Hopefully to get rid of heretofind Hijack

Forums: Computers
Email this Topic • Print this Page

Please follow the steps below to remove "Heretofind"

First
Be sure you have the latest version of HJT
Please go Here and unzip the newest version of HJT into a new dedicated folder,
Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it hjt.
Unzip HijackThis into this folder.
Remove the older version of HJT ( If you have an older version)

Next You will see something like the following in your HJT log, Please fix them.
Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=18&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html#
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html#
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=18&q=%s
O13 - DefaultPrefix: http://www.heretofind.com/show.php?id=18&q=
O13 - WWW Prefix: http://www.heretofind.com/show.php?id=18&q=
O13 - Home Prefix: http://www.heretofind.com/show.php?id=18&q=
O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=18&q=
O13 - FTP Prefix:
O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=18&q=

Next
Click Start, Click Run, Type RegEdit in the box, Navigate to the following keys, Check them twice to be sure you have the right one, Then right Click and Delete
Using RegEdit, carefully remove the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{869EE607-5376-486d-8DAC-EDC8E239AD5F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9DBB80E2-B681-4765-8A5F-AD3994C9B4F3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{869EE607-5376-486d-8DAC-EDC8E239AD5F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9DBB80E2-B681-4765-8A5F-AD3994C9B4F3}
HKEY_CURRENT_USER\Software\Classes\CLSID\{9DBB80E2-B681-4765-8A5F-AD3994C9B4F3}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{869EE607-5376-486d-8DAC-EDC8E239AD5F}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{9DBB80E2-B681-4765-8A5F-AD3994C9B4F3}

Next Reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the following in BOLD

c:\windows\start.chm
c:\windows\system32\c_10230.dll

Next

Delete the entire contents of the below Temp folders, but not the TEMP folder itself.

Remove all the files and sub-folders from the below TEMP Folders:

C:\Documents and Settings\ \Local Settings\Temp
C:\temp
C:\windows\temp

The TIF ( Temporary Internet Files) can also be emptied via:
Internet Explorer--Tools--Internet Options--General tab--"Delete Files",
Also tick the "delete all offline content" box .

Next Restart your computer

Next
Please disable System Restore,
How to turn off or turn on Windows XP System Restore

Next:
Go Here BitDefender Scan Online
Run a scan with BitDefender as well, Be sure and Check Auto Clean.

Next:
Go here Trend Micro - Free online virus Scan
Be sure and check Auto Clean before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.

Enable sytem restore please,

Next
Download Ad-aware CHECK FOR UPDATES.
Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:

check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:

Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"

Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK."

Next
Dowload the latest version of Spybot 1.3. Please check it for updates, Run the program and have it fix anything it finds in Red.

Restart your computer,

Next
Check your current Anti Virus, Be sure it is updated,
Reboot to safe mode again, and run a full system scan with your Anti Virus, Another full scan with Ad-aware and spybot,

Next
Reboot your computer, Scan again with Ad-aware,

Post a fresh HJT log, In a new thread started by you, Or to your existing post
Please don't add HJT post's to this thread, Use for reference only

Topic Stats
Top Replies
Link to this Topic

Type: Discussion • Score: 1 • Views: 4,391 • Replies: 2

No top replies

Don, I've made this a featured topic, in hopes that it'll help more people.

For those who use these instructions, please come back & let us know if they worked for you, in order to encourage others to take these steps.

If you need any additional help feel free to ask but if you must post a HijackThis log DO NOT ADD IT HERE - START A NEW THREAD (link to it here if you want), as if people start posting HJT logs here the thread will be locked & you won't get your answer. Wink

See here for additional steps you can take to get rid of spyware, adware, etc.: www.able2know.com/forums/viewtopic.php?t=21110

0 Replies

Good deal Monger,
I m wondering if maybe some of the solved post within the computer and Internet section should be locked?
Just a suggestion,
Some of them are ending up with 2 or more pages, Make others looking for help have to run through a bit to try to find out what works

0 Replies

Hopefully to get rid of heretofind Hijack

Related Topics

Quick Links

My Account

able2know