540.filost.com

ehgpdantas · 07-16-2005, 05:28 PM

Hi,

I am having prblems with 540.filost.com hijacks, Can anyone help me analysing my log?

Thanks in advance,

Eduardo

Logfile of HijackThis v1.99.1
Scan saved at 20:55:31, on 16/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Arquivos de programas\asus\PC-cillin 2002\pccguide.exe
E:\Arquivos de programas\asus\PC-cillin 2002\PCCClient.exe
E:\Arquivos de programas\asus\PC-cillin 2002\Pop3trap.exe
E:\Arquivos de programas\Ahead\InCD\InCD.exe
E:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe
E:\Arquivos de programas\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
E:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe
E:\Arquivos de programas\asus\PC-cillin 2002\WebTrap.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\Arquivos de programas\Messenger\msmsgs.exe
E:\Arquivos de programas\MSN Messenger\msnmsgr.exe
E:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
E:\Arquivos de programas\Microsoft AntiSpyware\gcasDtServ.exe
E:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
E:\Arquivos de programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Arquivos de programas\asus\PC-cillin 2002\Tmntsrv.exe
E:\Arquivos de programas\asus\PC-cillin 2002\PCCPFW.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\Explorer.EXE
E:\Documents and Settings\Eduardo\Meus documentos\Bin\Segurança\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ig.com.br/v7/br/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUS Probe] e:\arquivos de programas\asus\pcprobe\AsusProb.exe
O4 - HKLM\..\Run: [pccguide.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] E:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ScanRegistry] E:\W
O4 - HKLM\..\Run: [msnappau] "E:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe"
O4 - HKLM\..\Run: [PCTVRemote] E:\Arquivos de programas\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "E:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Registration-PCTV.lnk = E:\Arquivos de programas\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/Ms...cab?10,0,910,0
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - E:\WINDOWS\System32\vbsys2.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\Tmntsrv.exe

sUBs · 07-16-2005, 09:34 PM

Hi and Welcome to TSF!

Please subscribe to this thread to be notified of fixes as soon as they are posted by our Team. To do this, please click the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

It's better to print out the next instructions or save them in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.

If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are carrying out the procedures below.

It is also important you don't miss a step and perform everything in the right order!!. .

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Please visit this website - virusscan.jotti.org
Submit these file(s) for a comprehensive scan & then post the results back here.

E:\WINDOWS\system32\ctfmon.exe

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Please download these additional files/programs. Do not run them unless instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

CleanUp! - Install.

KillBox v2.0.0.175

Unplug your computer from the Internet when you have finished downloading

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose [Yes] at the Warning prompt.
Expand the [Tools] menu.
Click [Resident].
Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box.
In the File menu click [Exit] to exit Spybot Search & Destroy.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Run a scan with HiJackThis & select(tick) the following & click [Fix checked] :

O4 - HKLM\..\Run: [ScanRegistry] E:\W
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - E:\WINDOWS\System32\vbsys2.dll

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

E:\W
c:\ex.cab
E:\WINDOWS\System32\vbsys2.dll

Select/Highlight all the filename(s) from the above.
Copy to clipboard by pressing [CTRL]+[C] on your keyboard.
Start KillBox.exe

Go to the File menu, and choose Paste from Clipboard * this feature does not work on older versons of Killbox
Click the dropdown-arrow next to the "Full Path of File to Delete" field.
Verify that the filenames you pasted are found in there.
Select/tick the following:
- Replace on Reboot
- Unregister.dll Before Deleting * if it's not grayed out
Click the RED X button.
Click Yes at the 'Delete on Reboot' prompt.
Click Yes at the 'Pending Operations prompt'.

* If you received a message such as: "PendingFileRenameOperations registry data has been removed by external process", you have to manually restart Windows.

* If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe Then try Killbox again.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

After your computer has rebooted, run Cleanup! & configure the program as follows:

Click Options...
Move the arrow down to Custom CleanUp!
Put a check next to the following:
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files
- [X]Scan local drives for temporary files (Please uncheck this option)
- Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

* CleanUp! will delete all the files in your temp folders without making a backup

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Do an online scan at one of the following sites:

Take note the names and locations of any file it detects but fails to clean.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

In your next post, please include fresh logs from:

HiJackThis
Online scan

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

ehgpdantas · 07-17-2005, 05:39 AM

Hi sUBs,

Thanks a lot for your help. Find below the responses you asked for. Please note the there are 5 different users on this machine, what forced me to, in one or two steps, repeat the procedure 5 times... As a result, I am posting 5 different HijackThis final logs.

--------------------------------------------------------------------------
VIRUSSCAN.JOTTI.ORG
--------------------------------------------------------------------------

Service
Service load: 0% 100%

File: ctfmon.exe
Status: OK
MD5 f40bc97996b8e53799eef1d63996674b
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing

--------------------------------------------------------------------------
BITDEFENDER SCAN LOG
--------------------------------------------------------------------------

BitDefender Online Scanner

Scan report generated at: Sun, Jul 17, 2005 - 04:01:50

Scan path: A:\;C:\;D:\;E:\;

Statistics

Time
00:36:52

Files
294000

Folders
6347

Boot Sectors
4

Archives
2478

Packed Files
47664

Results

Identified Viruses
5

Infected Files
11

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
11

Engines Info

Virus Definitions
196224

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
39

Unpack plugins
4

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP68\A0069937.dll
Infected with: Trojan.Clicker.Agent.AC

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP68\A0069937.dll
Disinfection failed

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP68\A0069937.dll
Deleted

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP69\A0069975.dll
Infected with: Trojan.Clicker.Agent.AC

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP69\A0069975.dll
Disinfection failed

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP69\A0069975.dll
Deleted

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP71\A0071985.dll
Infected with: Trojan.Clicker.Agent.AC

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP71\A0071985.dll
Disinfection failed

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP71\A0071985.dll
Deleted

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP75\A0075126.exe
Detected with: Adware.Swizzor.ML

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP75\A0075126.exe
Disinfection failed

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP75\A0075126.exe
Deleted

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP77\A0080238.dll
Infected with: Trojan.Clicker.Agent.AC

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP77\A0080238.dll
Disinfection failed

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP77\A0080238.dll
Deleted

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP78\A0082352.dll
Infected with: Trojan.Clicker.Agent.AC

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP78\A0082352.dll
Disinfection failed

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP78\A0082352.dll
Deleted

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP80\A0082448.exe
Infected with: Trojan.Lopad.C

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP80\A0082448.exe
Disinfection failed

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP80\A0082448.exe
Deleted

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP80\A0082480.exe
Infected with: Trojan.Lopad.C

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP80\A0082480.exe
Disinfection failed

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP80\A0082480.exe
Deleted

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP96\A0089779.exe
Detected with: Adware.Swizzor.ML

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP96\A0089779.exe
Disinfection failed

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP96\A0089779.exe
Deleted

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP96\A0089782.exe
Infected with: Trojan.Downloader.Swizzor.CA

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP96\A0089782.exe
Disinfection failed

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP96\A0089782.exe
Deleted

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP97\A0094813.exe
Infected with: Trojan.Downloader.Swizzor.CB

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP97\A0094813.exe
Disinfection failed

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP97\A0094813.exe
Deleted

--------------------------------------------------------------------------
HIJACKTHIS SCAN LOG - USER1 (my profile, which generated the first post)
--------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 08:32:25, on 17/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\Explorer.EXE
E:\Arquivos de programas\hjt\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUS Probe] e:\arquivos de programas\asus\pcprobe\AsusProb.exe
O4 - HKLM\..\Run: [pccguide.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] E:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [msnappau] "E:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe"
O4 - HKLM\..\Run: [PCTVRemote] E:\Arquivos de programas\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "E:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Registration-PCTV.lnk = E:\Arquivos de programas\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/Ms...cab?10,0,910,0
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\Tmntsrv.exe

--------------------------------------------------------------------------
HIJACKTHIS SCAN LOG - USER2
--------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 08:35:19, on 17/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Arquivos de programas\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUS Probe] e:\arquivos de programas\asus\pcprobe\AsusProb.exe
O4 - HKLM\..\Run: [pccguide.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] E:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [msnappau] "E:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe"
O4 - HKLM\..\Run: [PCTVRemote] E:\Arquivos de programas\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/Ms...cab?10,0,910,0
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\Tmntsrv.exe

--------------------------------------------------------------------------
HIJACKTHIS SCAN LOG - USER3
--------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 08:37:37, on 17/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Arquivos de programas\hjt\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUS Probe] e:\arquivos de programas\asus\pcprobe\AsusProb.exe
O4 - HKLM\..\Run: [pccguide.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] E:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [msnappau] "E:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe"
O4 - HKLM\..\Run: [PCTVRemote] E:\Arquivos de programas\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "E:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/Ms...cab?10,0,910,0
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\Tmntsrv.exe

--------------------------------------------------------------------------
HIJACKTHIS SCAN LOG - USER4
--------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 08:40:28, on 17/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Arquivos de programas\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUS Probe] e:\arquivos de programas\asus\pcprobe\AsusProb.exe
O4 - HKLM\..\Run: [pccguide.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] E:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [msnappau] "E:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe"
O4 - HKLM\..\Run: [PCTVRemote] E:\Arquivos de programas\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "E:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/Ms...cab?10,0,910,0
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\Tmntsrv.exe

--------------------------------------------------------------------------
HIJACKTHIS SCAN LOG - USER5
--------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 08:42:06, on 17/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\userinit.exe
E:\WINDOWS\Explorer.EXE
E:\Arquivos de programas\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUS Probe] e:\arquivos de programas\asus\pcprobe\AsusProb.exe
O4 - HKLM\..\Run: [pccguide.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] E:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [msnappau] "E:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe"
O4 - HKLM\..\Run: [PCTVRemote] E:\Arquivos de programas\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/Ms...cab?10,0,910,0
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\Tmntsrv.exe

sUBs · 07-17-2005, 06:42 AM

Viruses found in the System Volume Information folder isn't anything to worry about. We shall be clearing the cache in this post. Amongst your 5 logs, only User 2 requires a minor fix.

============

Run a scan with HiJackThis & select(tick) the following & click [Fix checked] :

R3 - Default URLSearchHook is missing

=============

Your logs are clean.
Do you have any more problems with your computer? If not, you should be set to go.

However, there still remains a few bits of housekeeping ...

Reset hidden/system files and folders

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Deselect the Show hidden files and folders option.
Select the Hide file extensions for known types option.
Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Create a new System Restore point

click Start >> Run - type SYSDM.CPL & press Enter
select the System Restore Tab
tick on the checkbox - "Turn off System Restore on all drives"
click Apply
then untick the same checkbox & click OK

Enable Windows Auto Update

Go to Start>Run - type wuaucpl.cpl
tick on the checkbox - "Keep my computer up to date"
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
SpywareGuard to catch and block spyware before it can execute.
IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

If you do not have a firewall, here are 3 free ones available for personal use:

In light of your recent hiccup, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

Have a safe & happy computing day.

Please respond to this thread one more time so we can mark this thread as resolved.

ehgpdantas · 07-17-2005, 11:17 AM

Hi sUBs,

Thanks again. I did the fixes and housekeeping you recommended and the system is working fine. Since then I noticed no hijacking.

Best regards,

Eduardo

07-16-2005, 05:28 PM	#1 (permalink)
ehgpdantas Registered User Join Date: Jul 2005 Posts: 26 OS: Win XP SP2	540.filost.com Hi, I am having prblems with 540.filost.com hijacks, Can anyone help me analysing my log? Thanks in advance, Eduardo Logfile of HijackThis v1.99.1 Scan saved at 20:55:31, on 16/7/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\system32\RUNDLL32.EXE E:\Arquivos de programas\asus\PC-cillin 2002\pccguide.exe E:\Arquivos de programas\asus\PC-cillin 2002\PCCClient.exe E:\Arquivos de programas\asus\PC-cillin 2002\Pop3trap.exe E:\Arquivos de programas\Ahead\InCD\InCD.exe E:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe E:\Arquivos de programas\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe E:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe E:\Arquivos de programas\asus\PC-cillin 2002\WebTrap.EXE E:\WINDOWS\system32\ctfmon.exe E:\Arquivos de programas\Messenger\msmsgs.exe E:\Arquivos de programas\MSN Messenger\msnmsgr.exe E:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe E:\Arquivos de programas\Microsoft AntiSpyware\gcasDtServ.exe E:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe E:\Arquivos de programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe E:\WINDOWS\System32\nvsvc32.exe E:\WINDOWS\System32\svchost.exe E:\Arquivos de programas\asus\PC-cillin 2002\Tmntsrv.exe E:\Arquivos de programas\asus\PC-cillin 2002\PCCPFW.exe E:\WINDOWS\system32\wscntfy.exe E:\WINDOWS\system32\wuauclt.exe E:\WINDOWS\Explorer.EXE E:\Documents and Settings\Eduardo\Meus documentos\Bin\Segurança\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ig.com.br/v7/br/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ASUS Probe] e:\arquivos de programas\asus\pcprobe\AsusProb.exe O4 - HKLM\..\Run: [pccguide.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\pccguide.exe" O4 - HKLM\..\Run: [PCCClient.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\PCCClient.exe" O4 - HKLM\..\Run: [Pop3trap.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\Pop3trap.exe" O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] E:\Arquivos de programas\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [ScanRegistry] E:\W O4 - HKLM\..\Run: [msnappau] "E:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe" O4 - HKLM\..\Run: [PCTVRemote] E:\Arquivos de programas\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe O4 - HKLM\..\Run: [gcasServ] "E:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "E:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "E:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Registration-PCTV.lnk = E:\Arquivos de programas\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = E:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Pinnacle Scheduler.lnk = ? O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/Ms...cab?10,0,910,0 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - E:\WINDOWS\System32\vbsys2.dll O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\PCCPFW.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\Tmntsrv.exe

07-16-2005, 09:34 PM	#2 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 23,238 OS: N/A	Hi and Welcome to TSF! Please subscribe to this thread to be notified of fixes as soon as they are posted by our Team. To do this, please click the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread". It's better to print out the next instructions or save them in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are carrying out the procedures below. It is also important you don't miss a step and perform everything in the right order!!. . = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Please visit this website - virusscan.jotti.org Submit these file(s) for a comprehensive scan & then post the results back here. E:\WINDOWS\system32\ctfmon.exe = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Please download these additional files/programs. Do not run them unless instructed to do so. Unless otherwise stated, they should be stored in same directory as the HiJackThis program. CleanUp! - Install. KillBox v2.0.0.175 Unplug your computer from the Internet when you have finished downloading = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean. Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose [Yes] at the Warning prompt. Expand the [Tools] menu. Click [Resident]. Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box. In the File menu click [Exit] to exit Spybot Search & Destroy. = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Run a scan with HiJackThis & select(tick) the following & click [Fix checked] : O4 - HKLM\..\Run: [ScanRegistry] E:\W O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - E:\WINDOWS\System32\vbsys2.dll = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = E:\W c:\ex.cab E:\WINDOWS\System32\vbsys2.dll Select/Highlight all the filename(s) from the above. Copy to clipboard by pressing [CTRL]+[C] on your keyboard. Start KillBox.exe Go to the File menu, and choose Paste from Clipboard * this feature does not work on older versons of Killbox Click the dropdown-arrow next to the "Full Path of File to Delete" field. Verify that the filenames you pasted are found in there. Select/tick the following: Replace on Reboot Use Dummy End Explorer Shell While Killing File Unregister.dll Before Deleting * if it's not grayed out Click the RED X button. Click Yes at the 'Delete on Reboot' prompt. Click Yes at the 'Pending Operations prompt'. * If you received a message such as: "PendingFileRenameOperations registry data has been removed by external process", you have to manually restart Windows. * If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe Then try Killbox again. = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = After your computer has rebooted, run Cleanup! & configure the program as follows: Click Options... Move the arrow down to Custom CleanUp! Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files [X]Scan local drives for temporary files (Please uncheck this option) Cleanup! All Users Click OK Press the CleanUp! button to start the program. Reboot/logoff when prompted. * CleanUp! will delete all the files in your temp folders without making a backup = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Do an online scan at one of the following sites: Panda ActiveScan Kaspersky Anti-Virus Web Scanner BitDefender Online Scanner Trend Micro™ HouseCall Take note the names and locations of any file it detects but fails to clean. * Turn off the real time scanner of any existing antivirus program while performing the online scan = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = In your next post, please include fresh logs from: HiJackThis Online scan Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now __________________ Last edited by sUBs; 07-16-2005 at 09:35 PM.

07-17-2005, 06:42 AM	#4 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 23,238 OS: N/A	Viruses found in the System Volume Information folder isn't anything to worry about. We shall be clearing the cache in this post. Amongst your 5 logs, only User 2 requires a minor fix. ============ Run a scan with HiJackThis & select(tick) the following & click [Fix checked] : R3 - Default URLSearchHook is missing ============= Your logs are clean. Do you have any more problems with your computer? If not, you should be set to go. However, there still remains a few bits of housekeeping ... Reset hidden/system files and folders Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Deselect the Show hidden files and folders option. Select the Hide file extensions for known types option. Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Create a new System Restore point click Start >> Run - type SYSDM.CPL & press Enter select the System Restore Tab tick on the checkbox - "Turn off System Restore on all drives" click Apply then untick the same checkbox & click OK Enable Windows Auto Update Go to Start>Run - type wuaucpl.cpl tick on the checkbox - "Keep my computer up to date" Under settings, choose "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. SpywareGuard to catch and block spyware before it can execute. IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. If you do not have a firewall, here are 3 free ones available for personal use: Sygate Personal Firewall Kerio Personal Firewall ZoneAlarm In light of your recent hiccup, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Have a safe & happy computing day. Please respond to this thread one more time so we can mark this thread as resolved. __________________

07-17-2005, 11:17 AM	#5 (permalink)
ehgpdantas Registered User Join Date: Jul 2005 Posts: 26 OS: Win XP SP2	Hi sUBs, Thanks again. I did the fixes and housekeeping you recommended and the system is working fine. Since then I noticed no hijacking. Best regards, Eduardo