Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log: About Blank


  • Please log in to reply
5 replies to this topic

#1 hardball

hardball

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:South Carolina
  • Local time:06:53 AM

Posted 08 February 2005 - 08:10 PM

I patiently await reply. The About-Blank is only showing up as trying to download on the status bar of IE. All scans return negative.


Dell Dimension 2400
Windows XP Home
Zone Alarm Firewall
Avg7 Free
Microsoft Spyware Beta
AdWare SE Personal
CWS Killer
CWS Shredder
Trojan Hunter

Logfile of HijackThis v1.99.0
Scan saved at 07:53:15 PM, on 2/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:WINDOWSSYSTEM32ZoneLabsvsmon.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesBroadJumpClient FoundationCFD.exe
C:Program FilesCommon FilesDellEUSWSupport.exe
C:Program FilesIntelModem Event MonitorIntelMEM.exe
C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe
C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
C:Program FilesDellSupportAlertinNotifyAlert.exe
C:Program FilesSupport.comin gcmd.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesJavaj2re1.4.2_06injusched.exe
C:Program FilesMicrosoft AntiSpywaregcasServ.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
C:Documents and SettingsAll UsersStart MenuProgramsSoftware by DesignCalendar.exe
C:Documents and SettingsAll UsersStart MenuProgramsMPSNLitePsnLite.exe
C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkCalRem.exe
C:PROGRA~1MPSNLitePSNGive.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsAll UsersStart MenuProgramsMerijnHijak ThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:PROGRA~1Yahoo!COMPAN~1Installscpn4ycomp5_5_7_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:WINDOWSDownloaded Program Fileslexbar.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file)
O2 - BHO: (no name) - {DF674BC9-5AEA-D1BB-461C-0E32E5FE7D74} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:PROGRA~1Yahoo!COMPAN~1Installscpn4ycomp5_5_7_0.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:WINDOWSDownloaded Program Fileslexbar.dll
O4 - HKLM..Run: [BJCFD] C:Program FilesBroadJumpClient FoundationCFD.exe
O4 - HKLM..Run: [DwlClient] C:Program FilesCommon FilesDellEUSWSupport.exe
O4 - HKLM..Run: [IntelMeM] C:Program FilesIntelModem Event MonitorIntelMEM.exe
O4 - HKLM..Run: [Microsoft Works Update Detection] C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe
O4 - HKLM..Run: [IgfxTray] C:WINDOWSSystem32igfxtray.exe
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 - HKLM..Run: [AVG7_EMC] C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
O4 - HKLM..Run: [tgcmd] "C:Program FilesSupport.comin gcmd.exe" /server /startmonitor /deaf
O4 - HKLM..Run: [Zone Labs Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_06injusched.exe
O4 - HKLM..Run: [THGuard] "C:Program FilesMalwareTrojanHunter 4.1THGuard.exe"
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft AntiSpywaregcasServ.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - Startup: Calendar 2000.lnk = C:Documents and SettingsAll UsersStart MenuProgramsSoftware by DesignCalendar.exe
O4 - Startup: Shortcut to PsnLite.lnk = C:Documents and SettingsAll UsersStart MenuProgramsMPSNLitePsnLite.exe
O4 - Startup: WKCALREM.LNK = C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Reader
eader_sl.exe
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_06in
pjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_06in
pjpi142_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:Program FilesYahoo!Messengeryhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:Program FilesYahoo!Messengeryhexbmes0521.dll
O9 - Extra button: Messenger - {DECDBEEF-D3AD-B3EF-DE4D-B3EFDEADB3EF} - C:Documents and SettingsRickyStart MenuProgramsBellSouth® Communications SuiteBellSouth Messenger.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O15 - Trusted Zone: http://home.bellsouth.net
O15 - Trusted Zone: http://v4.windowsupdate.microsoft.com
O15 - Trusted Zone: http://windowsupdate.microsoft.com
O15 - Trusted Zone: http://www.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} -
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} -
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} -
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} -
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:WINDOWSSYSTEM32ZoneLabsvsmon.exe
I aint ignot, jest countrified.

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:53 AM

Posted 09 February 2005 - 10:50 PM

Reboot into safe mode and fix all of these:

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file)
O2 - BHO: (no name) - {DF674BC9-5AEA-D1BB-461C-0E32E5FE7D74} - (no file)
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O15 - Trusted Zone: http://home.bellsouth.net
O15 - Trusted Zone: http://v4.windowsupdate.microsoft.com
O15 - Trusted Zone: http://windowsupdate.microsoft.com
O15 - Trusted Zone: http://www.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} -
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} -
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} -
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} -

Then reboot into normal mode and run this online virus scan and let it fix whta it finds. Let us know as well. Then post a brand new log:

http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

#3 hardball

hardball
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:South Carolina
  • Local time:06:53 AM

Posted 10 February 2005 - 01:19 AM

Thank you for responding to my post.

Booted into safe mode and fixed the entries as instructed.
Rebooted into normal mode ran eTrust Virus Scan, No Infections.

Logfile of HijackThis v1.99.0
Scan saved at 12:57:41 AM, on 2/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Software by Design\Calendar.exe
C:\Documents and Settings\All Users\Start Menu\Programs\3M\PSNLite\PsnLite.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Merijn\Hijak This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn4\ycomp5_5_7_0.dll
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn4\ycomp5_5_7_0.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\Malware\TrojanHunter 4.1\THGuard.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Calendar 2000.lnk = C:\Documents and Settings\All Users\Start Menu\Programs\Software by Design\Calendar.exe
O4 - Startup: Shortcut to PsnLite.lnk = C:\Documents and Settings\All Users\Start
Menu\Programs\3M\PSNLite\PsnLite.exe
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {DECDBEEF-D3AD-B3EF-DE4D-B3EFDEADB3EF} - C:\Documents and Settings\Ricky\Start Menu\Programs\BellSouth® Communications Suite\BellSouth Messenger.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} -
http://dictionary.reference.com/tools/toolbar/lexico.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
I aint ignot, jest countrified.

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:53 AM

Posted 10 February 2005 - 10:06 AM

Looks good to me..how does it feel to you?

Btw, do you know what these programs are:

O4 - Startup: Calendar 2000.lnk = C:\Documents and Settings\All Users\Start Menu\Programs\Software by Design\Calendar.exe
O4 - Startup: Shortcut to PsnLite.lnk = C:\Documents and Settings\All Users\Start
Menu\Programs\3M\PSNLite\PsnLite.exe

#5 hardball

hardball
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:South Carolina
  • Local time:06:53 AM

Posted 10 February 2005 - 05:35 PM

I haven't seen it appear on IE's status bar lately. Calendar 2000.lnk is for Calendar 2000 program, & psnlite.lnk is for Post It Note Pad on my desktop. I appreciate your help. Things seem to be back to normal.
I aint ignot, jest countrified.

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:53 AM

Posted 10 February 2005 - 08:01 PM

Create a directory on your hardrive, to save HijackThis.exe, called c:\hijackthis. This is a mandatory step, for the backup and restore functions, of HijackThis, to be able to work.

Download the latest version, from here.

Read the pinned post in the HJT forum, here

Then, run a log, and post it in the HJT forum. Do not fix anything, yet.
A member, of the HJT Team, will help you out.
Please, be patient, these people are volunteers. They will help you out, as soon as possible.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users