?
Solved

Please look at hijack log!

Posted on 2004-08-18
11
Medium Priority
?
517 Views
Last Modified: 2010-04-11
I have a pc I can't update windows on.  It is running windows ME and has a problem with the explorer part of the update.  I've run the Spybot 1.3 and the Ad-aware SE.  Would someone please look at the hijack log and let me know what I can safely remove.  Thanks.

Tamera

Logfile of HijackThis v1.98.2
Scan saved at 11:46:42 AM, on 8/18/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\SYSTEM\HPHMON05.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\ARES\ARES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = wyoming.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = dteworld.com:7012
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\SYSTEM\HPHMON05.EXE
O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKCU\..\Run: [ares] "C:\PROGRAM FILES\ARES\ARES.EXE" -h
O4 - HKCU\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKCU\..\RunServicesOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Temp\topr1150_script0.htm
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/147ddc362affd6f61502/netzip/RdxIE.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it0_x.cab
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 137.118.212.5,137.118.1.32
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL

0
Comment
Question by:Scott_Mckinney
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 65

Assisted Solution

by:SheharyaarSaahil
SheharyaarSaahil earned 800 total points
ID: 11834287
Hello Scott_Mckinney =)

Download these tools and install Adaware and Spybot:
========================================================
AdAware ==> http://www.lavasoftusa.com/support/download/
SpyBot  ==> http://www.spychecker.com/program/spybot.html
CoolWebShredder ==> http://www.spychecker.com/program/coolwebshredder.html
ToolBar Cop >> http://www.mvps.org/sramesh2k/toolbarcop.htm
Stinger >> http://vil.nai.com/vil/stinger
========================================================
then turn off ur system restore if its running >> http://support.microsoft.com/default.aspx?kbid=264887
and fix the following entries..... !!!

========================================================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM
O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKCU\..\Run: [ares] "C:\PROGRAM FILES\ARES\ARES.EXE" -h
O4 - HKCU\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKCU\..\RunServicesOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/147ddc362affd6f61502/netzip/RdxIE.cab
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
=================================
then......

Reboot in safemode, and run the above five tools to elete verything they detect !!!!
Empty C:\Windows\Temp folder, and delete Temporary Internet Files, Cookies and History of IE !!!!

reboot in Normal Mode and check for the problems now ??


!! GOOD LUCK !!
0
 

Author Comment

by:Scott_Mckinney
ID: 11835080
I will try these steps.  Is there a place that gives more detailed information on the lines I would be deleting?  I'm wanting to learn how to recognize those lines I can get rid of.

Thanks,
Tamera
0
 
LVL 65

Assisted Solution

by:SheharyaarSaahil
SheharyaarSaahil earned 800 total points
ID: 11835124
well there is not any specific way to recognise what is right and what is wrong... u just need some practise and knowledge abt the files u are dealing with :)

here is the Hijakcthis turorial >> http://aumha.org/a/hjttutor.php
and here u can check ur LOG file online, but i dont believe this, coz it picks my DSL software as nasty, so i go with my own knowledge and ofcourse google =)
http://www.hijackthis.de/index.php?langselect=english
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 23

Assisted Solution

by:Tim Holman
Tim Holman earned 400 total points
ID: 11835441
Look here to identify any startup programs -

http://www.windowsstartup.com/wso/search.php

In particular, you're infected with TV Media spyware:

To remove it, go into Safe Mode run HijackThis and check and fix the following entries:

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\\TV MEDIA\\TvmBho.dll
O4 - HKLM\\..\\Run: [TV Media] C:\\TV MEDIA\\TVM.EXE
O4 - HKLM\\..\\Run: [sysbot] c:\\windows.001\\system\\sysbot.exe
O4 - HKCU\\..\\Run: [TV Media] C:\\TV MEDIA\\TVM.EXE

..and a Win32 trojan:

http://www.pestpatrol.com/pestinfo/t/trojan_win32_secondthought_l.asp

0
 

Author Comment

by:Scott_Mckinney
ID: 11836123
As usual things are getting busy at our shop. I will let you know tomorrow if cleaning up the spyware solves my problem.

Tamera
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11836130
sure.... no problem,,, just keep us informed :)
0
 
LVL 10

Accepted Solution

by:
LRI41 earned 800 total points
ID: 11843225
SheharyaarSaahil When you say you don't trust the HighJack This Anaysis Site
http://www.hijackthis.de/index.php?langselect=englis becasue it picks up your
DSL software, does it indicate that this is an "unknown" process a possible nasty or
a true nasty.  It may be that according to their reference files its unknown but not necessarilu
harmfull.

I ran Scotts Log File through and it reported as follows:

      MSIE: Internet Explorer v5.50 (5.50.4134.0100)               Possibly out of date             Shows the version of your Internet Explorer. Newest Version is: 6.00.2800.1106!             The version (5.50.4134.0100) is out of date. Check Windows Update to update the Internet Explorer.

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE               Unknown             running process. (STMGR.EXE)             This is a unknown process


      C:\WINDOWS\SYSTEM\HPHMON05.EXE               Unknown             running process. (HPHMON05.EXE)             This is a unknown process


      C:\PROGRAM FILES\ARES\ARES.EXE               Unknown             running process. (ARES.EXE)             This is a unknown process.


       R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sides              Nasty             Entries with this kind of homepages should always be fixed.             This entry should be fixed by HijackThis!
       R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/side              Nasty             Entries with this kind of homepages should always be fixed.             This entry should be fixed by HijackThis!
       R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sides              Nasty             Entries with this kind of homepages should always be fixed.             This entry should be fixed by HijackThis!
       R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/side              Nasty             Entries with this kind of homepages should always be fixed.             This entry should be fixed by HijackThis!
       R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.co              Nasty             This entry should be fixed by HijackThis!             This entry should be fixed by HijackThis!
       R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.co              Nasty             This entry should be fixed by HijackThis!             This entry should be fixed by HijackThis!
       R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=              Nasty             Entries with this kind of homepages should always be fixed.             This entry should be fixed by HijackThis!

      R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)               Possibly nasty             Should be fixed if you do not know the application or if no application is mentioned.             Should be fixed if you do not know this application.
       R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\T              Possibly nasty             Should be fixed if you do not know the application or if no application is mentioned.             Should be fixed if you do not know this application.

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun               Nasty             The entered application ScanRegistry was identified: ScanRegistry. Hit rate: 92,31 % (result)             Must be fixed!

       O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\SYSTEM\HPHMON05.EXE               Unknown             The entered application HPHmon05 was identified: None. Hit rate: 16,67 % (result)             Unknown application.
       O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE               Nasty             The entered application TV Media was identified: Media Player. Hit rate: 30,56 % (result)             Must be fixed!
       O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe               Nasty             The entered application stcinstaller was identified: stcinstaller. Hit rate: 100,00 % (result)             Must be fixed!

O4 - HKLM\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE               Nasty             The entered application TV Media was identified: Media Player. Hit rate: 30,56 % (result)             Must be fixed!

O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE               Nasty             The entered application TV Media was identified: Media Player. Hit rate: 30,56 % (result)             Must be fixed!
       O4 - HKCU\..\Run: [ares] "C:\PROGRAM FILES\ARES\ARES.EXE" -h               Unknown             The entered application ares was identified: None. Hit rate: 12,50 % (result)             Unknown application.
       O4 - HKCU\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE               Nasty             The entered application TV Media was identified: Media Player. Hit rate: 30,56 % (result)             Must be fixed!
       O4 - HKCU\..\RunServicesOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE               Nasty             The entered application TV Media was identified: Media Player. Hit rate: 30,56 % (result)             Must be fixed!
       O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Temp\topr1150_              Possibly nasty             Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.             To be fixed if the entry 'Web Rebates ' is unknown.
       O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp              Possibly nasty             Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.             To be fixed if the entry 'Web

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/147ddc362affd              Possibly nasty             Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!             Check if you know this site and fix it if you do not.

O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave              Possibly nasty             Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!             Check if you know this site and fix it if you do not.
       O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts              Possibly nasty             Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!             Check if you know this site and fix it if you do not.

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 137.118.212.5,137.118.1.32               Possibly nasty             If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too.             Do you know the IP or Domain '137.118.212.5,137.118.1.32 '? If not, fix this entry.

0
 

Author Comment

by:Scott_Mckinney
ID: 11918069
My original question was the following:

I have a pc I can't update windows on.  It is running windows ME and has a problem with the explorer part of the update.  I've run the Spybot 1.3 and the Ad-aware SE.  Would someone please look at the hijack log and let me know what I can safely remove.

After doing the normal virus scans, spyware scans and hijack this scan I still couldn't update windows.  After researching some more on the internet I found this site that had a solution to my problem.  The site is Http://computing,net/windowsme/wwwboard/forum/30205.html

The problem most likely resulted from the following sequence
1) IE 6 installed
2) Over-the-top install of Windows ME
3) IE 6 installed again.

Here is the solution I found worked for me:

Open Windows Explorer (not Internet Explorer but Windows Explorer as in
the file management program). From there go to C:/Program Files/Internet
Explorer/Uninstall Information. Right click on the Uninstall Information
folder and select Properties. Uncheck the Hidden box and then click OK
or Apply. A confirmation screen will come up. Select the Apply changes to
this folder, subfolders and files button. This will unhide all of the
files in the Uninstall Information folder. You then need to move (not delete)
all of these files to another folder that is empty. Any one will do or make
a new temporary folder. It doesn't really matter just as long as the
Uninstall Information folder is empty. Reboot your computer. After
rebooting double check and make sure that the Uninstall Information
folder is empty. You should then be able to install all of the troublesome
components (hopefully). If everything goes well you can then move all
of those files that you moved previously back into the Uninstall
0
 

Author Comment

by:Scott_Mckinney
ID: 11918086
Since I also asked about information on my hijack scan I felt the answers to that question were still helpful so I gave my points to people who helped with that part of the question.

Tamera
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11918135
glad u solved the problem..... and thanx for those kind points =)
Cheers ^_^
0
 
LVL 10

Expert Comment

by:LRI41
ID: 11918609
ditto
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Let's recap what we learned from yesterday's Skyport Systems webinar.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question