Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

My desktop's been taking over, please help.

Started by Kazzus , Nov 20 2005 06:19 AM

  • This topic is locked This topic is locked
20 replies to this topic

#1 Kazzus

Kazzus

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 20 November 2005 - 06:19 AM

My desktop got changed to a message telling me I have spyware and I can't change it back. Can anyone tell me what to do to get rid of it?

Logfile of HijackThis v1.99.1
Scan saved at 10:17:42, on 20/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
D:\bkup\Caio\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O17 - HKLM\System\CCS\Services\Tcpip\..\{44F73720-BDBE-4751-B84C-5BA8DD33EAB0}: NameServer = 200.204.0.10 200.204.0.138
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    Advertisements

Register to Remove

#2 Kazzus

Kazzus

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 20 November 2005 - 06:32 AM

Err, taken over, sorry. :P

#3 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 20 November 2005 - 06:47 AM

Hello Kazzus, Welcome to the forum.

This is what I suggest you do.


Please do not delete anything unless instructed to.



Download CWShredder from my signature below. Unzip it on the desktop.
Open CWShredder and with ALL other windows closed, click fix.


Go here and run at least one of the online scans, allow them to delete whatever they find:

TrendMicro HouseCall
eTrust AntiVirus Web Scanner
Panda ActiveScan
Note any thing that can't be fixed
Reboot when done.

Next:

Even if you've already run these, make SURE they're up-to-date and run per instructions.

Make sure you have the up-to-date versions of Spybot V 1.4 and Ad-aware SE Build 1.06 . All are free and available below.

Download Spybot, install and update. Then download Ad-aware, install, and update.

Spybot:

Install the program and launch it.

Go to Start > Programs >Spybot > Search & Destroy and choose Spybot S&D

Close ALL windows except Spybot S&D
Click the button to "Search for Updates" and download and install the Updates.
Next click the button "Check for Problems"
When Spybot is complete, it will be showing "RED" (RED) entries "BLACK" entries and "GREEN" (GREEN) entries in the window
Put a check mark beside the RED (RED) entries ONLY.
Choose "Fix Selected Problems" and allow Spybot to fix the RED (RED) entries.

Ad-Aware FULL SCAN:

Install the program and launch it.

1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon > Click connect > Click OK > Click Finish.)
2. Set up the Configurations as follows:
-- Click the Gear wheel at the top of the Ad-Aware window
-- Click General > Safety & Settings: Check (Green) all three.
-- Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3. Click "Proceed"
4. Click "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to each "target family" you wish to remove.
11. Click next > Click OK.



Empty Recycle Bin

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#4 Kazzus

Kazzus

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 20 November 2005 - 08:33 AM

Ok, I did all of that, but the desktop is still the same. Those sites couldn't fix some stuff called TROJ_AGENT.GC and TROJ_ANICMOO.Q. Spybot didn't find anything. This is the new log.

Logfile of HijackThis v1.99.1
Scan saved at 12:32:17, on 20/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
D:\bkup\Caio\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44F73720-BDBE-4751-B84C-5BA8DD33EAB0}: NameServer = 200.204.0.10 200.204.0.138
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

#5 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 20 November 2005 - 08:51 AM

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan.


Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#6 Kazzus

Kazzus

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 20 November 2005 - 02:47 PM

Ok, I did that but the message is still there. Here are the logs. The Ewido Security Suite one is in spanish for some reason, though, but I guess you can still read it.

---------------------------------------------------------
ewido security suite - Relatório de verificação
---------------------------------------------------------

+ Criado em: 18:27:04, 20/11/2005
+ Relatório-Checksum: BD7CBDD0

+ Resultado da verificação:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Limpo com backup
HKLM\SOFTWARE\Classes\GoIEHlp.IEHlprObj\CLSID\\ -> Spyware.GoZilla : Limpo com backup
HKLM\SOFTWARE\Classes\GoIEHlp.IEHlprObj.1\CLSID\\ -> Spyware.GoZilla : Limpo com backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Limpo com backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Limpo com backup
[232] C:\WINDOWS\system32\msupdate32.dll -> TrojanDownloader.Agent.aab : Limpo com backup
C:\WINDOWS\system32\mspostsp.exe -> Trojan.Inject.i : Limpo com backup
C:\WINDOWS\system32\nakbjagb.dll -> TrojanProxy.Wopla.m : Limpo com backup
C:\WINDOWS\system32\fdqdagcb.dll -> TrojanProxy.Wopla.m : Limpo com backup
C:\WINDOWS\system32\msupdate32.dll -> TrojanDownloader.Agent.aab : Limpo com backup
C:\WINDOWS\c98zysui.exe -> TrojanDownloader.Small.bws : Limpo com backup
C:\WINDOWS\kl.exe -> TrojanDropper.Agent.abo : Limpo com backup
C:\WINDOWS\tool3.exe -> TrojanDownloader.Small.bwr : Limpo com backup
C:\WINDOWS\hosts -> Trojan.Qhost.el : Limpo com backup
C:\WINDOWS\tool4.exe -> TrojanDropper.Agent.abu : Limpo com backup
C:\Documents and Settings\micro\Configurações locais\Temp\Cookies\micro@com[2].txt -> Spyware.Cookie.Com : Limpo com backup
C:\Documents and Settings\micro\Configurações locais\Temp\Cookies\micro@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Limpo com backup
C:\Documents and Settings\micro\Configurações locais\Temp\Cookies\micro@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Limpo com backup
C:\Documents and Settings\micro\Configurações locais\Temp\Cookies\micro@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Limpo com backup
C:\Documents and Settings\micro\Configurações locais\Temp\Cookies\micro@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Limpo com backup
C:\Documents and Settings\micro\Configurações locais\Temp\Cookies\micro@burstnet[2].txt -> Spyware.Cookie.Burstnet : Limpo com backup
C:\Documents and Settings\micro\Configurações locais\Temp\backups\backup-20051120-002942-792.dll -> TrojanDownloader.Small : Limpo com backup
C:\Documents and Settings\micro\Configurações locais\Temporary Internet Files\Content.IE5\KHUJKDQB\kl[2].txt -> TrojanDropper.Agent.abo : Limpo com backup
C:\Documents and Settings\micro\Configurações locais\Temporary Internet Files\Content.IE5\KHUJKDQB\loadadv541[1].exe -> TrojanDownloader.Small.bws : Limpo com backup
C:\Documents and Settings\micro\Configurações locais\Temporary Internet Files\Content.IE5\OQTXX23I\tool2[2].txt -> Not-A-Virus.Hoax.Renos.z : Limpo com backup
C:\Documents and Settings\micro\Configurações locais\Temporary Internet Files\Content.IE5\VM8RV545\tool4[1].txt -> TrojanDropper.Agent.abu : Limpo com backup
C:\Documents and Settings\micro\Configurações locais\Temporary Internet Files\Content.IE5\VM8RV545\mm[2].js -> Spyware.Chitika : Limpo com backup
C:\Documents and Settings\micro\Configurações locais\Temporary Internet Files\Content.IE5\G3TB223D\tool3[1].txt -> TrojanDownloader.Small.bwr : Limpo com backup
C:\Documents and Settings\micro\Configurações locais\Temporary Internet Files\Content.IE5\MV4FB4HS\hosts[1].txt -> Trojan.Qhost.el : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@com[2].txt -> Spyware.Cookie.Com : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@paypopup[2].txt -> Spyware.Cookie.Paypopup : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@burstnet[1].txt -> Spyware.Cookie.Burstnet : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@112.2o7[2].txt -> Spyware.Cookie.2o7 : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@news.com[1].txt -> Spyware.Cookie.Com : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@ehealthcaresolutions.122.2o7[2].txt -> Spyware.Cookie.2o7 : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@ads.com[1].txt -> Spyware.Cookie.Com : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@www.adbrite[1].txt -> Spyware.Cookie.Adbrite : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@shopathomeselect[2].txt -> Spyware.Cookie.Shopathomeselect : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@cz8.clickzs[2].txt -> Spyware.Cookie.Clickzs : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@beta.news.com[2].txt -> Spyware.Cookie.Com : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@e-2dj6wfkykgajwao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@cnn.122.2o7[1].txt -> Spyware.Cookie.2o7 : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@e-2dj6wjlyqnczaco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@com[3].txt -> Spyware.Cookie.Com : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@paypopup[1].txt -> Spyware.Cookie.Paypopup : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@burstnet[3].txt -> Spyware.Cookie.Burstnet : Limpo com backup
C:\Documents and Settings\micro\Cookies\micro@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Limpo com backup
:mozilla.40:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Doubleclick : Limpo com backup
:mozilla.41:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Advertising : Limpo com backup
:mozilla.42:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.2o7 : Limpo com backup
:mozilla.43:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.2o7 : Limpo com backup
:mozilla.44:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Advertising : Limpo com backup
:mozilla.45:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Advertising : Limpo com backup
:mozilla.46:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Advertising : Limpo com backup
:mozilla.51:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Questionmarket : Limpo com backup
:mozilla.58:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Falkag : Limpo com backup
:mozilla.61:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Casalemedia : Limpo com backup
:mozilla.74:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Limpo com backup
:mozilla.75:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Limpo com backup
:mozilla.76:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Limpo com backup
:mozilla.77:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Limpo com backup
:mozilla.78:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Limpo com backup
:mozilla.79:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Statcounter : Limpo com backup
:mozilla.80:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Limpo com backup
:mozilla.109:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.110:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.111:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.112:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.118:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Qksrv : Limpo com backup
:mozilla.119:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Qksrv : Limpo com backup
:mozilla.135:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Liveperson : Limpo com backup
:mozilla.141:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.142:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.143:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.153:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.170:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Statcounter : Limpo com backup
:mozilla.171:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Statcounter : Limpo com backup
:mozilla.172:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Statcounter : Limpo com backup
:mozilla.173:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Statcounter : Limpo com backup
:mozilla.174:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Statcounter : Limpo com backup
:mozilla.175:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Statcounter : Limpo com backup
:mozilla.176:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Statcounter : Limpo com backup
:mozilla.177:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Statcounter : Limpo com backup
:mozilla.178:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Statcounter : Limpo com backup
:mozilla.179:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Statcounter : Limpo com backup
:mozilla.180:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Statcounter : Limpo com backup
:mozilla.181:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Statcounter : Limpo com backup
:mozilla.182:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Statcounter : Limpo com backup
:mozilla.183:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Statcounter : Limpo com backup
:mozilla.184:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Statcounter : Limpo com backup
:mozilla.185:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Statcounter : Limpo com backup
:mozilla.186:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Statcounter : Limpo com backup
:mozilla.187:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Statcounter : Limpo com backup
:mozilla.188:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Statcounter : Limpo com backup
:mozilla.196:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Valuead : Limpo com backup
:mozilla.204:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Shopathomeselect : Limpo com backup
:mozilla.214:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Valuead : Limpo com backup
:mozilla.215:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Shopathomeselect : Limpo com backup
:mozilla.216:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Shopathomeselect : Limpo com backup
:mozilla.220:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.222:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Valuead : Limpo com backup
:mozilla.228:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Valuead : Limpo com backup
:mozilla.229:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Valuead : Limpo com backup
:mozilla.232:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Valueclick : Limpo com backup
:mozilla.236:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Coremetrics : Limpo com backup
:mozilla.241:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Shopathomeselect : Limpo com backup
:mozilla.242:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Revenue : Limpo com backup
:mozilla.253:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.257:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Valueclick : Limpo com backup
:mozilla.260:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.261:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.262:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.274:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Overture : Limpo com backup
:mozilla.275:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Fastclick : Limpo com backup
:mozilla.298:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Ne : Limpo com backup
:mozilla.313:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Serving-sys : Limpo com backup
:mozilla.314:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Serving-sys : Limpo com backup
:mozilla.315:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Serving-sys : Limpo com backup
:mozilla.316:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Serving-sys : Limpo com backup
:mozilla.317:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Serving-sys : Limpo com backup
:mozilla.345:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Targetnet : Limpo com backup
:mozilla.346:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.378:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.380:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.384:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.385:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Specificclick : Limpo com backup
:mozilla.391:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.394:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.411:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.447:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Limpo com backup
:mozilla.454:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Burstnet : Limpo com backup
:mozilla.456:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Com : Limpo com backup
:mozilla.457:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Com : Limpo com backup
:mozilla.458:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Com : Limpo com backup
:mozilla.459:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Com : Limpo com backup
:mozilla.460:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Com : Limpo com backup
:mozilla.496:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Realtracker : Limpo com backup
:mozilla.497:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Realtracker : Limpo com backup
:mozilla.500:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.504:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Limpo com backup
:mozilla.509:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Adjuggler : Limpo com backup
:mozilla.531:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.534:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.553:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.571:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.573:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.579:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Smartadserver : Limpo com backup
:mozilla.583:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.588:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Liveperson : Limpo com backup
:mozilla.589:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Liveperson : Limpo com backup
:mozilla.606:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Serving-sys : Limpo com backup
:mozilla.611:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.613:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Spylog : Limpo com backup
:mozilla.615:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Comclick : Limpo com backup
:mozilla.616:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Comclick : Limpo com backup
:mozilla.617:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Comclick : Limpo com backup
:mozilla.619:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.2o7 : Limpo com backup
:mozilla.639:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Trafic : Limpo com backup
:mozilla.640:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Sitestat : Limpo com backup
:mozilla.641:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Sitestat : Limpo com backup
:mozilla.646:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Liveperson : Limpo com backup
:mozilla.705:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.706:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.717:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.734:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.735:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.736:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Pointroll : Limpo com backup
:mozilla.737:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Pointroll : Limpo com backup
:mozilla.738:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Pointroll : Limpo com backup
:mozilla.739:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Pointroll : Limpo com backup
:mozilla.793:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.794:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.795:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.796:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.797:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Hitbox : Limpo com backup
:mozilla.807:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Adserver : Limpo com backup
:mozilla.808:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Adserver : Limpo com backup
:mozilla.809:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Adserver : Limpo com backup
:mozilla.810:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Adserver : Limpo com backup
:mozilla.812:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Adserver : Limpo com backup
:mozilla.813:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Adserver : Limpo com backup
:mozilla.821:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Mediaplex : Limpo com backup
:mozilla.822:C:\Documents and Settings\micro\Dados de aplicativos\Netscape\NSB\Profiles\36o5yodb.default\cookies.txt -> Spyware.Cookie.Mediaplex : Limpo com backup
C:\Arquivos de programas\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Limpo com backup
C:\System Volume Information\_restore{05944C15-804A-4911-A390-4C32BA4C6E01}\RP145\A0022192.dll -> Spyware.WildTangent : Limpo com backup
C:\System Volume Information\_restore{05944C15-804A-4911-A390-4C32BA4C6E01}\RP145\A0022203.dll -> Spyware.WildTangent : Limpo com backup
C:\System Volume Information\_restore{05944C15-804A-4911-A390-4C32BA4C6E01}\RP145\A0022262.exe -> Not-A-Virus.Hoax.Renos.z : Limpo com backup
C:\System Volume Information\_restore{05944C15-804A-4911-A390-4C32BA4C6E01}\RP145\A0022263.exe -> Not-A-Virus.Hoax.Renos.z : Limpo com backup
C:\Program Files\SpySheriff\Uninstall.exe -> Adware.SpySheriff : Limpo com backup


Logfile of HijackThis v1.99.1
Scan saved at 18:44:39, on 20/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe
C:\Arquivos de programas\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
D:\bkup\Caio\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44F73720-BDBE-4751-B84C-5BA8DD33EAB0}: NameServer = 200.204.0.10 200.204.0.138
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Arquivos de programas\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

#7 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 20 November 2005 - 02:58 PM

Backup your Registry...
- Press "CTRL - ALT - DEL" keys all at the same time to start "Task Manager"
- In the Task Manager window click on "File", then from the drop-down menu select "New Task (Run...)"
- In the "Create New Task" window enter\type "regedit" (without quotes)
- Once Regedit opens click on the FILE menu and select Export
- Save the file as backup. Save the file somewhere you will remember and not delete.
IMPORTANT: make sure to set the export range to ALL




Download Registrar Lite from here:
http://www.resplende...oad/reglite.exe

Put it in its own folder. You may want to keep this program. It is an excellent free, registry editor.

Copy and paste the follow text into the address bar, then hit 'Go':
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify

In the pane on the right are the values associated with that key.
We want to remove this one -> msupdate32.dll

Right click on it, and select delete.
If you get a confirmation question, respond OK then close out the program.


Empty Recycle Bin

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#8 Kazzus

Kazzus

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 20 November 2005 - 03:32 PM

Still not gone. And my computer is fine, it's just this dayam message that's annoying. Anyway, here's the new log:

Logfile of HijackThis v1.99.1
Scan saved at 19:29:28, on 20/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe
C:\Arquivos de programas\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
D:\bkup\Caio\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Arquivos de programas\AIM\aim.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44F73720-BDBE-4751-B84C-5BA8DD33EAB0}: NameServer = 200.204.0.10 200.204.0.138
O20 - Winlogon Notify: msupdate - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Arquivos de programas\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

#9 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 20 November 2005 - 03:36 PM

Does it look like this?
http://miekiemoes.ge...ages/spyaxe.JPG

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#10 Kazzus

Kazzus

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 20 November 2005 - 03:50 PM

Oh, no, it's not an actual messeage. It's a wallpaper that replaced my old one and it won't let me change it. It looks like this:

http://img371.images...e=imagem5vj.jpg

Sorry if I didn't explain it better.

    Advertisements

Register to Remove

#11 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 20 November 2005 - 03:57 PM

http://miekiemoes.ge...es/desktop2.JPG

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#12 Kazzus

Kazzus

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 20 November 2005 - 04:03 PM

Yeah, that's the one. I managed to get rid of the homepage somehow, but the wallpaper is still there.

#13 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 20 November 2005 - 04:09 PM

See if you have this file: c:\secure32.html If so. delete it.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#14 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 20 November 2005 - 04:10 PM

See if you have this file: c:\secure32.html If so. delete it.

If not, try this:


Please copy the contents of the following quote box into Notepad:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"WallpaperStyle"=-
"Wallpaper"=-
"NoDispBackgroundPage"=-
"NoDispAppearancePage"=-

[HKEY_CURRENT_USER\Control Panel\Desktop]
"Wallpaper"=-
"WallpaperStyle"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=-
"NoActiveDesktop"=-
"NoSaveSettings"=-
"ClassicShell"=-
"NoThemesTab"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=-

Save it to your desktop as fixme.reg

Then, locate fixme.reg on your desktop and <double-click> it.

You will receive a prompt similar to: "Do you wish to merge the information into the registry?".

Answer 'Yes' and wait for a message to appear similar to "Merged Successfully"

Reboot.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#15 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 20 November 2005 - 04:13 PM

See if you have this file: c:\secure32.html If so. delete it.

If not, try this:


Please copy the contents of the following quote box into Notepad:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"WallpaperStyle"=-
"Wallpaper"=-
"NoDispBackgroundPage"=-
"NoDispAppearancePage"=-

[HKEY_CURRENT_USER\Control Panel\Desktop]
"Wallpaper"=-
"WallpaperStyle"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=-
"NoActiveDesktop"=-
"NoSaveSettings"=-
"ClassicShell"=-
"NoThemesTab"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=-

Save it to your desktop as fixme.reg

Then, locate fixme.reg on your desktop and <double-click> it.

You will receive a prompt similar to: "Do you wish to merge the information into the registry?".

Answer 'Yes' and wait for a message to appear similar to "Merged Successfully"

Reboot.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·