Jump to content


Photo

Hijacker homepage.com on pc


  • Please log in to reply
3 replies to this topic

#1 asdfg123

asdfg123

    Member

  • New Member
  • Pip
  • 2 posts

Posted 20 June 2004 - 03:08 PM

Hi,

Tried the recommend advice in your article however my results are not very promising. The problem is that there is a hijacker called homepage.com on my computer and it have render Internet Explorer non-serviceable.

Adaware finds an entry and Spybot keeps coming up with 2 results. When my computer re-boots the enteries return and I'm back at square one.

Here is my Hijack This log.

Logfile of HijackThis v1.97.7
Scan saved at 3:29:56 PM, on 6/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Rscmpt.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\OpenOffice.org1.1.0\program\soffice.exe
C:\old drive\Program Files\Netscape\Netscape\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com...nder.cc/search/ (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com...e-finder.cc/hp/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com...nder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com...e-finder.cc/hp/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com...nder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com...nder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com...nder.cc/search/ (obfuscated)
O2 - BHO: (no name) - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINDOWS\dpe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O4 - HKLM\..\Run: [Rscmpt] C:\WINDOWS\System32\Rscmpt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\msxmidi.exe
O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O13 - DefaultPrefix: http://%65%68%74%74%70%2E%63%63/?
O13 - WWW Prefix: http://%65%68%74%74%70%2E%63%63/?
O16 - DPF: ConferenceRoom Java Client - http://chat.ksexradi...000/java/cr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://66.230.145.49...m::/on-line.exe
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181...s/ccpm_0237.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0309.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzill...ller/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio....abasetup141.cab

Any help you or your members could provide would be greatly appreciated.

Sincerely,
Asdfg123

#2 NonSuch

NonSuch

    Spyware Eradicator!

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,369 posts

Posted 21 June 2004 - 02:04 AM

Hello,

You have a CoolWebSearch infection. Please be patient, because I will be asking you to repeat some of the things that you have done previously. They do need to be done again:

Please click here to download CWShredder by Merijn Bellekom. Boot into safe mode and then run the program,with all other windows closed, hitting 'fix' as opposed to 'scan only.' Then reboot and run the program a second time. Reboot when finished.

Verify that you have the latest version of Spybot Search & Destroy, v1.3. If you have the latest version, update it, scan and fix all RED items it finds. If you do not have v1.3, click here to download v1.3 Spybot Search & Destroy - install, update, scan and fix all RED items it finds. Reboot when done.

Perform a customized scan with Ad-aware:

Verify that you have the latest version of Ad-aware 6, build 6.181, then update and install the latest reference file from June 13, 2004. If you do not have the latest version of Ad-aware, click here to download Ad-Aware and install.

Before scanning, always click on "check for updates now" to make sure you have the latest reference file. Then click the gear wheel at the top and check these options:

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"

Scanning > activate these: "Scan within archives," "Scan active processes," "Scan registry," "Deep scan registry," "Scan my IE Favorites for banned sites" and "Scan my Hosts file."

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

Click "Proceed" to save your settings, then click "Start", make sure "Activate in-depth scan" is ticked green then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?" Reboot when finished.

Next, perform an online virus scan at Trend Micro and an online Trojan scan at Sygate. (Links are in my signature below). Allow these programs to delete anything they may find. Reboot after each scan.

When finished, rescan with HijackThis and post a fresh log to this same thread.

#3 asdfg123

asdfg123

    Member

  • New Member
  • Pip
  • 2 posts

Posted 24 June 2004 - 03:58 PM

Hi,

First of all thanks for the help.

Scaned with Spybot 3.1 -- items deleted
Adaware 6 scanned found -- 41 items delted

Unable to scan with Trendmicro -- installed new Java Script -- unable to load program from site to perform scan.

Unable to scan for Trojan from Sygate -- waited 20 minutes with no results on scan page

Here is my last Hi-jack this log

Once again thank you for your assistance in this matter.

Sincerely,

RM



Logfile of HijackThis v1.97.7
Scan saved at 4:43:31 PM, on 6/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Rscmpt.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\OpenOffice.org1.1.0\program\soffice.exe
C:\WINDOWS\System32\svchost.exe
C:\old drive\Program Files\Netscape\Netscape\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Andy\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Andy\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Andy\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Andy\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Andy\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Andy\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {DDFB4738-8DD6-4D62-892F-169D2635340B} - C:\WINDOWS\System32\pihina.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O4 - HKLM\..\Run: [Rscmpt] C:\WINDOWS\System32\Rscmpt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://chat.ksexradi...000/java/cr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://66.230.145.49...m::/on-line.exe
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181...s/ccpm_0237.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0309.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzill...ller/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio....abasetup141.cab

#4 NonSuch

NonSuch

    Spyware Eradicator!

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,369 posts

Posted 24 June 2004 - 04:53 PM

Hello,

You're very welcome. :D

You have a new variant of CWS. Please print out and follow these instructions very closely...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Andy\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Andy\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Andy\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Andy\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Andy\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Andy\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {DDFB4738-8DD6-4D62-892F-169D2635340B} - C:\WINDOWS\System32\pihina.dll


First, before doing anything else, download and install APM from: http://www.diamondcs...ex.php?page=apm

Next, please run HijackThis and place a check mark next to the all of the above items in bold print, then WITH ALL OTHER WINDOWS CLOSED, select “fix checked.”

Now, open APM....

In the upper window select explorer.exe

In the lower window find and right click the BHO from the HijackThis log:

O2 - BHO: (no name) - {DDFB4738-8DD6-4D62-892F-169D2635340B} - C:\WINDOWS\System32\pihina.dll

Select "Unload DLL" and click "OK" on the prompts that follow.

Reboot and scan with AdAware to remove the txt and html protocol association:

Before scanning click on "check for updates now" to make sure you have the latest reference file as new reference files are issued frequently, sometimes more than one per day. (Never assume you have the latest reference file, always check). Then click the gear wheel at the top and check these options:

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"

Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry," "Scan my IE Favorites for banned sites," and "Scan my Hosts file"

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

Click "Proceed" to save your settings, then click "Start." Make sure "Activate in-depth scan" is ticked green, then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next." The bad files will be listed. Right click the pane and click "Select all objects" - This will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?" Reboot when finished.

Scan with HijackThis and post a fresh log into this same thread.

Edited by NonSuch, 24 June 2004 - 04:54 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button