1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[SOLVED] Trojan Horse Delf.c

Discussion in 'Virus & Other Malware Removal' started by jolichwier, Sep 29, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. jolichwier

    jolichwier Thread Starter

    Joined:
    Sep 29, 2003
    Messages:
    65
    Hi,

    I am new here and I had the SoBigE virus which I was able to clear (so it seems) from reading a few links.

    I also have a Trojan Horse virus that AVG finds and says that it heals, but everytime I login it says that it finds it and that I need to run the AVG for Windows.

    The message is

    Virus
    Trojan horse Delf.C

    is found in file
    c:\WINNT\System32\hnsys32.dll

    to remove this virus, please run AVG for Windows

    What can I do to fix this problem permanently.

    I have ad-aware on the system and run it regularly. I also have AVG.

    Do I need something like spybot also?

    I ran Hijack This and this is what I found

    Please let me know what I should clean up.

    Logfile of HijackThis v1.97.2
    Scan saved at 12:46:38 PM, on 9/29/2003
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
    C:\WINNT\System32\mmtask.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\wanmpsvc.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    C:\WINNT\system32\SMCSTA.EXE
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\Cmgrdian.exe
    C:\WINNT\system32\cgtask.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
    C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700 NT\Bin\HPOstr05.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\WINNT\system32\mrtMngr.EXE
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700 NT\bin\HPOVDX05.EXE
    C:\WINNT\system32\hpoipm07.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\ACT\act.exe
    C:\PROGRA~1\ACT\ActEmail.exe
    C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
    C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\unzipped\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.topsearcher.com/ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\jolichwier\Application Data\Mozilla\Profiles\default\ibaoeebt.slt\prefs.js)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINNT\Downloaded Program Files\ycomp5_1_5_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINNT\Downloaded Program Files\ycomp5_1_5_0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {8FB0F3E2-5193-11d7-9F88-0050FC5441CB} - C:\WINDOWS\SYSTEM32\shdocvw.dll (file missing)
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
    O4 - HKLM\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
    O4 - HKLM\..\Run: [SMCSTA.EXE] SMCSTA.EXE START
    O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\Cmgrdian.exe" /SU
    O4 - HKLM\..\Run: [Cgtask Services] C:\WINNT\system32\cgtask.exe
    O4 - HKLM\..\Run: [MMtask Service] mmtask.exe
    O4 - HKLM\..\Run: [System Service] C:\WINNT\System32\msrexe.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Global Startup: QuickBooks Delivery Agent.lnk = QuickBooks Pro\Components\QBAgent\QBDAgent.exe
    O4 - Global Startup: HP OfficeJet Series 700 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700 NT\Bin\HPOstr05.exe
    O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = QuickBooks Pro2002\Components\QBAgent\qbdagent2002.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37589.2476273148
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} (PdpPi Class) - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdmgainads.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab


    Thanks,

    Jeff
     
  2. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Hi and welcome, can you delete that file?
     
  3. jolichwier

    jolichwier Thread Starter

    Joined:
    Sep 29, 2003
    Messages:
    65
    Well, since it was a .dll and I wasn't sure if it was a necessary file I didn't try that.

    I wasn't sure if the file was an infected file that I needed for other operations or if the file was added and should just be deleted.

    It sounds like it is a file that was added and should be deleted.

    Thanks for your quick response.

    So, should I try to delete it?
     
  4. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
  5. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Yes, you should.

    And in fact you have MUCH more malware.

    Check, and have Hijack This fix the following:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.topsearcher.com/ie/

    O3 - Toolbar: (no name) - {8FB0F3E2-5193-11d7-9F88-0050FC5441CB} - C:\WINDOWS\SYSTEM32\shdocvw.dll (file missing)

    O4 - HKLM\..\Run: [Cgtask Services] C:\WINNT\system32\cgtask.exe
    O4 - HKLM\..\Run: [MMtask Service] mmtask.exe
    O4 - HKLM\..\Run: [System Service] C:\WINNT\System32\msrexe.exe

    O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} (PdpPi Class) - http://webpdp.gator.com/v3/download...ptdmgainads.cab


    Now restart your computer, and delete the following files:

    C:\WINNT\system32\cgtask.exe
    C:\WINNT\System32\mmtask.exe
    C:\WINNT\System32\msrexe.exe


    And run an online virus scan at Trend Micro HouseCall or Panda Active Scan

    Cheers,
     
  6. jolichwier

    jolichwier Thread Starter

    Joined:
    Sep 29, 2003
    Messages:
    65
    I was able to delete cgtask.exe

    mmtask.exe could not be deleted (access denied, may be in use error msg)

    There is also a mmtask.tsk file in this folder, should it be deleted?

    msrexe.exe was not in that folder.

    I ran Housecall and it found two email files that were infected with sobige and I deleted those.

    What should I do now?

    Also, since this happened the drivers for the HP Officeject 720 either take long to load or time out, any suggestions on that?

    Thanks for all your help!
     
  7. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Don't touch Mmtask.tsk: It's the Windows Multimedia Background Task Support Module.

    Mmtask.exe is a trojan though.
    Try this:

    Have HT fix the item again.
    Now do a Ctrl-Alt-Delete to bring up Task Manager, and end task on the mmtask process.

    Next, delete the file.

    Alternatively, start your computer in Safe Mode

    You'll be able to delete the file there.

    Subsequently, still in Safe Mode, run Hijack This, and have it fix that O4 HKLM\..\Run item.

    Good luck,
     
  8. jolichwier

    jolichwier Thread Starter

    Joined:
    Sep 29, 2003
    Messages:
    65
    Couldn't stop the process so I rebooted in safe mode.

    I was able to delete the file that way.

    I ran hijack this each way (in safe mode and before entering safe mode) and neither time did that mmtask.exe appear for me to run the fix.

    I think that I am okay now. Here is a copy of the latest hijack this scan. Is there anything else I need to do?

    Logfile of HijackThis v1.97.2
    Scan saved at 4:12:19 PM, on 9/29/2003
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\WINNT\wanmpsvc.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    C:\WINNT\system32\SMCSTA.EXE
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\Cmgrdian.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
    C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700 NT\Bin\HPOstr05.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\WINNT\system32\mrtMngr.EXE
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700 NT\bin\HPOVDX05.EXE
    C:\WINNT\system32\hpoipm07.exe
    C:\Program Files\ACT\act.exe
    C:\PROGRA~1\ACT\ActEmail.exe
    C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
    C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\unzipped\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\jolichwier\Application Data\Mozilla\Profiles\default\ibaoeebt.slt\prefs.js)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINNT\Downloaded Program Files\ycomp5_1_5_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINNT\Downloaded Program Files\ycomp5_1_5_0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
    O4 - HKLM\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
    O4 - HKLM\..\Run: [SMCSTA.EXE] SMCSTA.EXE START
    O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\Cmgrdian.exe" /SU
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Global Startup: QuickBooks Delivery Agent.lnk = QuickBooks Pro\Components\QBAgent\QBDAgent.exe
    O4 - Global Startup: HP OfficeJet Series 700 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700 NT\Bin\HPOstr05.exe
    O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = QuickBooks Pro2002\Components\QBAgent\qbdagent2002.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37589.2476273148
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab

    Thanks again for your help!
     
  9. jolichwier

    jolichwier Thread Starter

    Joined:
    Sep 29, 2003
    Messages:
    65
    I have AVG run a scan at night for me and it found
    C:\recycled\DC2.dll

    I have a couple of questions, first, I do not see that file (or the hnsys32.dll file that I deleted) in the recycle bin. Is that typical? I thought that I should see it.

    Second, would (could?) it have changed its name from hnsys32.dll to dc2.dll?

    I have not rebooted since the scan ran and found it.
     
  10. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Firstly, empty the recycle bin......then scan once more.
     
  11. jolichwier

    jolichwier Thread Starter

    Joined:
    Sep 29, 2003
    Messages:
    65
    Okay did that and nothing shows any virus, I think that I am clean now!!

    Thanks.
     
  12. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    O4 - HKLM\..\Run: [SMCSTA.EXE] SMCSTA.EXE START

    Do you know what that is for?
     
  13. jolichwier

    jolichwier Thread Starter

    Joined:
    Sep 29, 2003
    Messages:
    65
    I believe that is for an SMC wireless router we had, now that I am "hardwired" I suppose that I can go in and remove that.

    Should I use hijack this to fix it?
     
  14. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Either that or start, run, msconfig, startup tab. If there is any added software via add/remove programs, you might uninstall too.
     
  15. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

    That doesn't need to run on startup either, you can load that when you need it.

    Also, do you use Earthlink for anything???
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/168322

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice