1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Resolved] Can someone help me with a Hijack This scan??

Discussion in 'Virus & Other Malware Removal' started by sf89stang, Apr 22, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. sf89stang

    sf89stang Thread Starter

    Joined:
    Apr 22, 2004
    Messages:
    4
    Lately my PC has been giving me problems with pop-ups, trojans and spyware. It's slowing the PC down and Media Player will no longer open. The icon for it changed from the triangle to a picture of a CD, and a computer with some anamal on the screen. I already ran Adaware and Spybot and deleted a bunch of stuff, using methods from this site. Now I just scanned with Hijack. Can someone analyize and see if there is anything that needs cleaning? Thanks

    Logfile of HijackThis v1.97.7
    Scan saved at 7:27:01 PM, on 4/22/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSDMN.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\SUPPORT.COM\CLIENT\BIN\TGCMD.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\CANON CREATIVE\TEXTBRIDGE\BIN\INSTANTACCESS.EXE
    C:\WINDOWS\SYSTEM\HPZTSB05.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\IPOD\BIN\IPODMANAGER.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\TEMP\I1POZMX.EXE
    C:\WINDOWS\SYSTEM32\PCS\PCSVC.EXE
    C:\WINDOWS\SYSTEM\CTFMON.EXE
    C:\WINDOWS\APPLICATION DATA\SEUR.EXE
    C:\WINDOWS\SYSTEM\WINTSVTR.EXE
    C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE
    C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE
    C:\VSTASCAN\VSACCESS.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\APPLICATIONS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https://sas.r2.attbi.com:8000
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r2.attbi.com
    R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
    O4 - HKLM\..\Run: [Prodigy DSL] C:\PROGRA~1\PRODINET\PRODIG~1\APP\EnterNetDUN.Exe
    O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\Support.com\Client\bin\tgcmd.exe" /server /nosystray
    O4 - HKLM\..\Run: [ZTgServerSwitch] C:\Program Files\support.com\client\lserver\server.vbs
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\CANONC~1\TEXTBR~1\BIN\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\BIN\REGIST~1.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager.exe
    O4 - HKLM\..\Run: [AVAPRXYJ] C:\WINDOWS\SYSTEM\AVAPRXYJ.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [I1POZMX] C:\WINDOWS\TEMP\I1POZMX.EXE
    O4 - HKLM\..\Run: [WhenUSearch] C:\PROGRA~1\WHENUS~1\Search.exe
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [Dpi] C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\BIN\REGIST~1.EXE
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
    O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [Lssr] C:\WINDOWS\Application Data\seur.exe
    O4 - HKCU\..\Run: [WCPT] C:\WINDOWS\SYSTEM\wintsvtr.exe
    O4 - Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
    O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37882.7728125
    O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab?rand=200333011
    O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot4_x.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtm_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
     
  2. lastone

    lastone

    Joined:
    Feb 15, 2004
    Messages:
    50
    If you don't find the answer @ Techguy
    Register at TomCoyote
    post your Hijackthis Log at TomCoyote
    http://tomcoyote.com/hjt/
     
  3. sf89stang

    sf89stang Thread Starter

    Joined:
    Apr 22, 2004
    Messages:
    4
    Okay thanks. Hey I just noticed I have a lot of applications running. Is there a way to lower the number of applications that run at startup? I have always wanted to do this but I am not sure which ones need to be running for the PC to function correctly. Can someone glance over those too? Thanks for any help
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Scanlogs like this are probably best helped in the Security forum and I will move it there. You have a very badly compromised system.

    For starters I would suggest checking the following entries in the Scanlog, close the browser and click "fix checked". Then reboot and install, UPDATE, and run either or both Spybot and Ad-aware following the directions at the bottom. Reboot and post another Scanlog.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service


    R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
    O4 - HKLM\..\Run: [AVAPRXYJ] C:\WINDOWS\SYSTEM\AVAPRXYJ.exe

    O4 - HKLM\..\Run: [I1POZMX] C:\WINDOWS\TEMP\I1POZMX.EXE
    O4 - HKLM\..\Run: [WhenUSearch] C:\PROGRA~1\WHENUS~1\Search.exe

    ^^^ this can also be removed through Add/Remove programs (Whenusave)
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [Dpi] C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE

    O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
    O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"

    ^^ these two are not illegitimate, but unneeded resource hogs.

    O4 - HKCU\..\Run: [WCPT] C:\WINDOWS\SYSTEM\wintsvtr.exe
    O4 - HKCU\..\Run: [Lssr] C:\WINDOWS\Application Data\seur.exe

    >>> after rebooting the files or folders bolded above should be found and deleted.

    Spybot Instructions and Download
    Ad-Aware Home Page and Ad-Aware 6: Reference Guide by Winchester73
     
  5. sf89stang

    sf89stang Thread Starter

    Joined:
    Apr 22, 2004
    Messages:
    4
    Okay I fixed those you mentioned, searched for the files and deleted them and then ran both adaware and spybot. After rebooting here is the new hijack. Anything else you see that might help? And and you mentioned I have a badly compromised system. Will getting rid of these files clear that up? The PC has been running noticeably slow lately. Anyways:



    Logfile of HijackThis v1.97.7
    Scan saved at 10:18:18 PM, on 4/22/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\SUPPORT.COM\CLIENT\BIN\TGCMD.EXE
    C:\PROGRAM FILES\CANON CREATIVE\TEXTBRIDGE\BIN\INSTANTACCESS.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\HPZTSB05.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\IPOD\BIN\IPODMANAGER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\CTFMON.EXE
    C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE
    C:\VSTASCAN\VSACCESS.EXE
    C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\APPLICATIONS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https://sas.r2.attbi.com:8000
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r2.attbi.com
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
    O4 - HKLM\..\Run: [Prodigy DSL] C:\PROGRA~1\PRODINET\PRODIG~1\APP\EnterNetDUN.Exe
    O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\Support.com\Client\bin\tgcmd.exe" /server /nosystray
    O4 - HKLM\..\Run: [ZTgServerSwitch] C:\Program Files\support.com\client\lserver\server.vbs
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\CANONC~1\TEXTBR~1\BIN\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\BIN\REGIST~1.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\BIN\REGIST~1.EXE
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
    O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37882.7728125
    O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab?rand=200333011
    O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot4_x.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtm_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
     
  6. lastone

    lastone

    Joined:
    Feb 15, 2004
    Messages:
    50
  7. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    You did good. I see no "malware" problems with the current Scanlog. That doesn't mean that everything you have starting up there is absolutely required.

    I haven't reviewed each of these startups, I'll leave that to you, it's a good learning experience. But you can check them out (the '04' entries in the Scanlog) using the info on this site:

    http://www.lafn.org/webconnect/mentor/startup/PENINDEX.HTM

    Just use the "find" tool to locate the executable, such as QTTASK.EXE and you will come up with something like this:

    Program Name: qttask
    Executable Name: Qttask.exe
    Required: No
    Comments: System Tray access to Apple's "Quick Time" viewer from version 5 onwards

    If you don't want something starting, rather than use HijackThis to remove it, run msconfig and just uncheck the item under the startup tab. This allows for easy restoration if you change your mind.

    Most of what you have there you would probably want to leave, I think. Scanregistry and Statemgr should generally always be left enabled.
     
  8. sf89stang

    sf89stang Thread Starter

    Joined:
    Apr 22, 2004
    Messages:
    4
    Great! Thank you to all!!! My PC seems to be running much better. (y)
     
  9. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    :) You are certainly welcome!
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - [Resolved] someone help
  1. TechDef
    Replies:
    0
    Views:
    299
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/223057

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice