1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: IE Hijack

Discussion in 'Virus & Other Malware Removal' started by daveware, Sep 22, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. daveware

    daveware Thread Starter

    Joined:
    Sep 22, 2004
    Messages:
    50
    Hi Techguys

    Have a HJT log

    Logfile of HijackThis v1.98.2
    Scan saved at 21:49:53, on 21/09/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Evidence Exterminator\erasrv.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\windows\system32\dlldmt.exe
    C:\WINDOWS\system32\tp4mon.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\NILaunch.exe
    C:\WINDOWS\system32\ltmsg.exe
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\windows\system32\sncntr.exe
    C:\windows\system32\sp2ctr.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Video1\Dialers\Hot_Tarts\Hot_Tarts.exe
    C:\Program Files\Evidence Exterminator\eraser.exe
    C:\windows\system32\qvvwhrme.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
    C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\lotus\smartctr\suitest.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\ACT\SideACT.exe
    C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Roger\Local Settings\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hhevpdrsyjpri.com/1Wglfqc66eDcA8l_CnAqY7DMuNoGvPZa9/ERs678l3nOZvTYF0a7SireouaNhrpH.html
    F3 - REG:win.ini: run=c:\windows\system32\dlldmt.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1000B64D-FF9C-D982-2DAA-7670ABC0B2F2} - C:\PROGRA~1\2blue\Corn Tray.exe
    O2 - BHO: (no name) - {4BC343EB-6242-DDDA-7B93-6D966F152A3E} - C:\PROGRA~1\2blue\Corn Tray.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll (file missing)
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
    O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
    O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
    O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
    O4 - HKLM\..\Run: [DownloadInternet] C:\PROGRA~1\DALEBL~1\Settings grid kind.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm
    O4 - HKLM\..\Run: [sp2ctr] c:\windows\system32\sp2ctr.exe /nocomm
    O4 - HKLM\..\Run: [This Dart Show Corn] C:\Documents and Settings\All Users\Application Data\Softwarewarnthisdart\BodyRoam.exe
    O4 - HKLM\..\Run: [Dumb warn face chic] C:\Documents and Settings\All Users\Application Data\LongDupeDumbWarn\Meetgrey.exe
    O4 - HKLM\..\Run: [Dlldmt] c:\windows\system32\dlldmt.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [Hot_Tarts] C:\Program Files\Video1\Dialers\Hot_Tarts\Hot_Tarts.exe /dontdial
    O4 - HKLM\..\Run: [QVVWHRME] c:\windows\system32\qvvwhrme.exe /install
    O4 - HKLM\..\Run: [00ERSRRRNKY] C:\Program Files\Evidence Exterminator\eraser.exe
    O4 - HKLM\..\RunOnce: [00ERSRRRNKY] "C:\Program Files\Evidence Exterminator\erasrv.exe" remove
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [Dlldmt] c:\windows\system32\dlldmt.exe
    O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
    O4 - Startup: Microsoft Office Shortcut Bar.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
    O4 - Global Startup: eFax Live Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
    O4 - Global Startup: eFax Tray Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
    O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab

    Any help would be most welcome.

    Yours
    Dave
     
  2. mimo2005

    mimo2005

    Joined:
    Aug 14, 2004
    Messages:
    454
    REboot in safe Mode
    Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn’t be – but double check it):


    C:\windows\system32\dlldmt.exe
    C:\windows\system32\sncntr.exe
    C:\windows\system32\sp2ctr.exe
    C:\windows\system32\qvvwhrme.exe

    Make sure to close any open browsers you have. Check and fix the following in HijackThis if they still exist
    C:\windows\system32\dlldmt.exe
    C:\windows\system32\sncntr.exe
    C:\windows\system32\sp2ctr.exe
    C:\windows\system32\qvvwhrme.exe
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hhevpdrsyjpri.com/1Wglfq...reouaNhrpH.html
    F3 - REG:win.ini: run=c:\windows\system32\dlldmt.exe
    O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm
    O4 - HKLM\..\Run: [sp2ctr] c:\windows\system32\sp2ctr.exe /nocomm
    O4 - HKLM\..\Run: [This Dart Show Corn] C:\Documents and Settings\All Users\Application Data\Softwarewarnthisdart\BodyRoam.exe
    O4 - HKLM\..\Run: [Dumb warn face chic] C:\Documents and Settings\All Users\Application Data\LongDupeDumbWarn\Meetgrey.exe
    O4 - HKLM\..\Run: [Dlldmt] c:\windows\system32\dlldmt.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    reboot in normal mode .
    YOU need to scan with adware se ,spybot search and destroy ,CWShredder,and tds 3 free to try .
    if these find anthing else ,just delete anything found .
    this machine is really infected .
     
  3. mimo2005

    mimo2005

    Joined:
    Aug 14, 2004
    Messages:
    454
    another advice delete messenger 3
     
  4. mimo2005

    mimo2005

    Joined:
    Aug 14, 2004
    Messages:
    454
    i meant messenger plus 3
     
  5. daveware

    daveware Thread Starter

    Joined:
    Sep 22, 2004
    Messages:
    50
    Thanks and thanks again

    Dave
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Let's see another Hijack This log please.
     
  7. daveware

    daveware Thread Starter

    Joined:
    Sep 22, 2004
    Messages:
    50
    I have not "fixed" the machine in question yet
    Is it a pre fix or post fix log that you are requesting?
    I can request another log from the owner if you so wish, post it, and wait for your reply

    Thanks for your time

    Dave
     
  8. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Go ahead and fix the entries and delete the files that mimo suggested.

    Also Click here to download the LOP uninstaller. Close all browser windows and run the uninstaller.

    When it is finished restart your computer.

    Come back here and post another Hijack This log and we'll get rid of what's left.
     
  9. daveware

    daveware Thread Starter

    Joined:
    Sep 22, 2004
    Messages:
    50
    Hi flrman1 and mimo2005

    Have the log

    Logfile of HijackThis v1.98.2
    Scan saved at 12:04:57, on 26/09/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Evidence Exterminator\erasrv.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\tp4mon.exe
    C:\WINDOWS\System32\NILaunch.exe
    C:\WINDOWS\system32\ltmsg.exe
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Video1\Dialers\Hot_Tarts\Hot_Tarts.exe
    C:\Program Files\Evidence Exterminator\eraser.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\windows\system32\dlldmt.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\lotus\smartctr\suitest.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\ACT\SideACT.exe
    C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
    C:\AntiHijack\HijackThis.exe

    O1 - Hosts: 64.91.255.87 www.dcsresearch.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {4BC343EB-6242-DDDA-7B93-6D966F152A3E} - C:\PROGRA~1\2blue\Corn Tray.exe (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll (file missing)
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
    O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
    O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
    O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [Hot_Tarts] C:\Program Files\Video1\Dialers\Hot_Tarts\Hot_Tarts.exe /dontdial
    O4 - HKLM\..\Run: [LRBOCLID] c:\windows\system32\lrboclid.exe /install
    O4 - HKLM\..\Run: [00ERSRRRNKY] C:\Program Files\Evidence Exterminator\eraser.exe
    O4 - HKLM\..\RunOnce: [00ERSRRRNKY] "C:\Program Files\Evidence Exterminator\erasrv.exe" remove
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [Dlldmt] c:\windows\system32\dlldmt.exe
    O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
    O4 - Startup: Microsoft Office Shortcut Bar.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
    O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab

    Seem a lot cleaner, but some way to go yet.

    Dave
     
  10. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

    O2 - BHO: (no name) - {4BC343EB-6242-DDDA-7B93-6D966F152A3E} - C:\PROGRA~1\2blue\Corn Tray.exe (file missing)

    O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll (file missing)

    O4 - HKCU\..\Run: [Dlldmt] c:\windows\system32\dlldmt.exe


    Restart to safe mode.

    How to start your computer in safe mode

    Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
    Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

    Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Now find and delete this file:

    c:\windows\system32\dlldmt.exe

    Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


    Empty the Recycle Bin


    Turn off System Restore:

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Restart your computer, turn System Restore back on and create a restore point.

    To create a restore point:

    Single-click Start and point to All Programs.
    Mouse over Accessories, then System Tools, and select System Restore.
    In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
    Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.
     
  11. daveware

    daveware Thread Starter

    Joined:
    Sep 22, 2004
    Messages:
    50
    Thanks, am on it, will post another log soonest.
    Dave
     
  12. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    I made a mistake. DO NOT fix this one:

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    I did not intend to include that one for removal. If you have already fixed it you can restore it from HJT's backups.
     
  13. daveware

    daveware Thread Starter

    Joined:
    Sep 22, 2004
    Messages:
    50
    Hi All

    Just got a post, all problems are fixed. No log with the email unfortunately. :rolleyes:

    Thanks very much to all concerned.

    Dave
     
  14. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Glad we were able to help! :)

    I'm closing this thread. If you need it reopened please PM me or one of the other mods.

    Anyone else with a similar problem please start a "New Thread".
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Hijack
  1. genubi
    Replies:
    0
    Views:
    278
  2. bj nick
    Replies:
    0
    Views:
    600
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/276813

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice