works successfully for certain downloads like Media Player 11.