Please review this hijack analysis report

[lgbpatent]

I bought an HP Pavilion laptop last month - it seems to be running more slowly, especially internet surfing. I am trying to speed it up by using ASC Pro. It could be the programs starting up automatically at start up, but not sure what to keep and what to disable. Anyway, below is a log that I would like someone to review - I think you can recommend that I delete some of these files.

I would greatly appreciate any suggestions on how to speed up my computer. My son and husband have older laptops that are faster while surfing the net - takes a while for web pages to open on mine, and a long time to open a link from within a link - sometimes I have to cut and paste it into a new tab to open.

 

 

Logfile of Advanced SystemCare 3 Security Analyzer

Scan saved at 10:26:08 AM, on 11/27/2009

Platform: Windows Vista (WinNT 6.1)

MSIE: Internet Explorer v8.0 (8.0.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 3\Awc.exe

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

O2 - BHO: Microsoft Live Search Toolbar Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} -

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} -

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} -

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_15) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe

O23 - Service: (AMD External Events Utility) - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: GameConsoleService (gpsvc) - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate1ca6d3272760393) (gupdate1ca6d3272760393) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\Windows\system32\Hpservice.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe

[Mongoose]

I have found Malware in the LiveSearch Toolbar before. But you will have to have someone else to tell you about the others.

[blacksea]

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

I think that is not something good.

But don't rely on my comment, but I do think its not good

[Melvin_Deal]

The Bho can be fixed.

 

The BHO blacksea refers to can definitely be fixed.

 

You have many duplicate entries.

 

Something seems odd about your Kaspersky as well... too many entries. One analyzer I ran your log on identified one of the Kaspersky entries as a possible mutobo troajan infection, but I think it was mistaken.

 

Odd that they are running twice?? Can't explain... hope Enoskype looks at this one!!

[Melvin_Deal]

You may consider this as well.

 

It appears you weren't running Iobit Smart Ram when you made this log. I don't know if you use it or not, but consider using it, as it is a powerful tool!

 

It is located in the utilities section of Advanced System Care.

 

I wonder how much RAM is on your machine as well?

[danburrito]

As already mentioned,

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

can be removed.

 

O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll is AOL related. If AOL is not your ISP, you can remove it. More info HERE.

 

Please update Java HERE.

[enoskype]

Hi Melvin Deal,

 

The changes below are only suggestions.

 

It is better to look to HijackThis report of IS360.

 

As HijackThis can not see the Rootkits, a scan with an Anti-Rootkit such as Sophos free will be helpful.

The OS, I suppose, is Windows7. So, there is not much to do with the TCP adjustments.

 

A list of Startup items will be helpful also.

 

----------------------------------------

Stop all activities of hpqToaster.exe for local and internet connection

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

 

Delete

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

Disable

O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

 

Update

Java Plug-in 1.6.0_15 to Java Plug-in 1.6.0_17

 

If you have Adobe Reader, update it to 9.2.

 

Change the services to Manual

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: GameConsoleService (gpsvc) - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe

 

Also checking and comparing the services in Black Viper for Win7 services, and applying some of the suggestions there will increase the useful resources for the user.

 

Cheers.

[danburrito]

The OS, I suppose, is Windows7.

 

Logfile of Advanced SystemCare 3 Security Analyzer

Scan saved at 10:26:08 AM, on 11/27/2009

Platform: Windows Vista (WinNT 6.1)

MSIE: Internet Explorer v8.0 (8.0.7600.16385)

Boot mode: Normal

 

 

Same difference regarding TCP/IP adjustments.

 

Slow website browsing in IE8 could be dependend on the SmartScreen Filter which checks for phishing websites.

[enoskype]

The OS, I suppose, is Windows7.

 

Logfile of Advanced SystemCare 3 Security Analyzer

Scan saved at 10:26:08 AM, on 11/27/2009

Platform: Windows Vista (WinNT 6.1)

MSIE: Internet Explorer v8.0 (8.0.7600.16385)

Boot mode: Normal

 

Same difference regarding TCP/IP adjustments.

 

Slow website browsing in IE8 could be dependend on the SmartScreen Filter which checks for phishing websites.

 

 

Hi danburrito,

 

FYI,

ASC's HijackThis Report does not recognize Windows7 and reports as Windows Vista.

That's why I said, "I suppose". :lol:

 

HijackThis report of IS360 doesn't give any information about the OS though.

 

BTW,

Windows NT 6.0 refers to these releases of Microsoft Windows operating systems:

Windows Vista

Windows Server 2008

Windows Small Business Server 2008

 

Windows NT 6.1 refers to these versions of Microsoft Windows operating systems:

Windows 7

Windows Server 2008 R2

 

Also 7600 and 7229 are the Build numbers for Windows 7 where the IE8 is installed.

 

Have a look at the attachment for my Windows 7 RC 7229 taken 5 minutes ago.

 

http://forums.iobit.com/attachment.php?attachmentid=2968&d=1259966731

 

 

Cheers.:grin:

[danburrito]

ASC's HijackThis Report does not recognize Windows7 and reports as Windows Vista.

 

:shock: Now, that's something.

[blacksea]

Actually O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) you don't need to fix this. It is a Windows Live Messenger addon.

[danburrito]

Actually O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) you don't need to fix this. It is a Windows Live Messenger addon.

 

Which is non-existent anymore, hence the (no file) part.

[AleksanderII]

Please review this hijack analysis r

 

Hi,

 

i want to mak a report with all actors and than export them.

 

In the ready made reports are always only sewen actors, and if i use the report builder, in the column "actors" will be shown also sewen actors.

 

can soemody help me?

 

thanks,

 

mediamiki

[enoskype]

Dear AleksanderII, VulCan, Stephan, brhm, mediamiki,

 

Yes, I am going to help you now, wait a minute. :twisted:

 

Cheers.