Joined
·
46,465 Posts
Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\caer93.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
Restart to safe mode and delete:
The C:\WINDOWS\System32\SahAgent.exe file
Also while in safe mode find and delete the "C:\Documents and settings\Owner\..OMYJPBPJ" file that you said was infected. I'm sure that's not the exact location of the file. You will have to find out exactly where it is and you will be able to delete it in safe mode.
How to start your computer in safe mode.
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\caer93.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
Restart to safe mode and delete:
The C:\WINDOWS\System32\SahAgent.exe file
Also while in safe mode find and delete the "C:\Documents and settings\Owner\..OMYJPBPJ" file that you said was infected. I'm sure that's not the exact location of the file. You will have to find out exactly where it is and you will be able to delete it in safe mode.
How to start your computer in safe mode.