• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
jackrabbitslims

About:Blank

7 posts in this topic

I have tried About:buster, ad-aware, CWShredder, Spybot but the CWS hack keeps re-infectiong my system. It is fine for like a a few hours, but then all of a sudden my homepage is reset to about:blank

any help would be greatly appreciated. Thanks a lot guys!!

Share this post


Link to post
Share on other sites

Download *Hijack This!*

http://209.133.47.12/~merijn/files/HijackThis.exe

http://downloads.net-integration.net/HijackThis.exe

http://www.computercops.biz/downloads-file-328.html

 

Unzip to a folder other than your Desktop or the Temp folder. Then, doubleclick HijackThis.exe, and hit "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that and copy & paste its contents here.

 

Most of what it lists will be harmless or even essential, don't fix anything yet. Someone will be along to tell you what steps to take after you post the contents of the scan results.

Share this post


Link to post
Share on other sites

Here is the HijackThis log....

******************************************************

 

Logfile of HijackThis v1.97.7

Scan saved at 1:49:45 AM, on 7/5/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\Intel\Intel® Active Monitor\imontray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\devldr32.exe

C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe

C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe

C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Yahoo!\Messenger\YPager.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\premal\Desktop\Shared Stuff\installers\Anti-Browser Hijack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\premal\Application Data\Mozilla\Profiles\default\azvui71v.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\premal\Application Data\Mozilla\Profiles\default\azvui71v.slt\prefs.js)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [iMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O9 - Extra button: WeatherBug (HKCU)

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/23a835c64c7908...ip/RdxIE601.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7997.5126736111

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/12119/CTPID.cab

 

***********************************************************

Share this post


Link to post
Share on other sites

Download FindnFix.exe from here:

http://freeatlast100.100free.com/index.html or

http://downloads.subratam.org/FINDnFIX.exe

 

Double Click on the FindnFix.exe and it will install the batch file in its own folder.

 

Open the FindnFix folder and double click on !LOG!.bat

IMPORTANT! Before you run this tool please close ALL running programs and ALL open windows except for the FindnFix folder.

 

Relax, sit back and wait a few minutes while the program collects the necessary information.

 

*NOTE:If your AntiVirus is running a scriptblocker, when you run this tool, you will probably receive an alert warning you that the script is running. "Allow" the script to run.

 

 

When the program is finished:

 

Open the FindnFix folder.

1. Post the contents of Log.txt in this thread.

2. Attach file Win.txt to the same post. (Please attach, do not post)

(If this board does not provide the ability to attach documents to your post, then please post the Win.txt file in this thread)

Share this post


Link to post
Share on other sites

Here is my Log.txt from FindNFix

***********************************************************

 

 

»»»»»»»»»»»»»»»»»»*** freeatlast100.100free.com ***»»»»»»»»»»»»»»»»

 

Microsoft Windows XP [Version 5.1.2600]

»»»IE build and last SP(s)

6.0.2800.1106 SP1-Q330994-Q824145-Q832894-Q837009-Q831167

The type of the file system is NTFS.

C: is not dirty.

 

Mon 07/05/2004

12:48am up 0 days, 0:07

 

»»»»»»»»»»»»»»»»»»***LOG!***»»»»»»»»»»»»»»»»

 

Scanning for file(s)...

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

»»»»» (*1*) »»»»» .........

»»Locked or 'Suspect' file(s) found...

 

C:\WINDOWS\System32\WDMB.DLL +++ File read error

\\?\C:\WINDOWS\System32\WDMB.DLL +++ File read error

 

»»»»» (*2*) »»»»»........

**File C:\FINDnFIX\LIST.TXT

WDMB.DLL Can't Open!

 

»»»»» (*3*) »»»»»........

 

C:\WINDOWS\SYSTEM32\

wdmb.dll Sat Jun 19 2004 12:44:48a A...R 57,344 56.00 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 57,344 bytes 56.00 K

 

unknown/hidden files...

 

No matches found.

 

»»»»» (*4*) »»»»».........

Sniffing..........

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

Sniffed -> C:\WINDOWS\SYSTEM32\WDMB.DLL

 

 

»»»»»(*5*)»»»»»

**File C:\WINDOWS\SYSTEM32\DLLXXX.TXT

¯ Access denied ® ..................... WDMB.DLL .....57344 19.06.2004

 

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

»»Size of Windows key:

(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

 

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 448

 

»»Dumping Values........

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DeviceNotSelectedTimeout SZ 15

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\GDIProcessHandleQuota DWORD 00002710

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Spooler SZ yes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\swapdisk SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\TransmissionRetryTimeout SZ 90

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\USERProcessHandleQuota DWORD 00002710

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

AppInit_DLLs = (*** MISSING TRAILING NULL CHARACTER ***)

DeviceNotSelectedTimeout = 15

GDIProcessHandleQuota = REG_DWORD 0x00002710

Spooler = yes

swapdisk =

TransmissionRetryTimeout = 90

USERProcessHandleQuota = REG_DWORD 0x00002710

 

»»Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(NI) ALLOW Read BUILTIN\Users

(IO) ALLOW Read BUILTIN\Users

(NI) ALLOW Read BUILTIN\Power Users

(IO) ALLOW Read BUILTIN\Power Users

(NI) ALLOW Full access BUILTIN\Administrators

(IO) ALLOW Full access BUILTIN\Administrators

(NI) ALLOW Full access NT AUTHORITY\SYSTEM

(IO) ALLOW Full access NT AUTHORITY\SYSTEM

(NI) ALLOW Full access BUILTIN\Administrators

(IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Users

Read BUILTIN\Power Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

 

 

»»Member of...: (Admin logon required!)

User is a member of group JACKRABBITSLIMS\None.

User is a member of group \Everyone.

User is a member of group BUILTIN\Administrators.

User is a member of group BUILTIN\Users.

User is a member of group \LOCAL.

User is a member of group NT AUTHORITY\INTERACTIVE.

User is a member of group NT AUTHORITY\Authenticated Users.

 

»» Service search:(different variant) '"Network Security Service","__NS_Service_3"...

 

[sC] GetServiceKeyName FAILED 1060:

 

The specified service does not exist as an installed service.

 

[sC] GetServiceDisplayName FAILED 1060:

 

The specified service does not exist as an installed service.

 

 

»»Notepad check....

 

C:\WINDOWS\

notepad.exe Sat Jun 19 2004 12:44:34a A.... 66,048 64.50 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 66,048 bytes 64.50 K

 

No matches found.

 

C:\WINDOWS\SYSTEM32\DLLCACHE\

notepad.exe Sat Jun 19 2004 12:44:34a A.... 66,048 64.50 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 66,048 bytes 64.50 K

--a-- W32i APP ENU 5.1.2600.0 shp 66,048 06-19-2004 notepad.exe

Language 0x0409 (English (United States))

CharSet 0x04b0 Unicode

OleSelfRegister Disabled

CompanyName Microsoft Corporation

FileDescription Notepad

InternalName Notepad

OriginalFilenam NOTEPAD.EXE

ProductName Microsoft® Windows® Operating System

ProductVersion 5.1.2600.0

FileVersion 5.1.2600.0 (xpclient.010817-1148)

LegalCopyright © Microsoft Corporation. All rights reserved.

 

VS_FIXEDFILEINFO:

Signature: feef04bd

Struc Ver: 00010000

FileVer: 00050001:0a280000 (5.1:2600.0)

ProdVer: 00050001:0a280000 (5.1:2600.0)

FlagMask: 0000003f

Flags: 00000000

OS: 00040004 NT Win32

FileType: 00000001 App

SubType: 00000000

FileDate: 00000000:00000000

 

»»Dir 'junkxxx' was created with the following permissions...

(FAT32=NA)

Directory "C:\junkxxx"

Permissions:

Type Flags Inh. Mask Gen. Std. File Group or User

======= ======== ==== ======== ==== ==== ==== ================

Allow 00000003 tco- 001F01FF ---- DSPO rw+x BUILTIN\Administrators

Allow 00000003 tco- 001F01FF ---- DSPO rw+x NT AUTHORITY\SYSTEM

Allow 00000000 t--- 001F01FF ---- DSPO rw+x JACKRABBITSLIMS\premal

Allow 0000000B -co- 10000000 ---A ---- ---- \CREATOR OWNER

Allow 00000003 tco- 001200A9 ---- -S-- r--x BUILTIN\Users

Allow 00000002 tc-- 00000004 ---- ---- --+- BUILTIN\Users

Allow 00000002 tc-- 00000002 ---- ---- -w-- BUILTIN\Users

 

Owner: JACKRABBITSLIMS\premal

 

Primary Group: JACKRABBITSLIMS\None

 

 

 

»»»»»»Backups created...»»»»»»

12:50am up 0 days, 0:09

Mon 07/05/2004

 

A C:\FINDnFIX\winBack.hiv

--a-- - - - - - 8,192 07-05-2004 winback.hiv

A C:\FINDnFIX\keys1\winkey.reg

--a-- - - - - - 287 07-05-2004 winkey.reg

 

»»Performing 16bit string scan....

00001150: ?

00001190: vk : f AppInit_

000011D0:DLLs G C : \ W I N D O W S \ S y s t e m 3 2 \ w d m b . d

00001210:l l vk P UDeviceNotSelectedTimeout

00001250: 1 5 ( W 9 0 ! vk ' zGDIProce

00001290:ssHandleQuota" vk Spooler2 y e s

000012D0: p vk =pswapdisk vk

00001310: ` R TransmissionRetryTimeout p

00001350: X vk ' USERProcessHandleQuotaSqx

00001390:

000013D0:

00001410: | u Pl? Pl?

