There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
audio bios blue screen boot bsod computer connection crash dcom dell driver drivers email error excel firefox freeze google hard drive hardware hijackthis internet keyboard laptop logon logs off malware microsoft motherboard network problem ram recovery router screen slow software sound trojan usb userinit.exe virus vista webcam wifi windows windows 7 windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Yieldmanager pop-ups in Mozilla (New)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
 
Thread Tools
cabus's Avatar
Junior Member with 3 posts.
  
Join Date: Dec 2006
Experience: Intermediate
22-Dec-2006, 05:22 PM #1
Yieldmanager pop-ups in Mozilla
Whenever I start Firefox, I keep getting pop-ups in IE with ads and general nonsense. My HJT log is below.

Logfile of HijackThis v1.99.1
Scan saved at 20:13:54, on 22/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\ATI Multimedia\main\ATIDtct.EXE
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Arquivos comuns\Mediafour\MACVNTFY.EXE
C:\Arquivos de programas\Mediafour\MacDrive\MDDiskProtect.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Arquivos de programas\XericDesign\EarthDesk\EarthDesk.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
c:\arquiv~1\intern~1\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Hijackthis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Arquivos de programas\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Arquivos de programas\Arquivos comuns\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Arquivos de programas\Mediafour\XPlay\XPTRYICN.EXE
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Arquivos de programas\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [twoplusdaleplatform] C:\Documents and Settings\All Users\Dados de aplicativos\Pop Bike Two Plus\Mp3 Bags.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Arquivos de programas\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares Lite Edition\Ares.exe" -h
O4 - HKCU\..\Run: [BitComet] "C:\Arquivos de programas\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [EarthDesk] "C:\Arquivos de programas\XericDesign\EarthDesk\EarthDesk.exe" /silentstart
O4 - HKCU\..\Run: [surf build] C:\DOCUME~1\Cabus\DADOSD~1\WEBSTU~1\save program.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1115486318682
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\ARQUIV~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
Register for free to hide this ad!
Cheeseball81's Avatar
Moderator with 74,473 posts.
  
Join Date: Mar 2004
Location: New York
22-Dec-2006, 10:18 PM #2
Hi and welcome

Download AVG Anti-Spyware from HERE and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.

  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
  4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
  1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
  2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG will now begin the scanning process. Please be patient as this may take a little time.
    Once the scan is complete, do the following:
  5. If you have any infections you will be prompted. Then select "Apply all actions."
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.


Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
__________________
Microsoft MVP/Windows - Consumer Security
If we've helped you, please donate to TSG
cabus's Avatar
Junior Member with 3 posts.
  
Join Date: Dec 2006
Experience: Intermediate
25-Dec-2006, 06:18 PM #3
Thanks for the help. I couldn't perform the full scan with AVG because my computer crashed every time I tried. I did the "fast scan", and all my logs and results are below.

Logfile of HijackThis v1.99.1
Scan saved at 21:14:31, on 25/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Arquivos de programas\ATI Multimedia\main\ATIDtct.EXE
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe
C:\Arquivos de programas\Arquivos comuns\Mediafour\MACVNTFY.EXE
C:\Arquivos de programas\Mediafour\MacDrive\MDDiskProtect.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\XericDesign\EarthDesk\EarthDesk.exe
c:\arquiv~1\intern~1\iexplore.exe
C:\WINDOWS\System32\rundll32.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Arquivos de programas\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Arquivos de programas\Arquivos comuns\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Arquivos de programas\Mediafour\XPlay\XPTRYICN.EXE
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Arquivos de programas\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [twoplusdaleplatform] C:\Documents and Settings\All Users\Dados de aplicativos\Pop Bike Two Plus\Mp3 Bags.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Arquivos de programas\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares Lite Edition\Ares.exe" -h
O4 - HKCU\..\Run: [BitComet] "C:\Arquivos de programas\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [EarthDesk] "C:\Arquivos de programas\XericDesign\EarthDesk\EarthDesk.exe" /silentstart
O4 - HKCU\..\Run: [surf build] C:\DOCUME~1\Cabus\DADOSD~1\WEBSTU~1\save program.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1115486318682
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\ARQUIV~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)




---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:19:09 25/12/2006

+ Scan result:



:mozilla.259:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.273:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.462:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.473:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.541:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.684:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.695:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.722:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.179:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.180:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Cabus\Cookies\cabus@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.137:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.138:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.191:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.192:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.136:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.144:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.145:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Cabus\Cookies\cabus@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.146:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.147:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Cabus\Cookies\cabus@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.739:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.277:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.278:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.279:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.280:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.281:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Cabus\Cookies\cabus@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.750:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Counted : Cleaned.
:mozilla.23:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Cabus\Cookies\cabus@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.327:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.213:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.214:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.215:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.216:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.217:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.218:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.139:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.847:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.82:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.85:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.86:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.810:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.811:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.88:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Cabus\Cookies\cabus@lop[1].txt -> TrackingCookie.Lop : Cleaned.
:mozilla.91:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.814:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.815:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.523:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.524:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.525:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.187:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.188:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.189:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.190:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.567:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.568:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.569:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.570:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.571:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.603:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.314:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.315:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.316:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.317:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.614:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.615:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.616:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.617:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.618:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.286:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.287:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.185:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.186:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.645:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.646:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.647:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.737:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Texttbnru : Cleaned.
:mozilla.663:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.664:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.665:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.666:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.667:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.668:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.140:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.755:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.687:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.732:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.733:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.141:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.142:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.143:C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Cabus\Cookies\cabus@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end
cabus's Avatar
Junior Member with 3 posts.
  
Join Date: Dec 2006
Experience: Intermediate
25-Dec-2006, 06:18 PM #4
Incident Status Location

Possible Virus. Not disinfected C:\Arquivos de programas\eRightSoft\SUPER\ffmpeg.exe
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Cabus\Cookies\cabus@adopt.hbmediapro[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Cabus\Cookies\cabus@atwola[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cabus\Cookies\cabus@google.com[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cabus\Cookies\cabus@terra.com[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cabus\Cookies\cabus@uol.com[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt[.terra.com.br/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt[.google.com.br/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt[.uol.com.br/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt[de.uol.com.br/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt[.go.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt[.ig.com.br/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt[.metriweb.be/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Cabus\Dados de aplicativos\Mozilla\Firefox\Profiles\yc5bacdu.default\cookies.txt[.xiti.com/]
Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\system32\Tools\Restart.exe
Cheeseball81's Avatar
Moderator with 74,473 posts.
  
Join Date: Mar 2004
Location: New York
25-Dec-2006, 09:22 PM #5
1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Quote:

Folders to delete:
C:\Documents and Settings\All Users\Dados de aplicativos\Pop Bike Two Plus
C:\DOCUME~1\Cabus\DADOSD~1\WEBSTU~1

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.


Rescan with Hijack This, close all browser windows except Hijack This, put a checkmark beside these entries and click fix checked.

O4 - HKLM\..\Run: [twoplusdaleplatform] C:\Documents and Settings\All Users\Dados de aplicativos\Pop Bike Two Plus\Mp3 Bags.exe

O4 - HKCU\..\Run: [surf build] C:\DOCUME~1\Cabus\DADOSD~1\WEBSTU~1\save program.exe



Reboot and post another Hijack This log please.
__________________
Microsoft MVP/Windows - Consumer Security
If we've helped you, please donate to TSG
Closed Thread Bookmark and Share   techguy.org/528814

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!


« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 01:21 PM.
Copyright © 1996 - 2010 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2010, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.