Thread: Problem and questions
View Single Post
Old 12-25-2004, 12:43 PM   #5 (permalink)
intercodes
 
Ultra Techie

Join Date: Jun 2004

Posts: 973

intercodes

Send a message via Yahoo to intercodes
Default
Doktorn,

systemreg16 seems to be a malware process. You need to get rid of it. Hold on....we will go step by step.

*Close all the windows except HJT [ turn off system restore if its is on. ]
*Run and fix the following entries.

------------------------------------

C:\WINDOWS\System32\SystemReg16.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/ [If you dont know this entry , delete it ]

O4 - HKLM\..\Run: [WindowsRegKey upd4te2d4te] IEEXPLORE.exe

O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe

O4 - HKLM\..\RunServices: [WindowsRegKey upd4te2d4te] IEEXPLORE.exe

O4 - HKLM\..\RunServices: [Microsoft Update Machine] Winregs32.exe

O4 - HKCU\..\Run: [WindowsRegKey upd4te2d4te] IEEXPLORE.exe

O23 - Service: Windows Installer - Unknown - C:\DOCUME~1\HKAN~1\LOKALA~1\Temp\IXP000.TMP\MsiExe c.exe (file missing)

-----------------------------------------------------

I highly recommend this one http://housecall.trendmicro.com/hous...start_corp.asp
intercodes is offline