1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijack This Log: what do you recommend?

Discussion in 'Virus & Other Malware Removal' started by thinwhiteduk, Dec 22, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. thinwhiteduk

    thinwhiteduk Thread Starter

    Joined:
    Nov 3, 2003
    Messages:
    6
    If you're gonna help me out with this one, thanks a lot. I don't know if the registry has been tampered with by a hacker; I honestly don't know how to detect that. How I know something is the matter is that upon visiting a website, my homepage was changed, and if I changed it back, upon restarting the computer it was changed still. Anyway, I'm gonna run Ad-Aware and the other big spyware detection program.

    Here's the Hijack This log. I already changed a handful of entries that were obviously unwanted.

    Logfile of HijackThis v1.97.7
    Scan saved at 1:20:45 PM, on 12/21/2003
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\WINDOWS\MCBIN\AV\RT\MGAVRTCL.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\MEMORYMETER\MEMORYMETER.EXE
    C:\WINDOWS\TVTMD.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\MCBIN\AV\RT\MGAVRTE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\FOO1\FOOBIN.EXE
    C:\WINDOWS\TEMP\TD_0003.DIR\HIJACKTHIS.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
    F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSINFO\msinfo.exe
    O1 - Hosts: 645238813 auto.search.msn.com
    O1 - Hosts: 88.88.88.88 elite
    O1 - Hosts: 207.44.220.30 www.google.akadns.net
    O1 - Hosts: 207.44.220.30 www.google.com
    O1 - Hosts: 207.44.220.30 google.com
    O1 - Hosts: 207.44.220.30 www.altavista.com
    O1 - Hosts: 207.44.220.30 altavista.com
    O1 - Hosts: 207.44.220.30 search.yahoo.com
    O1 - Hosts: 207.44.220.30 uk.search.yahoo.com
    O1 - Hosts: 207.44.220.30 ca.search.yahoo.com
    O1 - Hosts: 207.44.220.30 jp.search.yahoo.com
    O1 - Hosts: 207.44.220.30 au.search.yahoo.com
    O1 - Hosts: 207.44.220.30 de.search.yahoo.com
    O1 - Hosts: 207.44.220.30 search.yahoo.co.jp
    O1 - Hosts: 207.44.220.30 www.lycos.de
    O1 - Hosts: 207.44.220.30 www.lycos.ca
    O1 - Hosts: 207.44.220.30 www.lycos.jp
    O1 - Hosts: 207.44.220.30 www.lycos.co.jp
    O1 - Hosts: 207.44.220.30 alltheweb.com
    O1 - Hosts: 207.44.220.30 web.ask.com
    O1 - Hosts: 207.44.220.30 ask.com
    O1 - Hosts: 207.44.220.30 www.ask.com
    O1 - Hosts: 207.44.220.30 www.teoma.com
    O1 - Hosts: 207.44.220.30 search.aol.com
    O1 - Hosts: 207.44.220.30 www.looksmart.com
    O1 - Hosts: 645238813 auto.search.msn.com
    O1 - Hosts: 207.44.220.30 search.msn.com
    O1 - Hosts: 207.44.220.30 ca.search.msn.com
    O1 - Hosts: 207.44.220.30 fr.ca.search.msn.com
    O1 - Hosts: 207.44.220.30 search.fr.msn.be
    O1 - Hosts: 207.44.220.30 search.fr.msn.ch
    O1 - Hosts: 207.44.220.30 search.latam.yupimsn.com
    O1 - Hosts: 207.44.220.30 search.msn.at
    O1 - Hosts: 207.44.220.30 search.msn.be
    O1 - Hosts: 207.44.220.30 search.msn.ch
    O1 - Hosts: 207.44.220.30 search.msn.co.in
    O1 - Hosts: 207.44.220.30 search.msn.co.jp
    O1 - Hosts: 207.44.220.30 search.msn.co.kr
    O1 - Hosts: 207.44.220.30 search.msn.com.br
    O1 - Hosts: 207.44.220.30 search.msn.com.hk
    O1 - Hosts: 207.44.220.30 search.msn.com.my
    O1 - Hosts: 207.44.220.30 search.msn.com.sg
    O1 - Hosts: 207.44.220.30 search.msn.com.tw
    O1 - Hosts: 207.44.220.30 search.msn.co.za
    O1 - Hosts: 207.44.220.30 search.msn.de
    O1 - Hosts: 207.44.220.30 search.msn.dk
    O1 - Hosts: 207.44.220.30 search.msn.es
    O1 - Hosts: 207.44.220.30 search.msn.fi
    O1 - Hosts: 207.44.220.30 search.msn.fr
    O1 - Hosts: 207.44.220.30 search.msn.it
    O1 - Hosts: 207.44.220.30 search.msn.nl
    O1 - Hosts: 207.44.220.30 search.msn.no
    O1 - Hosts: 207.44.220.30 search.msn.se
    O1 - Hosts: 207.44.220.30 search.ninemsn.com.au
    O1 - Hosts: 207.44.220.30 search.t1msn.com.mx
    O1 - Hosts: 207.44.220.30 search.xtramsn.co.nz
    O1 - Hosts: 207.44.220.30 search.yupimsn.com
    O1 - Hosts: 207.44.220.30 uk.search.msn.com
    O1 - Hosts: 207.44.220.30 search.lycos.com
    O1 - Hosts: 207.44.220.30 www.lycos.com
    O1 - Hosts: 207.44.220.30 www.google.ca
    O1 - Hosts: 207.44.220.30 google.ca
    O1 - Hosts: 207.44.220.30 www.google.uk
    O1 - Hosts: 207.44.220.30 www.google.co.uk
    O1 - Hosts: 207.44.220.30 www.google.com.au
    O1 - Hosts: 207.44.220.30 www.google.co.jp
    O1 - Hosts: 207.44.220.30 www.google.jp
    O1 - Hosts: 207.44.220.30 www.google.at
    O1 - Hosts: 207.44.220.30 www.google.be
    O1 - Hosts: 207.44.220.30 www.google.ch
    O1 - Hosts: 207.44.220.30 www.google.de
    O1 - Hosts: 207.44.220.30 www.google.se
    O1 - Hosts: 207.44.220.30 www.google.dk
    O1 - Hosts: 207.44.220.30 www.google.fi
    O1 - Hosts: 207.44.220.30 www.google.fr
    O1 - Hosts: 207.44.220.30 www.google.com.gr
    O1 - Hosts: 207.44.220.30 www.google.com.hk
    O1 - Hosts: 207.44.220.30 www.google.ie
    O1 - Hosts: 207.44.220.30 www.google.co.il
    O1 - Hosts: 207.44.220.30 www.google.it
    O1 - Hosts: 207.44.220.30 www.google.co.kr
    O1 - Hosts: 207.44.220.30 www.google.com.mx
    O1 - Hosts: 207.44.220.30 www.google.nl
    O1 - Hosts: 207.44.220.30 www.google.co.nz
    O1 - Hosts: 207.44.220.30 www.google.pl
    O1 - Hosts: 207.44.220.30 www.google.pt
    O1 - Hosts: 207.44.220.30 www.google.com.ru
    O1 - Hosts: 207.44.220.30 www.google.com.sg
    O1 - Hosts: 207.44.220.30 www.google.co.th
    O1 - Hosts: 207.44.220.30 www.google.com.tr
    O1 - Hosts: 207.44.220.30 www.google.com.tw
    O1 - Hosts: 207.44.220.30 go.google.com
    O1 - Hosts: 207.44.220.30 google.at
    O1 - Hosts: 207.44.220.30 google.be
    O1 - Hosts: 207.44.220.30 google.de
    O1 - Hosts: 207.44.220.30 google.dk
    O1 - Hosts: 207.44.220.30 google.fi
    O1 - Hosts: 207.44.220.30 google.fr
    O1 - Hosts: 207.44.220.30 google.com.hk
    O1 - Hosts: 207.44.220.30 google.ie
    O1 - Hosts: 207.44.220.30 google.co.il
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
    O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [foobin lptt01] "C:\Program Files\foo1\foobin.exe"
    O4 - HKLM\..\Run: [sysPnP] C:\WINDOWS\SYSTEM\bootconf.exe
    O4 - HKLM\..\Run: [MemoryMeter] C:\PROGRAM FILES\MEMORYMETER\MEMORYMETER.EXE
    O4 - HKLM\..\Run: [TVTMD] C:\WINDOWS\TVTMD.EXE
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [Internat Conf] \bootconf.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - Startup: Mount Safe & Sound Volumes.lnk = C:\Program Files\McAfee\McAfee Shared Components\Safe & Sound\fbmount.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra 'Tools' menuitem: IMI (HKLM)
    O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50017/btiein.cab
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521958} - http://www.ieplugin.com/uninstall.cab
    O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/dn/Browser_Plugin.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O19 - User stylesheet: C:\WINDOWS\Web\oslogo.bmp
    O19 - User stylesheet: C:\WINDOWS\default.css (HKLM)
     
  2. e-liam

    e-liam

    Joined:
    Jun 19, 2003
    Messages:
    1,241
    Hi thinwhiteduk,

    You’ve been hijacked by CoolWebSearch. Please go here and download, unzip then run CoolWebShredder.

    CWS installs via the byte verifier exploit in M$ JavaVM so just surfing a page with an infected applet can install it with no user participation. So once you’ve run the above, it is vital that you go here, click Scan for updates in the main frame, and download and install all CRITICAL updates recommended.

    Then go here and download and run RapidBlaster Killer. (Downlaod at the bottom of the page).

    Then, once you’ve done that, please post a new log, and we'll see what's left.

    Cheers

    Liam
     
  3. thinwhiteduk

    thinwhiteduk Thread Starter

    Joined:
    Nov 3, 2003
    Messages:
    6
    Thanks a million for your help. There have been a few complications which I cannot make heads or tails of.

    Firstly, after running Cool Web Shredder, everything went smoothly as far as I can tell.

    Next is where things get messy. I scanned for microsoft updates as you further requested and there were about 21 critical updates. I saw that some updates can only be made by themselves. So, my decision which seemed reasonable was that I could update about 17 of those that could be fixed all at once. This operation was lengthy, and as it was late I fell asleep. When I woke up this morning, there may or may not have been a notice of any complications, but I think it went smoothly. I turned off the computer and set back to work this afternoon. The next three updates I've tried to make, I can't understand the problem. I run the update function, follow the instructions to restart the computer and when it tries to finish the operation it reads this:

    "Setup was unable to install all the components. Please close all applications and try running Setup again."

    What applications is this referring to? The computer has just started up; I've not begun any applications.

    God, I'm so computer-illiterate that you must be frustrated. I'm sorry and hope you're still with me.

    Also, I tried to run the Rapid Blaster Killer and this is how it reads:

    "Component MSCOMCTL.OCX or one of its dependencies not correctly registered: a file is missing or invalid."

    I'm pretty sure that this problem is directly related to the initial problems of setting up a critical update. This morning the process didn't run smoothly.

    With all this said, I'll post the current Hijack This log. I hope this makes more sense to you than it does to me. Here goes:

    Logfile of HijackThis v1.97.7
    Scan saved at 3:09:26 PM, on 12/22/2003
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\WINDOWS\MCBIN\AV\RT\MGAVRTCL.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\MCBIN\AV\RT\MGAVRTE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
    O1 - Hosts: 207.44.220.30 www.altavista.com
    O1 - Hosts: 207.44.220.30 altavista.com
    O1 - Hosts: 207.44.220.30 search.yahoo.co.jp
    O1 - Hosts: 207.44.220.30 www.lycos.de
    O1 - Hosts: 207.44.220.30 www.lycos.ca
    O1 - Hosts: 207.44.220.30 www.lycos.jp
    O1 - Hosts: 207.44.220.30 www.lycos.co.jp
    O1 - Hosts: 207.44.220.30 alltheweb.com
    O1 - Hosts: 207.44.220.30 web.ask.com
    O1 - Hosts: 207.44.220.30 ask.com
    O1 - Hosts: 207.44.220.30 www.ask.com
    O1 - Hosts: 207.44.220.30 www.teoma.com
    O1 - Hosts: 207.44.220.30 search.aol.com
    O1 - Hosts: 207.44.220.30 www.looksmart.com
    O1 - Hosts: 207.44.220.30 search.fr.msn.be
    O1 - Hosts: 207.44.220.30 search.fr.msn.ch
    O1 - Hosts: 207.44.220.30 search.latam.yupimsn.com
    O1 - Hosts: 207.44.220.30 search.msn.at
    O1 - Hosts: 207.44.220.30 search.msn.be
    O1 - Hosts: 207.44.220.30 search.msn.ch
    O1 - Hosts: 207.44.220.30 search.msn.co.in
    O1 - Hosts: 207.44.220.30 search.msn.co.jp
    O1 - Hosts: 207.44.220.30 search.msn.co.kr
    O1 - Hosts: 207.44.220.30 search.msn.co.za
    O1 - Hosts: 207.44.220.30 search.msn.de
    O1 - Hosts: 207.44.220.30 search.msn.dk
    O1 - Hosts: 207.44.220.30 search.msn.es
    O1 - Hosts: 207.44.220.30 search.msn.fi
    O1 - Hosts: 207.44.220.30 search.msn.fr
    O1 - Hosts: 207.44.220.30 search.msn.it
    O1 - Hosts: 207.44.220.30 search.msn.nl
    O1 - Hosts: 207.44.220.30 search.msn.no
    O1 - Hosts: 207.44.220.30 search.msn.se
    O1 - Hosts: 207.44.220.30 search.ninemsn.com.au
    O1 - Hosts: 207.44.220.30 search.t1msn.com.mx
    O1 - Hosts: 207.44.220.30 search.xtramsn.co.nz
    O1 - Hosts: 207.44.220.30 search.yupimsn.com
    O1 - Hosts: 207.44.220.30 search.lycos.com
    O1 - Hosts: 207.44.220.30 www.lycos.com
    O1 - Hosts: 207.44.220.30 go.google.com
    O1 - Hosts: 207.44.220.30 www.hotbot.com
    O1 - Hosts: 207.44.220.30 hotbot.com
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
    O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - Startup: Mount Safe & Sound Volumes.lnk = C:\Program Files\McAfee\McAfee Shared Components\Safe & Sound\fbmount.exe
    O4 - Startup: Resume Windows Update Installation.lnk = C:\WINDOWS\Windows Update Setup Files\ie6setup.exe
    O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37977.0294907407
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,219
    First Name:
    Derek
    navigate to this file and double click it
    C:\WINDOWS\Windows Update Setup Files\ie6setup.exe
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/189180

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice