1.
Backup the registry by going to
Start>Run> and type
"regedit" without the quotes. Then on the file menu choose ‘
export’ in XP. Export the file to your
Desktop.
If a restore of the registry is required in case of emergency, just click on the exported regfile on your desktop, and answer
YES to the question whether you want to merge this file with the registry. Wait until you get a message saying something like
Merge Successfull.2.
Boot into Safe Mode3.
Launch Notepad, and
copy/paste everything in the codebox below into the new document,
including the word REGEDIT4. Go up to
"File Save As" and click the drop-down box to change the
"Save As Type" to
"All Files" and save it to your desktop as
fixme.reg.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FH"=-
[HKEY_USERS\S-1-5-21-643571872-1733290971-125703898-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"=-
[HKEY_USERS\S-1-5-21-643571872-1733290971-125703898-1003\Software\Microsoft\Internet Explorer\Main]
"Start Page"=-
[HKEY_USERS\S-1-5-21-643571872-1733290971-125703898-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"001"=-
4. Locate
fixme.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer
Yes and wait for a message to appear similar to
Merged Successfully.5. Using Windows Explorer, please locate abd
DELETE the following files:
shdochop.dll<==Search for this one using the Windows Search Function
C:\WINDOWS\system32\
svchop.exe6.
Reboot your computer.
7. Finally,
run HijackThis, click
SCAN, produce
a LOG and POST it in this thread for review.
Regards,
Trevuren