Help Please with Hijacked Home Page Log

**Jimmy Joe** · 06-06-2004

My IE browser homepage has been hijacked. I have done the following:
Scanned with Adaware Version 6.0 build 181
Ran CWShredder and let it fix all it found
Scanned with HijackThis and my log follows below. I need help determining which items to check for removal

Thanks for any advice from the learned ones.

Jimmy Joe

Logfile of HijackThis v1.97.7
Scan saved at 2:59:50 PM, on 6/6/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MEDIA4 PRODUCTIONS\MACDRIVE 98\MDSHELL.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\PROPEL ACCELERATOR\PROPELAC.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://solongas.com/hp.htm?id=9
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:8080
O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - C:\WINDOWS\SYSTEM\2ZFU2AJDIH.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [MDShell] "C:\Program Files\Media4 Productions\MacDrive 98\MDShell.exe" /S
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [Propel Accelerator] C:\PROGRAM FILES\PROPEL ACCELERATOR\PROPELAC.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Propel Accelerator\pac-page.html
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Propel Accelerator\pac-addwl.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Propel Accelerator\pac-image.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Dell Home (HKCU)
O12 - Plugin for .DImg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .bat: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.greg-search.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {21F16767-8DA7-4113-BEB0-F161B313407F} - http://www.myfamily.com/plugins/ue/mirage.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26d034e4...p/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...144.5338541667
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 10.1.36.6,192.168.1.2

**owen** · 07-06-2004

Hello Jimmy Joe,
Please close all browser Windows, Restart Hijack This and put a checkmark next to the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://solongas.com/hp.htm?id=9

O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - C:\WINDOWS\SYSTEM\2ZFU2AJDIH.DLL

O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll

O15 - Trusted Zone: *.greg-search.com

I also suggest you put a checkmark next to this entry if you don't know what it is for:

O4 - HKLM\..\Run: [MDShell] "C:\Program Files\Media4 Productions\MacDrive 98\MDShell.exe"

Click Fix Checked

Restart Your Computer

Post a fresh log to the forum

**Jimmy Joe** · 07-06-2004

Hi Owen,
Thanks for the reply. Here is my new log. Everything seems to be back to normal now, but I'll have to run some tests.
Does the log look okay to you? (the MacDrive in 04 allows Mac Disks to be read by PC)

Jimmy Joe

Logfile of HijackThis v1.97.7
Scan saved at 5:41:20 PM, on 6/7/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MEDIA4 PRODUCTIONS\MACDRIVE 98\MDSHELL.EXE
C:\PROGRAM FILES\PROPEL ACCELERATOR\PROPELAC.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:8080
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [MDShell] "C:\Program Files\Media4 Productions\MacDrive 98\MDShell.exe" /S
O4 - HKLM\..\Run: [Propel Accelerator] C:\PROGRAM FILES\PROPEL ACCELERATOR\PROPELAC.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Propel Accelerator\pac-page.html
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Propel Accelerator\pac-addwl.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Propel Accelerator\pac-image.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Dell Home (HKCU)
O12 - Plugin for .DImg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .bat: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {21F16767-8DA7-4113-BEB0-F161B313407F} - http://www.myfamily.com/plugins/ue/mirage.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...144.9516087963

**Nirvana** · 08-06-2004

Go to Windows Update and scan then download ALL of the critical updates.

**Jimmy Joe** · 08-06-2004

Thanks for all of the advice.

ALL critical updates now installed.

Is there recommended software that I should have always activated to prevent further hijack and spyware attacks? Or just manually run Adaware, Spybot, CWShredder and Hijack This?

Your help has been invaluable

Jimmy Joe

**owen** · 08-06-2004

You can still perform regular scans with the software you have. Make sure you have the latest version of Spybot because it has a System Settings Protection feature which prevents Hijacks and will notify you of major System Changes and Spyware processes, it is also known as the Teatimer.

Its also recommended that you get SpywareBlaster which can prevent many spyware slipping in through Internet Explorer.

**Green Tim** · 08-07-2004

Owen - looks like you know what is going on here. I've got he same problem and have run through every spyware programme I can find. Here is my log from Hijack this. Can you help with what I need to check? Would really appreciate any clues!

THanks

Tim

Logfile of HijackThis v1.98.0
Scan saved at 23:58:32, on 07/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\HPConfig.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\zeropop.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\zeropop.exe
D:\browser.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\TIMPRI~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\TIMPRI~1\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\TIMPRI~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\TIMPRI~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\TIMPRI~1\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\TIMPRI~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EFDC0777-9E24-4FEF-9EE2-5FAAC10EE4CC} - C:\WINDOWS\System32\ken.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - Startup: 0pop.lnk = C:\Program Files\zeropop.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/B...1/axofupld.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs7b.instantservice.com/jars...rxsigned42.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhel...7/dlhelper.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB2B0AD9-5A3D-47BB-A186-577568262D52}: NameServer = 195.92.195.94 195.92.195.95
O18 - Filter: text/html - {3F5CD99F-80E4-4FE4-A523-609E6BFDFBC4} - C:\WINDOWS\System32\ken.dll
O18 - Filter: text/plain - {3F5CD99F-80E4-4FE4-A523-609E6BFDFBC4} - C:\WINDOWS\System32\ken.dll

**Nirvana** · 08-07-2004

Click Here or Here to download FindnFix.exe. Double-click on the FINDnFIX.exe and it will install a folder called FINDnFIX on your system. Go to that folder and double-click on !LOG!.bat. The program takes a few minutes to collect the necessary information. When done post the contents of Log.txt back here.

**Green Tim** · 09-07-2004

Cheers Nirvana. Only pbm is that neither of those links work. I've searched for FindnFix.exe. elsewhere but can't find a usable download version. Something else has also cropped up! I saw your recommendation of Spybot Search & Destroy at the bottim of your post - I loaded and used it and somehow none of my programme files will work directly anymore - instead they say 'This file does not have a programme associated with it for performing this action. Create an association in the folder options Panel'. I've tried going back to the Recovery option but when I try this I get a file name (dateei "C:\Programme files\spybot - search destroy\spybot search _destroy\recover\overview.ini" kann nicht erstellt werden). then 'The system cannot find the path specified'. The only way I can run the programmes is then to right click and select 'run as' then run through a facilitator profile. Is there any way I can get back to the recovery file to go back a step?

Tim

**owen** · 09-07-2004

If you running XP, Spybot should have created a System Restore point. Go to Start>All Programs> Accessories> System Tools and click System Restore.

Put a checkmark in the restore my system to an earlier time and click Next. Find the restore point created by Spybot called Spybot S&D Spyware Removal. Click it and click Next. Then follow the instructions.

I'm having no problems downloading FindNFix.exe from here.

Help Please with Hijacked Home Page Log

Help Please with Hijacked Home Page Log

Similar Threads

Home page being hijacked by MSN

Hijacked home page - about:blank

hijacked home page

Need help with hijacked IE home page

Home Page hijacked (Resolved)