highjackthis help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

bdev

Thread Starter
Joined
Jan 20, 2005
Messages
4
Can someone please review my log from scanning highjackthis and let me know what I should be removing. I had to save the log in a pdf format. I hope that is o.k.
I appreciate all the help

Thanks
 
Joined
Sep 7, 2004
Messages
49,014
Open the log in notepad

EDIT - SELECT ALL
EDIT - COPY

Then come to this message, and in the quick reply box click in the white space and then EDIT - PASTE
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
116,997
Hi and welcome to TSG,

Are you unable to open HJT in Notepad? If so, what is your OS?
 

bdev

Thread Starter
Joined
Jan 20, 2005
Messages
4
hijackthis Logfile of HijackThis v1.99.0
scan saved at 6:31:33 PM, on 2/3/2005 Platform: windows XP sp1 (winNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWs\system32\smss.exe C:\WINDOWs\system32\winlogon.exe C:\WINDOWs\system32\services.exe C:\WINDOWs\system32\lsass.exe C:\WINDOWs\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWs\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWs\system32\spoolsv.exe C:\WINDOWs\system32\drivers\Kodakccs.exe C:\PROGRA~l\mcafee.com\vso\mcvsrte.exe C:\WINDOWs\system32\scsiAccess.EXE C:\WINDOWs\system32\svchost.exe c:\windows\system\hpsysdrv.exe
c:\Program Files\Hewlett-packard\Digital Imaging\unload\hpqcmon.exe C:\HP\KBD\KBD.EXE
c:\Program Files\wildTangent\DDC\DDCManager\DDcMan.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsbOS.exe C:\PROGRA~1\MICROS~2\GAMECO-1\common\swtrayv4.exe
C:\Program Files\ATI Technologies\ATI control panel\atiptaxx.exe C:\PROGRA~l\mcafee.com\vso\mcvsshld.exe C:\PROGRA~l\mcafee.com\agent\mcagent.exe c:\progra~l\mcafee.com\vso\mcvsescn.exe C:\PROGRA~l\mcafee.com\agent\mcupdate.exe
c:\Program Files\KODAK\Kodak Easyshare software\bin\Easyshare.exe c:\program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\PROGRA~l\mcafee.com\vso\mcshield.exe
C:\Documents and settin9s\owner\Local settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThls.exe
R1 - HKCU\software\Microsoft\Internet Explorer\Main,Default_page_URL = http://us6.hpwis.com/
R1 - HKCU\software\Microsoft\Internet Explorer\Main,Default_search_URL http://srch-us6.hpwis.com/
R1 - HKCU\software\Microsoft\Internet Explorer\Main,search Page = res://c:\WINDOWS\hpbyz.dll/sp.html#37049
RO - HKCU\software\Microsoft\Internet Explorer\Main,start page = http://www.yahoo.com/
R1 - HKLM\software\Microsoft\Internet Explorer\Main,Default_page_uRL = about:blank
R1 - HKLM\software\M;crosoft\Internet Explorer\Main,Default_search_uRL = res://c:\WINDOWs\hpbyz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,search Bar = res://C:\WINDOWS\hpbyz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,search page = res://C:\WINDOWs\hpbyz.dll/sp.html#37049
R1 - HKCU\software\Microsoft\Internet Explorer\search,customizesearch = http://www.searchxp.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\search,DefaulLsearch_URL http://www.searchxp.com/search tml
RO - HKLM\Software\M;crosoft\I ternet Explorer\search,SearchAssistant = res://C:\WINDOWS\hpbyz.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\searchuRL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R3 - Default URLsearchHook is missing
02 - BHO: AcroIEHlprobj class - {06849E9F-C8Dl-4D59-B87D-784B7D6BEOB3} ¬c:\program Files\Adobe\Acrobat 5.0\Reader\Activex\AcroIEHelper.ocx
02 - BHO: (no name) - {D45F954C-1B53-AEOC-955A-301DD19D8456} ¬C:\WINDOWs\system32\javaxr.dll (file missing)
03 - Toolbar: &Radio - {8El18888-423F-I1D2-816E-OOAOC9082467} ¬C:\WINDOWs\system32\msdxm.ocx
Page 1


-,
hijackthis
03 - Toolbar: McAfee virusScan - {BA52B914-B692-46c4-B683-905236F6F655} _ c:\progra~l\mcafee.com\vso\mcvsshl.dll
03 - Toolbar: Yahool Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} _ C:\Program Files\Yahoo!\companion\Installs\cpnO\ycomp5_5_7_0.dll
04 - HKLM\ .. \Run: [hpsysdrvJ c:\windows\system\hpsysdrv.exe
04 - HKLM\ .. \Run: [NvCplDaemon] RUNDLL32.EXE NVQTwk,NvcplDaemon initialize 04 - HKLM\ .. \Run: [nwiz] nwiz.exe /install
04 - HKLM\ .. \Run: [camMonitor] c:\program Files\Hewlett-packard\Digital Imaging\unload\hpqcmon.exe
04 - HKLM\ .. \Run: [KBD] C:\HP\KBD\KBD.EXE
04 - HKLM\ .. \Run: [StorageGuard] "c:\Program Files\VERITAS software\update Manager\sgtray.exe" /r
04 - HKLM\ .. \Run: [dla] C:\WINDOWs\system32\dla\tfswctrl.exe
04 - HKLM\ .. \Run: [DDCM] Ole: \program Fi 1 es\wil dTangent\DDC\DDcManager\DDcMan. exe" -Background
04 - HKLM\ .. \Run: [DDCActiveMenu] "c:\Program Files\wildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
04 - HKLM\ .. \Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE 04 - HKLM\ .. \Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe 04 - HKLM\ .. \Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe 04 - HKLM\ .. \Run: [PS2] C:\WINDOWS\system32\ps2.exe
04 - HKLM\ .. \Run: [HPDJ Taskbar Utility]
C: \WINDOWS\syst,em32\spool \dri vers\w32x86\3\hpztsb05. exe 04 - HKLM\ .. \Run: [sidewinderTrayv4] C:\PROGRA~1\MICROS~2\GAMECo~l\common\swtrayv4.exe
04 - HKLM\ .. \Run: [ATIPTA] c:\Program Files\ATI Technologies\ATI Control panel\atiptaxx.exe
04 - HKLM\ .. \Run: [vsocheckTask] "C:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
04 - HKLM\ .. \Run: [vi rusScan Onl i ne] "C:\PROGRA~1\mcafee. com\vso\mcvsshld. exe" 04 - HKLM\ .. \Run: [MCAgentExe] C:\PROGRA~1\mcafee.com\agent\mcagent.exe
04 - HKLM\ .. \Run: [MCupdateExe] C:\PROGRA~l\mcafee.com\agent\mcupdate.exe
04 - HKCU\ .. \Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\Launchpd.exe"
04 - HKCU\ .. \Run: [Yahoo! pager] c:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
04 - Global startup: Kodak Easyshare software.lnk = C:\program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
09 - Extra button: Messenger - {4528BBEO-4E08-11D5-AD55-00010333DOAD} ¬c:\program Files\vahoo!\Messenger\yhexbmes0819.dll
09 - Extra 'Tools' menuitem: Yahoo! Messenger ¬{4528BBEO-4E08-11D5-AD55-00010333DOAD} - c:\Program Files\vahool\Messenger\yhexbmes0819.dll
012 - plugin for .mpeg: c:\Program Files\Internet Explorer\PLUGINs\npqtplugin3.dll
012 - plugin for .spop: C:\Program Files\Internet Explorer\plugins\NPDoCBox.dll 015 - Trusted Zone: *.awmdabest.com
015 - Trusted Zone: *.awmdabest.com (HKLM) 015 - Trusted IP range: 206.161.125.149 015 - Trusted IP range: (HKLM)
016 - DPF: {10000000-1000-0000-1000-000000000000} - file://c:\program Files\rnternet Explorer\bkwfeuhc.exe
016 - DPF: {30528230-99F7-4BB4-88D8-FAID4F56A2AB} (vInstStarter class) ¬http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
016 - DPF: {4ED9DDFO-7479-4BBE-9335-5A1EDB1D8A21} (McAfee. com Operating system Class) - http://bin.mcafee.com/~olbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab 016 - DPF: {BCCOFF27-31D9-4614-.68E-CI8EIADA4389} (DwnldGroupMgr class) ¬http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,O,O,19/mcgdmgr.cab
023 - service: Ati Hot Key Poller - unknown - C:\WINDOWs\system32\Ati2evxx.exe
023 - service: AT! Smart - unknown - C:\WINDOWs\system32\ati2sgag.exe
023 - service: Kodak Camera Connection software - Eastman Kodak company ¬C:\WINDOWs\system32\drivers\Kodakccs.exe
023 - service: MCAfee. com Mcshield - unknown ¬C:\PROGRA~l\mcafee.com\vso\mcshield.exe
023 - service: McAfee securitycenter update Manager - MCAfee, Inc ¬C:\PROGRA~I\MCAfee.com\Agent\mcupdmgr.exe
023 - service: McAfee.com VirusScan online Realtime Engine - Networks Associates Technology, rnc - C:\PROGRA~l\mcafee.com\vso\mcvsrte.exe


hijackthis
023 - service: NVIDIA Driver Helper service - NVIDIA corporation ¬C:\WINDOWs\system32\nvsvc32.exe '
023 - service: ScsiAccess - unknown - C:\WINDOWS\system32\scsiAccess.EXE 023 - service: workstation NetLogon service - unknown ¬C:\WINDOWs\system32\msxb32.exe (file missing)
page 3


Thanks for all your help
 

bdev

Thread Starter
Joined
Jan 20, 2005
Messages
4
Thanks for all your help. Here is the log in notepad


hijackthis Logfile of HijackThis v1.99.0
scan saved at 6:31:33 PM, on 2/3/2005 Platform: windows XP sp1 (winNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWs\system32\smss.exe C:\WINDOWs\system32\winlogon.exe C:\WINDOWs\system32\services.exe C:\WINDOWs\system32\lsass.exe C:\WINDOWs\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWs\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWs\system32\spoolsv.exe C:\WINDOWs\system32\drivers\Kodakccs.exe C:\PROGRA~l\mcafee.com\vso\mcvsrte.exe C:\WINDOWs\system32\scsiAccess.EXE C:\WINDOWs\system32\svchost.exe c:\windows\system\hpsysdrv.exe
c:\Program Files\Hewlett-packard\Digital Imaging\unload\hpqcmon.exe C:\HP\KBD\KBD.EXE
c:\Program Files\wildTangent\DDC\DDCManager\DDcMan.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsbOS.exe C:\PROGRA~1\MICROS~2\GAMECO-1\common\swtrayv4.exe
C:\Program Files\ATI Technologies\ATI control panel\atiptaxx.exe C:\PROGRA~l\mcafee.com\vso\mcvsshld.exe C:\PROGRA~l\mcafee.com\agent\mcagent.exe c:\progra~l\mcafee.com\vso\mcvsescn.exe C:\PROGRA~l\mcafee.com\agent\mcupdate.exe
c:\Program Files\KODAK\Kodak Easyshare software\bin\Easyshare.exe c:\program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\PROGRA~l\mcafee.com\vso\mcshield.exe
C:\Documents and settin9s\owner\Local settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThls.exe
R1 - HKCU\software\Microsoft\Internet Explorer\Main,Default_page_URL = http://us6.hpwis.com/
R1 - HKCU\software\Microsoft\Internet Explorer\Main,Default_search_URL http://srch-us6.hpwis.com/
R1 - HKCU\software\Microsoft\Internet Explorer\Main,search Page = res://c:\WINDOWS\hpbyz.dll/sp.html#37049
RO - HKCU\software\Microsoft\Internet Explorer\Main,start page = http://www.yahoo.com/
R1 - HKLM\software\Microsoft\Internet Explorer\Main,Default_page_uRL = about:blank
R1 - HKLM\software\M;crosoft\Internet Explorer\Main,Default_search_uRL = res://c:\WINDOWs\hpbyz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,search Bar = res://C:\WINDOWS\hpbyz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,search page = res://C:\WINDOWs\hpbyz.dll/sp.html#37049
R1 - HKCU\software\Microsoft\Internet Explorer\search,customizesearch = http://www.searchxp.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\search,DefaulLsearch_URL http://www.searchxp.com/search tml
RO - HKLM\Software\M;crosoft\I ternet Explorer\search,SearchAssistant = res://C:\WINDOWS\hpbyz.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\searchuRL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R3 - Default URLsearchHook is missing
02 - BHO: AcroIEHlprobj class - {06849E9F-C8Dl-4D59-B87D-784B7D6BEOB3} ¬c:\program Files\Adobe\Acrobat 5.0\Reader\Activex\AcroIEHelper.ocx
02 - BHO: (no name) - {D45F954C-1B53-AEOC-955A-301DD19D8456} ¬C:\WINDOWs\system32\javaxr.dll (file missing)
03 - Toolbar: &Radio - {8El18888-423F-I1D2-816E-OOAOC9082467} ¬C:\WINDOWs\system32\msdxm.ocx
Page 1


-,
hijackthis
03 - Toolbar: McAfee virusScan - {BA52B914-B692-46c4-B683-905236F6F655} _ c:\progra~l\mcafee.com\vso\mcvsshl.dll
03 - Toolbar: Yahool Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} _ C:\Program Files\Yahoo!\companion\Installs\cpnO\ycomp5_5_7_0.dll
04 - HKLM\ .. \Run: [hpsysdrvJ c:\windows\system\hpsysdrv.exe
04 - HKLM\ .. \Run: [NvCplDaemon] RUNDLL32.EXE NVQTwk,NvcplDaemon initialize 04 - HKLM\ .. \Run: [nwiz] nwiz.exe /install
04 - HKLM\ .. \Run: [camMonitor] c:\program Files\Hewlett-packard\Digital Imaging\unload\hpqcmon.exe
04 - HKLM\ .. \Run: [KBD] C:\HP\KBD\KBD.EXE
04 - HKLM\ .. \Run: [StorageGuard] "c:\Program Files\VERITAS software\update Manager\sgtray.exe" /r
04 - HKLM\ .. \Run: [dla] C:\WINDOWs\system32\dla\tfswctrl.exe
04 - HKLM\ .. \Run: [DDCM] Ole: \program Fi 1 es\wil dTangent\DDC\DDcManager\DDcMan. exe" -Background
04 - HKLM\ .. \Run: [DDCActiveMenu] "c:\Program Files\wildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
04 - HKLM\ .. \Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE 04 - HKLM\ .. \Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe 04 - HKLM\ .. \Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe 04 - HKLM\ .. \Run: [PS2] C:\WINDOWS\system32\ps2.exe
04 - HKLM\ .. \Run: [HPDJ Taskbar Utility]
C: \WINDOWS\syst,em32\spool \dri vers\w32x86\3\hpztsb05. exe 04 - HKLM\ .. \Run: [sidewinderTrayv4] C:\PROGRA~1\MICROS~2\GAMECo~l\common\swtrayv4.exe
04 - HKLM\ .. \Run: [ATIPTA] c:\Program Files\ATI Technologies\ATI Control panel\atiptaxx.exe
04 - HKLM\ .. \Run: [vsocheckTask] "C:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
04 - HKLM\ .. \Run: [vi rusScan Onl i ne] "C:\PROGRA~1\mcafee. com\vso\mcvsshld. exe" 04 - HKLM\ .. \Run: [MCAgentExe] C:\PROGRA~1\mcafee.com\agent\mcagent.exe
04 - HKLM\ .. \Run: [MCupdateExe] C:\PROGRA~l\mcafee.com\agent\mcupdate.exe
04 - HKCU\ .. \Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\Launchpd.exe"
04 - HKCU\ .. \Run: [Yahoo! pager] c:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
04 - Global startup: Kodak Easyshare software.lnk = C:\program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
09 - Extra button: Messenger - {4528BBEO-4E08-11D5-AD55-00010333DOAD} ¬c:\program Files\vahoo!\Messenger\yhexbmes0819.dll
09 - Extra 'Tools' menuitem: Yahoo! Messenger ¬{4528BBEO-4E08-11D5-AD55-00010333DOAD} - c:\Program Files\vahool\Messenger\yhexbmes0819.dll
012 - plugin for .mpeg: c:\Program Files\Internet Explorer\PLUGINs\npqtplugin3.dll
012 - plugin for .spop: C:\Program Files\Internet Explorer\plugins\NPDoCBox.dll 015 - Trusted Zone: *.awmdabest.com
015 - Trusted Zone: *.awmdabest.com (HKLM) 015 - Trusted IP range: 206.161.125.149 015 - Trusted IP range: (HKLM)
016 - DPF: {10000000-1000-0000-1000-000000000000} - file://c:\program Files\rnternet Explorer\bkwfeuhc.exe
016 - DPF: {30528230-99F7-4BB4-88D8-FAID4F56A2AB} (vInstStarter class) ¬http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
016 - DPF: {4ED9DDFO-7479-4BBE-9335-5A1EDB1D8A21} (McAfee. com Operating system Class) - http://bin.mcafee.com/~olbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab 016 - DPF: {BCCOFF27-31D9-4614-.68E-CI8EIADA4389} (DwnldGroupMgr class) ¬http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,O,O,19/mcgdmgr.cab
023 - service: Ati Hot Key Poller - unknown - C:\WINDOWs\system32\Ati2evxx.exe
023 - service: AT! Smart - unknown - C:\WINDOWs\system32\ati2sgag.exe
023 - service: Kodak Camera Connection software - Eastman Kodak company ¬C:\WINDOWs\system32\drivers\Kodakccs.exe
023 - service: MCAfee. com Mcshield - unknown ¬C:\PROGRA~l\mcafee.com\vso\mcshield.exe
023 - service: McAfee securitycenter update Manager - MCAfee, Inc ¬C:\PROGRA~I\MCAfee.com\Agent\mcupdmgr.exe
023 - service: McAfee.com VirusScan online Realtime Engine - Networks Associates Technology, rnc - C:\PROGRA~l\mcafee.com\vso\mcvsrte.exe


