Sign in to follow this  
almightymike

Qlowzone 15 and billgates.exe again!

Recommended Posts

Hello! Im sorry to insist with this problem, i know im not the first one reporting in (and probably wont be the last one) but i cant delete this trojan and my mcfee pop ups and the pop ups advertising winantivirus product is making me crazy!!!! I am a noob in this thing, could you please give me some help (formating the hard drive would a terrible solution for me!).

 

Here it is my Hijackthis logfile:

 

Logfile of HijackThis v1.99.1

Scan saved at 17:54:38, on 09-07-2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\alg.exe

C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe

c:\programas\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\System32\pctspk.exe

C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Programas\HP\HP Software Update\HPWuSchd2.exe

C:\Programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\System32\qttask.exe

C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe

C:\Programas\TopSearch\TopSearch.exe

C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Programas\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Programas\SAPO Messenger\sapoim.exe

C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe

C:\Programas\Nokia\PC Suite for N-Gage QD\connmngmntbox.exe

C:\Programas\Nokia\PC Suite for N-Gage QD\ectaskscheduler.exe

C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe

C:\Programas\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe

C:\Programas\EbatesMoeMoneyMaker4\e10350.exe

C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE

C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe

C:\Programas\Windows Media Player\wmplayer.exe

C:\Programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\TEMP\winA6.tmp.exe

C:\Documents and Settings\FILIPE\Definições locais\Temp\Directório temporário 2 para hijackthis_199.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ws1.appswebservice.com/index.php?tpid=10301&ttid=104

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programas\Ficheiros comuns\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe /s

O4 - HKLM\..\Run: [TopSearch] C:\Programas\TopSearch\TopSearch.exe

O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] "C:\Programas\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [sAPO Messenger] "C:\Programas\SAPO Messenger\sapoim.exe"

O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Aplicacoes\ZWinCNO\PopUpKiller\ZillaPop.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: PCSuiteForNokiaN-Gage QD Detect.lnk = ?

O4 - Global Startup: PCSuiteForNokiaN-Gage QD TS.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Ebates. - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (HKCU)

O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

Thanks in advance!!!!

Share this post


Link to post
Share on other sites

Hello,

 

Please dont start a new thread all the time if someone didn't respond to your log yet in 5 minutes. Keep in mind that there are several others already waiting for a couple of days to get an answer.

 

* Go to start > controlpanel > software > add/remove programs and uninstall next if present:

 

TopSearch

EbatesMoeMoneyMaker4

Zilla Popup Killer <== not recommended

 

you didn't unzip/extract hijackthis.. and it's still in the tempfolder.

So I strongly advise to unzip/extract hijackthis.zip.

Read here how to unzip/extract properly:

http://metallica.geekstogo.com/xpcompressedexplanation.html

Create a permanent folder and move hijackthis.exe into it. The reason is because hijackthis creates backups and when it's in your temp-folder it can be accidentally deleted.

How do you make a permanent folder:

 

Click My Computer, then C:\ and then on Program Files.

In the menu bar, File->New->Folder.

That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".

Now you have C:\Program Files\HijackThis. Put your HijackThis.exe there.

 

Please download VundoFix.exe to your C:\.

  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Share this post


Link to post
Share on other sites

Sorry about the multipost, but my internet conection was falling down all the time, so i didn'n knew if i was posting or not...

 

Here is my vundofix result:

 

VundoFix V5.1.1

 

Running as SYSTEM

from c:\windows\system32\VundoFix.exe

 

Checking Java version...

 

Sun Java not detected

Scan started at 0:18:22 05-09-2002

 

Listing files found while scanning....

 

C:\windows\system32\ssqonmj.dll

C:\windows\system32\tuvuv.dll

C:\windows\system32\vuvut.ini

C:\windows\system32\vuvut.bak1

C:\windows\system32\vuvut.bak2

 

Beginning removal...

 

The process smss.exe was successfully stopped

 

The process winlogon.exe was successfully stopped

 

The process explorer.exe was successfully stopped

 

The process iexplore.exe was successfully stopped

 

The process rundll32.exe was successfully stopped

 

Attempting to delete C:\windows\system32\ssqonmj.dll

C:\windows\system32\ssqonmj.dll Has been deleted!

 

Attempting to delete C:\windows\system32\tuvuv.dll

C:\windows\system32\tuvuv.dll Has been deleted!

 

Attempting to delete C:\windows\system32\vuvut.ini

C:\windows\system32\vuvut.ini Has been deleted!

 

Attempting to delete C:\windows\system32\vuvut.bak1

C:\windows\system32\vuvut.bak1 Has been deleted!

 

Attempting to delete C:\windows\system32\vuvut.bak2

C:\windows\system32\vuvut.bak2 Has been deleted!

 

Performing Repairs to the registry.

Done!

 

 

 

And here is my new HijackThis logfile:

 

ogfile of HijackThis v1.99.1

Scan saved at 0:25:22, on 05-09-2002

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe

c:\programas\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\pctspk.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

c:\programas\mcafee.com\agent\mcagent.exe

C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Programas\HP\HP Software Update\HPWuSchd2.exe

C:\Programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\System32\qttask.exe

C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe

C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Programas\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Programas\SAPO Messenger\sapoim.exe

C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe

C:\Programas\Nokia\PC Suite for N-Gage QD\connmngmntbox.exe

C:\Programas\Nokia\PC Suite for N-Gage QD\ectaskscheduler.exe

C:\Programas\EbatesMoeMoneyMaker4\e10350.exe

C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Programas\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe

C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE

C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Programas\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ws1.appswebservice.com/index.php?tpid=10301&ttid=104

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {33A6DF41-408C-4DF8-B5C6-644F753AFDEB} - C:\WINDOWS\System32\tuvuv.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\APLICA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - (no file)

O2 - BHO: IEByteRange - {722D2939-A14A-41A9-9EAC-AB8F4E295819} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programas\Ficheiros comuns\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe /s

O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] "C:\Programas\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [sAPO Messenger] "C:\Programas\SAPO Messenger\sapoim.exe"

O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Aplicacoes\ZWinCNO\PopUpKiller\ZillaPop.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: PCSuiteForNokiaN-Gage QD Detect.lnk = ?

O4 - Global Startup: PCSuiteForNokiaN-Gage QD TS.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Ebates. - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (HKCU)

O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab

O20 - Winlogon Notify: winwzw32 - C:\WINDOWS\SYSTEM32\winwzw32.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

 

I couldn't uninstall EbatesMoeMoneyMaker 4... And i still have unwanted virus pop ups in my PC, also i keep receiving error messages when i restart my computer.

 

Thanks for your help until now!

Share this post


Link to post
Share on other sites

Hello,

 

We're not finished here - so let's deal with the rest now..

 

* Open hijackthis, click 'config' (bottom right)

Choose the tab 'misc Tools' on top.

Choose 'delete a file on reboot'

In the field, copy and paste next:

 

C:\WINDOWS\SYSTEM32\winwzw32.dll

 

Click open.

Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now. Click Yes/ok

Your system should reboot now.

 

After reboot,

 

 

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ws1.appswebservice.com/index.php?tpid=10301&ttid=104

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {33A6DF41-408C-4DF8-B5C6-644F753AFDEB} - C:\WINDOWS\System32\tuvuv.dll (file missing)

O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - (no file)

O2 - BHO: IEByteRange - {722D2939-A14A-41A9-9EAC-AB8F4E295819} - (no file)

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] "C:\Programas\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe"

O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe

O4 - HKCU\..\Run: [sAPO Messenger] "C:\Programas\SAPO Messenger\sapoim.exe" <== not required to start up with windows

O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Aplicacoes\ZWinCNO\PopUpKiller\ZillaPop.exe <== unrequired

O8 - Extra context menu item: Ebates. - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm

O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (HKCU)

O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab

O20 - Winlogon Notify: winwzw32 - C:\WINDOWS\SYSTEM32\winwzw32.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

 

* Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer is closed when you click Fix Checked!

 

Delete next folder:

 

C:\Programas\EbatesMoeMoneyMaker4

 

If you're having problems with deleting it, restart your computer and try to delete it again.

 

* Clean your Cache and Cookies in IE:

  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.

* Clean other Temporary files + Recycle bin

  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.

Perform a full scan with an updated adaware SE to get rid of the leftovers.

Post a new hijackthislog in your next reply.

 

also i keep receiving error messages when i restart my computer.

An error message could be anything, so if you can tell me what exact error you get, then I can probably help you.

Share this post


Link to post
Share on other sites

Hello!

 

Once again, thanks for your help!

 

I followed every steps but i couldn't uninstall or delete that ###### of EbatesMoeMoneyMaker4. Plus the computer crashes while performing the last step (clean other temporary files + recycle bin) and Adware Scan can't remove Ebates. I still have the same pop ups that take me to this page (www.spywarequake.com/?aff=252).

 

Here is my new HijackThis logfile:

 

Logfile of HijackThis v1.99.1

Scan saved at 22:47:08, on 12-07-2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\alg.exe

C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe

c:\programas\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\System32\pctspk.exe

C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Programas\HP\HP Software Update\HPWuSchd2.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\System32\qttask.exe

C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe

C:\Programas\Nokia\PC Suite for N-Gage QD\connmngmntbox.exe

C:\Programas\Nokia\PC Suite for N-Gage QD\ectaskscheduler.exe

C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe

C:\Programas\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe

C:\Programas\EbatesMoeMoneyMaker4\e10350.exe

C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE

C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Programas\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Programas\Internet Explorer\IEXPLORE.EXE

C:\Programas\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\APLICA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programas\Ficheiros comuns\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe /s

O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] "C:\Programas\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: PCSuiteForNokiaN-Gage QD Detect.lnk = ?

O4 - Global Startup: PCSuiteForNokiaN-Gage QD TS.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Ebates. - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (HKCU)

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

Thanks again.

Share this post


Link to post
Share on other sites

Hello,

I am going to post my instructions again...

 

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

 

O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] "C:\Programas\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe"

O8 - Extra context menu item: Ebates. - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm

O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (HKCU)

 

* Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer is closed when you click Fix Checked!

 

* Reboot into Safe Mode`: ( without networking support !)

°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

 

Delete next folder:

 

C:\Programas\EbatesMoeMoneyMaker4

 

Reboot back to normal mode.

 

* Download Roguescanfix

Download it to your desktop.

Doubleclick roguescanfix_setup.exe

Select the language setup and click ok.

Proceed with the installation. Make sure the 'Start Roguescanfix' is checked.

Once you click Finish, it will start the fix.

 

Note: This tool needs internet connection because it downloads an additional file to let the tool work properly.

If your firewall gives an alert, allow it instead of blocking it.

In case you still get the message BFU.exe is not present, download BFU.zip from here.

Unzip it and place BFU.exe in the Roguescanfix-folder, present in your Program Files-folder. Then doubleclick Roguescanfix.bat.

 

When you start roguescanfix.bat you'll see a menu:

1. Run Roguescanfix

2. Run sharedtasksrem

 

Type 1 and click enter for Run Roguescanfix

(Note! Don't click 2 unless advised!!)

 

The tool will uninstall some programs and delete related files and registrykeys.

When some files won't get deleted, it will ask you to reboot your system to delete the files after reboot.

Please make sure the uninstall of the programs are finished before you click Yes to reboot.

Post the log (task.txt) that will open in your next reply. (task.txt will be present in folder Program Files\Roguescanfix) together with a new hijackthislog.

Share this post


Link to post
Share on other sites

Hi again!

 

Done as advised!

 

Here is Roguescanfix txt:

 

Export SharedTaskScheduler key

------------------------------

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-carregador Browseui"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon da cache de categorias dos componentes"

 

 

... and here is Hijackthis logfile:

 

ogfile of HijackThis v1.99.1

Scan saved at 0:15:26, on 13-07-2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe

c:\programas\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\System32\pctspk.exe

C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Programas\HP\HP Software Update\HPWuSchd2.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\System32\qttask.exe

C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe

C:\Programas\Nokia\PC Suite for N-Gage QD\connmngmntbox.exe

C:\Programas\Nokia\PC Suite for N-Gage QD\ectaskscheduler.exe

C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe

C:\Programas\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe

C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE

C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Programas\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\APLICA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programas\Ficheiros comuns\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe /s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: PCSuiteForNokiaN-Gage QD Detect.lnk = ?

O4 - Global Startup: PCSuiteForNokiaN-Gage QD TS.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Ebates. - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

Thanks again!

Share this post


Link to post
Share on other sites

Check and fix this leftover again:

 

O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)

 

Let me know in your next reply how things are running now.

Share this post


Link to post
Share on other sites

Hi! It looks fine now... but here is my new HijackThis logfile:

 

ogfile of HijackThis v1.99.1

Scan saved at 18:53:28, on 13-07-2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe

c:\programas\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\pctspk.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

c:\programas\mcafee.com\agent\mcagent.exe

C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Programas\HP\HP Software Update\HPWuSchd2.exe

C:\Programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\System32\qttask.exe

C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe

C:\Programas\Nokia\PC Suite for N-Gage QD\connmngmntbox.exe

C:\Programas\Nokia\PC Suite for N-Gage QD\ectaskscheduler.exe

C:\Programas\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe

C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe

C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE

C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe

C:\Programas\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\APLICA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programas\Ficheiros comuns\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe /s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: PCSuiteForNokiaN-Gage QD Detect.lnk = ?

O4 - Global Startup: PCSuiteForNokiaN-Gage QD TS.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Ebates. - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

Once again thanks for the help!

Share this post


Link to post
Share on other sites

I overlooked this one previously, so check and fix it in hijackthis:

 

O8 - Extra context menu item: Ebates. - file://C:\Programas\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm

Share this post


Link to post
Share on other sites

######o!

 

It all seems to look fine now! Anyway here is my last Hijackthis logfile:

 

Logfile of HijackThis v1.99.1

Scan saved at 23:29:53, on 17-07-2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe

c:\programas\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\pctspk.exe

C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Programas\HP\HP Software Update\HPWuSchd2.exe

C:\Programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\System32\qttask.exe

C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe

C:\Programas\Nokia\PC Suite for N-Gage QD\connmngmntbox.exe

C:\Programas\Nokia\PC Suite for N-Gage QD\ectaskscheduler.exe

C:\Programas\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe

C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe

C:\Programas\BTuga Revolution 2.1\btuga.exe

C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE

C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\Programas\Messenger\msmsgs.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\Programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Programas\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\APLICA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programas\Ficheiros comuns\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Programas\Arovax AntiSpyware\arovaxantispyware.exe /s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: PCSuiteForNokiaN-Gage QD Detect.lnk = ?

O4 - Global Startup: PCSuiteForNokiaN-Gage QD TS.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

Thanks for your help :)

Share this post


Link to post
Share on other sites

Clean log here :)

 

Glad I could help. :)

 

To keep this clean in the future, I would suggest the following things:

 

Install Spywareblaster

SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

 

* Avoid illegal sites, because that's where most malware is present.

* Don't click on links inside popups.

* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.

* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

 

Let your antispywarescanner(s) scan frequently and don't forget to update before.

 

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.

Also make sure that your virusscanner, the one that is installed on your system is always up to date!

 

Make sure your windows has the latest updates, so visit asap: http://windowsupdate.microsoft.com/ to update to SP2!

Effective October 11, 2006, Windows XP SP1 and SP1a will transition to a non-supported status. After this date, Microsoft will no longer provide any incident support options or security updates. Existing support do######ents, however, will continue to be available through the Microsoft Support Product Solution Center Web site.

http://support.microsoft.com/gp/lifean19

 

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:

http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

 

Also visit this Free Online Scanner for PC Health and Safety and Microsoft Security At Home for tips to Protect your Pc, Protect yourself and Protect your Family.

 

More info on how to prevent malware you can also find here (By Tony Klein)

and here: http://wiki.castlecops.com/Malware_Prevent...nt_Re-infection

 

Also read: Simple and easy ways to keep your computer safe and secure on the Internet

 

Happy surfing again! :)

Edited by LS CalamityJane
Fixed outdated URL

Share this post


Link to post
Share on other sites
Sign in to follow this