00001450:

00001490:

000014D0: X SevG 7S Hw

00001510:` u ` u `A1

00001550:

 

---------- WIN.TXT

fùAppInit_DLLsÖ?æGÀÿÿÿC

C:\WINDOWS\System32\wdmb.dll

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

 

 

**File C:\FINDnFIX\WIN.TXT

Øÿÿÿvk : Ø fùAppInit_DLLsÖ?æGÀÿÿÿC : \ W I N D O W S \ S y s t e m 3 2 \ w d m b . d l l ° Ðÿÿÿvk P ÀUDeviceNotSelectedTimeoutðÿÿÿ1 5 Ø(ÍWðÿÿÿ9 0 ! Ðÿÿÿvk €' zGDIProcessHandleQuota"þàÿÿÿvk À °ºSpooler2ðÿÿÿy e s À ° p   è àÿÿÿvk € =pswapdiskÐÿÿÿvk ` R¿TransmissionRetryTimeoutàÿÿÿ° p   è X Ðÿÿÿvk €' USERProcessHandleQuotaSqx „|Ü‚uìPl?‚Pl?‚ XSevGÈ7SáHw§?`‡uì `‡uì`A1‚ € yãüS7Ú•ƒ=+Fë tXSevGˆ:SáHw§?`‡uì `‡uì`A1‚ € yãüS7Ú•ƒ=+Fë ÌXSevGH=SáHw§?`‡uì `‡uì`A1‚ € yãüS7Ú•ƒ=+Fë

******************************************************************

 

 

Since it wont let me attach win.txt I have copied the contents of the file below:

***************************************************************

 

 

regf yãüS7Ú•ƒ=+Fë OGe$ hbin ¨ÿÿÿnk, mø&¸UÄ ÿÿÿÿ ÿÿÿÿÿÿÿÿ 8 x ÿÿÿÿ 0 : Windows Èþÿÿsk x x ” ì

!

€ ! #

€ # ?

?

?

Øÿÿÿvk : Ø fùAppInit_DLLsÖ?æGÀÿÿÿC : \ W I N D O W S \ S y s t e m 3 2 \ w d m b . d l l ° Ðÿÿÿvk P ÀUDeviceNotSelectedTimeoutðÿÿÿ1 5 Ø(ÍWðÿÿÿ9 0 ! Ðÿÿÿvk €' zGDIProcessHandleQuota"þàÿÿÿvk À °ºSpooler2ðÿÿÿy e s À ° p   è àÿÿÿvk € =pswapdiskÐÿÿÿvk ` R¿TransmissionRetryTimeoutàÿÿÿ° p   è X Ðÿÿÿvk €' USERProcessHandleQuotaSqx „|Ü‚uìPl?‚Pl?‚ XSevGÈ7SáHw§?`‡uì `‡uì`A1‚ € yãüS7Ú•ƒ=+Fë tXSevGˆ:SáHw§?`‡uì `‡uì`A1‚ € yãüS7Ú•ƒ=+Fë ÌXSevGH=SáHw§?`‡uì `‡uì`A1‚ € yãüS7Ú•ƒ=+Fë $XSevG0Sá ’Û?Ç‚ Ç‚`A1‚ € yãüS7Ú•ƒ=+Fë ***************************************************************

 

I really appreciate your help. Thanks a lot!!

Share this post


Link to post
Share on other sites

OK, that does seem to have removed it. Now to wrap it up and finish cleaning.

 

Thanks for the offer, but all of do this on a volunteer basis, If you would like to make a small donation to this board to hep covers expenses, I am sure they would appreciate it.

 

Also, before you buy any more spyware removal products, check this link:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

 

Open the FindnFix folder.

Open the Files2 folder.

Double Click on the ZIPZAP.bat.

 

It will quickly clean the rest and will make a copy of the bad file(s) in the same folder (junkxxx.zip) and open your email client with instructions.

 

Simply drag and drop the junkxxx.zip file from the folder into the mail message and submit to the specified addresses.

 

Please be sure to include a link to your log file in the email.

 

When done, please delete the entire FindnFix folder.

 

=== Clean Remaining Infection ===

Please Download CoolWebShredder, from

http://www.merijn.org/files/cwshredder.zip

http://www.zerosrealm.com/downloads/CWShredder.zip

 

Extract CWShredder to its own folder,

Click the 'Fix ->' button.

Make sure you let it fix all CWS Remnants.

 

Next:

Download the latest version of Ad-Aware at

http://www.lavasoft.de/software/adaware/

 

After installing AAW, and before running the program, you NEED to FIRST update the reference file following the instructions here: http://www.lavahelp.com/howto/updref/index.html

 

Select 'custom options'.

Select your drive, scan and fix all it finds.

 

Last:

HiJackThis version 198.0 is now available.

If you do already have it installed, download it from here:

http://209.133.47.12/~merijn/files/HijackThis.exe

http://downloads.net-integration.net/HijackThis.exe

http://www.computercops.biz/downloads-file-328.html

 

Post a new HiJackThis log in this thread.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0