1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

highjackthis help

Discussion in 'Virus & Other Malware Removal' started by bdev, Feb 4, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. bdev

    bdev Thread Starter

    Joined:
    Jan 20, 2005
    Messages:
    4
    Can someone please review my log from scanning highjackthis and let me know what I should be removing. I had to save the log in a pdf format. I hope that is o.k.
    I appreciate all the help

    Thanks
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Open the log in notepad

    EDIT - SELECT ALL
    EDIT - COPY

    Then come to this message, and in the quick reply box click in the white space and then EDIT - PASTE
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,012
    Hi and welcome to TSG,

    Are you unable to open HJT in Notepad? If so, what is your OS?
     
  4. bdev

    bdev Thread Starter

    Joined:
    Jan 20, 2005
    Messages:
    4
    hijackthis Logfile of HijackThis v1.99.0
    scan saved at 6:31:33 PM, on 2/3/2005 Platform: windows XP sp1 (winNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWs\system32\smss.exe C:\WINDOWs\system32\winlogon.exe C:\WINDOWs\system32\services.exe C:\WINDOWs\system32\lsass.exe C:\WINDOWs\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWs\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWs\system32\spoolsv.exe C:\WINDOWs\system32\drivers\Kodakccs.exe C:\PROGRA~l\mcafee.com\vso\mcvsrte.exe C:\WINDOWs\system32\scsiAccess.EXE C:\WINDOWs\system32\svchost.exe c:\windows\system\hpsysdrv.exe
    c:\Program Files\Hewlett-packard\Digital Imaging\unload\hpqcmon.exe C:\HP\KBD\KBD.EXE
    c:\Program Files\wildTangent\DDC\DDCManager\DDcMan.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsbOS.exe C:\PROGRA~1\MICROS~2\GAMECO-1\common\swtrayv4.exe
    C:\Program Files\ATI Technologies\ATI control panel\atiptaxx.exe C:\PROGRA~l\mcafee.com\vso\mcvsshld.exe C:\PROGRA~l\mcafee.com\agent\mcagent.exe c:\progra~l\mcafee.com\vso\mcvsescn.exe C:\PROGRA~l\mcafee.com\agent\mcupdate.exe
    c:\Program Files\KODAK\Kodak Easyshare software\bin\Easyshare.exe c:\program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\PROGRA~l\mcafee.com\vso\mcshield.exe
    C:\Documents and settin9s\owner\Local settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThls.exe
    R1 - HKCU\software\Microsoft\Internet Explorer\Main,Default_page_URL = http://us6.hpwis.com/
    R1 - HKCU\software\Microsoft\Internet Explorer\Main,Default_search_URL http://srch-us6.hpwis.com/
    R1 - HKCU\software\Microsoft\Internet Explorer\Main,search Page = res://c:\WINDOWS\hpbyz.dll/sp.html#37049
    RO - HKCU\software\Microsoft\Internet Explorer\Main,start page = http://www.yahoo.com/
    R1 - HKLM\software\Microsoft\Internet Explorer\Main,Default_page_uRL = about:blank
    R1 - HKLM\software\M;crosoft\Internet Explorer\Main,Default_search_uRL = res://c:\WINDOWs\hpbyz.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,search Bar = res://C:\WINDOWS\hpbyz.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,search page = res://C:\WINDOWs\hpbyz.dll/sp.html#37049
    R1 - HKCU\software\Microsoft\Internet Explorer\search,customizesearch = http://www.searchxp.com/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\search,DefaulLsearch_URL http://www.searchxp.com/search tml
    RO - HKLM\Software\M;crosoft\I ternet Explorer\search,SearchAssistant = res://C:\WINDOWS\hpbyz.dll/sp.html#37049
    R1 - HKCU\Software\Microsoft\Internet Explorer\searchuRL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R3 - Default URLsearchHook is missing
    02 - BHO: AcroIEHlprobj class - {06849E9F-C8Dl-4D59-B87D-784B7D6BEOB3} ¬c:\program Files\Adobe\Acrobat 5.0\Reader\Activex\AcroIEHelper.ocx
    02 - BHO: (no name) - {D45F954C-1B53-AEOC-955A-301DD19D8456} ¬C:\WINDOWs\system32\javaxr.dll (file missing)
    03 - Toolbar: &Radio - {8El18888-423F-I1D2-816E-OOAOC9082467} ¬C:\WINDOWs\system32\msdxm.ocx
    Page 1


    -,
    hijackthis
    03 - Toolbar: McAfee virusScan - {BA52B914-B692-46c4-B683-905236F6F655} _ c:\progra~l\mcafee.com\vso\mcvsshl.dll
    03 - Toolbar: Yahool Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} _ C:\Program Files\Yahoo!\companion\Installs\cpnO\ycomp5_5_7_0.dll
    04 - HKLM\ .. \Run: [hpsysdrvJ c:\windows\system\hpsysdrv.exe
    04 - HKLM\ .. \Run: [NvCplDaemon] RUNDLL32.EXE NVQTwk,NvcplDaemon initialize 04 - HKLM\ .. \Run: [nwiz] nwiz.exe /install
    04 - HKLM\ .. \Run: [camMonitor] c:\program Files\Hewlett-packard\Digital Imaging\unload\hpqcmon.exe
    04 - HKLM\ .. \Run: [KBD] C:\HP\KBD\KBD.EXE
    04 - HKLM\ .. \Run: [StorageGuard] "c:\Program Files\VERITAS software\update Manager\sgtray.exe" /r
    04 - HKLM\ .. \Run: [dla] C:\WINDOWs\system32\dla\tfswctrl.exe
    04 - HKLM\ .. \Run: [DDCM] Ole: \program Fi 1 es\wil dTangent\DDC\DDcManager\DDcMan. exe" -Background
    04 - HKLM\ .. \Run: [DDCActiveMenu] "c:\Program Files\wildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
    04 - HKLM\ .. \Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE 04 - HKLM\ .. \Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe 04 - HKLM\ .. \Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe 04 - HKLM\ .. \Run: [PS2] C:\WINDOWS\system32\ps2.exe
    04 - HKLM\ .. \Run: [HPDJ Taskbar Utility]
    C: \WINDOWS\syst,em32\spool \dri vers\w32x86\3\hpztsb05. exe 04 - HKLM\ .. \Run: [sidewinderTrayv4] C:\PROGRA~1\MICROS~2\GAMECo~l\common\swtrayv4.exe
    04 - HKLM\ .. \Run: [ATIPTA] c:\Program Files\ATI Technologies\ATI Control panel\atiptaxx.exe
    04 - HKLM\ .. \Run: [vsocheckTask] "C:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    04 - HKLM\ .. \Run: [vi rusScan Onl i ne] "C:\PROGRA~1\mcafee. com\vso\mcvsshld. exe" 04 - HKLM\ .. \Run: [MCAgentExe] C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    04 - HKLM\ .. \Run: [MCupdateExe] C:\PROGRA~l\mcafee.com\agent\mcupdate.exe
    04 - HKCU\ .. \Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\Launchpd.exe"
    04 - HKCU\ .. \Run: [Yahoo! pager] c:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    04 - Global startup: Kodak Easyshare software.lnk = C:\program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    09 - Extra button: Messenger - {4528BBEO-4E08-11D5-AD55-00010333DOAD} ¬c:\program Files\vahoo!\Messenger\yhexbmes0819.dll
    09 - Extra 'Tools' menuitem: Yahoo! Messenger ¬{4528BBEO-4E08-11D5-AD55-00010333DOAD} - c:\Program Files\vahool\Messenger\yhexbmes0819.dll
    012 - plugin for .mpeg: c:\Program Files\Internet Explorer\PLUGINs\npqtplugin3.dll
    012 - plugin for .spop: C:\Program Files\Internet Explorer\plugins\NPDoCBox.dll 015 - Trusted Zone: *.awmdabest.com
    015 - Trusted Zone: *.awmdabest.com (HKLM) 015 - Trusted IP range: 206.161.125.149 015 - Trusted IP range: (HKLM)
    016 - DPF: {10000000-1000-0000-1000-000000000000} - file://c:\program Files\rnternet Explorer\bkwfeuhc.exe
    016 - DPF: {30528230-99F7-4BB4-88D8-FAID4F56A2AB} (vInstStarter class) ¬http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    016 - DPF: {4ED9DDFO-7479-4BBE-9335-5A1EDB1D8A21} (McAfee. com Operating system Class) - http://bin.mcafee.com/~olbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab 016 - DPF: {BCCOFF27-31D9-4614-.68E-CI8EIADA4389} (DwnldGroupMgr class) ¬http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,O,O,19/mcgdmgr.cab
    023 - service: Ati Hot Key Poller - unknown - C:\WINDOWs\system32\Ati2evxx.exe
    023 - service: AT! Smart - unknown - C:\WINDOWs\system32\ati2sgag.exe
    023 - service: Kodak Camera Connection software - Eastman Kodak company ¬C:\WINDOWs\system32\drivers\Kodakccs.exe
    023 - service: MCAfee. com Mcshield - unknown ¬C:\PROGRA~l\mcafee.com\vso\mcshield.exe
    023 - service: McAfee securitycenter update Manager - MCAfee, Inc ¬C:\PROGRA~I\MCAfee.com\Agent\mcupdmgr.exe
    023 - service: McAfee.com VirusScan online Realtime Engine - Networks Associates Technology, rnc - C:\PROGRA~l\mcafee.com\vso\mcvsrte.exe


    hijackthis
    023 - service: NVIDIA Driver Helper service - NVIDIA corporation ¬C:\WINDOWs\system32\nvsvc32.exe '
    023 - service: ScsiAccess - unknown - C:\WINDOWS\system32\scsiAccess.EXE 023 - service: workstation NetLogon service - unknown ¬C:\WINDOWs\system32\msxb32.exe (file missing)
    page 3


    Thanks for all your help
     
  5. bdev

    bdev Thread Starter

    Joined:
    Jan 20, 2005
    Messages:
    4
    Thanks for all your help. Here is the log in notepad


    hijackthis Logfile of HijackThis v1.99.0
    scan saved at 6:31:33 PM, on 2/3/2005 Platform: windows XP sp1 (winNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWs\system32\smss.exe C:\WINDOWs\system32\winlogon.exe C:\WINDOWs\system32\services.exe C:\WINDOWs\system32\lsass.exe C:\WINDOWs\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWs\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWs\system32\spoolsv.exe C:\WINDOWs\system32\drivers\Kodakccs.exe C:\PROGRA~l\mcafee.com\vso\mcvsrte.exe C:\WINDOWs\system32\scsiAccess.EXE C:\WINDOWs\system32\svchost.exe c:\windows\system\hpsysdrv.exe
    c:\Program Files\Hewlett-packard\Digital Imaging\unload\hpqcmon.exe C:\HP\KBD\KBD.EXE
    c:\Program Files\wildTangent\DDC\DDCManager\DDcMan.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsbOS.exe C:\PROGRA~1\MICROS~2\GAMECO-1\common\swtrayv4.exe
    C:\Program Files\ATI Technologies\ATI control panel\atiptaxx.exe C:\PROGRA~l\mcafee.com\vso\mcvsshld.exe C:\PROGRA~l\mcafee.com\agent\mcagent.exe c:\progra~l\mcafee.com\vso\mcvsescn.exe C:\PROGRA~l\mcafee.com\agent\mcupdate.exe
    c:\Program Files\KODAK\Kodak Easyshare software\bin\Easyshare.exe c:\program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\PROGRA~l\mcafee.com\vso\mcshield.exe
    C:\Documents and settin9s\owner\Local settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThls.exe
    R1 - HKCU\software\Microsoft\Internet Explorer\Main,Default_page_URL = http://us6.hpwis.com/
    R1 - HKCU\software\Microsoft\Internet Explorer\Main,Default_search_URL http://srch-us6.hpwis.com/
    R1 - HKCU\software\Microsoft\Internet Explorer\Main,search Page = res://c:\WINDOWS\hpbyz.dll/sp.html#37049
    RO - HKCU\software\Microsoft\Internet Explorer\Main,start page = http://www.yahoo.com/
    R1 - HKLM\software\Microsoft\Internet Explorer\Main,Default_page_uRL = about:blank
    R1 - HKLM\software\M;crosoft\Internet Explorer\Main,Default_search_uRL = res://c:\WINDOWs\hpbyz.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,search Bar = res://C:\WINDOWS\hpbyz.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,search page = res://C:\WINDOWs\hpbyz.dll/sp.html#37049
    R1 - HKCU\software\Microsoft\Internet Explorer\search,customizesearch = http://www.searchxp.com/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\search,DefaulLsearch_URL http://www.searchxp.com/search tml
    RO - HKLM\Software\M;crosoft\I ternet Explorer\search,SearchAssistant = res://C:\WINDOWS\hpbyz.dll/sp.html#37049
    R1 - HKCU\Software\Microsoft\Internet Explorer\searchuRL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R3 - Default URLsearchHook is missing
    02 - BHO: AcroIEHlprobj class - {06849E9F-C8Dl-4D59-B87D-784B7D6BEOB3} ¬c:\program Files\Adobe\Acrobat 5.0\Reader\Activex\AcroIEHelper.ocx
    02 - BHO: (no name) - {D45F954C-1B53-AEOC-955A-301DD19D8456} ¬C:\WINDOWs\system32\javaxr.dll (file missing)
    03 - Toolbar: &Radio - {8El18888-423F-I1D2-816E-OOAOC9082467} ¬C:\WINDOWs\system32\msdxm.ocx
    Page 1


    -,
    hijackthis
    03 - Toolbar: McAfee virusScan - {BA52B914-B692-46c4-B683-905236F6F655} _ c:\progra~l\mcafee.com\vso\mcvsshl.dll
    03 - Toolbar: Yahool Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} _ C:\Program Files\Yahoo!\companion\Installs\cpnO\ycomp5_5_7_0.dll
    04 - HKLM\ .. \Run: [hpsysdrvJ c:\windows\system\hpsysdrv.exe
    04 - HKLM\ .. \Run: [NvCplDaemon] RUNDLL32.EXE NVQTwk,NvcplDaemon initialize 04 - HKLM\ .. \Run: [nwiz] nwiz.exe /install
    04 - HKLM\ .. \Run: [camMonitor] c:\program Files\Hewlett-packard\Digital Imaging\unload\hpqcmon.exe
    04 - HKLM\ .. \Run: [KBD] C:\HP\KBD\KBD.EXE
    04 - HKLM\ .. \Run: [StorageGuard] "c:\Program Files\VERITAS software\update Manager\sgtray.exe" /r
    04 - HKLM\ .. \Run: [dla] C:\WINDOWs\system32\dla\tfswctrl.exe
    04 - HKLM\ .. \Run: [DDCM] Ole: \program Fi 1 es\wil dTangent\DDC\DDcManager\DDcMan. exe" -Background
    04 - HKLM\ .. \Run: [DDCActiveMenu] "c:\Program Files\wildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
    04 - HKLM\ .. \Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE 04 - HKLM\ .. \Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe 04 - HKLM\ .. \Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe 04 - HKLM\ .. \Run: [PS2] C:\WINDOWS\system32\ps2.exe
    04 - HKLM\ .. \Run: [HPDJ Taskbar Utility]
    C: \WINDOWS\syst,em32\spool \dri vers\w32x86\3\hpztsb05. exe 04 - HKLM\ .. \Run: [sidewinderTrayv4] C:\PROGRA~1\MICROS~2\GAMECo~l\common\swtrayv4.exe
    04 - HKLM\ .. \Run: [ATIPTA] c:\Program Files\ATI Technologies\ATI Control panel\atiptaxx.exe
    04 - HKLM\ .. \Run: [vsocheckTask] "C:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    04 - HKLM\ .. \Run: [vi rusScan Onl i ne] "C:\PROGRA~1\mcafee. com\vso\mcvsshld. exe" 04 - HKLM\ .. \Run: [MCAgentExe] C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    04 - HKLM\ .. \Run: [MCupdateExe] C:\PROGRA~l\mcafee.com\agent\mcupdate.exe
    04 - HKCU\ .. \Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\Launchpd.exe"
    04 - HKCU\ .. \Run: [Yahoo! pager] c:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    04 - Global startup: Kodak Easyshare software.lnk = C:\program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    09 - Extra button: Messenger - {4528BBEO-4E08-11D5-AD55-00010333DOAD} ¬c:\program Files\vahoo!\Messenger\yhexbmes0819.dll
    09 - Extra 'Tools' menuitem: Yahoo! Messenger ¬{4528BBEO-4E08-11D5-AD55-00010333DOAD} - c:\Program Files\vahool\Messenger\yhexbmes0819.dll
    012 - plugin for .mpeg: c:\Program Files\Internet Explorer\PLUGINs\npqtplugin3.dll
    012 - plugin for .spop: C:\Program Files\Internet Explorer\plugins\NPDoCBox.dll 015 - Trusted Zone: *.awmdabest.com
    015 - Trusted Zone: *.awmdabest.com (HKLM) 015 - Trusted IP range: 206.161.125.149 015 - Trusted IP range: (HKLM)
    016 - DPF: {10000000-1000-0000-1000-000000000000} - file://c:\program Files\rnternet Explorer\bkwfeuhc.exe
    016 - DPF: {30528230-99F7-4BB4-88D8-FAID4F56A2AB} (vInstStarter class) ¬http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    016 - DPF: {4ED9DDFO-7479-4BBE-9335-5A1EDB1D8A21} (McAfee. com Operating system Class) - http://bin.mcafee.com/~olbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab 016 - DPF: {BCCOFF27-31D9-4614-.68E-CI8EIADA4389} (DwnldGroupMgr class) ¬http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,O,O,19/mcgdmgr.cab
    023 - service: Ati Hot Key Poller - unknown - C:\WINDOWs\system32\Ati2evxx.exe
    023 - service: AT! Smart - unknown - C:\WINDOWs\system32\ati2sgag.exe
    023 - service: Kodak Camera Connection software - Eastman Kodak company ¬C:\WINDOWs\system32\drivers\Kodakccs.exe
    023 - service: MCAfee. com Mcshield - unknown ¬C:\PROGRA~l\mcafee.com\vso\mcshield.exe
    023 - service: McAfee securitycenter update Manager - MCAfee, Inc ¬C:\PROGRA~I\MCAfee.com\Agent\mcupdmgr.exe
    023 - service: McAfee.com VirusScan online Realtime Engine - Networks Associates Technology, rnc - C:\PROGRA~l\mcafee.com\vso\mcvsrte.exe


    hijackthis
    023 - service: NVIDIA Driver Helper service - NVIDIA corporation ¬C:\WINDOWs\system32\nvsvc32.exe '
    023 - service: ScsiAccess - unknown - C:\WINDOWS\system32\scsiAccess.EXE 023 - service: workstation NetLogon service - unknown ¬C:\WINDOWs\system32\msxb32.exe (file missing)
    page 3
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Looks like you did that in Word vs. notepad – next log open it with notepad and do not edit any thing

    You MUST move HiJackThis.exe to a permanent folder like C:\HJT

    Print this and boot to safe mode
    Fix these with HJT

    R1 - HKCU\software\Microsoft\Internet Explorer\Main,Default_page_URL = http://us6.hpwis.com/

    R1 - HKCU\software\Microsoft\Internet Explorer\Main,Default_search_URL http://srch-us6.hpwis.com/

    R1 - HKCU\software\Microsoft\Internet Explorer\Main,search Page = res://c:\WINDOWS\hpbyz.dll/sp.html#37049

    R1 - HKLM\software\Microsoft\Internet Explorer\Main,Default_page_uRL = about:blank

    R1 - HKLM\software\M;crosoft\Internet Explorer\Main,Default_search_uRL = res://c:\WINDOWs\hpbyz.dll/sp.html#37049

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,search Bar = res://C:\WINDOWS\hpbyz.dll/sp.html#37049

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,search page = res://C:\WINDOWs\hpbyz.dll/sp.html#37049

    R1 - HKCU\software\Microsoft\Internet Explorer\search,customizesearch = http://www.searchxp.com/search.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\search,DefaulLsearch_URL http://www.searchxp.com/search tml

    RO - HKLM\Software\M;crosoft\I ternet Explorer\search,SearchAssistant = res://C:\WINDOWS\hpbyz.dll/sp.html#37049

    R1 - HKCU\Software\Microsoft\Internet Explorer\searchuRL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com R3 - Default URLsearchHook is missing

    02 - BHO: (no name) - {D45F954C-1B53-AEOC-955A-301DD19D8456} C:\WINDOWs\system32\javaxr.dll (file missing)

    O4 - HKLM\ .. \Run: [DDCM] Ole: \program Files\wildTangent\DDC\DDcManager\DDcMan. exe" -Background

    04 - HKLM\ .. \Run: [DDCActiveMenu] "c:\Program Files\wildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot

    015 - Trusted Zone: *.awmdabest.com
    015 - Trusted Zone: *.awmdabest.com (HKLM)
    015 - Trusted IP range: 206.161.125.149
    015 - Trusted IP range: (HKLM)

    016 - DPF: {10000000-1000-0000-1000-000000000000} - file://c:\program Files\rnternet Explorer\bkwfeuhc.exe

    023 - service: workstation NetLogon service - unknown C:\WINDOWs\system32\msxb32.exe (file missing)



    View Hidden Files
    Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
    Make sure that "Show hidden files and folders" is checked.
    Also uncheck "Hide protected operating system files".
    Now click "Apply to all folders", Click "Apply" then "OK"

    Delete these files

    c:\WINDOWs\hpbyz.dll
    c:\program Files\rnternet Explorer\bkwfeuhc.exe


    Delete these folders

    c:\Program Files\wildTangent

    START – RUN – key in %temp% - Edit – Select all – File – Delete
    Empty the recycle bin
    Boot and post a new log
     
  7. bdev

    bdev Thread Starter

    Joined:
    Jan 20, 2005
    Messages:
    4
    Thanks for all your help. I will try this and get back to you.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/326820

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice