1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Help Outerinfo problems

Discussion in 'Virus & Other Malware Removal' started by Alfaia, Oct 26, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Alfaia

    Alfaia Thread Starter

    Joined:
    Oct 26, 2007
    Messages:
    4
    Hi to all of you who might help me.

    Like some others i've already read i'm having problems with outerinfo, i've started to receive constant pop' ups and warnings in my computer and new shortcuts were added to my desktop.

    i already tried to uninstall it but it didn't solve the problem.

    From what i've already read i've downloaded HJT and i'm posting my log in the hope that someone can assist me...

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 19:49:56, on 26-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe
    C:\Programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Programas\Logitech\SetPoint\SetPoint.exe
    C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Programas\Ficheiros comuns\Logitech\KhalShared\KHALMNPR.EXE
    C:\Programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Programas\Ficheiros comuns\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\programas\ficheiros comuns\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\FICHEI~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Programas\McAfee\MPF\MPFSrv.exe
    C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\McAfee\MSC\mcshell.exe
    C:\Programas\Mozilla Firefox\firefox.exe
    D:\Download\HiJackThis_v2.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {61509EA3-6457-40B0-949B-74D2F496F7C1} - C:\WINDOWS\system32\gebcb.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\fhyfuvsg.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\fhyfuvsg.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [StartCCC] C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O20 - Winlogon Notify: fhyfuvsg - C:\WINDOWS\SYSTEM32\fhyfuvsg.dll
    O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHEI~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programas\Ficheiros comuns\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programas\ficheiros comuns\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHEI~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programas\McAfee\MPF\MPFSrv.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 6266 bytes

    thank's in advance
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!


    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will shutdown your computer, click OK.
    • Turn your computer back on.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

    NOTE: if you have downloaded VundoFix before delete that version and download it again.
     
  3. Alfaia

    Alfaia Thread Starter

    Joined:
    Oct 26, 2007
    Messages:
    4
    Hi Cybertech

    Thank you so much for helping me out thru this thing. (y)

    While I was waiting for someone to help me I run the outerinfo uninstall again and it was successful and the pop-ups are gone, however, and I’m not sure if it's just my impression or my ISP, but it feels to me that my internet connection is a bit slower. Do you think this might influence that in any way??

    Nevertheless I’ve followed your instructions and here it is the vundofix log and the new HJT log


    VundoFix V6.5.11

    Checking Java version...

    Sun Java not detected
    Scan started at 15:24:05 28-10-2007

    Listing files found while scanning....

    C:\WINDOWS\system32\fhyfuvsg.dll
    C:\windows\system32\pmnmkij.dll
    C:\WINDOWS\system32\rhgcuxnf.dll
    C:\windows\system32\tuvuvvv.dll
    C:\windows\system32\wvuuuuu.dll
    C:\windows\system32\yayvtro.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\pmnmkij.dll
    C:\windows\system32\pmnmkij.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rhgcuxnf.dll
    C:\WINDOWS\system32\rhgcuxnf.dll Has been deleted!

    Attempting to delete C:\windows\system32\tuvuvvv.dll
    C:\windows\system32\tuvuvvv.dll Has been deleted!

    Attempting to delete C:\windows\system32\wvuuuuu.dll
    C:\windows\system32\wvuuuuu.dll Has been deleted!

    Attempting to delete C:\windows\system32\yayvtro.dll
    C:\windows\system32\yayvtro.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    ---------------------------------------

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 15:29:33, on 28-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe
    C:\Programas\Logitech\SetPoint\SetPoint.exe
    C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Programas\Ficheiros comuns\Logitech\KhalShared\KHALMNPR.EXE
    C:\Programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Programas\Ficheiros comuns\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\programas\ficheiros comuns\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\FICHEI~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Programas\McAfee\MPF\MPFSrv.exe
    C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programas\Mozilla Firefox\firefox.exe
    D:\Download\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8D431267-5CC5-42C4-B114-B66854E91FCE} - C:\WINDOWS\system32\gebcb.dll (file missing)
    O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [StartCCC] C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHEI~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programas\Ficheiros comuns\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programas\ficheiros comuns\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHEI~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programas\McAfee\MPF\MPFSrv.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 5955 bytes
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8D431267-5CC5-42C4-B114-B66854E91FCE} - C:\WINDOWS\system32\gebcb.dll (file missing)
    O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)

    Close all applications and browser windows before you click "fix checked".


    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  5. Alfaia

    Alfaia Thread Starter

    Joined:
    Oct 26, 2007
    Messages:
    4
    Hi again Cybertech

    Done as you instructed, and here are the logs.

    ----------------------------------------
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 10/29/2007 at 00:16 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3332
    Trace Rules Database Version: 1333

    Scan type : Complete Scan
    Total Scan Time : 01:19:08

    Memory items scanned : 560
    Memory threats detected : 0
    Registry items scanned : 4933
    Registry threats detected : 3
    File items scanned : 82055
    File threats detected : 177

    Unclassified.Unknown Origin
    HKU\S-1-5-21-527237240-113007714-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{11A69AE4-FBED-4832-A2BF-45AF82825583}

    Adware.ClickSpring
    HKLM\Software\ClickSpring
    HKLM\Software\ClickSpring#UBWKR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{9404B3E1-79E3-489D-AA75-EA5B67E4D4AA}\RP34\A0005937.DLL

    Trojan.Unknown Origin
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO134.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO135.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO136.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO137.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO138.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO139.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO13A.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO13B.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO13C.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO13D.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO142.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO143.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO144.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO145.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO146.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO147.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO148.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO149.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO14A.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO14B.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO14C.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO14D.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO14E.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO14F.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO150.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO153.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO154.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO155.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO156.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO157.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO171.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO172.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO173.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO174.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO175.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1A4.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1A5.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1A6.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1A7.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1A8.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1AB.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1AC.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1AD.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1AE.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1AF.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1B3.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1B4.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1B5.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1B6.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1B7.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1BA.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1BB.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1BC.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1BD.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1BE.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1C1.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1C2.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1C3.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1C4.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1C5.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1D2.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1D3.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1D4.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1D5.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1D6.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1E2.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1E3.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1E4.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1E5.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO1E6.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO209.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO20A.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO20B.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO20C.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO20D.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO23A.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO23B.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO23C.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO23D.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO23E.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO25C.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO25D.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO25E.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO25F.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO260.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO269.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO26A.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO26B.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO26C.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO26D.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO26E.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO26F.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO270.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO271.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO272.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO273.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO274.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO275.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO276.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO277.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO278.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO279.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO27A.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO27B.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO27C.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO27D.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO27E.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO27F.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO280.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO281.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO282.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO283.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO284.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO285.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO286.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO3.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO33.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO34.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO35.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO36.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO37.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO4.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO4A.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO4B.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO4C.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO4D.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO4E.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO4F.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO5.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO50.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO51.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO52.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO53.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO5A.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO5B.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO5C.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO5D.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO5E.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO6.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO67.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO68.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO69.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO6A.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO6B.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO7.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO8C.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO8D.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO8E.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO8F.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICO90.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOB1.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOB2.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOB3.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOB4.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOB5.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOB8.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOB9.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOBA.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOBB.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOBC.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOBD.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOBE.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOBF.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOC0.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOC1.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOE5.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOE6.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOE7.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOE8.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOE9.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOED.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOEE.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOEF.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOF0.TMP
    C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP\ICOF1.TMP
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{9404B3E1-79E3-489D-AA75-EA5B67E4D4AA}\RP34\A0005939.EXE
    ------------------------------------------------------------
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 0:40:16, on 29-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe
    C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Programas\Logitech\SetPoint\SetPoint.exe
    C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Programas\Ficheiros comuns\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\programas\ficheiros comuns\mcafee\mna\mcnasvc.exe
    C:\Programas\Ficheiros comuns\Logitech\KhalShared\KHALMNPR.EXE
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\FICHEI~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Programas\McAfee\MPF\MPFSrv.exe
    C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Programas\Mozilla Firefox\firefox.exe
    D:\Download\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [StartCCC] C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHEI~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programas\Ficheiros comuns\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programas\ficheiros comuns\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHEI~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programas\McAfee\MPF\MPFSrv.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 5808 bytes
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Restart in Safe Mode.
    • To boot up in Safe mode, continuously tap the F8 key while starting your computer.
    • You should see a black screen displaying the Windows Advanced Menu Options.
    • Using your keyboard's arrow keys, select Safe mode, then hit Enter.

    Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders" Click "Apply" then "OK".


    Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Next navigate to C:\DOCUMENTS AND SETTINGS\MESTRE B\DEFINIçõES LOCAIS\TEMP folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.


    Restart the machine.

    How is it running now? Any problems?
     
  7. Alfaia

    Alfaia Thread Starter

    Joined:
    Oct 26, 2007
    Messages:
    4
    Hi once again Cybertech

    I did as you said except for one, I suppose, minor thing. In the edit menu, I don't have the option Delete, so I did it the old school way, I used the delete button on the keyboard and emptied the recycle bin.

    is that ok?

    Apart from that the computer seems to be running smoothly.
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Old school ways sometimes work the best! ;)

    You can remove all of the tools I requested you to download and/or folders associated with them now. It is pointless to keep these tools around as they are updated so frequently that the tools can be outdated within a few days, sometimes within just hours.

    OTMoveIt by OldTimer has a CleanUp! option you can use to remove most of the fixes and associated files and folders if you want to use that. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. Also remove OTMoveIt.


    It's a good idea to Flush your System Restore after removing malware:
    Turn off system restore and then turn it back on: http://support.microsoft.com/kb/310405


    Here are some additional links for you to check out to help you with your computer security.

    How did I get infected in the first place.

    Secunia software inspector & update checker

    Good free tools and advice on how to tighten your security settings.

    Security Help Tools



    You're welcome!
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/643865

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice