I see that you are running msconfig
mode which means that you may have selectively removed some items in the past from the startup procedure.
This can be bad if they are malware, so we would like you to reenable those startup entries by doing the following:
Please click on start
, then run
, and type msconfig
and then press enter. When the window opens click on the startup tab and make sure there are checkmarks in every entry
Then press ok until you are out of the program.
If it asks to reboot, do not reboot. It is not necessary to reboot to get the items to show up in HijackThis. *****************
You posted a Hijackthis that is run from a beta
version of Hijackthis. This verson still has bugs in it so we do not use it.
Please delete that Beta
version and download the latest version from the following link: HijackThis Download Site with installer
Just click on Hijackthis_sfx.exe
file that you downloaded.
A WinZip self extractor screen appears with the default location of C:\Program Files\Hijackthis
Then press the Unzip button. Then close the Self-Extractor window.
I want you to rename Hijackthis, as you have an infection that hides from Hijackthis.
- Please go to the folder where you saved Hijackthis.exe:
- Right-click on it, then select Rename.
- Name it something like: AnalyzeThis.exe (or whatever you want)
- Then double-click AnalyzeThis.exe to scan.
Please download VundoFix.exe
to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will shutdown your computer, click OK.
- Turn your computer back on.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Edited by SifuMike, 20 April 2007 - 09:57 PM.