By arf81
Jun 6, 2006
  1. Hi there,

    My homepage have been hijacked by

    I have attached the log file. Please help
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Boot into safe mode. See how HERE.

    Turn off system restore.(XP/ME only) See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Click start/run and type regsvr32 /u C:\WINDOWS\system32\csrss.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    F2 - REG:system.ini: UserInit=userinit.exe

    Fix all 01-Hosts entries.

    O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O4 - HKLM\..\Run: [GPIO] C:\Program Files\USB-HDD\GPIOManager\GPIOManager.exe

    O4 - HKCU\..\Run: [Tok-Cirrhatus-1266] "C:\Documents and Settings\user\Local Settings\Application Data\br3555on.exe"

    O4 - Global Startup: Startup.exe

    Fix all 012-Plugin for entries.

    Fix all 016-DPF entries.

    O20 - AppInit_DLLs: C:\WINDOWS\system32\csrss.dll

    O20 - Winlogon Notify: winqlr32 - winqlr32.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).


    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT log.

    Regards Howard :wave: :wave:
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...