Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ad.firstadsolution.com pop

Started by jtotoro , Dec 06 2006 12:47 PM

  • Please log in to reply

#1
jtotoro
Posted 06 December 2006 - 12:47 PM

jtotoro

    New Member

  • Member
  • Pip
  • 4 posts
I've made the mistake of recently installing the Bitroll software.

Now i have this ad.firstadsolution.com opening everytime i open firefox or ie.

Thanks in advance.

hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 16:44:07, on 6/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\ARQUIV~2\Grisoft\AVGFRE~1\avgamsvr.exe
D:\ARQUIV~2\Grisoft\AVGFRE~1\avgcc.exe
D:\WINDOWS\system32\devldr32.exe
D:\ARQUIV~2\Grisoft\AVGFRE~1\avgupsvc.exe
D:\ARQUIV~2\Grisoft\AVGFRE~1\avgemc.exe
D:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe
D:\Arquivos de programas\DAEMON Tools\daemon.exe
D:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
D:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
D:\Arquivos de programas\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\UAService7.exe
d:\arquiv~2\intern~1\iexplore.exe
D:\Arquivos de programas\Internet Explorer\iexplore.exe
D:\Arquivos de programas\iPod\bin\iPodService.exe
D:\Arquivos de programas\Mozilla Firefox\firefox.exe
D:\Arquivos de programas\FlashGet\flashget.exe
D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
D:\Download\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\ARQUIV~2\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\ARQUIV~2\FlashGet\jccatch.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\ARQUIV~2\FlashGet\fgiebar.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\ARQUIV~2\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [AVG7_CC] D:\ARQUIV~2\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "D:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "D:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AudioDeck] D:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Extra Mail Anti Dash] D:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\gpl stupid extra mail\INTERNET TRANS.exe
O4 - HKCU\..\Run: [BitComet] "D:\Arquivos de programas\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [city ooze] D:\DOCUME~1\CARBON~1\DADOSD~1\PEAKGR~1\poke grey.exe
O8 - Extra context menu item: Download All by FlashGet - D:\Arquivos de programas\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Arquivos de programas\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ARQUIV~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\ARQUIV~2\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\ARQUIV~2\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DA341B0-D593-44E5-AA74-001BD2BF59FB}: NameServer = 200.149.55.140 200.165.132.147
O17 - HKLM\System\CS2\Services\Tcpip\..\{0DA341B0-D593-44E5-AA74-001BD2BF59FB}: NameServer = 200.149.55.140 200.165.132.147
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~2\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~2\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~2\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\ARQUIV~2\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\ARQUIV~2\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\ARQUIV~2\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - D:\WINDOWS\system32\UAService7.exe

Activescan log

Incident Status Location

Potentially unwanted tool:application/seekmo Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}

hijackthis unistall list

µTorrent
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Só remoção)
Adobe Reader 7.0.7
Album List for Winamp v2.06 (remove only)
Apple Software Update
Atualização de Segurança para o Windows Media Player (KB911564)
Atualização de Segurança para o Windows Media Player 10 (KB917734)
Atualização de Segurança para Windows XP (KB890046)
Atualização de Segurança para Windows XP (KB893756)
Atualização de Segurança para Windows XP (KB896358)
Atualização de Segurança para Windows XP (KB896422)
Atualização de Segurança para Windows XP (KB896423)
Atualização de Segurança para Windows XP (KB896424)
Atualização de Segurança para Windows XP (KB896428)
Atualização de Segurança para Windows XP (KB899587)
Atualização de Segurança para Windows XP (KB899589)
Atualização de Segurança para Windows XP (KB899591)
Atualização de Segurança para Windows XP (KB900725)
Atualização de Segurança para Windows XP (KB901017)
Atualização de Segurança para Windows XP (KB901190)
Atualização de Segurança para Windows XP (KB901214)
Atualização de Segurança para Windows XP (KB902400)
Atualização de Segurança para Windows XP (KB904706)
Atualização de Segurança para Windows XP (KB905414)
Atualização de Segurança para Windows XP (KB905749)
Atualização de Segurança para Windows XP (KB905915)
Atualização de Segurança para Windows XP (KB908519)
Atualização de Segurança para Windows XP (KB908531)
Atualização de Segurança para Windows XP (KB911280)
Atualização de Segurança para Windows XP (KB911562)
Atualização de Segurança para Windows XP (KB911567)
Atualização de Segurança para Windows XP (KB911927)
Atualização de Segurança para Windows XP (KB912812)
Atualização de Segurança para Windows XP (KB912919)
Atualização de Segurança para Windows XP (KB913446)
Atualização de Segurança para Windows XP (KB913580)
Atualização de Segurança para Windows XP (KB914388)
Atualização de Segurança para Windows XP (KB914389)
Atualização de Segurança para Windows XP (KB916281)
Atualização de Segurança para Windows XP (KB917159)
Atualização de Segurança para Windows XP (KB917344)
Atualização de Segurança para Windows XP (KB917422)
Atualização de Segurança para Windows XP (KB917953)
Atualização de Segurança para Windows XP (KB918439)
Atualização de Segurança para Windows XP (KB918899)
Atualização de Segurança para Windows XP (KB919007)
Atualização de Segurança para Windows XP (KB920214)
Atualização de Segurança para Windows XP (KB920670)
Atualização de Segurança para Windows XP (KB920683)
Atualização de Segurança para Windows XP (KB920685)
Atualização de Segurança para Windows XP (KB921398)
Atualização de Segurança para Windows XP (KB921883)
Atualização de Segurança para Windows XP (KB922616)
Atualização para Windows XP (KB894391)
Atualização para Windows XP (KB898461)
Atualização para Windows XP (KB900485)
Atualização para Windows XP (KB910437)
Atualização para Windows XP (KB916595)
Atualização para Windows XP (KB920872)
Atualização para Windows XP (KB922582)
AVG Free Edition
CEP v1.52
Championship Manager 2006
CloneCD
CopyToDVD 4
DivX
DVD Shrink 3.2
eMule
FireBurner
FlashGet(JetCar)
FLV Player 1.3.3
FM Scout
Freeciv 1.14.0
Google Earth
HijackThis 1.99.1
iPod for Windows 2006-03-23
IrfanView (remove only)
iScrobbler
iTunes
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
jetCast - Winamp DSP plugin
Kazaa Lite Resurrection 0.0.8
Macromedia Flash Player 8
MAME32k (remove only)
Megaupload Toolbar
Microsoft Office Excel Viewer 2003
Microsoft Office Professional Edition 2003
mIRC
Mozilla Firefox (2.0)
Nero 7 Demo
NSRCG
NVIDIA Drivers
Panda ActiveScan
PowerDVD
QuickTime
Real Alternative 1.49
RealPlayer
SHOUTcast DNAS (remove only)
SHOUTcast Source DSP 1.9.0 (remove only)
Skype 2.5
SopCast 1.0.1
SoulSeek Client 156c
Spybot - Search & Destroy 1.4
Star Wars™: Knights of the Old Republic ™
Subtitle Workshop 2.51
VDMSound
VIA Platform Device Manager
VideoLAN VLC media player 0.8.4a
VobSub v2.23 (Remove Only)
Winamp (remove only)
Windows Driver Package - MSN (usbccgp) USB (04/19/2006 1.1.0.2)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
XviD 1.1 final uninstall
  • 0

Advertisements

#2
MFDnSC
Posted 06 December 2006 - 04:25 PM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Please Download NoLop to your desktop from

http://www.thespykil...tpmod;dl=item16

First close any other programs you have running as this will require a reboot
· Double click NoLop.exe to run it
· Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
· When scanning is finished you will be prompted to reboot only if infected, Click OK
· Now click the "REBOOT" Button.
· A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
  • 0

#3
jtotoro
Posted 06 December 2006 - 05:25 PM

jtotoro

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I have done what was asked.

The problem still remains.

NoLop log

NoLop! Log by Skate_Punk_21

Fix running from: D:\Documents and Settings\Carbonelli
[6/12/2006]
[21:17:24]

---Infection Files Found/Removed---
D:\WINDOWS\tasks\A6FD0C9790DA8167.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 21:25:34, on 6/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\ARQUIV~2\Grisoft\AVGFRE~1\avgamsvr.exe
D:\ARQUIV~2\Grisoft\AVGFRE~1\avgupsvc.exe
D:\ARQUIV~2\Grisoft\AVGFRE~1\avgemc.exe
D:\WINDOWS\system32\UAService7.exe
D:\ARQUIV~2\Grisoft\AVGFRE~1\avgcc.exe
D:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe
D:\Arquivos de programas\DAEMON Tools\daemon.exe
D:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
D:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
D:\Arquivos de programas\iTunes\iTunesHelper.exe
D:\Arquivos de programas\Internet Explorer\iexplore.exe
d:\arquiv~2\intern~1\iexplore.exe
D:\Arquivos de programas\iPod\bin\iPodService.exe
D:\WINDOWS\system32\devldr32.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Arquivos de programas\Mozilla Firefox\firefox.exe
D:\Arquivos de programas\FlashGet\flashget.exe
D:\Arquivos de programas\Outlook Express\msimn.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Download\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\ARQUIV~2\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\ARQUIV~2\FlashGet\jccatch.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\ARQUIV~2\FlashGet\fgiebar.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\ARQUIV~2\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [AVG7_CC] D:\ARQUIV~2\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "D:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "D:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AudioDeck] D:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Extra Mail Anti Dash] D:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\gpl stupid extra mail\INTERNET TRANS.exe
O4 - HKCU\..\Run: [BitComet] "D:\Arquivos de programas\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [city ooze] D:\DOCUME~1\CARBON~1\DADOSD~1\PEAKGR~1\poke grey.exe
O8 - Extra context menu item: Download All by FlashGet - D:\Arquivos de programas\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Arquivos de programas\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ARQUIV~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\ARQUIV~2\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\ARQUIV~2\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DA341B0-D593-44E5-AA74-001BD2BF59FB}: NameServer = 200.149.55.140 200.165.132.147
O17 - HKLM\System\CS2\Services\Tcpip\..\{0DA341B0-D593-44E5-AA74-001BD2BF59FB}: NameServer = 200.149.55.140 200.165.132.147
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~2\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~2\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~2\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\ARQUIV~2\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\ARQUIV~2\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\ARQUIV~2\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - D:\WINDOWS\system32\UAService7.exe
  • 0

#4
MFDnSC
Posted 06 December 2006 - 07:11 PM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O4 - HKLM\..\Run: [Extra Mail Anti Dash] D:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\gpl stupid extra mail\INTERNET TRANS.exe

O4 - HKCU\..\Run: [city ooze] D:\DOCUME~1\CARBON~1\DADOSD~1\PEAKGR~1\poke grey.exe

DownLoad http://www.downloads...org/KillBox.zip or
http://www.thespykil...les/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

D:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\gpl stupid extra mail
D:\DOCUME~1\CARBON~1\DADOSD~1\PEAKGR~1


Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot

Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop. Note: This is NOT the Anti Virus from AVG.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.
1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
o Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
o Select "Automatically generate report after every scan"
o Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
4. AVG will now begin the scanning process. Please be patient as this may take a little time.
Once the scan is complete, do the following:
5. If you have any infections you will be prompted. Then select "Apply all actions."
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the log from AVG and a new HiJack log


Please give feedback on what worked/didn’t work and the current status of your system
  • 0

#5
jtotoro
Posted 07 December 2006 - 08:48 AM

jtotoro

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I have done everything you asked. I think the problem is gone now ! Thank you very much.

hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 12:46:50, on 7/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\ARQUIV~2\Grisoft\AVGFRE~1\avgcc.exe
D:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe
D:\Arquivos de programas\DAEMON Tools\daemon.exe
D:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
D:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
D:\Arquivos de programas\iTunes\iTunesHelper.exe
D:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\system32\devldr32.exe
D:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\ARQUIV~2\Grisoft\AVGFRE~1\avgamsvr.exe
D:\ARQUIV~2\Grisoft\AVGFRE~1\avgupsvc.exe
D:\ARQUIV~2\Grisoft\AVGFRE~1\avgemc.exe
D:\WINDOWS\system32\UAService7.exe
D:\Arquivos de programas\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Download\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\ARQUIV~2\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\ARQUIV~2\FlashGet\jccatch.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\ARQUIV~2\FlashGet\fgiebar.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\ARQUIV~2\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [AVG7_CC] D:\ARQUIV~2\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "D:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "D:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AudioDeck] D:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BitComet] "D:\Arquivos de programas\BitComet\BitComet.exe"
O8 - Extra context menu item: Download All by FlashGet - D:\Arquivos de programas\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Arquivos de programas\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ARQUIV~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\ARQUIV~2\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\ARQUIV~2\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DA341B0-D593-44E5-AA74-001BD2BF59FB}: NameServer = 200.149.55.140 200.165.132.147
O17 - HKLM\System\CS2\Services\Tcpip\..\{0DA341B0-D593-44E5-AA74-001BD2BF59FB}: NameServer = 200.149.55.140 200.165.132.147
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~2\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~2\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~2\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\ARQUIV~2\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\ARQUIV~2\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\ARQUIV~2\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - D:\WINDOWS\system32\UAService7.exe

AVG Anti-spyware report
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:40:03 7/12/2006

+ Scan result:



HKU\S-1-5-21-1078081533-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : No action taken.
D:\My Deliveries\hentai\Complete Bondage Fairies\New Bondage Fairies\Volume 11\BondageFairies-NewBondageFairies_Vol11_17.jpg.bc! -> Adware.WhenU.a : No action taken.
D:\Documents and Settings\Carbonelli\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.157:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.158:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.23:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.24:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.25:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.38:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.39:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.45:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.46:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.84:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.86:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.87:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.134:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
D:\Documents and Settings\Carbonelli\Cookies\carbonelli@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.171:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.172:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.132:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.33:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.34:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.35:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.36:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.37:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
D:\Documents and Settings\Carbonelli\Cookies\carbonelli@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.42:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.43:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.44:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
D:\Documents and Settings\Carbonelli\Cookies\[email protected][2].txt -> TrackingCookie.Lop : No action taken.
:mozilla.257:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.135:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.136:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.137:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.138:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
D:\Documents and Settings\Carbonelli\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.53:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.151:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.152:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.153:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
D:\Documents and Settings\Carbonelli\Cookies\carbonelli@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.276:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.277:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.278:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.123:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.139:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.48:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.49:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.50:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.51:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.52:D:\Documents and Settings\Carbonelli\Dados de aplicativos\Mozilla\Firefox\Profiles\ilghv5w9.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
D:\Documents and Settings\Carbonelli\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end
  • 0

#6
MFDnSC
Posted 07 December 2006 - 03:24 PM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Clean Posted Image

Turn off restore points, boot, turn them back on – here’s how

http://service1.syma...src=sec_doc_nam
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP