Solved Hotspot killing my Machine, 3x Kobeface deleted. 16H fighting 2ltr coffee Help wanted
- Thread starter deepblue
- Start date
Broni
Posts: 56,041 +517
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code::OTL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSou...ctid=CT1561552 [2011-04-06 19:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Definições locais\Application Data\Conduit [2011-04-06 19:42:36 | 000,000,000 | ---D | C] -- C:\Programas\Conduit :Commands [purity] [emptytemp] [emptyflash] [Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
logo gone , IE 8 reseated and downloaded an update from Microsoft
report from Otl, and ill post the source code of the page on next post
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
C:\Documents and Settings\Greg\Definições locais\Application Data\Conduit\Community Alerts\Log folder moved successfully.
C:\Documents and Settings\Greg\Definições locais\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Documents and Settings\Greg\Definições locais\Application Data\Conduit\Community Alerts folder moved successfully.
C:\Documents and Settings\Greg\Definições locais\Application Data\Conduit folder moved successfully.
C:\Programas\Conduit\Community Alerts folder moved successfully.
C:\Programas\Conduit folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Fofinha
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Greg
->Temp folder emptied: 852497 bytes
->Temporary Internet Files folder emptied: 901768 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 23300215 bytes
->Flash cache emptied: 456 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: WORK
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 739 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 24,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: Fofinha
->Flash cache emptied: 0 bytes
User: Greg
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: WORK
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04072011_193638
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Greg\Definições locais\Temp\~DF1DB3.tmp not found!
File\Folder C:\Documents and Settings\Greg\Definições locais\Temp\~DF1E10.tmp not found!
File\Folder C:\Documents and Settings\Greg\Definições locais\Temp\~DF1E81.tmp not found!
File\Folder C:\Documents and Settings\Greg\Definições locais\Temp\~DF1ED1.tmp not found!
C:\Documents and Settings\Greg\Definições locais\Temp\~DFD05B.tmp moved successfully.
File\Folder C:\Documents and Settings\Greg\Definições locais\Temp\~DFF054.tmp not found!
File\Folder C:\Documents and Settings\Greg\Definições locais\Temp\~DFF071.tmp not found!
C:\Documents and Settings\Greg\Definições locais\Temporary Internet Files\Content.IE5\2HESX75X\search_conduit_com[1].htm moved successfully.
C:\Documents and Settings\Greg\Definições locais\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\ZLT04f39.TMP not found!
Registry entries deleted on Reboot...
report from Otl, and ill post the source code of the page on next post
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
C:\Documents and Settings\Greg\Definições locais\Application Data\Conduit\Community Alerts\Log folder moved successfully.
C:\Documents and Settings\Greg\Definições locais\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Documents and Settings\Greg\Definições locais\Application Data\Conduit\Community Alerts folder moved successfully.
C:\Documents and Settings\Greg\Definições locais\Application Data\Conduit folder moved successfully.
C:\Programas\Conduit\Community Alerts folder moved successfully.
C:\Programas\Conduit folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Fofinha
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Greg
->Temp folder emptied: 852497 bytes
->Temporary Internet Files folder emptied: 901768 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 23300215 bytes
->Flash cache emptied: 456 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: WORK
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 739 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 24,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: Fofinha
->Flash cache emptied: 0 bytes
User: Greg
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: WORK
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04072011_193638
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Greg\Definições locais\Temp\~DF1DB3.tmp not found!
File\Folder C:\Documents and Settings\Greg\Definições locais\Temp\~DF1E10.tmp not found!
File\Folder C:\Documents and Settings\Greg\Definições locais\Temp\~DF1E81.tmp not found!
File\Folder C:\Documents and Settings\Greg\Definições locais\Temp\~DF1ED1.tmp not found!
C:\Documents and Settings\Greg\Definições locais\Temp\~DFD05B.tmp moved successfully.
File\Folder C:\Documents and Settings\Greg\Definições locais\Temp\~DFF054.tmp not found!
File\Folder C:\Documents and Settings\Greg\Definições locais\Temp\~DFF071.tmp not found!
C:\Documents and Settings\Greg\Definições locais\Temporary Internet Files\Content.IE5\2HESX75X\search_conduit_com[1].htm moved successfully.
C:\Documents and Settings\Greg\Definições locais\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\ZLT04f39.TMP not found!
Registry entries deleted on Reboot...
Broni
Posts: 56,041 +517
Well done 
Last scans....
1. Download Security Check from HERE, and save it to your Desktop.
2. Download Temp File Cleaner (TFC)
3. Please run a free online scan with the ESET Online Scanner
Last scans....
1. Download Security Check from HERE, and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.
2. Download Temp File Cleaner (TFC)
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
3. Please run a free online scan with the ESET Online Scanner
- Disable your antivirus program
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- IMPORTANT! UN-check Remove found threats
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, push List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- NOTE. If Eset won't find any threats, it won't produce any log.
LOL is in....Portuguese but i can live with that rofl anything's better then Hotspot.
heres the code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="pt" xml:lang="pt" xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" http-equiv="content-type" /><script type="text/javascript">//<![CDATA[
si_ST=new Date
//]]></script><script type="text/javascript">//<![CDATA[
_G={STsi_ST?si_ST:new Date),Mkt:"pt-PT",RTL:false,Ver:"7_03_0_882074",IG:"c72f85b0b344488c86f8db7e800e3aa4",EventID:"7A98EF1F4F514AE69B8255FBC413C2AB",P:"SERP",DA:"Db3",SUIH:"dPAGyIrBsGS_gL3VMKJk2w",gpUrl:"\/fd\/ls\/GLinkPing.aspx?"};_G.lsUrl="/fd/ls/l?IG="+_G.IG;curUrl="http:\/\/www.bing.com\/";function si_T(a){if(document.images){_G.GPImg=new Image;_G.GPImg.src=_G.gpUrl+'IG='+_G.IG+a;}return true;};sb_gh=function(){return location.hash};sb_sh=function(a){location.hash=a};_w=window;_d=document;sb_de=_d.documentElement;sb_ie=!!_w.ActiveXObject;sb_i6=sb_ie&&!_w.XMLHttpRequest;function _ge(a){return _d.getElementById(a)}sb_st=_w.setTimeout;sb_ct=_w.clearTimeout;sb_gt=function(){return(new Date).getTime()};function si_PP(e,c){if(!_G.PPS){for(var d='"',b=["PC","FC","BC","BS","H","C1","C2","BP","KP"],a=0;a<b.length;a++)d+=',"'+b[a]+'":'+(_G[b[a]+"T"]?_G[b[a]+"T"]-_G.ST:-1);_G.PPImg=new Image;_G.PPImg.src=_G.lsUrl+'&Type=Event.CPT&DATA={"pp":{"S":"'+(c?c:"L")+d+',"CT":'+(e-_G.ST)+',"IL":'+_d.images.length+(_w.sb_ppCPL?',"CP":1':"")+"}}"+(_G.P?"&P="+_G.P:"")+(_G.DA?"&DA="+_G.DA:"");_G.PPS=1;sb_st(function(){sj_evt.fire("onPP")},1)}}_w.onbeforeunload=function(){si_PP(new Date,"A")};sj_evt=new function(){var a={},b=this;function c(b){return a||(a=[])}b.fire=function(e){for(var a=c(e),d=a.e=arguments,b=0;b<a.length;b++)if(a.d)sb_st(sj_wf(a,d),a.d);else a(d)};b.bind=function(f,a,d,e){var b=c(f);a.d=e;b.push(a);d&&b.e&&a(b.e)};b.unbind=function(e,d){for(var c=0,b=a[e];b&&c<b.length;c++)if(b[c]==d){b.splice(c,1);break}}};
//]]></script><link rel="stylesheet" href="/fd/sa/0311080259/homepageFD_c.css" type="text/css"/><script type="text/javascript" src="/fd/sa/1124061903/Shared.js"></script><style type="text/css">html,body{height:100%}body{background:#b2bdc4;margin-top:-1px;margin:0;padding:0;font-family:Arial,Sans-Serif;font-size:small}a,body{color:#fff;text-decoration:none}a:hover{text-decoration:underline}ul{list-style:none;padding:0;margin:0}label{padding-right:1em}#sw_pb,#hp_content{border:1px #d0d9dd solid}#hp_content{overflow:hidden}#hp_sw_content{height:512px;position:relative;overflow:hidden;background:#9eacb3}.hp_sw_logo{background:url(/fd/s/a/h1.png) 0 -29px no-repeat;width:138px;height:46px;float:left;margin:-2px 17px 0 0;_margin:-29px 17px 0 0;_background-image:none;_height:75px;_filterrogidXImageTransform.Microsoft.AlphaImageLoader(src='/fd/s/a/h1.png',sizingMethod='crop');text-indent:-9em}.lit .hp_sw_logo{background-position:0 -75px;_margin-top:-75px;_height:126px}.sw_sform{position:absolute;top:102px;left:30px;z-index:10;width:100%;margin:0}.lit .sw_sform a,.lit label{color:#000}.search_controls{float:left}.beta{position:absolute;top:40px;left:0}.lit .beta{color:#006dd4}.sc_grad{background:url(/fd/s/a/h1.png) 0 -122px;position:absolute;width:100%;height:35px;min-width:700px}#hp_table_layout{width:100%;height:100%;border-collapse:collapse}#hp_td_layout{vertical-align:middle;padding:1.8em 17px 0}#hp_container{text-align:left;position:relative;_width:966px;min-width:656px;max-width:964px;padding-top:17px}.hp_content_wrap{border:solid 3px #aab9c1;background:#bcc9cf;zoom:1;position:relative}#sw_t{filter:alpha(opacity=15);opacity:.15;background:#000;height:100%;_height:15.84em;width:100%;position:absolute;z-index:-1}.sc_expLite #sw_t{filter:alpha(opacity=25);opacity:.25}.sc_exp{position:absolute;width:145px;top:35%;z-index:1}.lit .sc_exp a{color:#fff}.sc_exp #sch_scopes{padding:.77em 0}#hp_sw_content .sc_exp a{display:block;padding:.54em 0 .54em 30px}.sc_exp li{width:100%}#sw_pb{zoom:1}#sw_pb div{border-right:1px #d8dfe3 solid;float:left;padding:0 15px;margin:9px 0;width:20%}#sw_pb h3{font-size:medium;font-weight:200;margin:0 0 6px;line-height:1.16em}#sw_pb a,#sw_pb ul{color:#1a3038}#sw_pb div,#sw_pb a,#sw_pb h3{white-space:nowrap;overflow:hidden;text-overflow:ellipsis}#sw_pb .ps{_height:100%;border:0;float:none;width:auto}#sw_pb h3,.ps a{display:block;width:100%}.sw_right{margin-right:.5em}#bgDiv{background-repeat:no-repeat;position:absolute;top:0;left:0;width:956px;height:512px}.sh_hst{position:absolute;z-index:4;visibility:hidden}.sh_hto{width:39px;height:39px;opacity:.4;filter:alpha(opacity=40);background:#000;padding:1px}.sh_hto div{height:37px;width:37px;border:1px solid #fff;float:left}a.sh_hs{position:absolute;display:block;cursorointer;z-index:15;line-height:1.4em;width:205px;_width:206px;padding:3px 8px 6px;visibility:hidden}a.sh_hs:hover{text-decoration:none}#hp_sw_content a.sh_hs p,#hp_sw_content a:visited.sh_hs p{margin:0 0 .2em}.sh_hq{text-decoration:underline}.sh_hi{display:inline;*display:inline-block;font-size:medium;colorrange}.sh_ho{width:100%;_width:220px;position:absolute;top:0;left:0;z-index:-1;opacity:.6;filter:alpha(opacity=60);padding:1px;background:#000}.sh_ho div{_width:218px;border:1px solid #fff}#sh_rdiv{font-size:84.9%;position:absolute;right:.27em;bottom:.9em}#sh_rdiv a{margin:0 .27em;position:relative;float:left;display:block;text-decoration:none;cursor:default;outline:none}#sh_rdiv div{padding:.18em .27em;margin:1px;float:left}#sh_rdiv span{padding:.45em;background:#fff;position:absolute;bottom:1.82em;right:.18em;visibility:hidden;white-space:nowrap;color:#150417;border:1px solid #555}#sh_cp span{white-space:normal;display:block;background:0;border:0;padding:0;width:500px}#sh_cp p{padding:.45em;background:#fff;border:1px solid #555;float:right;margin:0}#sh_cp div{font-size:118%}#sh_rdiv a:hover,#sh_rdiv a:hover span{visibility:visible}#sh_igl div,#sh_igr div{visibility:hidden}.sc_scp{white-space:nowrap;font-size:1.07em;position:absolute;left:153px;top:-2.02em}.sc_scp a,.sc_scp span{white-space:nowrap}.sc_action span,.sc_action a{font-weight:bold}.sc_scp,.sc_scp li,.sc_scp ul{display:inline}.sc_scp li{padding:0 8px;zoom:1}.sc_active,.drk li.sc_active{color:#ffa615;font-weight:bold;border-left:solid 1px #a8b1b7;border-right:solid 1px #a8b1b7;padding:0 10px;margin:0 4px}#bgDiv{filter: ;opacity:1;background-image:url(/fd/hpk2/PaintedHills_ROW1629476077.jpg)}</style><script type="text/javascript">//<![CDATA[
