There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post Family Cyber Removal
Go to first new post Hijack This log. SVCHOST problem
Go to first new post "Congratulations, you won" &am ...
Go to first new post Somethings Amiss....
Go to first new post What is running in the background!?!?
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Issues withWeb Page Loading/Videos not L ...
Go to first new post c:\Windows\System\32\drivers\avgtdix.sys
Go to first new post "svchost application error 0x6fe217 ...
Go to first new post New low in Slow: No response to keystrok ...
Go to first new post Multiple malware issues
Go to first new post log files to analyze
Go to first new post Help, mt browser has been hijacked and i ...
Go to first new post It all started with XP home security 201 ...
Go to first new post PC randomly shuts down
Tag Cloud
access acer asus bios bsod computer crash driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop lcd malware memory missing monitor motherboard mouse network printer problem ram registry repair router security slow software sound svchost.exe trojan usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Help Me !! MalWare removal (New)

Page 1 of 3 1 23
Reply  
Thread Tools
lunario's Avatar
Junior Member with 27 posts.
  
Join Date: Jul 2005
05-Jul-2005, 10:21 AM #1
Exclamation Help Me !! MalWare removal
Hi there! yesterday afternoon my computer got infected with something that spread through messenger. This guy sent me a file, and when i opened it, it opened conversation windows to everyone i knew and sent the same message. At the same time, it installed lots of crap like Prefetch, MC-58-12-0000080.exe, Freeprod, 180search assistent, Elitebar etc.. I've tried to remove it, but i cant seem to work that out totally..and most of the files come back each time I reboot!! I also uninstalled Msn Messenger 'cause it started sending the same **** when I tried to start it again some hours later. I saw the thread posted by Fnocky, but the files aren't the same. I know you guys know a lot more about it than I do..
So, here's my HJT log, hope you can tell me exactly what to eliminate this.

thanxxx


Logfile of HijackThis v1.99.1
Scan saved at 15:12:26, on 05-07-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Programas\Norton AntiVirus\navapsvc.exe
C:\Programas\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\Synaptics\SynTP\SynTPLpr.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\ccyhudp.exe
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programas\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programas\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programas\Logitech\Video\LogiTray.exe
C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programas\iTunes\iTunesHelper.exe
C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
C:\Programas\iPod\bin\iPodService.exe
C:\WINDOWS\system32\poker3.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Programas\Skype\Phone\Skype.exe
C:\WINDOWS\system32\poker3.exe
C:\Programas\Logitech\Video\FxSvr2.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\windows\system32\temp532.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - Default URLSearchHook is missing
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programas\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programas\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [navapp] C:\Programas\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] poker3.exe
O4 - HKLM\..\Run: [hijkb] C:\WINDOWS\hijkb.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitekjh32.exe
O4 - HKLM\..\Run: [ntjnesc] c:\windows\system32\ccyhudp.exe r
O4 - HKLM\..\Run: [lyccco] c:\windows\system32\dofqkke.exe r
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] poker3.exe
O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programas\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] poker3.exe
O4 - HKCU\..\Run: [DNS] C:\Programas\Ficheiros comuns\mc-58-12-0000080.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programas\Ficheiros comuns\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {2A0DED63-24F3-4FD6-BEC4-58F8E1F0C205} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://procom.cm-coimbra.pt/mgaxctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/.../Installer.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/...npseatools.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\pvlstore.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\MARIOA~1.CAR\DEFINI~1\Temp\hpdj.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programas\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programas\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programas\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
Register for free to hide this ad!
Cheeseball81's Avatar
Moderator & Malware Removal Specialist with 80,142 posts.
  
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
05-Jul-2005, 02:30 PM #2
Hi lunario
Welcome to TSG

Uninstall MediaAccess and EliteToolBar from Add/Remove Programs.

Then download and run the following:

Ad-Aware SE: http://www.majorgeeks.com/download506.html

Install the program and launch it.
First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.
Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.
Then, deselect Search for negligible risk entries.
To start the scan, click the Next button.
When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next).

Micro$oft Anti Spyware BETA:
http://www.microsoft.com/athome/secu...e/default.mspx

First in the top menu click File then Check for updates to download the definitons updates.
After updating look in the right side of the main window under "Run Quick Scan Now".
Click Spyware scan options.
In that window put a tick by Run a full system scan.
Then put a check by all three options below that then click Run Scan now.
When the scan is finished, let it fix anything that it finds
(Have it quarantine the items that have that option rather than delete just in case.)
It is a BETA program and there may be false positives.

Restart your computer.

Post a new Hijack This log.
__________________
Microsoft MVP - Consumer Security
If we've helped you, please donate to TSG!
lunario's Avatar
Junior Member with 27 posts.
  
Join Date: Jul 2005
05-Jul-2005, 04:52 PM #3
Logfile of HijackThis v1.99.1
Scan saved at 21:50:32, on 05-07-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Programas\ewido\security suite\ewidoctrl.exe
C:\Programas\Norton AntiVirus\navapsvc.exe
C:\Programas\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\Synaptics\SynTP\SynTPLpr.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programas\HP\hpcoretech\hpcmpmgr.exe
C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\LVCOMSX.EXE
c:\windows\system32\jwskfh.exe
C:\Programas\Logitech\Video\LogiTray.exe
C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programas\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\poker3.exe
C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
C:\Programas\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programas\Microsoft AntiSpyware\gcasServ.exe
C:\Programas\iPod\bin\iPodService.exe
C:\Programas\Skype\Phone\Skype.exe
C:\Programas\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programas\Logitech\Video\FxSvr2.exe
C:\Programas\Messenger\msmsgs.exe
C:\WINDOWS\system32\poker3.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programas\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programas\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] poker3.exe
O4 - HKLM\..\Run: [hijkb] C:\WINDOWS\hijkb.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [gcasServ] "C:\Programas\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [checkrun] c:\windows\system32\eliteztu32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [jfgvcj] c:\windows\system32\jwskfh.exe r
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] poker3.exe
O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programas\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] poker3.exe
O4 - HKCU\..\Run: [DNS] C:\Programas\Ficheiros comuns\mc-58-12-0000080.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programas\Ficheiros comuns\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/.../Installer.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/...npseatools.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programas\ewido\security suite\ewidoctrl.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\MARIOA~1.CAR\DEFINI~1\Temp\hpdj.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programas\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programas\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programas\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe



thankx
lunario's Avatar
Junior Member with 27 posts.
  
Join Date: Jul 2005
05-Jul-2005, 04:58 PM #4
....and CheeseBall81 ...one other thing, I also had Internet Optimizer, Media Access and Media Gateway, which I didn't have some days ago, so I also removed them, though they keep reappearing...
Cheeseball81's Avatar
Moderator & Malware Removal Specialist with 80,142 posts.
  
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
05-Jul-2005, 05:23 PM #5
Yes those are bad too.

Go here: http://www.mypctuneup.com/evaluate.php and run the Uninstaller.

Restart your computer.

I see an Ewido entry in your log. I'm not sure what version you used but there is a newer one available now.

Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop

Post a new Hijack This log and the report from Ewido.
__________________
Microsoft MVP - Consumer Security
If we've helped you, please donate to TSG!
lunario's Avatar
Junior Member with 27 posts.
  
Join Date: Jul 2005
05-Jul-2005, 06:19 PM #6
ok.. I ran the uninstaller and when I connected to the internet to uninstall (it was necessary) my Microsoft SpyWare started alerting every 2 seconds... when I restarted the computer, I had a Power Scan window... So I uninstalled Power Scan, MediaAccess, EliteToolBar (these last 2 for the second time), Select CashBack, SideFind and SlotchBar from Add/Remove Programs...
I'm doing the Ewido Complete System Scan now, send you the report and the HJT log in a couple of minutes...
thanks
Cheeseball81's Avatar
Moderator & Malware Removal Specialist with 80,142 posts.
  
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
05-Jul-2005, 06:53 PM #7
lunario's Avatar
Junior Member with 27 posts.
  
Join Date: Jul 2005
05-Jul-2005, 06:55 PM #8
it's Ewido 3.5, the latest version. though, he installed it authomatically in portuguese... so I have a little translation:

---------------------------------------------------------
ewido security suite - Verification Report
---------------------------------------------------------

+ Created in: 23:43:53, 05-07-2005
+ Report-Checksum: 42A0005

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Limpo com backup
HKLM\SOFTWARE\Classes\CLSID\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} -> Spyware.SearchMiracle : Limpo com backup
HKLM\SOFTWARE\Classes\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} -> Spyware.EliteBar : Limpo com backup
HKLM\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Limpo com backup
HKLM\SOFTWARE\Classes\CLSID\{DC341F1B-EC77-47BE-8F58-96E83861CC5A} -> Spyware.HotBar : Limpo com backup
HKLM\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} -> Spyware.180Solutions : Limpo com backup
HKLM\SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F} -> Spyware.SideFind : Limpo com backup
HKLM\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} -> Spyware.180Solutions : Limpo com backup
HKLM\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671} -> Spyware.SideFind : Limpo com backup
HKLM\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} -> Spyware.180Solutions : Limpo com backup
HKLM\SOFTWARE\Elitum -> Spyware.EliteBar : Limpo com backup
HKLM\SOFTWARE\Elitum\EliteToolBar -> Spyware.EliteBar : Limpo com backup
HKLM\SOFTWARE\Microsoft\SideFind -> Spyware.SideFind : Limpo com backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} -> Spyware.SearchMiracle : Limpo com backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Limpo com backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Limpo com backup
HKLM\SOFTWARE\PowerScan -> Spyware.PowerScan : Limpo com backup
HKU\S-1-5-21-774540027-1853139159-1120795163-1005\Software\IST -> Spyware.ISTBar : Limpo com backup
HKU\S-1-5-21-774540027-1853139159-1120795163-1005\Software\LQ -> Dialer.Generic : Limpo com backup
HKU\S-1-5-21-774540027-1853139159-1120795163-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Limpo com backup
HKU\S-1-5-21-774540027-1853139159-1120795163-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{031B6D43-CBC4-46A5-8E46-CF8B407C1A33} -> Spyware.CoolWebSearch : Limpo com backup
HKU\S-1-5-21-774540027-1853139159-1120795163-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Limpo com backup
HKU\S-1-5-21-774540027-1853139159-1120795163-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Limpo com backup
HKU\S-1-5-21-774540027-1853139159-1120795163-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1C78AB3F-A857-482E-80C0-3A1E5238A565} -> Spyware.iSearch : Limpo com backup
HKU\S-1-5-21-774540027-1853139159-1120795163-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} -> Spyware.SearchMiracle : Limpo com backup
HKU\S-1-5-21-774540027-1853139159-1120795163-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36A59337-6EEF-40AE-94B1-ED443A0C4740} -> Spyware.BetterInternet : Limpo com backup
HKU\S-1-5-21-774540027-1853139159-1120795163-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} -> Spyware.YourSiteBar : Limpo com backup
HKU\S-1-5-21-774540027-1853139159-1120795163-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} -> Spyware.EliteBar : Limpo com backup
HKU\S-1-5-21-774540027-1853139159-1120795163-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} -> Spyware.NavExcel : Limpo com backup
HKU\S-1-5-21-774540027-1853139159-1120795163-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D9CA5D65-52BE-4790-BEA3-F3E2F5A76B02} -> Dialer.Generic : Limpo com backup
HKU\S-1-5-21-774540027-1853139159-1120795163-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} -> Spyware.VX2 : Limpo com backup
HKU\S-1-5-21-774540027-1853139159-1120795163-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAA356E4-D317-42A6-AB41-A3021C6E7D52} -> Spyware.ISTBar : Limpo com backup
HKU\S-1-5-21-774540027-1853139159-1120795163-1005\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Limpo com backup
HKU\S-1-5-21-774540027-1853139159-1120795163-1005\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Limpo com backup
HKU\S-1-5-21-774540027-1853139159-1120795163-1005\Software\PowerScan -> Spyware.PowerScan : Limpo com backup
C:\WINDOWS\system32\config\systemprofile\Definições locais\Temporary Internet Files\Content.IE5\WXUFOLEV\France[1].exe -> Dialer.Generic : Limpo com backup
C:\WINDOWS\system32\temperror32.dat -> Spyware.Hijacker.Generic : Limpo com backup
C:\WINDOWS\system32\temp532.exe -> Dialer.Generic : Limpo com backup
C:\WINDOWS\kvshqw.exe -> TrojanDownloader.IstBar.ij : Limpo com backup
C:\WINDOWS\da0cl2fr.exe -> Adware.SAHA : Limpo com backup
C:\Documents and Settings\Mario A. Carvalhal\Definições locais\Temp\res8.tmp -> Spyware.180Solutions : Limpo com backup
C:\Documents and Settings\Mario A. Carvalhal\Definições locais\Temp\resF.tmp -> Spyware.180Solutions : Limpo com backup
C:\Documents and Settings\Mario A. Carvalhal\Definições locais\Temp\uninstall.exe -> Spyware.EliteBar : Limpo com backup
C:\Documents and Settings\Mario A. Carvalhal\Definições locais\Temp\optimize.exe -> TrojanDownloader.Dyfuca.ei : Limpo com backup
C:\Documents and Settings\Mario A. Carvalhal\Definições locais\Temp\res14.tmp -> Spyware.180Solutions : Limpo com backup
C:\Documents and Settings\Mario A. Carvalhal\Definições locais\Temporary Internet Files\Content.IE5\G9I5Q3OR\optimize[1].exe -> TrojanDownloader.Dyfuca.ei : Limpo com backup
C:\Documents and Settings\Mario A. Carvalhal\Definições locais\Temporary Internet Files\Content.IE5\G9I5Q3OR\cmctl[1].dll -> Spyware.AdMir : Limpo com backup
C:\Documents and Settings\Mario A. Carvalhal\Definições locais\Temporary Internet Files\Content.IE5\BH4ZQR6T\bb[1].exe -> TrojanDownloader.Adload.a : Limpo com backup
C:\Documents and Settings\Mario A. Carvalhal\Definições locais\Temporary Internet Files\Content.IE5\BH4ZQR6T\sfbho13[1].dll -> Spyware.SideFind : Limpo com backup
C:\Documents and Settings\Mario A. Carvalhal\Definições locais\Temporary Internet Files\Content.IE5\MUTJQODC\index[1].jpg/5.exe -> TrojanDownloader.IstBar.is : Limpo com backup
C:\Documents and Settings\Mario A. Carvalhal\Definições locais\Temporary Internet Files\Content.IE5\MUTJQODC\index[1].jpg/10.exe -> Spyware.WinAD : Limpo com backup
C:\Documents and Settings\Mario A. Carvalhal\Definições locais\Temporary Internet Files\Content.IE5\MUTJQODC\istrecover[1].exe -> TrojanDownloader.IstBar.ij : Limpo com backup
C:\Documents and Settings\Mario A. Carvalhal\Definições locais\Temporary Internet Files\Content.IE5\MUTJQODC\nem220[1].dll -> TrojanDownloader.Dyfuca : Limpo com backup
C:\Documents and Settings\Mario A. Carvalhal\Definições locais\Temporary Internet Files\Content.IE5\MUTJQODC\sidefind13[1].dll -> Spyware.SideFind : Limpo com backup
C:\Documents and Settings\Mario A. Carvalhal\Definições locais\Temporary Internet Files\Content.IE5\0XENO9IZ\stubinstaller5041[1].ex_ -> TrojanDownloader.Small.asf : Limpo com backup
C:\Documents and Settings\Mario A. Carvalhal\Definições locais\Temporary Internet Files\Content.IE5\0XENO9IZ\powerscan[1].exe -> Spyware.PowerScan : Limpo com backup
C:\Documents and Settings\Mario A. Carvalhal\Definições locais\Temporary Internet Files\Content.IE5\0XENO9IZ\power_remove[1].exe -> TrojanDownloader.IstBar.gi : Limpo com backup
C:\Documents and Settings\Mario A. Carvalhal\Ambiente de trabalho\lopremover.exe -> Spyware.Lop : Limpo com backup
C:\Documents and Settings\Mario A. Carvalhal\Cookies\mario a. carvalhal@www.shopathomeselect[2].txt -> Spyware.Cookie.Shopathomeselect : Limpo com backup
C:\Documents and Settings\Mario A. Carvalhal\index.exe/5.exe -> TrojanDownloader.IstBar.is : Limpo com backup
C:\Documents and Settings\Mario A. Carvalhal\index.exe/10.exe -> Spyware.WinAD : Limpo com backup
C:\Programas\Microsoft AntiSpyware\Quarantine\822C643D-3AEA-4F2B-B873-F3D8DF\C2FE1FAE-B932-4A81-A15C-944131 -> Spyware.Hijacker.Generic : Limpo com backup
C:\Programas\Microsoft AntiSpyware\Quarantine\A849BE67-9C07-4E74-A8C3-0F19EE\B494FD61-033B-440E-AAE0-822DA1 -> Spyware.WinAD : Limpo com backup
C:\Programas\Microsoft AntiSpyware\Quarantine\0C7D7882-CBDB-4681-97C6-CA1C9B\8E8F57E5-F0E1-4C36-ACA9-BD037D -> Spyware.EliteBar : Limpo com backup
C:\Programas\Microsoft AntiSpyware\Quarantine\0C7D7882-CBDB-4681-97C6-CA1C9B\AC570739-169D-4D30-95E8-9F8179 -> Spyware.Hijacker.Generic : Limpo com backup
C:\Programas\Microsoft AntiSpyware\Quarantine\AC2A73D9-C12D-448E-BF68-4626C3\3932CC08-0609-400B-83C9-173DE4 -> Spyware.180Solutions : Limpo com backup
C:\Programas\Microsoft AntiSpyware\Quarantine\369F1BE2-73D7-4C16-8BA0-3B414F\A22643C0-53C1-4158-803D-5F2254 -> Spyware.180Solutions : Limpo com backup
C:\Programas\Microsoft AntiSpyware\Quarantine\DAC4D07C-C24E-4967-96AD-64A56E\B0B6126B-B441-4710-8514-2416B1 -> Adware.BetterInternet : Limpo com backup
C:\Programas\Microsoft AntiSpyware\Quarantine\765B193E-4F96-461F-B2C1-692E8C\42014D47-DF02-47F9-98A7-B1A90A -> Spyware.180Solutions : Limpo com backup
C:\Programas\SideFind\sfbho.dll -> Spyware.SideFind : Limpo com backup
C:\Programas\180searchassistant\salmhook.dll -> Spyware.180Solutions : Limpo com backup


::End of report

...one more thing
Limpo com Backup = Cleaned with Backup file
lunario's Avatar
Junior Member with 27 posts.
  
Join Date: Jul 2005
05-Jul-2005, 06:57 PM #9
Logfile of HijackThis v1.99.1
Scan saved at 23:46:28, on 05-07-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Programas\ewido\security suite\ewidoctrl.exe
C:\Programas\Norton AntiVirus\navapsvc.exe
C:\Programas\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\Synaptics\SynTP\SynTPLpr.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programas\HP\hpcoretech\hpcmpmgr.exe
C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programas\Logitech\Video\LogiTray.exe
C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programas\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\poker3.exe
C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
C:\Programas\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programas\Microsoft AntiSpyware\gcasServ.exe
C:\Programas\iPod\bin\iPodService.exe
C:\Programas\Logitech\Video\FxSvr2.exe
C:\Programas\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programas\Skype\Phone\Skype.exe
C:\WINDOWS\system32\poker3.exe
C:\DOCUME~1\MARIOA~1.CAR\DEFINI~1\Temp\Del12.tmp
C:\WINDOWS\system32\cidaemon.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programas\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programas\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] poker3.exe
O4 - HKLM\..\Run: [hijkb] C:\WINDOWS\hijkb.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [gcasServ] "C:\Programas\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitecfh32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] poker3.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Programas\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKLM\..\RunOnce: [DeleteISTbar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Programas\ISTbar\istbarcm.dll"
O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programas\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] poker3.exe
O4 - HKCU\..\Run: [DNS] C:\Programas\Ficheiros comuns\mc-58-12-0000080.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programas\Ficheiros comuns\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/.../Installer.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/...npseatools.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programas\ewido\security suite\ewidoctrl.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\MARIOA~1.CAR\DEFINI~1\Temp\hpdj.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programas\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programas\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programas\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe



this one is tough...
thanks
Cheeseball81's Avatar
Moderator & Malware Removal Specialist with 80,142 posts.
  
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
05-Jul-2005, 07:01 PM #10
Be right back with instructions.
Cheeseball81's Avatar
Moderator & Malware Removal Specialist with 80,142 posts.
  
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
05-Jul-2005, 07:06 PM #11
With IE closed, run Hijack This again.
Put a checkmark on these entries and hit "fix checked":

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] poker3.exe

O4 - HKLM\..\Run: [hijkb] C:\WINDOWS\hijkb.exe

O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe

O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitecfh32.exe

O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] poker3.exe

O4 - HKLM\..\RunOnce: [DeleteISTbar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Programas\ISTbar\istbarcm.dll"

O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] poker3.exe

O4 - HKCU\..\Run: [DNS] C:\Programas\Ficheiros comuns\mc-58-12-0000080.exe

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

Boot into Safe Mode (start tapping the F8 key at Startup, before the Windows logo screen)

Because XP will not always show you hidden files and folders by default,
Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer.
Go to Tools > Folder Options.
Click on the View tab and make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files" and "Hide extensions for known file types."
Now click "Apply to all folders"
Click "Apply" then "OK"

Find and delete these folders:
C:\Program Files\Media Gateway
C:\Programas\ISTbar
C:\Programas\Ficheiros comuns

Find and delete these files:
C:\WINDOWS\system32\poker3.exe
C:\WINDOWS\hijkb.exe
C:\windows\system32\elitecfh32.exe

Also in safe mode navigate to the C:\Windows\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box.
The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.

Empty the Recycle Bin.

Reboot, post a new log.
__________________
Microsoft MVP - Consumer Security
If we've helped you, please donate to TSG!
lunario's Avatar
Junior Member with 27 posts.
  
Join Date: Jul 2005
05-Jul-2005, 07:47 PM #12
Sorry but I found some questions...:


C:\Program Files\Media Gateway
I didn't find it but instead I found C:\Program Files\Internet Optimizer
which I deleted...

in C:\Programas\Ficheiros comuns, there are lots of folders like Adobe, Adobe Systems Shared, Autodesk Shared, Macromedia, Macrovision, Microsoft Shared, Symantec shared, etc...
are you sure it's this one?
There is another one like C:\Programas\Common Files that only has the folders Borland Shared and McNeel Shared.. maybe this one?
lunario's Avatar
Junior Member with 27 posts.
  
Join Date: Jul 2005
05-Jul-2005, 08:02 PM #13
and I didn't find the hijkb.exe
is it normal? Do I continue with the rest?
Cheeseball81's Avatar
Moderator & Malware Removal Specialist with 80,142 posts.
  
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
05-Jul-2005, 08:11 PM #14
In the folder C:\Programas\Ficheiros comuns - just delete the file: mc-58-12-0000080.exe
(That was my error - I have a hard time reading the other language).

And yes, that's normal. Proceed with the instructions.
lunario's Avatar
Junior Member with 27 posts.
  
Join Date: Jul 2005
05-Jul-2005, 08:17 PM #15
didn't find that one either..
i'll post the log in a few minutes
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 3 1 23

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 07:55 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.