I have a pc I can't update windows on. It is running windows ME and has a problem with the explorer part of the update. I've run the Spybot 1.3 and the Ad-aware SE. Would someone please look at the hijack log and let me know what I can safely remove. Thanks.
Tamera
Logfile of HijackThis v1.98.2
Scan saved at 11:46:42 AM, on 8/18/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32
.DLL
C:\WINDOWS\SYSTEM\MSGSRV32
.EXE
C:\WINDOWS\SYSTEM\SPOOL32.
EXE
C:\WINDOWS\SYSTEM\MPREXE.E
XE
C:\WINDOWS\SYSTEM\STIMON.E
XE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV
9.EXE
C:\WINDOWS\SYSTEM\MSTASK.E
XE
C:\WINDOWS\SYSTEM\SSDPSRV.
EXE
C:\WINDOWS\SYSTEM\mmtask.t
sk
C:\WINDOWS\SYSTEM\RESTORE\
STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.
EXE
C:\WINDOWS\SYSTEM32\DRIVER
S\DCFSSVC.
EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.E
XE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32
.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\HPZTSB09
.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPM
GR.EXE
C:\WINDOWS\SYSTEM\HPHMON05
.EXE
C:\WINDOWS\SYSTEM\ICSMGR.E
XE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REAL
PLAY.EXE
C:\PROGRAM FILES\ARES\ARES.EXE
C:\WINDOWS\SYSTEM\DDHELP.E
XE
C:\WINDOWS\SYSTEM\HPZIPM12
.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMS
GR_TRAY.EX
E
C:\WINDOWS\DESKTOP\HIJACKT
HIS\HIJACK
THIS.EXE
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=R0 - HKLM\Software\Microsoft\In
ternet Explorer\Search,SearchAssi
stant =
http://websearch.drsnsrch.com/sidesearch.cgi?id=R0 - HKLM\Software\Microsoft\In
ternet Explorer\Search,CustomizeS
earch =
http://websearch.drsnsrch.com/sidesearch.cgi?id=R1 - HKCU\Software\Microsoft\In
ternet Explorer\SearchURL,(Defaul
t) = websearch.drsnsrch.com/q.c
gi?q=
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Window Title = wyoming.com
R1 - HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\Internet Settings,ProxyServer = dteworld.com:7012
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-
EA101271BC
25} - (no file)
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-E
A101271BC2
5} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7
695ECA0567
0} - C:\PROGRAM FILES\YAHOO!\COMPANION\INS
TALLS\CPN\
YCOMP5_3_1
2_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
84B7D6BE0B
3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEH
ELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
06D7942484
F} - C:\PROGRA~1\SPYBOT~1\SDHEL
PER.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0
090271D4F8
8} - C:\PROGRAM FILES\YAHOO!\COMPANION\INS
TALLS\CPN\
YCOMP5_3_1
2_0.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radi
o - {8E718888-423F-11D2-876E-0
0A0C908246
7} - C:\WINDOWS\SYSTEM\MSDXM.OC
X
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
rScheme
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Suppor
t\PCHSchd.
exe -s
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Driver
s\dcfssvc.
exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\a
vgcc32.exe
/STARTUP
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09
.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B
6180B-DCAB
-4093-8EE8
-616445751
7F0}\hphup
d05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPM
GR.EXE"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\SYSTEM\HPHMON05
.EXE
O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\Real
Play.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
rScheme
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.E
XE
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\A
vgserv9.ex
e
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.
exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\
StateMgr.e
xe
O4 - HKLM\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa
ger.exe -quiet
O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKCU\..\Run: [ares] "C:\PROGRAM FILES\ARES\ARES.EXE" -h
O4 - HKCU\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKCU\..\RunServicesOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Te
mp\topr115
0_script0.
htm
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates
\System\Te
mp\ebatesw
ebsavings_
script0.ht
m
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch
.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict
.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict
.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-0
0aa003c157
a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-0
0aa003c157
a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
0C0F0318AF
E} - C:\WINDOWS\SYSTEM\Shdocvw.
dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-0
0010333D0A
D} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHE
XBMES0521.
DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-0
0010333D0A
D} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHE
XBMES0521.
DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\PROGRA~1\MESSEN~1\MSMSG
S.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\PROGRA~1\MESSEN~1\MSMSG
S.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugi
ns\NPDocBo
x.dll
O16 - DPF: {34805D32-AD89-469E-8503-A
5666AEE433
3} (RdxIE Class) -
http://207.188.7.150/147ddc362affd6f61502/netzip/RdxIE.cabO16 - DPF: Yahoo! Cribbage -
http://download.games.yahoo.com/games/clients/y/it0_x.cabO16 - DPF: {4226E9B7-D637-40E8-893A-1
3298AB4147
7} (CWDL_DownLoadControl Class) -
http://www.callwave.com/include/cab/CWDL_DownLoad.CABO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1
E41684E07B
B} -
http://imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cabO16 - DPF: {B9191F79-5613-4C76-AA2A-3
98534BB899
9} (YAddBook Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-0
0C04F9A3B6
1} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cabO17 - HKLM\System\CCS\Services\V
xD\MSTCP: NameServer = 137.118.212.5,137.118.1.32
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8
E447D12930
0} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\H
PUIPROT.DL
L
