Hi, i have installed a firewall that eventually detect attempts of trojan horses. Sometimes i turn it off and imediatly after i have an attempt with nCase that i think was blocked and cleaned with Spyblock. I allways have AV autoprotect turn on and make full scan once a week. Is it possible that some trojan or similar is trying to connect with exterior when i turn off firewall?
I have my last hijack logo here, can you please take a look.
Thanks

Logfile of HijackThis v1.97.7
Scan saved at 18:07:44, on 04-12-2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAMAS\FICHEIROS COMUNS\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAMAS\FICHEIROS COMUNS\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAMAS\NORTON PERSONAL FIREWALL\NISUM.EXE
C:\PROGRAMAS\NORTON PERSONAL FIREWALL\CCPXYSVC.EXE
C:\PROGRAMAS\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMAS\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMAS\FICHEIROS COMUNS\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAMAS\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\SBPCI\CTMIX32.EXE
C:\PROGRAMAS\WEBROOT\ACCELERATE\ACCELERATE.EXE
C:\PROGRAMAS\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAMAS\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\Programas\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\UTIL\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMAS\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAMAS\FLASHGET\JCCATCH.DLL
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAMAS\FLASHGET\FGIEBAR.DLL
O3 - Toolbar: Trellian Toolbar - {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - C:\Programas\TRELLIAN\ToolBar\toolbar.dll
O3 - Toolbar: @msdxmLC.dll,-1@2070,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [VerificarRegisto] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [MonitorTarefas] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tabuleiro do sistema] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [NPROTECT] C:\Programas\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programas\Ficheiros comuns\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [CreativeMixer] C:\SBPCI\ctmix32.exe /T
O4 - HKLM\..\Run: [Accelerate] C:\Programas\Webroot\Accelerate\accelerate.exe /S
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programas\Ficheiros comuns\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Programas\Ficheiros comuns\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] C:\Programas\Norton Personal Firewall\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [NPROTECT] C:\Programas\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Programas\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Programas\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download using FlashGet - C:\PROGRAMAS\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAMAS\FLASHGET\jc_all.htm
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/virusinfo/webscan.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37954.7155439815

Hi Cinz ,

I can only see this item classified as spyware. Let see if the others can spot something more

Meantime, Close all browsers & windows and using HiJackThis place an x in the box next to this item

O4 - Startup: PowerReg Scheduler.exe

Then click on *fix checked*

Then reboot your PC

Then I would recommend you download, update and run the following two free programs (if you do not have them already). Please be sure to GET THE UPDATES, it is very important. I have included links for instructions with screen shots on how to do that.

Download Adaware (free edition)
http://www.lavasoft.de/software/adaware/

Adaware Tutorial Updates & Scanning
http://forum.gladiator-antivirus.com/index.php?showtopic=8050

After cleaning with Adaware, reboot your PC

Download Spybot Search and Destroy
http://www.safer-networking.org/

My very short Spybot Tutorial to set up and scan the first time
http://forum.gladiator-antivirus.com/index.php?showtopic=8630

After doing the above tasks, please reboot your PC and run a new HiJackThis scan and post the log contents here, please

Hi, i use spybot, adware, and nav. I have fixed item(power reg scheduller) thought it was my nav scheduller. Can i have some trojan that is not detected by all this means? It looks that i´m constantly receiving subseven and backdoors attempts(stated on firewall messages).
Done it again, i can´t close my firewall, this time both cd drives open and some pop up windows about a pop up killer appear teeling me that i was vulnerable... it looks that i am if its possible to all that so easily.
Thanks for the help

I am doing panda antivirus on line now, detected 2 virus till now and a lot of time untill i have the final results so i think i will drop my hijack log tomorrow after all changes on my pc.
Thanks again

Hi, here´s my last hijack after antivirus online. I got susp.exe again and thought i had my browser locked but my startpage was changed.
Thanks

