There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
audio bios blue screen boot bsod computer connection crash dcom dell driver drivers email error excel firefox google hard drive hardware hijackthis internet laptop logon logs off macro malware microsoft motherboard network networking problem ram recovery router screen slow software sound trojan usb userinit.exe virus vista webcam wifi windows windows 7 windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
browser hijack - can't remove! (New)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
 
Thread Tools
jbunns's Avatar
Junior Member with 4 posts.
  
Join Date: Feb 2004
15-Feb-2004, 01:29 PM #1
browser hijack - can't remove!
Help! I've been following threads on how to fix this problem. I get the "res://mshp.dll/index.html#37049" URL whenever I open the browser. I've been trying suggestions posted here to no avail. it keeps coming back. hijackthis.log is attached.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log.
Register for free to hide this ad!
e-liam's Avatar
Senior Member with 1,256 posts.
  
Join Date: Jun 2003
Location: Bracknell - UK
Experience: Advanced
15-Feb-2004, 01:33 PM #2
Hi jbunns, and welcome to TSG..

I'll just post the log up here, as it's easier to read..

Logfile of HijackThis v1.97.7
Scan saved at 10:20:46 AM, on 2/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTSVCCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\PROGRA~1\DIRECT~1\DUService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\Program Files\NavNT\rtvscan.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\DirectUpdate\DUControl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Livelink Companion\LLCTray.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
D:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Documents and Settings\Jan Russell\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049
O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\Documents and Settings\Jan Russell\Application Data\sysdt\sysdt32.dll
O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\Documents and Settings\Jan Russell\Application Data\sysdt\mssearch.dll
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Documents and Settings\Jan Russell\Application Data\sysdt\msiesh.dll
O3 - Toolbar: Livelink Companion - {2CDA9B11-E0F1-11d4-A5FA-009027413533} - C:\Program Files\Livelink Companion\LLC000384.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [DUControl] C:\Program Files\DirectUpdate\DUControl.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LINKITTRAY] C:\Program Files\Livelink Companion\LLCTray.exe /start
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Send To Livelink... - C:\Program Files\Livelink Companion\rightclick.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {0CED0F8B-236D-4E59-A221-3E24EB79F40E} (ServerSetup Class) - https://companion.opentext.com/Livel...ercomsetup.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...lInstaller.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - https://www.portseattlecdms.org/live...exp/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...032.3712384259
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab

I'll let you know what to do in a minute.

Cheers

Liam
__________________
"You cannot reason someone out of a position that they did not reason themselves into in the first place." Anon

Give a man a fish, and he may eat for a day;
but teach a man to fish, and he can sit in a boat all day, drinking beer.

A proud member of the Alliance of Security Analysis Professionals since 2004.
jbunns's Avatar
Junior Member with 4 posts.
  
Join Date: Feb 2004
15-Feb-2004, 01:39 PM #3
Thanks. I've tried CWshredder, just so you know.
e-liam's Avatar
Senior Member with 1,256 posts.
  
Join Date: Jun 2003
Location: Bracknell - UK
Experience: Advanced
15-Feb-2004, 01:40 PM #4
Hi,

You’ve been hijacked by CoolWebSearch. Please go here and download, unzip then run CoolWebShredder.

CWS installs via the byte verifier exploit in M$ JavaVM so just surfing a page with an infected applet can install it with no user participation. So once you’ve run the above, it is vital that you go here, click Scan for updates in the main frame, and download and install all CRITICAL updates recommended.

Then please run a new HJT! Scan, and check to fix the following entries, being sure to double check that you haven't missed any. Next, close all browser windows and click the Fix checked button…

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049

O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\Documents and Settings\Jan Russell\Application Data\sysdt\sysdt32.dll

O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\Documents and Settings\Jan Russell\Application Data\sysdt\mssearch.dll

O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Documents and Settings\Jan Russell\Application Data\sysdt\msiesh.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - Global Startup: VPN Client.lnk = ?

Next find and delete the following folder..

C:\Documents and Settings\Jan Russell\Application Data\sysdt

Then please download AdAware 6 181 from here.

Before you scan with AdAware, check for updates of the reference file by using the "web update". Then ........

Make sure the following settings are made and on -------"ON=GREEN" From main window :Click "Start" then " Activate in-depth scan". Then......

Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favourites for banned URL" and "Scan my host-files". Then.........

Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognised processes during scanning". Then........"Cleaning engine" and uncheck "Automatically try to unregister objects prior to deletion" and check "Let windows remove files in use at next reboot" Then......

Click "proceed" to save your settings.

Now to scan it’s just to click the "Scan" button.

When scan is finished, mark everything for removal and get rid of it.

Next, reboot again and download Spybot - Search & Destroy, from here: if you haven't already got the program.

Now press Settings, and Settings again. Go to the Webupdate section, and check "Display also available beta versions".

Now press Online, and search for, put a check mark at, and install all updates.

Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all it finds marked RED.

Next, please reboot and post a new log for a final once over.

Cheers

Liam
__________________
"You cannot reason someone out of a position that they did not reason themselves into in the first place." Anon

Give a man a fish, and he may eat for a day;
but teach a man to fish, and he can sit in a boat all day, drinking beer.

A proud member of the Alliance of Security Analysis Professionals since 2004.
e-liam's Avatar
Senior Member with 1,256 posts.
  
Join Date: Jun 2003
Location: Bracknell - UK
Experience: Advanced
15-Feb-2004, 01:45 PM #5
Hi,

I've just seen your post. Follow everything I've said and we'll see how it goes. You should be free of it afterwards..

Cheers

Liam
jbunns's Avatar
Junior Member with 4 posts.
  
Join Date: Feb 2004
15-Feb-2004, 01:47 PM #6
Thanks..here goes!
jbunns's Avatar
Junior Member with 4 posts.
  
Join Date: Feb 2004
15-Feb-2004, 04:18 PM #7
It looks good,thanks a lot. Heres the results of the last HJT:
Logfile of HijackThis v1.97.7
Scan saved at 1:17:42 PM, on 2/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTSVCCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\PROGRA~1\DIRECT~1\DUService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\Program Files\NavNT\rtvscan.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlagent.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\DirectUpdate\DUControl.exe
C:\Program Files\Livelink Companion\LLCTray.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
D:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jan Russell\Desktop\hijackthis\HijackThis.exe

O3 - Toolbar: Livelink Companion - {2CDA9B11-E0F1-11d4-A5FA-009027413533} - C:\Program Files\Livelink Companion\LLC000384.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [DUControl] C:\Program Files\DirectUpdate\DUControl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LINKITTRAY] C:\Program Files\Livelink Companion\LLCTray.exe /start
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Send To Livelink... - C:\Program Files\Livelink Companion\rightclick.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {0CED0F8B-236D-4E59-A221-3E24EB79F40E} (ServerSetup Class) - https://companion.opentext.com/Livel...ercomsetup.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...lInstaller.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - https://www.portseattlecdms.org/live...exp/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...032.3712384259
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
e-liam's Avatar
Senior Member with 1,256 posts.
  
Join Date: Jun 2003
Location: Bracknell - UK
Experience: Advanced
16-Feb-2004, 12:30 AM #8
Clean log..

Liam
Kiva128's Avatar
Junior Member with 1 posts.
  
Join Date: Apr 2004
02-Apr-2004, 06:36 PM #9
To E-Liam:

THANK YOU SO MUCH!! I registered on this forum just to say thanks for helping me out with this problem. I was messing around for hours and no results. Then I stumbled across your post (thank god) and it worked. Thanks again. The world needs more good people like you instead of those jerks that make these hijackers.

Thank you.
Justin Finn's Avatar
Junior Member with 1 posts.
  
Join Date: Apr 2004
20-Apr-2004, 02:31 PM #10
Damn these hijackers!!!!
Dear Merciful Spyware Sages,

Words alone cannot capture my displeasure in regards to this mshp.dll THING

I ran HJT, and am hoping that someone can hold my hand through this process....

below find my log:

Logfile of HijackThis v1.97.7
Scan saved at 2:27:56 PM, on 4/20/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\LogWatNT.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACM\Binn\sqlservr.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\PROMon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\SK9910DM.EXE
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Registry Clean Expert\RCScheduler.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCScheduler.exe" /startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O12 - Plugin for .mpga: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/050c7490...p/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...880.3445138889
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = visit-aci.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = visit-aci.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = visit-aci.com
leo_nbasi's Avatar
Junior Member with 5 posts.
  
Join Date: Jun 2004
Experience: Intermediate
17-Jun-2004, 04:45 PM #11
Hello, I have a similar problem and followed the steps up to the removing stuff with HJT part. The problem is that instead of finding all those references to that mshp.dll I get almost identical references, with the only diference that the filename is yrfau.dll instead of mshp.dll. "yrfau" is also the .dll referred to when the Home Page gets changed. So should I delete those? I want to be sure before messing anything up.
Oh, by the way, I have no "Jan Rusell" folder.
My browser is still highjacked, so I really need some help.

I attached my log, just in case.

Thanks for your time,

Leo
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log.
EAFiedler's Avatar
Moderator with 12,485 posts.
  
Join Date: Apr 2000
27-Jul-2006, 09:19 PM #12
Closing thread.
Anyone with a similar problem, please start a new thread.
Thank you.
Closed Thread Bookmark and Share   techguy.org/203900

Smart Search

Find your solution!


« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 04:10 PM.
Copyright © 1996 - 2010 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2010, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.