iceangel89 Posted March 22, 2008 Share Posted March 22, 2008 i noticed my laptop became alot laggier recently... i have attached the loghijackthis.txt Link to comment Share on other sites More sharing options...
jaclaz Posted March 22, 2008 Share Posted March 22, 2008 Try analyzing it here:http://www.hijackthis.de/jaclaz Link to comment Share on other sites More sharing options...
iceangel89 Posted March 22, 2008 Author Share Posted March 22, 2008 (edited) thanks.i got the results:Full Image: Unknown "threats"?:do i Fix checked? what do u think? something likeO4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')seems like nLite? ... mmm... but i didn't install nLite, but this XP is nLited Edited March 22, 2008 by iceangel89 Link to comment Share on other sites More sharing options...
Tarun Posted March 22, 2008 Share Posted March 22, 2008 I would not trust HijackThis.de. It's better to have an actual person analyze the results.I would definitely recommend getting rid of Comodo AntiVirus, switch to Avast or AVG. You mentioned your install has had nLite used on it. I would also highly recommend backing up everything, formatting and reinstalling with a normal Windows install. If you need a download manager, try using DownThemAll!, the Firefox extension instead of the free download manager program. Those kind of programs are often bundled with malware.Generated by Tarun of Lunarsoft's HijackThis Converter v0.53 Beta.Default-color items are optional, red are known to be malicious.Created registry valueR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896Changed registry valueR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankCreated registry valueR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896Changed registry valueR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = Created registry valueR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localEnumeration of existing IE's BHO'sO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dllEnumeration of existing IE's toolbarsO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllEnumeration of suspicious auto-loading registry entriesO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')Extra IE context menu itemsO8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htmO8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm Link to comment Share on other sites More sharing options...
iceangel89 Posted March 23, 2008 Author Share Posted March 23, 2008 I would definitely recommend getting rid of Comodo AntiVirus, switch to Avast or AVG. You mentioned your install has had nLite used on it. I would also highly recommend backing up everything, formatting and reinstalling with a normal Windows install. If you need a download manager, try using DownThemAll!, the Firefox extension instead of the free download manager program. Those kind of programs are often bundled with malware.so remove COMODO Anti-Virus, OK. its annoying anyway. what abt CFP3? this version is annoying too... but is it good, for security?dont use nLite? why is nLite bad?OK use DownThemAll! as my Download Manager, it does not have malware i suppose. but does the Firefox extension has stop/resume capabilities?Generated by Tarun of Lunarsoft's HijackThis Converter v0.53 Beta....O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')...how do i make sense of this?andEnumeration of suspicious auto-loading registry entriesO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe...are from NVIDIA drivers, neros etc looks safe to me?thanks Link to comment Share on other sites More sharing options...
Tarun Posted March 23, 2008 Share Posted March 23, 2008 so remove COMODO Anti-Virus, OK. its annoying anyway. what abt CFP3? this version is annoying too... but is it good, for security?dont use nLite? why is nLite bad?OK use DownThemAll! as my Download Manager, it does not have malware i suppose. but does the Firefox extension has stop/resume capabilities?For an anti-virus, I would say use Avast or AVG, both have very high detection rates. I personally prefer avast as you can customize it a bit more. AVG is customizable as well, though finding some settings is a bit of a hassle for many users.I use Comodo Firewall Pro 3 but I only use the Firewall feature, none of that Defense+ stuff. Works great in my opinion.nLite is used to remove services and other necessary things from your Windows install. While people believe that this improves their performance, they are actually hurting their Windows install and reducing performance. People even go as far as to claim they are getting more RAM back. Idle RAM is wasted RAM, and when there are services that are idle, you're not losing any performance at all. Also, with the size of hard drives now you have plenty of disk space; even with notebook computers. Trimming off a few megabytes to get "better performance" doesn't really happen at all. These things have been debunked on many websites and forums, yet many users still believe in this myth.Microsoft has even said to CNet News, "Microsoft does not recommend using any tool to strip out applications from Windows prior to installing it on your system, as it may affect your ability to download future Windows updates and service packs, and may cause your system to become unstable."DownThemAll! is a Firefox extension that allows pausing, resuming and many more things. It's perfectly safe to use. You can find out more about it on http://downthemall.nethow do i make sense of this?are from NVIDIA drivers, neros etc looks safe to me?thanksThey're items not needed to startup with your computer. While they are safe, you don't need them at startup and removing them will not cause any issues. Link to comment Share on other sites More sharing options...
iceangel89 Posted March 23, 2008 Author Share Posted March 23, 2008 oic thanks Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now