Logfile of HijackThis v1.97.7
Scan saved at 10:03:33, on 05-12-2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAMAS\FICHEIROS COMUNS\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAMAS\FICHEIROS COMUNS\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAMAS\NORTON PERSONAL FIREWALL\NISUM.EXE
C:\PROGRAMAS\NORTON PERSONAL FIREWALL\CCPXYSVC.EXE
C:\PROGRAMAS\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMAS\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMAS\FICHEIROS COMUNS\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAMAS\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\SBPCI\CTMIX32.EXE
C:\PROGRAMAS\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAMAS\NORTON PERSONAL FIREWALL\ALERTAST.EXE
C:\UTIL\HIJACKTHIS.EXE
C:\PROGRAMAS\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMAS\FICHEIROS COMUNS\SYMANTEC SHARED\CCLGVIEW.EXE
C:\PROGRAMAS\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?001
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?c001
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAMAS\FLASHGET\JCCATCH.DLL
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAMAS\FLASHGET\FGIEBAR.DLL
O3 - Toolbar: Trellian Toolbar - {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - C:\Programas\TRELLIAN\ToolBar\toolbar.dll
O3 - Toolbar: @msdxmLC.dll,-1@2070,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [VerificarRegisto] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [MonitorTarefas] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tabuleiro do sistema] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [NPROTECT] C:\Programas\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programas\Ficheiros comuns\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [CreativeMixer] C:\SBPCI\ctmix32.exe /T
O4 - HKLM\..\Run: [Accelerate] C:\Programas\Webroot\Accelerate\accelerate.exe /S
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programas\Ficheiros comuns\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Programas\Ficheiros comuns\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] C:\Programas\Norton Personal Firewall\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [NPROTECT] C:\Programas\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Programas\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Programas\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download using FlashGet - C:\PROGRAMAS\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAMAS\FLASHGET\jc_all.htm
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/virusinfo/webscan.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37954.7155439815
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

These still need to be fixed:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?001
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?c001

_________________
Tony CLSID List

Hi, i have made those changes, hope everything is alright now . Do you advice to delete my _restore folder? Thanks


Logfile of HijackThis v1.97.7
Scan saved at 12:53:05, on 05-12-2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAMAS\FICHEIROS COMUNS\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAMAS\FICHEIROS COMUNS\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAMAS\NORTON PERSONAL FIREWALL\NISUM.EXE
C:\PROGRAMAS\NORTON PERSONAL FIREWALL\CCPXYSVC.EXE
C:\PROGRAMAS\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMAS\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMAS\FICHEIROS COMUNS\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAMAS\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\SBPCI\CTMIX32.EXE
C:\PROGRAMAS\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMAS\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMAS\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\UTIL\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAMAS\FLASHGET\JCCATCH.DLL
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAMAS\FLASHGET\FGIEBAR.DLL
O3 - Toolbar: Trellian Toolbar - {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - C:\Programas\TRELLIAN\ToolBar\toolbar.dll
O3 - Toolbar: @msdxmLC.dll,-1@2070,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [VerificarRegisto] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [MonitorTarefas] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tabuleiro do sistema] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [NPROTECT] C:\Programas\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programas\Ficheiros comuns\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [CreativeMixer] C:\SBPCI\ctmix32.exe /T
O4 - HKLM\..\Run: [Accelerate] C:\Programas\Webroot\Accelerate\accelerate.exe /S
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programas\Ficheiros comuns\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Programas\Ficheiros comuns\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] C:\Programas\Norton Personal Firewall\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [NPROTECT] C:\Programas\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Programas\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Programas\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download using FlashGet - C:\PROGRAMAS\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAMAS\FLASHGET\jc_all.htm
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/virusinfo/webscan.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37954.7155439815
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

It's a clean log. And you don't want to delete your Restore Folder. System Restore can be a life saver!

_________________
Tony CLSID List

Thank you both, CalamityJane and TonyKlein, i have deleted my c:\_restore folder (ups) as i was afraid of beeing infected by some file there. I will make a backup as i everything clean now.
Thanks again

Cinz,

If you have deleted your system restore do one now whilst your machine is clean. As Tony says it can be a life saver. I have also locked this thread, as the issue is resolved, please pm a member of staff if you want it opened again.

ach