almightymike

Members
  • Content Count

    14
  • Joined

  • Last visited

Community Reputation

0 Neutral

About almightymike

  • Rank
    Member
  1. Common guys!!!!! I would really appreciate some help on this...
  2. Hi everybody! I'm facing some problems with my e-mail account, and i can't sent e-mails to no one. I don't receive any error messages from Outlook Express but i know that nobody is receiving my messages. Meanwhile I received some highly suspicious messages, suposed to be send by Microsoft Support, anouncing that my e-mail account is sending spam to other adresses, and by caution it will stay bloqued, bla, bla, and proposing to run a exe. file to solve the problem. Of course I didn't open the file, but I suspect that I have some trojan or virus and that could infect other files in my computer. I do continue to receive e-mail messages but i still can't send it to no one. Could you give some help on this? Here is my logfile: Logfile of HijackThis v1.99.1 Scan saved at 23:28:33, on 02-12-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Programas\Lexmark X1100 Series\lxbkbmgr.exe C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe C:\Programas\Lexmark X1100 Series\lxbkbmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programas\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programas\Ficheiros comuns\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programas\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programas\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{E8BD2E21-461C-4BEF-AB1C-E5DD1D138043}: NameServer = 212.55.154.174 212.55.154.190 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE Thanks in Advance!
  3. Hello Again! Once again thanks for your help! Did as you told and here is my new hijackthis logfile: Logfile of HijackThis v1.99.1 Scan saved at 9:34:20 PM, on 1/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\programas\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\hkcmd.exe C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Programas\Lexmark X1100 Series\lxbkbmgr.exe C:\Programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programas\Lexmark X1100 Series\lxbkbmon.exe C:\Programas\Support.com\bin\tgcmd.exe C:\Programas\Java\jre1.6.0\bin\jusched.exe C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Programas\SpeedTouch\Dr SpeedTouch\drst.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Programas\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programas\Ficheiros comuns\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programas\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [hcenter] "C:\Programas\Support.com\bin\tgcmd.exe" /server /startmonitor O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe /s O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [sTManager] "C:\Programas\SpeedTouch\Dr SpeedTouch\drst.exe" -b O4 - HKCU\..\Run: [updateMgr] "C:\Programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe And me Rapport file: SmitFraudFix v2.133 Scan done at 21:26:15.89, Mon 01/22/2007 Run from C:\Documents and Settings\Goncalo\Ambiente de trabalho\SmitfraudFix OS: Microsoft Windows XP [Versao 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOCUME~1\Goncalo\FAVORI~1\Online Security Test.url Deleted C:\DOCUME~1\ALLUSE~1\MENUIN~1\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\MENUIN~1\Security Troubleshooting.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Couldn't get any report from AVG scan, so there isn't any logfile to post... It seems better now... but im not sure if it has been sucessful! Cheers
  4. Hello! Im having problems with my pc that keeps sending me alert pop ups and connecting me to anti-vermins and pestcapture webpages. Could you give me some help on this? Here is my HijackThis logfile: Logfile of HijackThis v1.99.1 Scan saved at 7:37:08 PM, on 1/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE c:\programas\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\Explorer.EXE C:\Programas\Video ActiveX Object\isamonitor.exe C:\Programas\Video ActiveX Object\pmsngr.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\hkcmd.exe C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Programas\Java\jre1.5.0_02\bin\jusched.exe C:\Programas\Lexmark X1100 Series\lxbkbmgr.exe C:\Programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programas\Support.com\bin\tgcmd.exe C:\Programas\SpeedTouch\Dr SpeedTouch\drst.exe C:\Programas\Video ActiveX Object\pmmon.exe C:\Programas\Lexmark X1100 Series\lxbkbmon.exe C:\Programas\Video ActiveX Object\isamini.exe C:\WINDOWS\System32\svchost.exe C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe C:\Programas\Internet Explorer\iexplore.exe C:\Programas\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Programas\Video ActiveX Object\isaddon.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Programas\Video ActiveX Object\iesplugin.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programas\Ficheiros comuns\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programas\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [hcenter] "C:\Programas\Support.com\bin\tgcmd.exe" /server /startmonitor O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe /s O4 - HKCU\..\Run: [sTManager] "C:\Programas\SpeedTouch\Dr SpeedTouch\drst.exe" -b O4 - HKCU\..\Run: [updateMgr] "C:\Programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{75BD66DD-A690-4BA6-94F1-B920D9239B99}: NameServer = 194.65.100.117 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINDOWS\system32\cthkpcv.dll O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe Thanks in Advance!
  5. ######o! It all seems to look fine now! Anyway here is my last Hijackthis logfile: Logfile of HijackThis v1.99.1 Scan saved at 23:29:53, on 17-07-2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe c:\programas\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\pctspk.exe C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Programas\Java\jre1.5.0_06\bin\jusched.exe C:\Programas\HP\HP Software Update\HPWuSchd2.exe C:\Programas\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\qttask.exe C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe C:\Programas\Nokia\PC Suite for N-Gage QD\connmngmntbox.exe C:\Programas\Nokia\PC Suite for N-Gage QD\ectaskscheduler.exe C:\Programas\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe C:\Programas\BTuga Revolution 2.1\btuga.exe C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Programas\Messenger\msmsgs.exe C:\Programas\Internet Explorer\iexplore.exe C:\Programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Programas\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\APLICA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programas\Ficheiros comuns\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe /s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: PCSuiteForNokiaN-Gage QD Detect.lnk = ? O4 - Global Startup: PCSuiteForNokiaN-Gage QD TS.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Thanks for your help
  6. Hi! It looks fine now... but here is my new HijackThis logfile: ogfile of HijackThis v1.99.1 Scan saved at 18:53:28, on 13-07-2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe c:\programas\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\System32\wuauclt.exe C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\pctspk.exe C:\WINDOWS\System32\wuauclt.exe C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe c:\programas\mcafee.com\agent\mcagent.exe C:\Programas\Java\jre1.5.0_06\bin\jusched.exe C:\Programas\HP\HP Software Update\HPWuSchd2.exe C:\Programas\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\qttask.exe C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe C:\Programas\Nokia\PC Suite for N-Gage QD\connmngmntbox.exe C:\Programas\Nokia\PC Suite for N-Gage QD\ectaskscheduler.exe C:\Programas\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe C:\Programas\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\APLICA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programas\Ficheiros comuns\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe /s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: PCSuiteForNokiaN-Gage QD Detect.lnk = ? O4 - Global Startup: PCSuiteForNokiaN-Gage QD TS.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ebates. - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Once again thanks for the help!
  7. Hi again! Done as advised! Here is Roguescanfix txt: Export SharedTaskScheduler key ------------------------------ REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-carregador Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon da cache de categorias dos componentes" ... and here is Hijackthis logfile: ogfile of HijackThis v1.99.1 Scan saved at 0:15:26, on 13-07-2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe c:\programas\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\pctspk.exe C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Programas\Java\jre1.5.0_06\bin\jusched.exe C:\Programas\HP\HP Software Update\HPWuSchd2.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Programas\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\qttask.exe C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe C:\Programas\Nokia\PC Suite for N-Gage QD\connmngmntbox.exe C:\Programas\Nokia\PC Suite for N-Gage QD\ectaskscheduler.exe C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe C:\Programas\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Programas\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\APLICA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programas\Ficheiros comuns\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe /s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: PCSuiteForNokiaN-Gage QD Detect.lnk = ? O4 - Global Startup: PCSuiteForNokiaN-Gage QD TS.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ebates. - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU) O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Thanks again!
  8. Hello! Once again, thanks for your help! I followed every steps but i couldn't uninstall or delete that ###### of EbatesMoeMoneyMaker4. Plus the computer crashes while performing the last step (clean other temporary files + recycle bin) and Adware Scan can't remove Ebates. I still have the same pop ups that take me to this page (www.spywarequake.com/?aff=252). Here is my new HijackThis logfile: Logfile of HijackThis v1.99.1 Scan saved at 22:47:08, on 12-07-2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe c:\programas\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\System32\pctspk.exe C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Programas\Java\jre1.5.0_06\bin\jusched.exe C:\Programas\HP\HP Software Update\HPWuSchd2.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Programas\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\qttask.exe C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe C:\Programas\Nokia\PC Suite for N-Gage QD\connmngmntbox.exe C:\Programas\Nokia\PC Suite for N-Gage QD\ectaskscheduler.exe C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe C:\Programas\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe C:\Programas\EbatesMoeMoneyMaker4\e10350.exe C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe C:\WINDOWS\System32\wuauclt.exe C:\Programas\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe C:\WINDOWS\System32\wuauclt.exe C:\Programas\Internet Explorer\IEXPLORE.EXE C:\Programas\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\APLICA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programas\Ficheiros comuns\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe /s O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] "C:\Programas\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: PCSuiteForNokiaN-Gage QD Detect.lnk = ? O4 - Global Startup: PCSuiteForNokiaN-Gage QD TS.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ebates. - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (HKCU) O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Thanks again.
  9. Sorry about the multipost, but my internet conection was falling down all the time, so i didn'n knew if i was posting or not... Here is my vundofix result: VundoFix V5.1.1 Running as SYSTEM from c:\windows\system32\VundoFix.exe Checking Java version... Sun Java not detected Scan started at 0:18:22 05-09-2002 Listing files found while scanning.... C:\windows\system32\ssqonmj.dll C:\windows\system32\tuvuv.dll C:\windows\system32\vuvut.ini C:\windows\system32\vuvut.bak1 C:\windows\system32\vuvut.bak2 Beginning removal... The process smss.exe was successfully stopped The process winlogon.exe was successfully stopped The process explorer.exe was successfully stopped The process iexplore.exe was successfully stopped The process rundll32.exe was successfully stopped Attempting to delete C:\windows\system32\ssqonmj.dll C:\windows\system32\ssqonmj.dll Has been deleted! Attempting to delete C:\windows\system32\tuvuv.dll C:\windows\system32\tuvuv.dll Has been deleted! Attempting to delete C:\windows\system32\vuvut.ini C:\windows\system32\vuvut.ini Has been deleted! Attempting to delete C:\windows\system32\vuvut.bak1 C:\windows\system32\vuvut.bak1 Has been deleted! Attempting to delete C:\windows\system32\vuvut.bak2 C:\windows\system32\vuvut.bak2 Has been deleted! Performing Repairs to the registry. Done! And here is my new HijackThis logfile: ogfile of HijackThis v1.99.1 Scan saved at 0:25:22, on 05-09-2002 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe c:\programas\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\pctspk.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\svchost.exe C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe c:\programas\mcafee.com\agent\mcagent.exe C:\Programas\Java\jre1.5.0_06\bin\jusched.exe C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe C:\Programas\HP\HP Software Update\HPWuSchd2.exe C:\Programas\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\qttask.exe C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Programas\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Programas\SAPO Messenger\sapoim.exe C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe C:\Programas\Nokia\PC Suite for N-Gage QD\connmngmntbox.exe C:\Programas\Nokia\PC Suite for N-Gage QD\ectaskscheduler.exe C:\Programas\EbatesMoeMoneyMaker4\e10350.exe C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe C:\WINDOWS\System32\wuauclt.exe C:\Programas\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe C:\WINDOWS\System32\wuauclt.exe C:\Programas\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ws1.appswebservice.com/index.php?tpid=10301&ttid=104 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {33A6DF41-408C-4DF8-B5C6-644F753AFDEB} - C:\WINDOWS\System32\tuvuv.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\APLICA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - (no file) O2 - BHO: IEByteRange - {722D2939-A14A-41A9-9EAC-AB8F4E295819} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programas\Ficheiros comuns\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe /s O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] "C:\Programas\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [sAPO Messenger] "C:\Programas\SAPO Messenger\sapoim.exe" O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Aplicacoes\ZWinCNO\PopUpKiller\ZillaPop.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: PCSuiteForNokiaN-Gage QD Detect.lnk = ? O4 - Global Startup: PCSuiteForNokiaN-Gage QD TS.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ebates. - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (HKCU) O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab O20 - Winlogon Notify: winwzw32 - C:\WINDOWS\SYSTEM32\winwzw32.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe I couldn't uninstall EbatesMoeMoneyMaker 4... And i still have unwanted virus pop ups in my PC, also i keep receiving error messages when i restart my computer. Thanks for your help until now!
  10. Can anyone give me a help with my hijackthis logfile... please! This Trojan is torturing me!
  11. Hello! Im sorry to insist with this problem, i know im not the first one reporting in (and probably wont be the last one) but i cant delete this trojan and my mcfee pop ups and the pop ups advertising winantivirus product is making me crazy!!!! I am a noob in this thing, could you please give me some help (formating the hard drive would a terrible solution for me!). Here it is my Hijackthis logfile: Logfile of HijackThis v1.99.1 Scan saved at 17:54:38, on 09-07-2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe c:\programas\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\Explorer.EXE C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\pctspk.exe C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\System32\wuauclt.exe C:\Programas\Java\jre1.5.0_06\bin\jusched.exe C:\Programas\HP\HP Software Update\HPWuSchd2.exe C:\Programas\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\qttask.exe C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe C:\Programas\TopSearch\TopSearch.exe C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Programas\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Programas\SAPO Messenger\sapoim.exe C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe C:\Programas\Nokia\PC Suite for N-Gage QD\connmngmntbox.exe C:\Programas\Nokia\PC Suite for N-Gage QD\ectaskscheduler.exe C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe C:\Programas\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe C:\Programas\EbatesMoeMoneyMaker4\e10350.exe C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe C:\Programas\Windows Media Player\wmplayer.exe C:\Programas\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\TEMP\winA6.tmp.exe C:\Documents and Settings\FILIPE\Definições locais\Temp\Directório temporário 2 para hijackthis_199.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ws1.appswebservice.com/index.php?tpid=10301&ttid=104 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programas\Ficheiros comuns\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe /s O4 - HKLM\..\Run: [TopSearch] C:\Programas\TopSearch\TopSearch.exe O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] "C:\Programas\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [sAPO Messenger] "C:\Programas\SAPO Messenger\sapoim.exe" O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Aplicacoes\ZWinCNO\PopUpKiller\ZillaPop.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: PCSuiteForNokiaN-Gage QD Detect.lnk = ? O4 - Global Startup: PCSuiteForNokiaN-Gage QD TS.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ebates. - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (HKCU) O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Thanks in advance!!!!
  12. Hello! Im sorry to insist with this problem, i know im not the first one reporting in (and probably wont be the last one) but i cant delete this trojan and my mcfee pop ups and the pop ups advertising winantivirus product is making me crazy!!!! I am a noob in this thing, could you please give me some help (formating the hard drive would a terrible solution for me!). Here it is my Hijackthis logfile: Logfile of HijackThis v1.99.1 Scan saved at 17:54:38, on 09-07-2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe c:\programas\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\Explorer.EXE C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\pctspk.exe C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\System32\wuauclt.exe C:\Programas\Java\jre1.5.0_06\bin\jusched.exe C:\Programas\HP\HP Software Update\HPWuSchd2.exe C:\Programas\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\qttask.exe C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe C:\Programas\TopSearch\TopSearch.exe C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Programas\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Programas\SAPO Messenger\sapoim.exe C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe C:\Programas\Nokia\PC Suite for N-Gage QD\connmngmntbox.exe C:\Programas\Nokia\PC Suite for N-Gage QD\ectaskscheduler.exe C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe C:\Programas\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe C:\Programas\EbatesMoeMoneyMaker4\e10350.exe C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe C:\Programas\Windows Media Player\wmplayer.exe C:\Programas\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\TEMP\winA6.tmp.exe C:\Documents and Settings\FILIPE\Definições locais\Temp\Directório temporário 2 para hijackthis_199.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ws1.appswebservice.com/index.php?tpid=10301&ttid=104 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programas\Ficheiros comuns\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe /s O4 - HKLM\..\Run: [TopSearch] C:\Programas\TopSearch\TopSearch.exe O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] "C:\Programas\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [sAPO Messenger] "C:\Programas\SAPO Messenger\sapoim.exe" O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Aplicacoes\ZWinCNO\PopUpKiller\ZillaPop.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: PCSuiteForNokiaN-Gage QD Detect.lnk = ? O4 - Global Startup: PCSuiteForNokiaN-Gage QD TS.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ebates. - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (HKCU) O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Thanks in advance!!!!
  13. Hello! Im sorry to insist with this problem, i know im not the first one reporting in (and probably wont be the last one) but i cant delete this trojan and my mcfee pop ups and the pop ups advertising winantivirus product is making me crazy!!!! I am a noob in this thing, could you please give me some help (formating the hard drive would a terrible solution for me!). Here it is my Hijackthis logfile: Logfile of HijackThis v1.99.1 Scan saved at 17:54:38, on 09-07-2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe c:\programas\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\Explorer.EXE C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\pctspk.exe C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\System32\wuauclt.exe C:\Programas\Java\jre1.5.0_06\bin\jusched.exe C:\Programas\HP\HP Software Update\HPWuSchd2.exe C:\Programas\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\qttask.exe C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe C:\Programas\TopSearch\TopSearch.exe C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Programas\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Programas\SAPO Messenger\sapoim.exe C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe C:\Programas\Nokia\PC Suite for N-Gage QD\connmngmntbox.exe C:\Programas\Nokia\PC Suite for N-Gage QD\ectaskscheduler.exe C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe C:\Programas\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe C:\Programas\EbatesMoeMoneyMaker4\e10350.exe C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe C:\Programas\Windows Media Player\wmplayer.exe C:\Programas\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\TEMP\winA6.tmp.exe C:\Documents and Settings\FILIPE\Definições locais\Temp\Directório temporário 2 para hijackthis_199.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ws1.appswebservice.com/index.php?tpid=10301&ttid=104 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programas\Ficheiros comuns\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe /s O4 - HKLM\..\Run: [TopSearch] C:\Programas\TopSearch\TopSearch.exe O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] "C:\Programas\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [sAPO Messenger] "C:\Programas\SAPO Messenger\sapoim.exe" O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Aplicacoes\ZWinCNO\PopUpKiller\ZillaPop.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: PCSuiteForNokiaN-Gage QD Detect.lnk = ? O4 - Global Startup: PCSuiteForNokiaN-Gage QD TS.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ebates. - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (HKCU) O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Thanks in advance!!!!
  14. Hello! Im sorry to insist with this problem, i know im not the first one reporting in (and probably wont be the last one) but i cant delete this trojan and my mcfee pop ups and the pop ups advertising winantivirus product is making me crazy!!!! I am a noob in this thing, could you please give me some help (formating the hard drive would a terrible solution for me!). Here it is my Hijackthis logfile: Logfile of HijackThis v1.99.1 Scan saved at 17:54:38, on 09-07-2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe c:\programas\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\Explorer.EXE C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\pctspk.exe C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\System32\wuauclt.exe C:\Programas\Java\jre1.5.0_06\bin\jusched.exe C:\Programas\HP\HP Software Update\HPWuSchd2.exe C:\Programas\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\qttask.exe C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe C:\Programas\TopSearch\TopSearch.exe C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Programas\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Programas\SAPO Messenger\sapoim.exe C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe C:\Programas\Nokia\PC Suite for N-Gage QD\connmngmntbox.exe C:\Programas\Nokia\PC Suite for N-Gage QD\ectaskscheduler.exe C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe C:\Programas\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe C:\Programas\EbatesMoeMoneyMaker4\e10350.exe C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe C:\Programas\Windows Media Player\wmplayer.exe C:\Programas\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\TEMP\winA6.tmp.exe C:\Documents and Settings\FILIPE\Definições locais\Temp\Directório temporário 2 para hijackthis_199.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ws1.appswebservice.com/index.php?tpid=10301&ttid=104 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programas\Ficheiros comuns\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe /s O4 - HKLM\..\Run: [TopSearch] C:\Programas\TopSearch\TopSearch.exe O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] "C:\Programas\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [sAPO Messenger] "C:\Programas\SAPO Messenger\sapoim.exe" O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Aplicacoes\ZWinCNO\PopUpKiller\ZillaPop.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: PCSuiteForNokiaN-Gage QD Detect.lnk = ? O4 - Global Startup: PCSuiteForNokiaN-Gage QD TS.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ebates. - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (HKCU) O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Thanks in advance!!!!