• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 520
  • Last Modified:

Please look at hijack log!

I have a pc I can't update windows on.  It is running windows ME and has a problem with the explorer part of the update.  I've run the Spybot 1.3 and the Ad-aware SE.  Would someone please look at the hijack log and let me know what I can safely remove.  Thanks.

Tamera

Logfile of HijackThis v1.98.2
Scan saved at 11:46:42 AM, on 8/18/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\SYSTEM\HPHMON05.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\ARES\ARES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = wyoming.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = dteworld.com:7012
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\SYSTEM\HPHMON05.EXE
O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKCU\..\Run: [ares] "C:\PROGRAM FILES\ARES\ARES.EXE" -h
O4 - HKCU\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKCU\..\RunServicesOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Temp\topr1150_script0.htm
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/147ddc362affd6f61502/netzip/RdxIE.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it0_x.cab
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 137.118.212.5,137.118.1.32
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL

0
Scott_Mckinney
Asked:
Scott_Mckinney
  • 4
  • 4
  • 2
  • +1
4 Solutions
 
SheharyaarSaahilCommented:
Hello Scott_Mckinney =)

Download these tools and install Adaware and Spybot:
========================================================
AdAware ==> http://www.lavasoftusa.com/support/download/
SpyBot  ==> http://www.spychecker.com/program/spybot.html
CoolWebShredder ==> http://www.spychecker.com/program/coolwebshredder.html
ToolBar Cop >> http://www.mvps.org/sramesh2k/toolbarcop.htm
Stinger >> http://vil.nai.com/vil/stinger
========================================================
then turn off ur system restore if its running >> http://support.microsoft.com/default.aspx?kbid=264887
and fix the following entries..... !!!

========================================================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM
O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKCU\..\Run: [ares] "C:\PROGRAM FILES\ARES\ARES.EXE" -h
O4 - HKCU\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKCU\..\RunServicesOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/147ddc362affd6f61502/netzip/RdxIE.cab
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
=================================
then......

Reboot in safemode, and run the above five tools to elete verything they detect !!!!
Empty C:\Windows\Temp folder, and delete Temporary Internet Files, Cookies and History of IE !!!!

reboot in Normal Mode and check for the problems now ??


!! GOOD LUCK !!
0
 
Scott_MckinneyAuthor Commented:
I will try these steps.  Is there a place that gives more detailed information on the lines I would be deleting?  I'm wanting to learn how to recognize those lines I can get rid of.

Thanks,
Tamera
0
 
SheharyaarSaahilCommented:
well there is not any specific way to recognise what is right and what is wrong... u just need some practise and knowledge abt the files u are dealing with :)

here is the Hijakcthis turorial >> http://aumha.org/a/hjttutor.php
and here u can check ur LOG file online, but i dont believe this, coz it picks my DSL software as nasty, so i go with my own knowledge and ofcourse google =)
http://www.hijackthis.de/index.php?langselect=english
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
Tim HolmanCommented:
Look here to identify any startup programs -

http://www.windowsstartup.com/wso/search.php

In particular, you're infected with TV Media spyware:

To remove it, go into Safe Mode run HijackThis and check and fix the following entries:

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\\TV MEDIA\\TvmBho.dll
O4 - HKLM\\..\\Run: [TV Media] C:\\TV MEDIA\\TVM.EXE
O4 - HKLM\\..\\Run: [sysbot] c:\\windows.001\\system\\sysbot.exe
O4 - HKCU\\..\\Run: [TV Media] C:\\TV MEDIA\\TVM.EXE

..and a Win32 trojan:

http://www.pestpatrol.com/pestinfo/t/trojan_win32_secondthought_l.asp

0
 
Scott_MckinneyAuthor Commented:
As usual things are getting busy at our shop. I will let you know tomorrow if cleaning up the spyware solves my problem.

Tamera
0
 
SheharyaarSaahilCommented:
sure.... no problem,,, just keep us informed :)
0
 
LRI41Commented:
SheharyaarSaahil When you say you don't trust the HighJack This Anaysis Site
http://www.hijackthis.de/index.php?langselect=englis becasue it picks up your
DSL software, does it indicate that this is an "unknown" process a possible nasty or
a true nasty.  It may be that according to their reference files its unknown but not necessarilu
harmfull.

I ran Scotts Log File through and it reported as follows:

      MSIE: Internet Explorer v5.50 (5.50.4134.0100)               Possibly out of date             Shows the version of your Internet Explorer. Newest Version is: 6.00.2800.1106!             The version (5.50.4134.0100) is out of date. Check Windows Update to update the Internet Explorer.

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE               Unknown             running process. (STMGR.EXE)             This is a unknown process


      C:\WINDOWS\SYSTEM\HPHMON05.EXE               Unknown             running process. (HPHMON05.EXE)             This is a unknown process


      C:\PROGRAM FILES\ARES\ARES.EXE               Unknown             running process. (ARES.EXE)             This is a unknown process.


       R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sides              Nasty             Entries with this kind of homepages should always be fixed.             This entry should be fixed by HijackThis!
       R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/side              Nasty             Entries with this kind of homepages should always be fixed.             This entry should be fixed by HijackThis!
       R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sides              Nasty             Entries with this kind of homepages should always be fixed.             This entry should be fixed by HijackThis!
       R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/side              Nasty             Entries with this kind of homepages should always be fixed.             This entry should be fixed by HijackThis!
       R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.co              Nasty             This entry should be fixed by HijackThis!             This entry should be fixed by HijackThis!
       R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.co              Nasty             This entry should be fixed by HijackThis!             This entry should be fixed by HijackThis!
       R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=              Nasty             Entries with this kind of homepages should always be fixed.             This entry should be fixed by HijackThis!

      R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)               Possibly nasty             Should be fixed if you do not know the application or if no application is mentioned.             Should be fixed if you do not know this application.
       R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\T              Possibly nasty             Should be fixed if you do not know the application or if no application is mentioned.             Should be fixed if you do not know this application.

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun               Nasty             The entered application ScanRegistry was identified: ScanRegistry. Hit rate: 92,31 % (result)             Must be fixed!

       O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\SYSTEM\HPHMON05.EXE               Unknown             The entered application HPHmon05 was identified: None. Hit rate: 16,67 % (result)             Unknown application.
       O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE               Nasty             The entered application TV Media was identified: Media Player. Hit rate: 30,56 % (result)             Must be fixed!
       O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe               Nasty             The entered application stcinstaller was identified: stcinstaller. Hit rate: 100,00 % (result)             Must be fixed!

O4 - HKLM\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE               Nasty             The entered application TV Media was identified: Media Player. Hit rate: 30,56 % (result)             Must be fixed!

O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE               Nasty             The entered application TV Media was identified: Media Player. Hit rate: 30,56 % (result)             Must be fixed!
       O4 - HKCU\..\Run: [ares] "C:\PROGRAM FILES\ARES\ARES.EXE" -h               Unknown             The entered application ares was identified: None. Hit rate: 12,50 % (result)             Unknown application.
       O4 - HKCU\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE               Nasty             The entered application TV Media was identified: Media Player. Hit rate: 30,56 % (result)             Must be fixed!
       O4 - HKCU\..\RunServicesOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE               Nasty             The entered application TV Media was identified: Media Player. Hit rate: 30,56 % (result)             Must be fixed!
       O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Temp\topr1150_              Possibly nasty             Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.             To be fixed if the entry 'Web Rebates ' is unknown.
       O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp              Possibly nasty             Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.             To be fixed if the entry 'Web

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/147ddc362affd              Possibly nasty             Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!             Check if you know this site and fix it if you do not.

O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave              Possibly nasty             Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!             Check if you know this site and fix it if you do not.
       O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts              Possibly nasty             Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!             Check if you know this site and fix it if you do not.

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 137.118.212.5,137.118.1.32               Possibly nasty             If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too.             Do you know the IP or Domain '137.118.212.5,137.118.1.32 '? If not, fix this entry.

0
 
Scott_MckinneyAuthor Commented:
My original question was the following:

I have a pc I can't update windows on.  It is running windows ME and has a problem with the explorer part of the update.  I've run the Spybot 1.3 and the Ad-aware SE.  Would someone please look at the hijack log and let me know what I can safely remove.

After doing the normal virus scans, spyware scans and hijack this scan I still couldn't update windows.  After researching some more on the internet I found this site that had a solution to my problem.  The site is Http://computing,net/windowsme/wwwboard/forum/30205.html

The problem most likely resulted from the following sequence
1) IE 6 installed
2) Over-the-top install of Windows ME
3) IE 6 installed again.

Here is the solution I found worked for me:

Open Windows Explorer (not Internet Explorer but Windows Explorer as in
the file management program). From there go to C:/Program Files/Internet
Explorer/Uninstall Information. Right click on the Uninstall Information
folder and select Properties. Uncheck the Hidden box and then click OK
or Apply. A confirmation screen will come up. Select the Apply changes to
this folder, subfolders and files button. This will unhide all of the
files in the Uninstall Information folder. You then need to move (not delete)
all of these files to another folder that is empty. Any one will do or make
a new temporary folder. It doesn't really matter just as long as the
Uninstall Information folder is empty. Reboot your computer. After
rebooting double check and make sure that the Uninstall Information
folder is empty. You should then be able to install all of the troublesome
components (hopefully). If everything goes well you can then move all
of those files that you moved previously back into the Uninstall
0
 
Scott_MckinneyAuthor Commented:
Since I also asked about information on my hijack scan I felt the answers to that question were still helpful so I gave my points to people who helped with that part of the question.

Tamera
0
 
SheharyaarSaahilCommented:
glad u solved the problem..... and thanx for those kind points =)
Cheers ^_^
0
 
LRI41Commented:
ditto
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

  • 4
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now