hijackthis
023 - service: NVIDIA Driver Helper service - NVIDIA corporation ¬C:\WINDOWs\system32\nvsvc32.exe '
023 - service: ScsiAccess - unknown - C:\WINDOWS\system32\scsiAccess.EXE 023 - service: workstation NetLogon service - unknown ¬C:\WINDOWs\system32\msxb32.exe (file missing)
page 3
 
Joined
Sep 7, 2004
Messages
49,014
Looks like you did that in Word vs. notepad – next log open it with notepad and do not edit any thing

You MUST move HiJackThis.exe to a permanent folder like C:\HJT

Print this and boot to safe mode
Fix these with HJT

R1 - HKCU\software\Microsoft\Internet Explorer\Main,Default_page_URL = http://us6.hpwis.com/

R1 - HKCU\software\Microsoft\Internet Explorer\Main,Default_search_URL http://srch-us6.hpwis.com/

R1 - HKCU\software\Microsoft\Internet Explorer\Main,search Page = res://c:\WINDOWS\hpbyz.dll/sp.html#37049

R1 - HKLM\software\Microsoft\Internet Explorer\Main,Default_page_uRL = about:blank

R1 - HKLM\software\M;crosoft\Internet Explorer\Main,Default_search_uRL = res://c:\WINDOWs\hpbyz.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,search Bar = res://C:\WINDOWS\hpbyz.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,search page = res://C:\WINDOWs\hpbyz.dll/sp.html#37049

R1 - HKCU\software\Microsoft\Internet Explorer\search,customizesearch = http://www.searchxp.com/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\search,DefaulLsearch_URL http://www.searchxp.com/search tml

RO - HKLM\Software\M;crosoft\I ternet Explorer\search,SearchAssistant = res://C:\WINDOWS\hpbyz.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\searchuRL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com R3 - Default URLsearchHook is missing

02 - BHO: (no name) - {D45F954C-1B53-AEOC-955A-301DD19D8456} C:\WINDOWs\system32\javaxr.dll (file missing)

O4 - HKLM\ .. \Run: [DDCM] Ole: \program Files\wildTangent\DDC\DDcManager\DDcMan. exe" -Background

04 - HKLM\ .. \Run: [DDCActiveMenu] "c:\Program Files\wildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot

015 - Trusted Zone: *.awmdabest.com
015 - Trusted Zone: *.awmdabest.com (HKLM)
015 - Trusted IP range: 206.161.125.149
015 - Trusted IP range: (HKLM)

016 - DPF: {10000000-1000-0000-1000-000000000000} - file://c:\program Files\rnternet Explorer\bkwfeuhc.exe

023 - service: workstation NetLogon service - unknown C:\WINDOWs\system32\msxb32.exe (file missing)



View Hidden Files
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Now click "Apply to all folders", Click "Apply" then "OK"

Delete these files

c:\WINDOWs\hpbyz.dll
c:\program Files\rnternet Explorer\bkwfeuhc.exe


Delete these folders

c:\Program Files\wildTangent

START – RUN – key in %temp% - Edit – Select all – File – Delete
Empty the recycle bin
Boot and post a new log
 

bdev

Thread Starter
Joined
Jan 20, 2005
Messages
4
Thanks for all your help. I will try this and get back to you.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top