_scopeUrls=[];function hasQuery(a){return a.value.replace(/\s+/gi,"")!=""}function qs(b){if(_w.encodeURIComponent){var a=b.href,c=encodeURIComponent(_ge("sb_form_q").value);if(a.indexOf("q=")!=-1)b.href=a.replace(new RegExp("q=[^&$]*"),"q="+c);else if(a.indexOf("where1=")!=-1)b.href=a.replace(new RegExp("where1=[^&$]*"),"where1="+c);else b.href=a+(a.indexOf("?")<0?"?":"&")+"q="+c}return 1}function selectScope(a,b){if(hasQuery(_ge("sb_form_q"))){a.href=_scopeUrls;qs(a)}};function initResize(){var f=512,g=340,a="height",e="style",i=_ge("hp_sw_content"),b=i?i[e]:null,k=_ge("bgDiv"),d=k?k[e]:null,c=_ge("mmB"),j=_ge("sch_scopes");function h(){if(_w.M&&!B.Hash.IsHomepage(B.Hash.Get())){var j=M.UpdateIFrameHeight;j&&_ge("sw_if")&&j();return}var h=_ge("hp_sw_hdr").offsetHeight+_ge("sb_foot").offsetHeight+2,i=sb_de.clientHeight;if(i<=f+h){if(i-h<g){b[a]=g+"px";d[a]=b[a]}else{b[a]=i-h+"px";d[a]=b[a]}c?(c[e].display="none"):0}else if(i>f+h){b[a]=f+"px";d[a]=b[a];c?(c[e].display=""):0}}if(d&&b){if(j)g=193+j.offsetHeight;h();sj_be(_w,"resize",h);sj_be(_w,"unload",function(){sj_ue(_w,"resize",h)})}};
//]]></script><title>Bing</title><link href="/s/wlflag.ico" rel="icon"/><meta content="O Bing é um motor de busca que localiza e organiza as respostas de que necessita para que possa tomar decisões informadas mais informadas mais depressa." name="description"/><meta content="NOODP" name="ROBOTS"/><!-- FD: C0D37D6F2D7F88E69437C4E8AA9D73E6 --></head><body class="pt pt-PT" onload="_ge('sb_form_q').focus();if(_w.lb)lb();initResize();"><script type="text/javascript">//<![CDATA[
_G.PCT=new Date
//]]></script><script type="text/javascript">//<![CDATA[
_G.BCT=new Date
//]]></script><script type="text/javascript">//<![CDATA[
sj_b=_d.body;
//]]></script><script type="text/javascript">//<![CDATA[
_G.AppVer="7_03_0_883331";_G.AppVer="7_03_0_883331";
//]]></script><div class="sc_grad"></div><table id="hp_table_layout"><tr><td align="center" id="hp_td_layout"><div id="hp_sw_hdr"><div class="sw_tb"><h3 class="sc_hl1"><span>Bing</span> | </h3><ul class="sc_hl1"><li><a href="http://pt.msn.com/" onmousedown="return si_T('&ID=FD,17.1')">MSN</a> | </li><li><a href="http://mail.live.com/" onmousedown="return si_T('&ID=FD,19.1')">Hotmail</a></li></ul><ul class="sw_right"><li><span class="lStatus"><a href="https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1302198075&rver=6.0.5286.0&wp=MBI&wreply=http:%2F%2Fwww.bing.com%2FPassport.aspx%3Frequrl%3Dhttp%253a%252f%252fwww.bing.com%253a80%252f&lc=2070&id=264960" onmousedown="return si_T('&ID=FD,6.1')">Iniciar sessão</a></span> | </li><li><span class="mktInd"><a href="/worldwide.aspx?FORM=WHFD" onmousedown="return si_T('&ID=FD,13.1')">Portugal</a></span> | </li><li class="sw_last"><span><a href="/settings.aspx?ru=http%3a%2f%2fwww.bing.com%3a80%2f&FORM=SEFD" onmousedown="return si_T('&ID=FD,21.1')">Preferências</a></span></li></ul></div><div class="sw_tbb"></div></div><div id="hp_container"><div class="hp_content_wrap"><div id="hp_content"><div id="hp_sw_content"><div class="sw_sform"><div class="hp_sw_logo">Bing</div><div class="beta">Beta</div><div class="search_controls"><div><ul id="sch_scopes" class="sc_scp"><li class="sc_active"><span>Web</span></li><li><a href="/?scope=images&FORM=Z9LH" onclick="selectScope(this, 'images');" onmousedown="return si_T('&ID=SERP,5005.1')"><span>Imagens</span></a></li><li><a href="/explore?FORM=Z9LH1" onclick="selectScope(this, 'seeall');" onmousedown="return si_T('&ID=SERP,5006.1')"><span>Mais</span></a></li></ul></div><form action="/search" class="sw_box" id="sb_form" onsubmit="return si_T('&ID=FD,30.1');"><div class="sw_bd"><div class="sw_b"><input class="sw_qbox" id="sb_form_q" name="q" title="Introduzir o termo de pesquisa" type="text" value="" /><input class="sw_qbtn" id="sb_form_go" name="go" tabindex="0" title="Procurar" type="submit" value="" /></div></div><input name="form" type="hidden" value="QBLH" /><div class="sb_form_align"><div id="sc_mktb"><div><div id="sw_filt"><input checked="checked" id="nofilt" name="filt" type="radio" value="all" /><label for="nofilt">Mostrar tudo</label><input id="langfilt" name="filt" type="radio" value="lf" /><label for="langfilt">Só <a href="/settings.aspx?sh=5&ru=%2f">Português (Portugal)</a></label><input id="regionfilt" name="filt" type="radio" value="rf" /><label for="regionfilt">Apenas de Portugal</label></div></div></div></div></form></div></div><div id="bgDiv"></div><div id="sh_rdiv"><a href="?FORM=HYLH#" id="sh_igl" onmousedown="return si_T('&ID=SERP,5008.1')"><div class="sc_lightdis">◄</div></a><a href="?FORM=HYLH1#" id="sh_igr" onmousedown="return si_T('&ID=SERP,5007.1')"><div class="sc_lightdis">►</div></a><a id="sh_cp" href="javascript:void(0);" class="sc_light"><div>©</div><span><p>Painted Hills in John Day Fossil Beds National Monument near Wheeler County, Oregon -- Ken Hollis</p></span></a></div></div></div></div><div id="sb_foot"><ul id="sw_footL"><li><a href="http://g.live.com/9uxp9pt-pt/ftr1" onmousedown="return si_T('&ID=FD,33.1')">© 2011 Microsoft</a> | </li><li><a href="http://go.microsoft.com/fwlink/?LinkId=74170" onmousedown="return si_T('&ID=FD,35.1')">Privacidade</a> | </li><li><a href="http://g.msn.com/0TO_/ptpt" onmousedown="return si_T('&ID=FD,37.1')">Legal</a> | </li><li><a href="http://advertising.microsoft.com/brasil/bing-advertise" onmousedown="return si_T('&ID=FD,39.1')">Anunciar</a> | </li><li><a href="http://onlinehelp.microsoft.com/pt-PT/bing/ff808506.aspx" id="sb_help" target="_blank" onmousedown="return si_T('&ID=FD,41.1')">Ajuda</a> | </li><li><a href="https://feedback.live.com/default.aspx?locale=pt-PT&productkey=wlsearchweb&P1=dsathome&P2=&P3=0&P4=NOFORM&P5=6D53CA1F765741E48E595D8899B42EA1&P6=Osnabrueck, Niedersachsen&P9=52%2c275001525%2f8%2c064167022&P10=0&P11=&searchtype=Web+Search&optl1=1&backurl=http%3a%2f%2fwww.bing.com%2f%3fFORM%3dFEEDTU" id="sb_feedback" onmousedown="return si_T('&ID=FD,43.1')">Comentários</a></li></ul></div></div></td></tr><tr><td class="hpn_td"></td></tr></table><script type="text/javascript">//<![CDATA[
_G.BST=new Date
//]]></script><script type="text/javascript" src="/fd/sa/0807035841/PostContent.js"></script><script type="text/javascript">//<![CDATA[
sj_evt.fire("onHTML");
//]]></script><script type="text/javascript">//<![CDATA[
_scopeUrls['web']='/search?q=&FORM=BWLH'; _scopeUrls['images']='/images/search?q=&FORM=BILH'; _scopeUrls['seeall']='/explore?q=&FORM=ZZLH'; ;function fadeComplete(){_G.KPT=new Date;var a="className";if(!g_bgStyle.drk)_ge("hp_sw_content")[a]+=" lit";var b=_ge("pi");if(b)b[a]+=g_bgStyle.top;_ge("sc_hs1")&&sj_jb("Homepage2Hotspots_c")}sc_fadeCb=fadeComplete;g_bgStyle={drk:1,top:' sc_light',bot:' sc_light'};g_img={url:'/fd/hpk2/PaintedHills_ROW1629476077.jpg'};fadeComplete();;sj_evt.bind("onBgSet",function(){sj_jb("HPImgView")},1);
//]]></script><script type="text/javascript">//<![CDATA[
(function(){function a(){!_w.sb_ppCPL&&sb_st(function(){si_PP(new Date)},0)}var b=_w.onload||function(){};onload=function(c){_G.BPT=new Date;b(c);a()};_G.HT=new Date})()
//]]></script></body></html>
but i can live with that rofl anything's better then Hotspot.heres the code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="pt" xml:lang="pt" xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" http-equiv="content-type" /><script type="text/javascript">//<![CDATA[
si_ST=new Date
//]]></script><script type="text/javascript">//<![CDATA[
_G={ST
si_ST?si_ST:new Date),Mkt:"pt-PT",RTL:false,Ver:"7_03_0_882074",IG:"c72f85b0b344488c86f8db7e800e3aa4",EventID:"7A98EF1F4F514AE69B8255FBC413C2AB",P:"SERP",DA:"Db3",SUIH:"dPAGyIrBsGS_gL3VMKJk2w",gpUrl:"\/fd\/ls\/GLinkPing.aspx?"};_G.lsUrl="/fd/ls/l?IG="+_G.IG;curUrl="http:\/\/www.bing.com\/";function si_T(a){if(document.images){_G.GPImg=new Image;_G.GPImg.src=_G.gpUrl+'IG='+_G.IG+a;}return true;};sb_gh=function(){return location.hash};sb_sh=function(a){location.hash=a};_w=window;_d=document;sb_de=_d.documentElement;sb_ie=!!_w.ActiveXObject;sb_i6=sb_ie&&!_w.XMLHttpRequest;function _ge(a){return _d.getElementById(a)}sb_st=_w.setTimeout;sb_ct=_w.clearTimeout;sb_gt=function(){return(new Date).getTime()};function si_PP(e,c){if(!_G.PPS){for(var d='"',b=["PC","FC","BC","BS","H","C1","C2","BP","KP"],a=0;a<b.length;a++)d+=',"'+b[a]+'":'+(_G[b[a]+"T"]?_G[b[a]+"T"]-_G.ST:-1);_G.PPImg=new Image;_G.PPImg.src=_G.lsUrl+'&Type=Event.CPT&DATA={"pp":{"S":"'+(c?c:"L")+d+',"CT":'+(e-_G.ST)+',"IL":'+_d.images.length+(_w.sb_ppCPL?',"CP":1':"")+"}}"+(_G.P?"&P="+_G.P:"")+(_G.DA?"&DA="+_G.DA:"");_G.PPS=1;sb_st(function(){sj_evt.fire("onPP")},1)}}_w.onbeforeunload=function(){si_PP(new Date,"A")};sj_evt=new function(){var a={},b=this;function c(b){return a||(a=[])}b.fire=function(e){for(var a=c(e),d=a.e=arguments,b=0;b<a.length;b++)if(a.d)sb_st(sj_wf(a,d),a.d);else a(d)};b.bind=function(f,a,d,e){var b=c(f);a.d=e;b.push(a);d&&b.e&&a(b.e)};b.unbind=function(e,d){for(var c=0,b=a[e];b&&c<b.length;c++)if(b[c]==d){b.splice(c,1);break}}};//]]></script><link rel="stylesheet" href="/fd/sa/0311080259/homepageFD_c.css" type="text/css"/><script type="text/javascript" src="/fd/sa/1124061903/Shared.js"></script><style type="text/css">html,body{height:100%}body{background:#b2bdc4;margin-top:-1px;margin:0;padding:0;font-family:Arial,Sans-Serif;font-size:small}a,body{color:#fff;text-decoration:none}a:hover{text-decoration:underline}ul{list-style:none;padding:0;margin:0}label{padding-right:1em}#sw_pb,#hp_content{border:1px #d0d9dd solid}#hp_content{overflow:hidden}#hp_sw_content{height:512px;position:relative;overflow:hidden;background:#9eacb3}.hp_sw_logo{background:url(/fd/s/a/h1.png) 0 -29px no-repeat;width:138px;height:46px;float:left;margin:-2px 17px 0 0;_margin:-29px 17px 0 0;_background-image:none;_height:75px;_filter
rogidXImageTransform.Microsoft.AlphaImageLoader(src='/fd/s/a/h1.png',sizingMethod='crop');text-indent:-9em}.lit .hp_sw_logo{background-position:0 -75px;_margin-top:-75px;_height:126px}.sw_sform{position:absolute;top:102px;left:30px;z-index:10;width:100%;margin:0}.lit .sw_sform a,.lit label{color:#000}.search_controls{float:left}.beta{position:absolute;top:40px;left:0}.lit .beta{color:#006dd4}.sc_grad{background:url(/fd/s/a/h1.png) 0 -122px;position:absolute;width:100%;height:35px;min-width:700px}#hp_table_layout{width:100%;height:100%;border-collapse:collapse}#hp_td_layout{vertical-align:middle;padding:1.8em 17px 0}#hp_container{text-align:left;position:relative;_width:966px;min-width:656px;max-width:964px;padding-top:17px}.hp_content_wrap{border:solid 3px #aab9c1;background:#bcc9cf;zoom:1;position:relative}#sw_t{filter:alpha(opacity=15);opacity:.15;background:#000;height:100%;_height:15.84em;width:100%;position:absolute;z-index:-1}.sc_expLite #sw_t{filter:alpha(opacity=25);opacity:.25}.sc_exp{position:absolute;width:145px;top:35%;z-index:1}.lit .sc_exp a{color:#fff}.sc_exp #sch_scopes{padding:.77em 0}#hp_sw_content .sc_exp a{display:block;padding:.54em 0 .54em 30px}.sc_exp li{width:100%}#sw_pb{zoom:1}#sw_pb div{border-right:1px #d8dfe3 solid;float:left;padding:0 15px;margin:9px 0;width:20%}#sw_pb h3{font-size:medium;font-weight:200;margin:0 0 6px;line-height:1.16em}#sw_pb a,#sw_pb ul{color:#1a3038}#sw_pb div,#sw_pb a,#sw_pb h3{white-space:nowrap;overflow:hidden;text-overflow:ellipsis}#sw_pb .ps{_height:100%;border:0;float:none;width:auto}#sw_pb h3,.ps a{display:block;width:100%}.sw_right{margin-right:.5em}#bgDiv{background-repeat:no-repeat;position:absolute;top:0;left:0;width:956px;height:512px}.sh_hst{position:absolute;z-index:4;visibility:hidden}.sh_hto{width:39px;height:39px;opacity:.4;filter:alpha(opacity=40);background:#000;padding:1px}.sh_hto div{height:37px;width:37px;border:1px solid #fff;float:left}a.sh_hs{position:absolute;display:block;cursorointer;z-index:15;line-height:1.4em;width:205px;_width:206px;padding:3px 8px 6px;visibility:hidden}a.sh_hs:hover{text-decoration:none}#hp_sw_content a.sh_hs p,#hp_sw_content a:visited.sh_hs p{margin:0 0 .2em}.sh_hq{text-decoration:underline}.sh_hi{display:inline;*display:inline-block;font-size:medium;colorrange}.sh_ho{width:100%;_width:220px;position:absolute;top:0;left:0;z-index:-1;opacity:.6;filter:alpha(opacity=60);padding:1px;background:#000}.sh_ho div{_width:218px;border:1px solid #fff}#sh_rdiv{font-size:84.9%;position:absolute;right:.27em;bottom:.9em}#sh_rdiv a{margin:0 .27em;position:relative;float:left;display:block;text-decoration:none;cursor:default;outline:none}#sh_rdiv div{padding:.18em .27em;margin:1px;float:left}#sh_rdiv span{padding:.45em;background:#fff;position:absolute;bottom:1.82em;right:.18em;visibility:hidden;white-space:nowrap;color:#150417;border:1px solid #555}#sh_cp span{white-space:normal;display:block;background:0;border:0;padding:0;width:500px}#sh_cp p{padding:.45em;background:#fff;border:1px solid #555;float:right;margin:0}#sh_cp div{font-size:118%}#sh_rdiv a:hover,#sh_rdiv a:hover span{visibility:visible}#sh_igl div,#sh_igr div{visibility:hidden}.sc_scp{white-space:nowrap;font-size:1.07em;position:absolute;left:153px;top:-2.02em}.sc_scp a,.sc_scp span{white-space:nowrap}.sc_action span,.sc_action a{font-weight:bold}.sc_scp,.sc_scp li,.sc_scp ul{display:inline}.sc_scp li{padding:0 8px;zoom:1}.sc_active,.drk li.sc_active{color:#ffa615;font-weight:bold;border-left:solid 1px #a8b1b7;border-right:solid 1px #a8b1b7;padding:0 10px;margin:0 4px}#bgDiv{filter: ;opacity:1;background-image:url(/fd/hpk2/PaintedHills_ROW1629476077.jpg)}</style><script type="text/javascript">//<![CDATA[_scopeUrls=[];function hasQuery(a){return a.value.replace(/\s+/gi,"")!=""}function qs(b){if(_w.encodeURIComponent){var a=b.href,c=encodeURIComponent(_ge("sb_form_q").value);if(a.indexOf("q=")!=-1)b.href=a.replace(new RegExp("q=[^&$]*"),"q="+c);else if(a.indexOf("where1=")!=-1)b.href=a.replace(new RegExp("where1=[^&$]*"),"where1="+c);else b.href=a+(a.indexOf("?")<0?"?":"&")+"q="+c}return 1}function selectScope(a,b){if(hasQuery(_ge("sb_form_q"))){a.href=_scopeUrls;qs(a)}};function initResize(){var f=512,g=340,a="height",e="style",i=_ge("hp_sw_content"),b=i?i[e]:null,k=_ge("bgDiv"),d=k?k[e]:null,c=_ge("mmB"),j=_ge("sch_scopes");function h(){if(_w.M&&!B.Hash.IsHomepage(B.Hash.Get())){var j=M.UpdateIFrameHeight;j&&_ge("sw_if")&&j();return}var h=_ge("hp_sw_hdr").offsetHeight+_ge("sb_foot").offsetHeight+2,i=sb_de.clientHeight;if(i<=f+h){if(i-h<g){b[a]=g+"px";d[a]=b[a]}else{b[a]=i-h+"px";d[a]=b[a]}c?(c[e].display="none"):0}else if(i>f+h){b[a]=f+"px";d[a]=b[a];c?(c[e].display=""):0}}if(d&&b){if(j)g=193+j.offsetHeight;h();sj_be(_w,"resize",h);sj_be(_w,"unload",function(){sj_ue(_w,"resize",h)})}};
//]]></script><title>Bing</title><link href="/s/wlflag.ico" rel="icon"/><meta content="O Bing é um motor de busca que localiza e organiza as respostas de que necessita para que possa tomar decisões informadas mais informadas mais depressa." name="description"/><meta content="NOODP" name="ROBOTS"/><!-- FD: C0D37D6F2D7F88E69437C4E8AA9D73E6 --></head><body class="pt pt-PT" onload="_ge('sb_form_q').focus();if(_w.lb)lb();initResize();"><script type="text/javascript">//<![CDATA[
_G.PCT=new Date
//]]></script><script type="text/javascript">//<![CDATA[
_G.BCT=new Date
//]]></script><script type="text/javascript">//<![CDATA[
sj_b=_d.body;
//]]></script><script type="text/javascript">//<![CDATA[
_G.AppVer="7_03_0_883331";_G.AppVer="7_03_0_883331";
//]]></script><div class="sc_grad"></div><table id="hp_table_layout"><tr><td align="center" id="hp_td_layout"><div id="hp_sw_hdr"><div class="sw_tb"><h3 class="sc_hl1"><span>Bing</span> | </h3><ul class="sc_hl1"><li><a href="http://pt.msn.com/" onmousedown="return si_T('&ID=FD,17.1')">MSN</a> | </li><li><a href="http://mail.live.com/" onmousedown="return si_T('&ID=FD,19.1')">Hotmail</a></li></ul><ul class="sw_right"><li><span class="lStatus"><a href="https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1302198075&rver=6.0.5286.0&wp=MBI&wreply=http:%2F%2Fwww.bing.com%2FPassport.aspx%3Frequrl%3Dhttp%253a%252f%252fwww.bing.com%253a80%252f&lc=2070&id=264960" onmousedown="return si_T('&ID=FD,6.1')">Iniciar sessão</a></span> | </li><li><span class="mktInd"><a href="/worldwide.aspx?FORM=WHFD" onmousedown="return si_T('&ID=FD,13.1')">Portugal</a></span> | </li><li class="sw_last"><span><a href="/settings.aspx?ru=http%3a%2f%2fwww.bing.com%3a80%2f&FORM=SEFD" onmousedown="return si_T('&ID=FD,21.1')">Preferências</a></span></li></ul></div><div class="sw_tbb"></div></div><div id="hp_container"><div class="hp_content_wrap"><div id="hp_content"><div id="hp_sw_content"><div class="sw_sform"><div class="hp_sw_logo">Bing</div><div class="beta">Beta</div><div class="search_controls"><div><ul id="sch_scopes" class="sc_scp"><li class="sc_active"><span>Web</span></li><li><a href="/?scope=images&FORM=Z9LH" onclick="selectScope(this, 'images');" onmousedown="return si_T('&ID=SERP,5005.1')"><span>Imagens</span></a></li><li><a href="/explore?FORM=Z9LH1" onclick="selectScope(this, 'seeall');" onmousedown="return si_T('&ID=SERP,5006.1')"><span>Mais</span></a></li></ul></div><form action="/search" class="sw_box" id="sb_form" onsubmit="return si_T('&ID=FD,30.1');"><div class="sw_bd"><div class="sw_b"><input class="sw_qbox" id="sb_form_q" name="q" title="Introduzir o termo de pesquisa" type="text" value="" /><input class="sw_qbtn" id="sb_form_go" name="go" tabindex="0" title="Procurar" type="submit" value="" /></div></div><input name="form" type="hidden" value="QBLH" /><div class="sb_form_align"><div id="sc_mktb"><div><div id="sw_filt"><input checked="checked" id="nofilt" name="filt" type="radio" value="all" /><label for="nofilt">Mostrar tudo</label><input id="langfilt" name="filt" type="radio" value="lf" /><label for="langfilt">Só <a href="/settings.aspx?sh=5&ru=%2f">Português (Portugal)</a></label><input id="regionfilt" name="filt" type="radio" value="rf" /><label for="regionfilt">Apenas de Portugal</label></div></div></div></div></form></div></div><div id="bgDiv"></div><div id="sh_rdiv"><a href="?FORM=HYLH#" id="sh_igl" onmousedown="return si_T('&ID=SERP,5008.1')"><div class="sc_lightdis">◄</div></a><a href="?FORM=HYLH1#" id="sh_igr" onmousedown="return si_T('&ID=SERP,5007.1')"><div class="sc_lightdis">►</div></a><a id="sh_cp" href="javascript:void(0);" class="sc_light"><div>©</div><span><p>Painted Hills in John Day Fossil Beds National Monument near Wheeler County, Oregon -- Ken Hollis</p></span></a></div></div></div></div><div id="sb_foot"><ul id="sw_footL"><li><a href="http://g.live.com/9uxp9pt-pt/ftr1" onmousedown="return si_T('&ID=FD,33.1')">© 2011 Microsoft</a> | </li><li><a href="http://go.microsoft.com/fwlink/?LinkId=74170" onmousedown="return si_T('&ID=FD,35.1')">Privacidade</a> | </li><li><a href="http://g.msn.com/0TO_/ptpt" onmousedown="return si_T('&ID=FD,37.1')">Legal</a> | </li><li><a href="http://advertising.microsoft.com/brasil/bing-advertise" onmousedown="return si_T('&ID=FD,39.1')">Anunciar</a> | </li><li><a href="http://onlinehelp.microsoft.com/pt-PT/bing/ff808506.aspx" id="sb_help" target="_blank" onmousedown="return si_T('&ID=FD,41.1')">Ajuda</a> | </li><li><a href="https://feedback.live.com/default.aspx?locale=pt-PT&productkey=wlsearchweb&P1=dsathome&P2=&P3=0&P4=NOFORM&P5=6D53CA1F765741E48E595D8899B42EA1&P6=Osnabrueck, Niedersachsen&P9=52%2c275001525%2f8%2c064167022&P10=0&P11=&searchtype=Web+Search&optl1=1&backurl=http%3a%2f%2fwww.bing.com%2f%3fFORM%3dFEEDTU" id="sb_feedback" onmousedown="return si_T('&ID=FD,43.1')">Comentários</a></li></ul></div></div></td></tr><tr><td class="hpn_td"></td></tr></table><script type="text/javascript">//<![CDATA[
_G.BST=new Date
//]]></script><script type="text/javascript" src="/fd/sa/0807035841/PostContent.js"></script><script type="text/javascript">//<![CDATA[
sj_evt.fire("onHTML");
//]]></script><script type="text/javascript">//<![CDATA[
_scopeUrls['web']='/search?q=&FORM=BWLH'; _scopeUrls['images']='/images/search?q=&FORM=BILH'; _scopeUrls['seeall']='/explore?q=&FORM=ZZLH'; ;function fadeComplete(){_G.KPT=new Date;var a="className";if(!g_bgStyle.drk)_ge("hp_sw_content")[a]+=" lit";var b=_ge("pi");if(b)b[a]+=g_bgStyle.top;_ge("sc_hs1")&&sj_jb("Homepage2Hotspots_c")}sc_fadeCb=fadeComplete;g_bgStyle={drk:1,top:' sc_light',bot:' sc_light'};g_img={url:'/fd/hpk2/PaintedHills_ROW1629476077.jpg'};fadeComplete();;sj_evt.bind("onBgSet",function(){sj_jb("HPImgView")},1);
//]]></script><script type="text/javascript">//<![CDATA[
(function(){function a(){!_w.sb_ppCPL&&sb_st(function(){si_PP(new Date)},0)}var b=_w.onload||function(){};onload=function(c){_G.BPT=new Date;b(c);a()};_G.HT=new Date})()
//]]></script></body></html>
all done, Posting the scan results bellow, on a side note, i renamed a file i found in the drivers folder in system 32 ...and that did not get deleted
C:\WINDOWS\system32\drivers
hssd_BIGBADASSTHING 37kb Ficheiro de sistema 22-09-2010 21:19
(System file )
my guess...i should not have renamed it...(don't say it ..i was tired )
Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
AVG 2011
ZoneAlarm
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 24
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.2.153.1
Adobe Reader X
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````
C:\Documents and Settings\Greg\Ambiente de trabalho\Downloads\spnb4201.exe multiple threats
C:\Documents and Settings\Greg\Os meus documentos\Downloads\yascu.exe probably a variant of Win32/Genetik trojan
C:\FU_Backup\FU_Backup_2011-04-06\programas\hotspot shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application
C:\System Volume Information\_restore{F306CBA0-B8B7-4015-B057-55AF5A7A3A35}\RP274\A0075360.exe a variant of Win32/HotSpotShield application
C:\System Volume Information\_restore{F306CBA0-B8B7-4015-B057-55AF5A7A3A35}\RP345\A0114747.exe a variant of Win32/HotSpotShield application
C:\_OTL\MovedFiles\04072011_185142\C_Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-238-conduit2.exe a variant of Win32/HotSpotShield application
C:\_OTL\MovedFiles\04072011_185142\C_Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-238-conduit2[1].exe a variant of Win32/HotSpotShield application
C:\_OTL\MovedFiles\04072011_185142\C_Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-76-conduit.exe a variant of Win32/HotSpotShield application
C:\_OTL\MovedFiles\04072011_185142\C_Programas\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application
C:\WINDOWS\system32\drivers
hssd_BIGBADASSTHING 37kb Ficheiro de sistema 22-09-2010 21:19
(System file )
my guess...i should not have renamed it...(don't say it ..i was tired
)Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
AVG 2011
ZoneAlarm
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 24
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.2.153.1
Adobe Reader X
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````
C:\Documents and Settings\Greg\Ambiente de trabalho\Downloads\spnb4201.exe multiple threats
C:\Documents and Settings\Greg\Os meus documentos\Downloads\yascu.exe probably a variant of Win32/Genetik trojan
C:\FU_Backup\FU_Backup_2011-04-06\programas\hotspot shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application
C:\System Volume Information\_restore{F306CBA0-B8B7-4015-B057-55AF5A7A3A35}\RP274\A0075360.exe a variant of Win32/HotSpotShield application
C:\System Volume Information\_restore{F306CBA0-B8B7-4015-B057-55AF5A7A3A35}\RP345\A0114747.exe a variant of Win32/HotSpotShield application
C:\_OTL\MovedFiles\04072011_185142\C_Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-238-conduit2.exe a variant of Win32/HotSpotShield application
C:\_OTL\MovedFiles\04072011_185142\C_Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-238-conduit2[1].exe a variant of Win32/HotSpotShield application
C:\_OTL\MovedFiles\04072011_185142\C_Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-76-conduit.exe a variant of Win32/HotSpotShield application
C:\_OTL\MovedFiles\04072011_185142\C_Programas\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application
Broni
Posts: 56,041 +517
Uninstall Java(TM) 6 Update 22 .
Run OTL
====================================================================
Your computer is clean
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:
Run OTL
2. Now, we'll remove all tools, we used during our cleaning process
Clean up with OTL:
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
3. Make sure, Windows Updates are current.
4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
7. Run Temporary File Cleaner (TFC) weekly.
8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
10. Run defrag at your convenience.
11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
12. Please, let me know, how your computer is doing.
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code::OTL :Services :Reg :Files C:\Documents and Settings\Greg\Ambiente de trabalho\Downloads\spnb4201.exe C:\Documents and Settings\Greg\Os meus documentos\Downloads\yascu.exe C:\FU_Backup\FU_Backup_2011-04-06\programas\hotspot shield\bin\openvpnas.exe :Commands [purity] [emptytemp] [emptyflash] [Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
====================================================================
Your computer is clean
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post resulting log.
2. Now, we'll remove all tools, we used during our cleaning process
Clean up with OTL:
- Double-click OTL.exe to start the program.
- Close all other programs apart from OTL as this step will require a reboot
- On the OTL main screen, press the CLEANUP button
- Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
3. Make sure, Windows Updates are current.
4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
7. Run Temporary File Cleaner (TFC) weekly.
8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
10. Run defrag at your convenience.
11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
12. Please, let me know, how your computer is doing.
and there we are with a MR Clean logo
and here the scans...hmm let me see if i get'em in the proper order O.o
All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Fofinha
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Greg
->Temp folder emptied: 753168 bytes
->Temporary Internet Files folder emptied: 62211 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17798240 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: WORK
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 739 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 18,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: Fofinha
->Flash cache emptied: 0 bytes
User: Greg
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: WORK
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
OTL by OldTimer - Version 3.2.22.3 log created on 04072011_221524
Files\Folders moved on Reboot...
C:\Documents and Settings\Greg\Definições locais\Temp\~DF925A.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT06363.TMP not found!
Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Fofinha
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Greg
->Temp folder emptied: 753168 bytes
->Temporary Internet Files folder emptied: 62211 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17798240 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: WORK
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 739 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 18,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: Fofinha
->Flash cache emptied: 0 bytes
User: Greg
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: WORK
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
OTL by OldTimer - Version 3.2.22.3 log created on 04072011_221524
Files\Folders moved on Reboot...
C:\Documents and Settings\Greg\Definições locais\Temp\~DF925A.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT06363.TMP not found!
Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Greg\Ambiente de trabalho\Downloads\spnb4201.exe moved successfully.
C:\Documents and Settings\Greg\Os meus documentos\Downloads\yascu.exe moved successfully.
C:\FU_Backup\FU_Backup_2011-04-06\programas\hotspot shield\bin\openvpnas.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Fofinha
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Greg
->Temp folder emptied: 994323 bytes
->Temporary Internet Files folder emptied: 12824414 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39028476 bytes
->Flash cache emptied: 456 bytes
User: LocalService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: WORK
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17123 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 50,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: Fofinha
->Flash cache emptied: 0 bytes
User: Greg
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: WORK
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04072011_220622
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Greg\Definições locais\Temp\~DF2381.tmp not found!
File\Folder C:\Documents and Settings\Greg\Definições locais\Temp\~DF2399.tmp not found!
File\Folder C:\Documents and Settings\Greg\Definições locais\Temp\~DF23DF.tmp not found!
File\Folder C:\Documents and Settings\Greg\Definições locais\Temp\~DF23EF.tmp not found!
C:\Documents and Settings\Greg\Definições locais\Temp\~DF2C0.tmp moved successfully.
C:\Documents and Settings\Greg\Definições locais\Temporary Internet Files\Content.IE5\Q1L0WN75\7407185e[1].txt moved successfully.
C:\Documents and Settings\Greg\Definições locais\Temporary Internet Files\Content.IE5\7GF1TI3A\online-scanner[1].htm moved successfully.
File\Folder C:\Documents and Settings\LocalService\Definições locais\Temp\Perflib_Perfdata_5e8.dat not found!
File\Folder C:\WINDOWS\temp\ZLT0014b.TMP not found!
Registry entries deleted on Reboot...
then cleaned house, wiped the screen of all the snot and tears, moped the blood from the floor, and managed to clear a way out of my office, by pushing all the old empty beer bottles and coffee cups to the side...
did the rest of the stuff but theres some kind of bug goinn on with the Secunia, it wont open the program window, all tho i see a logo doinn a scan.
thx a million, i cannot thank you guys enough
now about my wifes computer... that i live for tomorrow lol
and here the scans...hmm let me see if i get'em in the proper order O.o
All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Fofinha
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Greg
->Temp folder emptied: 753168 bytes
->Temporary Internet Files folder emptied: 62211 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17798240 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: WORK
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 739 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 18,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: Fofinha
->Flash cache emptied: 0 bytes
User: Greg
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: WORK
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
OTL by OldTimer - Version 3.2.22.3 log created on 04072011_221524
Files\Folders moved on Reboot...
C:\Documents and Settings\Greg\Definições locais\Temp\~DF925A.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT06363.TMP not found!
Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Fofinha
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Greg
->Temp folder emptied: 753168 bytes
->Temporary Internet Files folder emptied: 62211 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17798240 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: WORK
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 739 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 18,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: Fofinha
->Flash cache emptied: 0 bytes
User: Greg
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: WORK
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
OTL by OldTimer - Version 3.2.22.3 log created on 04072011_221524
Files\Folders moved on Reboot...
C:\Documents and Settings\Greg\Definições locais\Temp\~DF925A.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT06363.TMP not found!
Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Greg\Ambiente de trabalho\Downloads\spnb4201.exe moved successfully.
C:\Documents and Settings\Greg\Os meus documentos\Downloads\yascu.exe moved successfully.
C:\FU_Backup\FU_Backup_2011-04-06\programas\hotspot shield\bin\openvpnas.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Fofinha
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Greg
->Temp folder emptied: 994323 bytes
->Temporary Internet Files folder emptied: 12824414 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39028476 bytes
->Flash cache emptied: 456 bytes
User: LocalService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: WORK
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17123 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 50,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: Fofinha
->Flash cache emptied: 0 bytes
User: Greg
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: WORK
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04072011_220622
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Greg\Definições locais\Temp\~DF2381.tmp not found!
File\Folder C:\Documents and Settings\Greg\Definições locais\Temp\~DF2399.tmp not found!
File\Folder C:\Documents and Settings\Greg\Definições locais\Temp\~DF23DF.tmp not found!
File\Folder C:\Documents and Settings\Greg\Definições locais\Temp\~DF23EF.tmp not found!
C:\Documents and Settings\Greg\Definições locais\Temp\~DF2C0.tmp moved successfully.
C:\Documents and Settings\Greg\Definições locais\Temporary Internet Files\Content.IE5\Q1L0WN75\7407185e[1].txt moved successfully.
C:\Documents and Settings\Greg\Definições locais\Temporary Internet Files\Content.IE5\7GF1TI3A\online-scanner[1].htm moved successfully.
File\Folder C:\Documents and Settings\LocalService\Definições locais\Temp\Perflib_Perfdata_5e8.dat not found!
File\Folder C:\WINDOWS\temp\ZLT0014b.TMP not found!
Registry entries deleted on Reboot...
then cleaned house, wiped the screen of all the snot and tears, moped the blood from the floor, and managed to clear a way out of my office, by pushing all the old empty beer bottles and coffee cups to the side...
did the rest of the stuff but theres some kind of bug goinn on with the Secunia, it wont open the program window, all tho i see a logo doinn a scan.
thx a million, i cannot thank you guys enough
now about my wifes computer...
that i live for tomorrow lol
Broni
Posts: 56,041 +517
Way to go!!
Good luck and stay safe
Regarding Secunia, see this topic: http://www.bleepingcomputer.com/forums/topic345490.html/page__p__1921543#entry1921543
Good luck and stay safe
Regarding Secunia, see this topic: http://www.bleepingcomputer.com/forums/topic345490.html/page__p__1921543#entry1921543
thx dude..i really cannot thank you enough, that "thing" was eating me alive. and my knowledge of internals is VERY limited. I'm an old bag hehe
ill check that thread in a sec,
I still have some headaches, with my wifes machine, she had no hotspot there...i think..but somehow the other came up positive on the Koobface as well with 2 hits with malwerebytes
Tried to run that online scan, but did not work
But i need a rest been at it really for over 36h now just looking a t scans an stuff , be great if you could land a hand tomorrow.
should i open a new thread or just use this one?
anyway , thanks a bunch
I.O.U.
Greg
I'm an old bag heheill check that thread in a sec,
I still have some headaches, with my wifes machine, she had no hotspot there...i think..but somehow the other came up positive on the Koobface as well with 2 hits with malwerebytes
Tried to run that online scan, but did not work
But i need a rest been at it really for over 36h now just looking a t scans an stuff , be great if you could land a hand tomorrow.
should i open a new thread or just use this one?
anyway , thanks a bunch
I.O.U.
Greg
Latest posts
-
Microsoft and EU set to end Teams antitrust clash on friendly terms- Burty117 replied
-
Stellar Blade hits PC on June 11 with modest system requirements- godrilla replied
