Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log File And Virus Busters Removal


  • Please log in to reply
3 replies to this topic

#1 willis poe

willis poe

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 02 December 2006 - 03:16 PM

hi i have already removed the program virus busters from my computer and now im getting fake warning popups such as critical error risk and i do a system scan and find no problems could u please look at the hijackthis log file and tell me what i need to remove from the log file please email me.
...........................
Logfile of HijackThis v1.99.1
Scan saved at 1:20:58 PM, on 12/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1150417658\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video ActiveX Object\isamonitor.exe
C:\Program Files\Video ActiveX Object\pmsngr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Icyaec\Uuibi.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe
C:\Program Files\Video ActiveX Object\pmmon.exe
C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe
C:\Program Files\Common Files\AOL\1150417658\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\AOL\1150417658\ee\aolsoftware.exe
c:\program files\common files\aol\1150417658\ee\anotify.exe
c:\program files\common files\aol\1150417658\ee\aolsoftware.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\Mamaw\Local Settings\Temporary Internet Files\Content.IE5\KPARWHYZ\hijackthis[1]\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Program Files\Video ActiveX Object\isaddon.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [vlj41cs6] C:\WINDOWS\System32\vlj41cs6.exe
O4 - HKLM\..\Run: [Services] C:\socks.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [jipobj] c:\windows\system32\xemeyl.exe r
O4 - HKLM\..\Run: [Itunes] C:\WINDOWS\itunes.exe
O4 - HKLM\..\Run: [Epuxb] C:\Program Files\Icyaec\Uuibi.exe
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P23 "EPSON Stylus C86 Series" /O5 "LPT1:" /M "Stylus C86"
O4 - HKLM\..\Run: [Dinst]
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB002" /M "Stylus CX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Start Manager] WStartMngr.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150417658\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SDR6_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe"
O4 - HKLM\..\Run: [PAS_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe"
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1150417658\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1150417658\ee\SSCRun.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\RunServices: [Windows Start Manager] WStartMngr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Windows Start Manager] WStartMngr.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [You've Got Pictures Screensaver] C:\Program Files\Common Files\AOL\Screensaver\ygpsstra.exe
O4 - HKCU\..\Run: [e5a96459.exe] C:\Documents and Settings\Mamaw\Local Settings\Application Data\e5a96459.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CUCore Agent] "C:\PROGRA~1\COMMON~1\FIRSTV~1\ConfAgent.exe /minimize"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: .protected
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCYYYYYYYYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.adorons.com
O16 - DPF: {04734E8D-B073-55E4-8167-101A76E7C2AF} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {076792FC-609F-723E-67C3-24502B5AEB3E} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {08076F0D-7D21-7337-1D03-76E9158A728E} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {1344E469-17EA-0189-E5B5-2ACB248F9444} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {167E0F3B-3217-2CAD-0480-10B15F406144} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1850DC44-3FA9-7009-4859-3735696578F8} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {1874114B-8C1C-7961-B008-3290625EF2D4} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {1A11FF94-AEE6-181A-545E-4DD71A1D372A} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {1A6D7F66-8FA2-2346-58A5-49630824F5B2} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {1DB3B82C-2E14-7CF0-FD2A-647F4282D638} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} - http://www.bardownload.com/prompt/cabs/msnnames.cab
O16 - DPF: {37FB2041-09B3-26F3-0D8D-5CA4639869CE} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {38FF3A45-A9C5-1118-05A1-717934C39F88} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {3A325252-E69C-15B8-0B74-208A3CA1D066} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {3F353F11-C4AF-56EE-005C-144A4B2B54E7} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {42AA180A-96E1-154F-3800-309D28FCE04A} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {4441C002-C1F4-573B-7279-085A75FF0C9F} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} - https://www.cuworld.com/PIC/inner_pic/packages/CUworld.cab
O16 - DPF: {52F03E01-6786-0300-08E9-32BE5E998B96} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {54D3F0F4-0DE0-6AE4-600C-70AA4E5A4C2B} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {55B86F0B-A895-60C8-E646-52AA2C83491A} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {61F21F1E-9090-04D7-92B9-433E52CBA7B3} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1145191308243
O16 - DPF: {68C68481-FA24-4723-BD06-7343364042FC} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {6B81386C-9365-4F1A-B14B-74A81E68452F} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {6BD0D63A-6BE9-1B99-09F6-1CC41D9C5B7E} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {6C798A89-0F01-7D16-711C-7AB625B42F84} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154049225206
O16 - DPF: {7318AFE2-EF8C-39E5-D54A-29BE2DF3AD91} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {79699AD5-3A92-1A08-1472-4F2B66195650} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {79FDC1E1-8D09-1BE4-B50A-7A667F990EC3} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {7DB49A72-B3A7-4637-4E04-08A26998C332} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {8D39C44E-F6AC-11D3-8D1E-00104B6DBF8D} (PIQPrint Class) - http://piq-tb01.photo.epson.com/JSDelivery...PrintClient.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...t/TLIEFlash.CAB
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak06.pictures.aol.com/ygp/aol/plug...US.9.1.6.20.cab
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (RealPlayer G2 Control) - http://download.newaol.com/refresh/RealPlayerInstaller.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejewele...aploader_v7.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - C:\WINDOWS\system32\xxfgmy.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1150417658\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Mod edit - Removed email address to protect from spammers.

Edited by D-Trojanator, 03 December 2006 - 02:53 PM.


BC AdBot (Login to Remove)

 


m

#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:35 AM

Posted 02 December 2006 - 08:06 PM

Hi willis poe, :flowers:

You ave posted twice. In order to prevent problems I will answer to your other post as well.

Thanks for your patience. :thumbsup:

#3 willis poe

willis poe
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 02 December 2006 - 08:38 PM

ahhhhhhhhhh sorry for posting twice

#4 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:35 AM

Posted 03 December 2006 - 05:58 PM

Hi willis poe, :thumbsup:

Welcome to BleepingComputer Forums and thanks again for your patience.

1. Your log shows the very dangerous W32/Oscabot-L is present on your computer!

This worm also has backdoor functionalities. It processes the commands on the local machine giving remote users virtual control over the infected system.
It is possible that the remote attacker has added multiple backdoors and/or accounts or even rooted the computer.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable and it would be wise to contact those same financial institutions to apprise them of your situation.

2. HJT creates backups and we want them safe and secure should they be required later. For that reason I recommend to remove HijackThis to its own permanent location.

Create a folder on your C: drive: click Start > My Computer, open/double-click your C:\ drive, select New, next Folder and call it C:\hijackthis. Drag HijackThis into that folder!

3. Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

4. Run HijackThis, click the Config... button, then go to the Misc Tools section and click Open Uninstall Manager. You'll see a list of programs; click on Save List...

The file "uninstall_list.txt" will be created. Copy and paste the contents of this file to your next reply.

5. You're using an outdated version of Java (latest one is Java Runtime Environment (JRE) 5.0 Update 10). Please update and remove the older versions. Do the following:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • Then Download and install the newest version from here:

    Java Runtime Environment (JRE) 5.0 Update 10
6. Download, install, and update AVG Anti-Spyware 7.5

1. Save the installer to desktop
2. Double click the installer, select your language, and then select OK
3. Click NEXT>>Do or don't read the "User License Agreement"
Select I Agree>>>NEXT>>>INSTALL
4. AVG will now install and afterwards click FINISH
5. AVG Anti-Spyware 7.5 should now Load
6. Click the Update tab at the top. Under Manual Update click Start update.
7. After the update finishes (the status bar at the bottom will display "Update successful")
8. Close AVG Anti-Spyware 7.5. Do not run it yet.

Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode at the top, on the screen that appears.
Sign in with your normal user account

Then run AVG Anti-Spyware 7.5 and click on the Scanner tab at the top
  • Click the "Settings" tab and then change the recommended action to Quarantine and ensure that Automatically generate report after every scan is selected and uncheck "Only if Threats are found"
  • Click back to the "Scan" tab and then click on Complete System Scan.
    This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware 7.5 will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware 7.5 will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Please reboot to go back into Normal mode and post the AVG report along with the uninstall_list.txt and the Smitfraud report and a fresh HijackThis log!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users