Hi all,
I am searching through my uncles computer who has commented that it seems to be running slower than usual. I have tried running the usual Adaware etc and removed loads of bits and bobs but wanted also, to see whether anything underneath in the form of processes, hidden reg keys could be causing any problems.
Here is the HijackThis log.
aLogfile of HijackThis v1.97.7
Scan saved at 16:45:08, on 30/12/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32
.DLL
C:\WINDOWS\SYSTEM\MSGSRV32
.EXE
C:\WINDOWS\SYSTEM\mmtask.t
sk
C:\WINDOWS\SYSTEM\MPREXE.E
XE
C:\WINDOWS\SYSTEM\MSTASK.E
XE
C:\WINDOWS\SYSTEM\SSDPSRV.
EXE
C:\WINDOWS\SYSTEM\STIMON.E
XE
C:\WINDOWS\SYSTEM\RESTORE\
STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.
EXE
C:\WINDOWS\SYSTEM\QTTASK.E
XE
C:\WINDOWS\SYSTEM32\DRIVER
S\DCFSSVC.
EXE
C:\WINDOWS\SYSTEM\E_S10IC2
.EXE
C:\WINDOWS\SYSTEM\SPOOL32.
EXE
C:\PROGRAM FILES\ROYAL MAIL\SMARTSTAMP\BINARY\STR
AY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.E
XE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 4.0 SE\CALCHECK.EXE
C:\WINDOWS\SYSTEM\DDHELP.E
XE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCPFW.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\TMPROXY.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCLIENT.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCGUIDE.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\TMOAGENT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\WINDOWS\SYSTEM\PSTORES.
EXE
C:\WINDOWS\DESKTOP\HIJACKT
HIS.EXE
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Bar =
http://g.msn.co.uk/0SEENGB/SAOS01R0 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Start Page =
http://www.msn.co.uk/R0 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Start Page =
http://www.msn.co.uk/R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.htmlO3 - Toolbar: @msdxmLC.dll,-1@1033,&Radi
o - {8E718888-423F-11D2-876E-0
0A0C908246
7} - C:\WINDOWS\SYSTEM\MSDXM.OC
X
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-6
4B5B4FF55D
0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1629.0\EN-GB
\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Suppor
t\PCHSchd.
exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
rScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.
EXE" -atboottime
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Driver
s\dcfssvc.
exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\SYSTEM\E_S10IC2
.EXE /P23 "EPSON Stylus C43 Series" /O7 "EPUSB1:" /M "Stylus C43"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Program Files\Trend Micro\Internet Security\PCCIOMON.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [OLP-Tray] C:\Program Files\Royal Mail\SmartStamp\BINARY\STR
AY.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
rScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.
exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\
StateMgr.e
xe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.E
XE
O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Program Files\Trend Micro\Internet Security\PCCIOMON.exe"
O4 - HKLM\..\RunServices: [PccPfw] C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O4 - HKLM\..\RunServices: [tmproxy] C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PROFESSIONAL\AD-AWARE.EXE"
"+b1"
O4 - Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
4455354000
0} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabO16 - DPF: {9F1C11AA-197B-4942-BA54-4
7A8489BB47
F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37895.3355439815O16 - DPF: {30528230-99F7-4BB4-88D8-F
A1D4F56A2A
B} (YInstStarter Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-0
0C04F9A3B6
1} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cabThere may be anything wrong, i just wanted to check
Many thanks,
timbono1
Start Free Trial
