1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Check My Hijack Log Please?

Discussion in 'Earlier Versions of Windows' started by overbydt, Apr 12, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. overbydt

    overbydt Thread Starter

    Joined:
    Jun 20, 2002
    Messages:
    155
    My PC is running SLOW. Could someone check my HT log and let me know if anything needs to be removed? Thanks a million!

    Logfile of HijackThis v1.96.0
    Scan saved at 7:40:05 PM, on 4/12/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\PCTVOICE.EXE
    C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE
    C:\PROGRAM FILES\LEXMARKX73\ACMONITOR_X73.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\PROGRAM FILES\LEXMARKX73\ACBTNMGR_X73.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
    C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
    C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\DESKTOP\UTILITIES\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bellsouth.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BellSouth
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
    O4 - HKLM\..\Run: [$EnterNet] C:\PROGRA~1\EFFICI~1\ENTERN~1\APP\ENTERNET.EXE -AutoStart
    O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
    O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37823.535162037
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://admin.pressplay.com/duet/registration/isetup.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,247
  3. overbydt

    overbydt Thread Starter

    Joined:
    Jun 20, 2002
    Messages:
    155
    Thanks. Here it is:

    Logfile of HijackThis v1.97.7
    Scan saved at 9:38:23 PM, on 4/12/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\PCTVOICE.EXE
    C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE
    C:\PROGRAM FILES\LEXMARKX73\ACMONITOR_X73.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\PROGRAM FILES\LEXMARKX73\ACBTNMGR_X73.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
    C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
    C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\LEXPPS.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\MY DOCUMENTS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bellsouth.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BellSouth
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
    O4 - HKLM\..\Run: [$EnterNet] C:\PROGRA~1\EFFICI~1\ENTERN~1\APP\ENTERNET.EXE -AutoStart
    O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
    O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37823.535162037
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://admin.pressplay.com/duet/registration/isetup.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
     
  4. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    79,986
    First Name:
    Frank
    You've got too many programs loading during startup and running in the background, which is one reason why your computer is running slow. The following programs should run in the background:

    ScanRegistry

    SystemTray

    StateMgr

    PCHealth

    AVG

    ZoneAlarm

    Most of the other programs can be disabled from running in the background.

    Read here.

    You should also have at least 256 MB of RAM.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/219798

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice