Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter · #1 ·
Whenever I start Firefox, I keep getting pop-ups in IE with ads and general nonsense. My HJT log is below.

Logfile of HijackThis v1.99.1
Scan saved at 20:13:54, on 22/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\ATI Multimedia\main\ATIDtct.EXE
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Arquivos comuns\Mediafour\MACVNTFY.EXE
C:\Arquivos de programas\Mediafour\MacDrive\MDDiskProtect.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Arquivos de programas\XericDesign\EarthDesk\EarthDesk.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
c:\arquiv~1\intern~1\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Hijackthis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Arquivos de programas\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Arquivos de programas\Arquivos comuns\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Arquivos de programas\Mediafour\XPlay\XPTRYICN.EXE
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Arquivos de programas\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [twoplusdaleplatform] C:\Documents and Settings\All Users\Dados de aplicativos\Pop Bike Two Plus\Mp3 Bags.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Arquivos de programas\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares Lite Edition\Ares.exe" -h
O4 - HKCU\..\Run: [BitComet] "C:\Arquivos de programas\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [EarthDesk] "C:\Arquivos de programas\XericDesign\EarthDesk\EarthDesk.exe" /silentstart
O4 - HKCU\..\Run: [surf build] C:\DOCUME~1\Cabus\DADOSD~1\WEBSTU~1\save program.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1115486318682
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\ARQUIV~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
 

·
Retired Moderator
Joined
·
84,301 Posts
Hi and welcome :)

Download AVG Anti-Spyware from HERE and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.

  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
  4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
  1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
  2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG will now begin the scanning process. Please be patient as this may take a little time.
    Once the scan is complete, do the following:
  5. If you have any infections you will be prompted. Then select "Apply all actions."
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
 

·
Registered
Joined
·
3 Posts
Discussion Starter · #3 ·
Thanks for the help. I couldn't perform the full scan with AVG because my computer crashed every time I tried. I did the "fast scan", and all my logs and results are below.

Logfile of HijackThis v1.99.1
Scan saved at 21:14:31, on 25/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Arquivos de programas\ATI Multimedia\main\ATIDtct.EXE
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe
C:\Arquivos de programas\Arquivos comuns\Mediafour\MACVNTFY.EXE
C:\Arquivos de programas\Mediafour\MacDrive\MDDiskProtect.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\XericDesign\EarthDesk\EarthDesk.exe
c:\arquiv~1\intern~1\iexplore.exe
C:\WINDOWS\System32\rundll32.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Arquivos de programas\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Arquivos de programas\Arquivos comuns\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Arquivos de programas\Mediafour\XPlay\XPTRYICN.EXE
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Arquivos de programas\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [twoplusdaleplatform] C:\Documents and Settings\All Users\Dados de aplicativos\Pop Bike Two Plus\Mp3 Bags.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Arquivos de programas\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares Lite Edition\Ares.exe" -h
O4 - HKCU\..\Run: [BitComet] "C:\Arquivos de programas\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [EarthDesk] "C:\Arquivos de programas\XericDesign\EarthDesk\EarthDesk.exe" /silentstart
O4 - HKCU\..\Run: [surf build] C:\DOCUME~1\Cabus\DADOSD~1\WEBSTU~1\save program.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1115486318682
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\ARQUIV~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:19:09 25/12/2006

+ Scan result:

:mozilla.259:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.273:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.462:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.473:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.541:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.684:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.695:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.722:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.179:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.180:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Cabus\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.137:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.138:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.191:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.192:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.136:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.144:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.145:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Cabus\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.146:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.147:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Cabus\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.739:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.277:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.278:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.279:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.280:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.281:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Cabus\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.750:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Counted : Cleaned.
:mozilla.23:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Cabus\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.327:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.213:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.214:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.215:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.216:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.217:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.218:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.139:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.847:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.82:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.85:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.86:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.810:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.811:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.88:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Cabus\Cookies\[email protected][1].txt -> TrackingCookie.Lop : Cleaned.
:mozilla.91:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.814:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.815:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.523:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.524:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.525:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.187:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.188:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.189:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.190:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.567:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.568:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.569:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.570:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.571:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.603:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.314:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.315:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.316:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.317:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.614:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.615:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.616:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.617:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.618:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.286:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.287:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.185:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.186:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.645:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.646:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.647:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.737:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Texttbnru : Cleaned.
:mozilla.663:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.664:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.665:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.666:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.667:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.668:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.140:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.755:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.687:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.732:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.733:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.141:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.142:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.143:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Cabus\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end
 

·
Registered
Joined
·
3 Posts
Discussion Starter · #4 ·
Incident Status Location

Possible Virus. Not disinfected C:\Arquivos de programas\eRightSoft\SUPER\ffmpeg.exe
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Cabus\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Cabus\Cookies\[email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cabus\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cabus\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cabus\Cookies\[email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt[.terra.com.br/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt[.google.com.br/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt[.uol.com.br/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt[de.uol.com.br/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt[.go.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt[.ig.com.br/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt[.metriweb.be/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt[.xiti.com/]
Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\system32\Tools\Restart.exe
 

·
Retired Moderator
Joined
·
84,301 Posts
1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Folders to delete:
C:\Documents and Settings\All Users\Dados de aplicativos\Pop Bike Two Plus
C:\DOCUME~1\Cabus\DADOSD~1\WEBSTU~1

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

Rescan with Hijack This, close all browser windows except Hijack This, put a checkmark beside these entries and click fix checked.

O4 - HKLM\..\Run: [twoplusdaleplatform] C:\Documents and Settings\All Users\Dados de aplicativos\Pop Bike Two Plus\Mp3 Bags.exe

O4 - HKCU\..\Run: [surf build] C:\DOCUME~1\Cabus\DADOSD~1\WEBSTU~1\save program.exe



Reboot and post another Hijack This log please.
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top